Privacy Policy

This is the Privacy Policy of the National Heart Foundation of Australia, ABN 98 008 419 761 (Heart Foundation/we/us).

This policy describes how we collect and handle your personal information in accordance with our obligations under the Privacy Act 1988 (Cth). You should please read this notice alongside any privacy or collection notice / statement that we provide to you.

Overview

The Heart Foundation collects, holds, uses and discloses Personal Information to carry out functions or activities of the Heart Foundation, which include saving lives through funding heart health research, community education programs and services to patients.

‘Personal Information’ means information or opinion (whether true or not, or recorded in material form or not) about an identified individual, or an individual who is reasonably identifiable.

The collection of personal information

Your personal (including sensitive) information, including any health information, will only be collected as necessary for a particular function or activity, or to enable the Heart Foundation to carry out its work and deliver services to the community. You do not have to provide us with your personal information, but if you choose not to, we may not be able to provide you with our support or services.

When you give us Personal Information such as your name, address, telephone number and email address, we record it on our database and may use it to contact you in the future.

We may use your Personal Information to send you information on a variety of topics, including heart health, or to let you know about our programs, research funding, special events and fundraising programs.

You can also let us know that you do not wish to receive any further communications by contacting the Privacy Officer at any time by emailing [email protected].

The Heart Foundation will not generally collect sensitive information about health, racial or ethnic origin, political opinions or membership, religious or philosophical beliefs, trade association or union membership, sexual preferences or criminal record unless you have voluntarily consented to give this information as part of the collection process, and it is relevant to the work of the Heart Foundation.

We will offer you the option of not identifying yourself or of using a pseudonym where it is practical to do so.

How we collect your personal information

We collect your Personal Information when you provide it to the Heart Foundation in a number of ways, including but not limited to:

• interacting with a Heart Foundation website or support or services provided by Heart Foundation

• communicating with us through any means, including completing a paper-based form and returning it to the Heart Foundation

• by participating in one of the Heart Foundation's many community fundraising and information events

• when you respond to our fundraising campaigns.

We may also collect your Personal Information from third parties in other ways, for example through the purchase of mailing or other commercial lists, from data brokers and other data service providers, from other not-for-profit organisations and from publicly available sources such as the telephone directory.

You may be photographed when you attend Heart Foundation events. Wherever reasonably practical we will seek to obtain your consent prior to using any image obtained.

The Heart Foundation also collects usage data when you visit our site. This includes the name of your internet service provider, the website from which you visited us from, the parts of our site you visit, the date and duration of your visit, and information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, including any data you provided to us during your visit, in order to present the most relevant content to you.

Data profiling and analysis

The Heart Foundation may analyse the personal information you provide and collect further information about you (including by creating or generating new information, or from third party sources, including commercial lists or data brokers or publicly available sources). We may use this information to create a profile of your interests, preferences, and your ability to support us, including the amount or level of potential donation or legacy you may be able to give.

This profiling and analysis enable us to contact you in the way that is most appropriate to you and provide you with relevant, personalised information. This approach enables us to interact with you in a more meaningful way, and to operate more cost effectively.

The personal information used to complete any profiling is compiled from third party sources such as public registers, data brokers, commercial mailing lists, LinkedIn profiles and social media posts.

How we keep your personal information secure

We take reasonable steps to ensure that information you provide to us is stored securely in our databases and only accessed by staff or contractors authorised by the Heart Foundation. The Heart Foundation uses a range of hardware and software security measures to protect its information and to ensure that only authorised staff and contractors are granted access, as required. We aim to only keep your personal information for as long as we need it, or we are lawfully required to keep it. When we no longer need information, we take reasonable steps to destroy or de-identify it.

Using and disclosing your personal information

We use and disclose personal information we hold for a range of purposes including:

• to process donations and communicate with our donors about those donations
• to provide personalised Heart health marketing, events, education, activity and support programs to our community.

We may use and disclose your personal information for other purposes required or authorised by or under law (including purposes for which you have provided your consent).

