Close

Privacy Policy

Our privacy commitment

The Victor Chang Cardiac Research Institute Limited ("VCCRI", "we", "our") respects your privacy. This Policy explains how we manage your personal information, including your sensitive information (such as health information) and protect your privacy.

By providing VCCRI with your personal information, you consent to our collection, storage, use and disclosure of your personal information in accordance with this Policy and any other arrangements that apply between us. From time to time it may be necessary for VCCRI to review and revise this Policy. VCCRI encourages you to periodically check our website to ensure you are aware of the most up-to-date version of this Policy.

Personal information includes information or an opinion about an identified individual or an individual who is reasonably identifiable (such as names or email addresses). Within this Policy, unless indicated otherwise, references to personal information also include sensitive information, such as information or an opinion about your health, your genetic information, or health services provided to you.

Who do we collect personal information about and what types of personal information do we collect?

VCCRI generally collects personal information from the following individuals:

  • members of the public who donate funds to, or otherwise interact with VCCRI;
  • participants in VCCRI's Heart Health Check;
  • research participants;
  • third parties who provide a service to VCCRI; and
  • prospective employees, contractors and volunteers.

We will only collect personal information from you for purposes which are reasonably necessary for or directly related to our services, functions or activities. If you do not provide your personal information, we may not be able to provide some or all of our services to you or, for reasons related to contact tracing, we may not allow you to enter the VCCRI premises.

If you visit the VCCRI premises, we will collect your full name, mobile number, date of visit and other COVID-19 screening information. We collect this information directly from you when you enter our premises and sign in through a QR code. The sole purpose of collecting your personal information is to facilitate the prevention and management of the risk of COVID-19, and this may change and evolve as the COVID-19 pandemic also evolves. Your personal information will only be used or disclosed where necessary for contact tracing purposes, including to health authorities such as the NSW Health Public Health Unit, and will be securely destroyed when it is no longer required.

Please refer to the sections below to read more about what personal information we will collect from you, how and why we collect that personal information and who we may disclose your personal information to.

1. Donors and the general public who interact with VCCRI

What types of personal information do we collect? 

If you make a donation to VCCRI or generally communicate with VCCRI, the types of personal information we collect may include your name, contact details (such as address, email address and telephone number), bank details and credit card information. 

How do we collect your personal information?

Where possible, we will collect your personal information directly from you. We may collect this information when you, for example:

  • visit our premises;
  • attend an event; 
  • complete a donation form;
  • speak with us over the telephone;
  • become a regular donor to VCCRI; or
  • interact with us online. 

Why we collect, hold, use and disclose your personal information

If you make a donation to VCCRI, we collect your personal information to process your donation. If you otherwise contact VCCRI, we may collect your personal information in order to process your enquiry. Please see the below section “Security of direct debit and credit card information”.

We may also obtain personal information from third parties or publicly available sources for the purpose of contacting you about donating to the VCCRI. 

You will always be given the option to opt-out of communications about donating to the VCCRI. 

Who do we disclose your personal information to?

VCCRI may disclose your personal information to third parties such as:

  • third party suppliers and service providers to assist VCCRI in carrying out the purposes set out in this Policy such as mailing houses, printers, information technology services providers, archiving services, telemarketing agencies;
  • our IT servers and cloud based data centres located in Australia; and
  • in rare cases, where required by law, to a government or law enforcement agency (for example to investigate an allegation of credit card fraud).

We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

Occasionally we provide your personal information to like-minded organisations to contact you with information that may be of interest to you. Those organisations allow VCCRI to do the same and this way we can raise more money for world-class heart research.

2. Heart Health Check participants

What type of personal information do we collect?

If you are participating in VCCRI's Heart Health Check, we collect your name, gender, contact details and health information, including your medical history and such further health information as is necessary to provide you with a health assessment and the results of your health assessment. We may also collect your health care fund membership number where this is required for VCCRI to invoice your health care fund for the cost of your assessment (where applicable).

How do we collect your personal information?

We generally collect your personal information directly from you, for example, when you visit our Heart Health Check.

