close up image of lab samples

Privacy Policy

Victor Chang Cardiac Research Institute Limited respects and values your privacy and the trust you place in us when we collect, use, disclose and store your personal or sensitive information.

We ensure that our conduct complies with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (‘Privacy Act’). The purpose of this Privacy Policy is to tell you how we collect personal information and how we will use, disclose or store that information.

Our privacy commitment

Respecting privacy is important to us, and we understand it is important to you. We are grateful to you and your contribution to helping us achieve our Purpose:

to undertake innovative, inclusive, collaborative and cutting-edge medical research that improves understanding, prevention, diagnosis and treatment of cardiovascular disease.

In managing the generosity of our community and engaging with our partners, we need to collect, store, use and disclose a range of information.


The personal information we collect from you will vary depending on your interaction with us, such as the fundraising initiatives you are supporting, your participation in research initiatives or the services you are accessing from us or providing to us.

Information we collect

The types of personal information we collect and hold may include your name, contact details (such as address, email address and telephone number), date of birth, gender, bank/credit card details, employment history, VCCRI volunteer information, a history of your donations, a record of your queries and/or complaints, and records of all appeal correspondence we send to you. If you are a workplace giving donor, we may collect and hold your employer details.

If you are receiving services from our Heart Health Check team or participating in a research study, we may also collect your health information, including your medical history and such further health information as is necessary to provide you with a health assessment and the results, or to enable you to participate in research studies with your consent.

If you are also a patient of a doctor who works with VCCRI, we will only collect your personal information from your doctor with your consent. Please talk to your doctor for more information about how they handle your personal information.

How we collect your information

We usually collect your personal information directly from you when you contact us including by phone, email, through online enquiries, in person or from our appeal/fundraising response forms. We may also collect your personal information through data-swaps with other like-minded charities, from your employer (for workplace donors), from other individuals who arrange fundraising events or activities on our behalf, and from other individuals who may make a donation on your behalf and who provide your details for acknowledgment or correspondence.

For participants in a research study, in some circumstances, we may also collect your personal information (including your health information) from another research participant who is related to you.

Why we collect your information

If you are supporting one of our fundraising initiatives, we collect your personal information to provide you with a tax-deductible receipt. We also collect your personal information for marketing and fundraising purposes, such as sending you updates about our initiatives and research. If you do not provide all the personal information requested, we may be unable to provide you with a tax-deductible receipt. We may also be unable to send you other information or updates about VCCRI.

Disclosure of information

If you are supporting a VCCRI fundraising initiative, we may use your personal information to process your donations and merchandise sales, provide you with receipts, confirm your identity, respond to your queries or complaints appropriately, provide you with efficient feedback, or assist us with our internal reporting.

Your personal information may be made available to our accountants, auditors, lawyers and to law enforcement agencies as required by law. We may disclose your personal information if we are legally required to do so. We may also disclose your information to external contractors who provide services on our behalf such as mailing houses, printers, information technology services providers located in Australia, archiving services, or telemarketing agencies. If we provide your personal information to external contractors, we will disclose your information only to the extent necessary for these external contractors to perform the requested services. In engaging with a third party, we will take steps to ensure that the privacy and security of your personal information is protected under privacy standards consistent with the Australian Privacy Principles.

If you are a participant in a research study, with your consent, we may disclose your personal information to specialists or other service providers who provide you with medical services or to whom we may refer you for your medical needs.

With your consent, we may disclose your personal information for health research purposes to third parties such as researchers and research institutions, or de-identified information to international databases, and repositories and collaborators for purposes relating to our research.

Participating in a fundraising appeal

We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information with other data in order to enable it and us to develop anonymised insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

Occasionally we may disclose your contact details to like-minded charities to update you on their activities that may be of interest to you. Those organisations allow us to do the same and this way we can raise more money for world-class heart research. These external organisations are also under the same obligations to protect your personal information under Australian Privacy Principles. If you do not wish to receive communications from like-minded organisations, you can change your preferences or opt-out at any time by contacting us at the details below.

Using a pseudonym or engaging with us anonymously

It is your right, where practicable and lawful, to interact with VCCRI anonymously. For example, anonymous donations may be made to us at any time by contacting us directly. However, for the majority of our functions, we usually require your name, contact details and enough information to allow us to efficiently manage our interaction with you.

Website usage information and cookies

We use 'cookies' (which are a small summary file containing a unique ID number) to collect anonymous information that does not identify you, including average user times, website downtime and popularly viewed pages. We do not collect identifying information such as contact details or IP address. We use this anonymous information to improve our website performance and to serve visitors with content they prefer. If you prefer for 'cookies' not to be used, you can set your browser to disable them.

Direct marketing

We, and our carefully selected business partners, may send you direct marketing communications and information about our services and products. This may take the form of emails, SMS, mail or other forms of communication, and will comply with the requirements of the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link). We will never use or sell your sensitive information for direct marketing purposes without your express prior consent.

Storage and security of information

We will take reasonable steps in the circumstances to ensure your personal information is stored securely both within our hard copy data files and in electronic forms. We take security steps to protect against misuse, interference and loss, and unauthorised access. We secure any paper files in locked locations with restricted physical access. Electronic information is stored on secure servers that are protected in controlled facilities. We do not use data hosting facilities or third-party service providers that store information overseas.

Any personal information not actively being used is archived, usually for 7 years, with a third-party provider of secure archiving services. Where personal information is stored with a third party, we have agreements in place that require those third parties to maintain the security of the information.


Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from this Privacy Policy, so we encourage individuals to read them before using those websites.

Processing donations and payments

We use a third-party financial institution to process our credit / debit card transactions. The financial institution receives the credit / debit card number and other personal information of our donors in accordance with their privacy policies only to verify credit / debit card numbers and to process credit / debit card transactions in a secure environment. Where your financial information is stored on our servers, access to this information is restricted to our authorised staff only and destroyed after one week.

Accessing or changing your personal information

We endeavour to ensure that the personal information we hold about you is accurate, up-to-date and complete. You may contact our Director of Fund Development or Deputy CEO at any time if you wish to:

We will respond to your request within 30 days of receipt. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request access to your personal information.

Questions and complaints

If you have any questions, concerns or complaints about the way in which we have handled your personal information, please contact our Director of Fund Development or Deputy CEO.

Telephone: 1300 842 867
Post: Victor Chang Cardiac Research Institute, PO Box 699, Darlinghurst NSW 2010

If your concerns are not resolved by us, or if you would like more information about privacy generally, please contact the Office of the Australian Information Commissioner at or on 1300 363 992.

This Privacy Policy was last reviewed 20 September 2023.

Acknowledgement of Country

The Victor Chang Cardiac Research Institute acknowledges Traditional Owners of Country throughout Australia and recognises the continuing connection to lands, waters and communities. We pay our respect to Aboriginal and Torres Strait Islander cultures; and to Elders past and present.

Victor Chang Cardiac Research Institute - The Home of Heart Research for 30 Years