The Heart Foundation is very thankful to people who are willing to share their personal stories of heart disease. We will only use and disclose your Personal Information for publicity purposes or as stories in newsletters with your express written permission.

Transfer of information overseas normally only occurs for data processing purposes, for example third party payment facilitators may process their data off-shore. The Heart Foundation’s payment gateway currently processes data in Australia. The Heart Foundation will not transfer your personal information overseas or into the “cloud” unless we have taken reasonable steps to ensure that the information which is being transferred will not be held, used or disclosed by the recipient of the information in a manner which is inconsistent with the Australian Privacy Principles.

The Heart Foundation will sometimes use third party service providers including to conduct surveys, facilitate information collection and event registration and otherwise assist with our fundraising activities (such as mailing houses and data management providers). Some of these service providers conduct all or part of their business overseas and so your Personal Information may be transferred overseas as a result.

If you identify as an Aboriginal and/or Torres Strait Islander person your personal information including images will only be collected with your consent and the following will occur:

Images of or references to Aboriginal and Torres Strait Islander peoples may appear in materials created under the Permitted Purposes for the collection, and these materials may be used into the future. The Heart Foundation will include warning text indicating that the materials may include references to and/or images of Aboriginal and Torres Strait Islander peoples who have passed away. The Heart Foundation will where reasonably practicable, if requested use my mourning name to identify me in updated materials after being notified of your death. Your personal information including images can also be deleted at anytime on your request.

Direct marketing

The Heart Foundation may, from time to time

• include selected messages from Heart Foundation event sponsors, collaborators or third parties in our communications

• use remarketing services to advertise the Heart Foundation. Remarketing services will display ads to you based on what parts of the Heart Foundation website you have viewed, by placing a cookie on your web browser which can be used to recognise you across devices and browsing sessions. Remarketing services allow us to tailor our marketing to better suit your needs and only display ads that are relevant to you.

• use and disclose personal information we hold about you so we can contact you with information about our services, events and fundraising activities.

• contact you by mail, email, through social media (including targeted online advertising), SMS or telephone contact.

• disclose your personal information to third parties, who may provide you with direct marketing about their own products and services. These third parties may be located overseas. You can let us know at any time if you do not want us to provide your personal information to third parties for these purposes by contacting us (using the contact details below). If we have already disclosed your personal information to a third party for these purposes, you may need to separately opt-out from receiving further communications from the relevant third party.

If you do not wish to see ads from the Heart Foundation, you can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings.

Further information regarding behavioural advertising, including ways to manage your online privacy, is available at youronlinechoices.com.au.

You can let us know at any time if you no longer wish to receive these communications by contacting us (using the contact details below) or using the opt-out/unsubscribe facility in the relevant communication (if applicable).

Opting out, modifying or deleting your information

If you want to:

• change any information that you have previously given us

• opt out of future communications; or

• request we delete your data,

please contact the Privacy Officer at the details listed below:

The Heart Foundation’s Privacy Officer can be contacted by:

Phoning: 13 11 12

Writing to: The Privacy Officer Heart Foundation GPO Box 9966 In your capital city

Emailing: [email protected]

Please note that we may not be able to action your request to be deleted, as in some cases the Heart Foundation is required to maintain certain records for regulatory purposes.

Visiting our websites and analytics

All Heart Foundation websites and pages use cookies to improve your experience and display targeted content relevant to you. Cookies are also used to display items added while using online shopping or donation facilities. You may refuse all cookies or disable cookies and JavaScript from Heart Foundation websites however some functions may be unavailable. Our online credit card processing company may also use cookies for identification and anti-fraud purposes.

Cookies do not personally identify you; they recognise your browser. Unless you choose to identify yourself to the Heart Foundation, either by responding to a promotional offer, making a donation, or filling out a web form (such as signing up for our newsletter), you remain anonymous to the Heart Foundation. You have the ability to manage the use of cookies on your computer using controls in your browser.