Why we collect, hold, use and disclose your personal information

We may collect your personal information for a number of purposes including:

as indicated to you at the time we collected your personal information;

  • to provide you with a Heart Health Check assessment;
  • to provide you with services and information related to cardiovascular disease and its risk factors, and research-related events and seminars;
  • to invoice your health care fund for the costs of your health check booth assessment;
  • with your consent, to provide third parties (such as your health care fund or employer) with certain results of your health check booth assessment so that they can provide you with services and information that may be of interest to you;
  • to de-identify your personal information and to use such de-identified information to produce de-identified and aggregated statistical information for our research, general promotional and marketing purposes, and also to provide to third parties to provide them with aggregated, de-identified information about general participation in our Heart Health Check service (such as selected health care funds or other organisations that procure the Heart Health Check service from VCCRI);
  • to improve and evaluate our programs and services, and to comply with relevant laws; and
  • to communicate with you about donations, our activities and fundraising events.

Who do we disclose your personal information to?

VCCRI may disclose your personal information to third parties such as:

  • with your consent, your health care fund or employer or another entity paying for your access to the Heart Health Check;
  • with your consent, your health care fund to offer you services;
  • third party suppliers and service providers to assist VCCRI in carrying out the purposes set out in this Policy such as information technology services providers and archiving services;
  • our IT servers and cloud-based data centres located in Australia; and
  • in rare cases, where required by law, to a government or law enforcement agency.

Occasionally we provide your personal information to like-minded organisations to contact you with information that may be of interest to you. Those organisations allow VCCRI to do the same and this way we can raise more money for world-class heart research.

3. Research participants

What type of personal information do we collect?

If you are a research participant, the types of personal information we collect may include your name, gender, age and contact information. We may also collect your health information, including your medical history, for the purpose of conducting the research program in which you are participating and for the purposes otherwise set out in the consent form.

How do we collect your personal information?

Where possible, we will collect your personal information directly from you. This may be in person (for example, if you visit our premises), on the telephone, or online.

In some circumstances, we may also collect your personal information (including your health information) from another research participant who is related to you.

If you are also a patient of a doctor who works for the VCCRI, we will only collect your personal information from your doctor with your consent. Please talk to your doctor for more information about how they handle your personal information.

Why we collect, hold, use and disclose your personal information

We may collect your personal information for a number of purposes including:

  • as indicated to you at the time we collected your personal information;
  • as necessary to conduct our research;
  • to provide you with services and information related to cardiovascular disease and its risk factors and research-related events and seminars;
  • to de-identify your personal information and to use such de-identified information to produce aggregated statistical information for our research and general marketing purposes;
  • to improve and evaluate our programs and services, and to comply with relevant laws; and
  • to communicate with you about donations, our activities and fundraising events.

Who do we disclose your personal information to?

With your consent, VCCRI may disclose your personal information to specialists or other service providers who provide you with medical services or to whom we may refer you for your medical needs.

VCCRI may disclose your personal information to third parties such as:

  • researchers and research institutions;
  • third party suppliers and service providers to assist VCCRI in carrying out the purposes set out in this Policy such as information technology services providers;
  • our IT servers and cloud based data centres located in Australia; and
  • in rare cases, where required by law, to a government or law enforcement agency.

We may also disclose de-identified information to international databases and repositories and collaborators for purposes relating to our research.

4. Third party service providers

What type of personal information do we collect?

If you provide a service to VCCRI, we may collect your name, position, company that you work for and your contact details (including telephone number and email address).

How do we collect your personal information?

Where possible, we will collect your personal information directly from you. This may be in person (for example, if you visit our premises), on the telephone, or online.

Why we collect, hold, use and disclose your personal information

We collect your personal information in order for you to provide your service to VCCRI and for related purposes such as security and contract management as well as to comply with any legal or regulatory obligations.

Who do we disclose your personal information to?

VCCRI may disclose your personal information to third parties such as our IT servers and cloud-based data centres located in Australia or where required by law.

5. Prospective employees, contractors and volunteers

What type of personal information do we collect?

When you apply for a job or position (including a volunteer position) with us we may collect certain information from you (including your name, contact details, working history, and relevant records checks) or from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment, appoint you as a volunteer or engage you under a contract.

This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act.

How do we collect your personal information?

Where possible, we will collect your personal information directly from you, or from third parties described immediately above. This may be in person (for example, if you visit our premises), on the telephone, or online.

Why we collect, hold, use and disclose your personal information

We collect your personal information in order to consider and process your employment, contracting or volunteer applications, submissions or negotiations.

Who do we disclose your personal information to?

VCCRI may disclose your personal information to third parties such as:

  • our IT servers and cloud-based data centres located in Australia; and
  • in rare cases, where required by law, to a government or law enforcement agency.

Using a pseudonym or engaging with us anonymously

Where practicable, we will allow you to interact with VCCRI anonymously. For example, anonymous donations may be made to VCCRI at any time by contacting VCCRI directly. However, for the majority of our functions, we usually require your name and contact information and enough information to allow VCCRI to efficiently handle its interaction with you.

Sensitive Information

Some personal information, which includes all health information collected by VCCRI, is considered "sensitive". Sensitive information we may collect includes:

  • information about your health, including your health status, medical conditions, genetic information, and medical history and that of your relatives; and
  • if you are participating in our Heart Health Check, the results of your health assessment.

We will collect your sensitive information in accordance with relevant law, with your consent and where necessary for or directly related to our services, functions or activities.We only use and disclose sensitive information for the purposes for which it was provided, or a directly related purpose you would reasonably expect, unless you provide your consent or where required or authorised by or under law such as if the use or disclosure of sensitive information is required to prevent a serious and imminent threat to the life or health of an individual.

Website usage information and cookies

We use 'cookies' to collect anonymous information that does not identify you, including average user times, website down time and popularly viewed pages. We do not collect identifying information such as contact details or IP address. We use this anonymous information to improve our website performance and to serve visitors with content they prefer. If you prefer for 'cookies' not to be used, you can set your browser to disable them.

Do we use your personal information for direct marketing?

We and our carefully selected business partners may send you direct marketing communications and information about our services and products. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (eg an unsubscribe link).

We will never use or sell your sensitive information for direct marketing purposes without your express prior consent.

Security of our information

We take all reasonable steps to protect the personal information we hold from misuse, interference and loss, and unauthorised access. Electronic information is stored on secure servers that are protected in controlled facilities.

We do not use data hosting facilities or third party service providers that store information overseas.

Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. Any personal information not actively being used is archived, usually for 7 years, with a third party provider of secure archiving services. Where personal information is stored with a third party, we have agreements in place that require those third parties to maintain the security of the information. However, we cannot guarantee the security of your personal information.

Links

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from this Policy, so we encourage individuals to read them before using those websites.

Security of direct debit and credit card information

Where VCCRI collects your payment details, for example when you make a donation to VCCRI, we use a third-party financial institution to process our credit / debit card transactions. The financial institution receives the credit / debit card number and other personal information of our donors only to verify credit / debit card numbers and to process credit / debit card transactions in a secure environment. Where your financial information is stored on our servers, access to this information is restricted to our authorised staff only and destroyed after one week.

Accessing or changing your personal information

VCCRI takes reasonable steps to make sure that the personal information we hold about you is accurate, up-to-date and complete. You may contact our Fund Development Officer or Chief Operating Officer at any time if you wish to:

  • change or correct your personal information;
  • cancel some or all of the communications that we provide;
  • request details of the information that we hold about you;
  • access to the information that we hold about you; and/or
  • request further information about this Policy.

We will respond to your request within 30 days of receipt. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request access to your personal information.

Questions and complaints

If you have any questions, concerns or complaints about the way in which we have handled your personal information, please contact our Fund Development Officer or Chief Operating Officer.

Once we receive a complaint, we will respond to you as soon as reasonably possible and will let you know if we need any further information from you. We will notify you of our decision within a reasonable period, however, if we are unable to do so, we will let you know the reason for the delay and the expected timeframe for resolving the complaint.

If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

How to contact the Fund Development Officer or Chief Operating Officer

Email: info@victorchang.edu.au
Telephone: 1300 842 867
Post: Victor Chang Cardiac Research Institute, PO Box 699, Darlinghurst NSW 2010