Heart Foundation websites use statistical information collection tools (such as Google Analytics) to track site visits, navigation and performance within Heart Foundation sites which may include the use of anonymised IP addresses and other signals to understand interactions. This is for the purpose of monitoring and improving our sites, enhancing functionality and user experience. If you are concerned about the use of these tools, you can configure your browser to send a "Do Not Track" request with your browsing traffic or use Google’s opt-out tools to assist at tools.google.com/dlpage/gaoptout.

Heart Foundation websites use third party cookies, Google Analytics Advertising Features including: Remarketing with Google Analytics, and Google Analytics Demographics and Interest Reporting.

Visitors can opt-out of Google Analytics for Display Advertising and customise Google Display Network ads using the Ads Settings. Further information regarding behavioural advertising, including ways to manage your online privacy, is available at youronlinechoices.com.au.

The Heart Foundation uses Optimizely and Microsoft Clarity in order to understand your needs and optimise our website and your experience. These are technology services that helps us better understand your experiences (e.g. how much time you spend on which pages, which links you choose to click, what you do and don’t like, etc.) and this enables us to build and maintain our website with user feedback. They use cookies, tracking scripts and other technologies to collect data on your behaviour and devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). They store this information in the form of a pseudonymized user profile. Neither the technology services nor the Heart Foundation will ever use this information to identify individual users or to match it with further data on an individual user.

You can find out more details on their privacy policy or can manage your browser settings or opt out via Optimizely’s opt-out tools at optimizely.com/legal/opt-out/ and Microsoft Clarity’s Privacy Controls at privacy.microsoft.com/en-us/privacystatement. The Heart Foundation’s websites may contain links to other sites of interest. The Heart Foundation does not control, and is not responsible for, the content or privacy practices of those websites. Please check the privacy policies on other websites before you provide your Personal Information to them.

Our website security

The Heart Foundation’s websites use secured payment gateways that use industry-standard SSL/TLS technology to encrypt data between your browser and the website gateway. If you are entering any payment or credit card information on the internet, you should confirm that the page is secured (padlock symbol in your browser) before entering any information. We make every effort possible to make your donations and transactions within our site as secure and safe as possible for you.

From time to time the Heart Foundation may contact donors directly to update or confirm their personal or credit card details. We will only disclose to you the last four digits of your credit card number – any contact you receive requesting a full credit card number and CVV number should be considered a hoax and you should disregard it and report the contact to www.scamwatch.gov.au or contact the Heart Foundation’s Supporter Relations team on 13 11 12.

Changes to our Privacy Policy

The Heart Foundation may, update its Privacy Policy from time to time by posting the current Privacy Policy to the Heart Foundation’s website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

How to access, correct or update your personal information

If you have any complaints, questions or concerns about the information the Heart Foundation holds or about the accuracy of that information, please contact the Heart Foundation’s Privacy Officer by phoning 13 11 12 or emailing [email protected].

If you would like to access the information that we hold or make a complaint about a potential breach of the Australian Privacy Principles, you can write to the Privacy Officer at the address provided above. We will respond to your complaint or endeavour to give you access to the information requested within a 30-day timeframe.

In order to maintain the confidentiality of your Personal Information, we will ask you to come into the Heart Foundation office nearest you and to bring with your specific identification before we provide you access to Personal Information. If it is not practical for you to visit our office, we will arrange to check your identification before we mail the information to you.

If the information that we hold about you is incorrect or not up to date, we will update it as soon as possible after you have shown us how and why it is incorrect.

In the unlikely event that we are unable to provide you with access to your Personal Information for legal reasons as specified in the Privacy Act, we will provide you with reasons for denying access.

If you are not satisfied with the Heart Foundation’s response to your complaint, question or concern, you may wish to lodge a complaint with the Office of the Australian Information Commissioner. Further information can be found on the Commissioner’s website at www.oaic.gov.au or by calling 1300 363 992.

Website accessibility

We are committed to providing an accessible experience for users of our website. If you encounter any difficulties with the Heart Foundation’s websites, please direct your enquiry to [email protected].