Our privacy commitment
What is personal information?
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
This includes information such as name, date of birth, gender, contact information, credit/debit card information, health information and other information about your history with, or relationship to cancer.
Whose personal information does Sosmai.com collect?
Sosmai.com collects personal information from people who are connected to its operations and activities – including employees, donors, research study participants, recipients of support services, participants in advocacy campaigns or health promotion projects, health professionals, suppliers, volunteers and service providers.
How does Sosmai.com collect your personal information?
Where possible, Sosmai.com will collect your personal information directly from you. This may be in person (for example, where you purchase a retail product in-store or attend an event), on the telephone (for example, if you contact the Cancer Helpline, or if you answer a telephone-based research questionnaire), by mail (for example, if you complete research study documentation or a survey) or online (for example, if you sign up for an event online).
We also obtain personal information from third parties such as contractors (including fundraising service providers), list vendors, health professionals, social and community workers. If we collect information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to Sosmai.com, we will take reasonable steps to contact you and ensure that you are aware of the purposes for which we collect your personal information.
Research studies with ethics approval from an Australian Human Research Ethics Committee (HREC) may have additional obligations in relation to collection of personal information. Such projects will comply with the conditions of the ethics approval by the relevant HREC. In particular, collection of health information from health professionals and health record databases must be provided for in a peer-reviewed protocol that is approved by the relevant HREC, and consent must be obtained from the relevant individuals.
Why does Sosmai.com collect your personal information?
Sosmai.com may collect your personal information for a number of purposes, including:
- Marketing: to communicate with you about donations, products, services, campaigns, causes and events
- Support services: to provide you with information and support services, and to evaluate and report on these services
- Research: to conduct and/or fund research into cancer causes, as well as prevention, diagnosis, treatment and survivorship
- Health promotion: to provide you with information about cancer risk factors, such as UV exposure, tobacco and obesity, and to seek your support for campaigns
- Volunteering and other support: to enable you to assist us with volunteering, community fundraising, advocacy and other activities where we seek the community’s assistance
- Other issues: communicating with you in relation to our operations, activities and objectives, to verify your identity, to improve and evaluate our programs and services and to comply with relevant laws.
In some cases, Sosmai.com is collecting your personal information as agent for Cancer Council Australia and state and territory Cancer Councils that are members of Cancer Council Australia (for example, where we are the lead State on a national fundraising campaign).
Wherever practicable, we will provide you with a collection notice which explains the primary purpose for which we are collecting your personal information.
Health information and other sensitive information
As part of administering Sosmai.com services, we may collect health information and other sensitive information. For example, we may collect medical history information from you, if you are participating in a health program or research study. Sensitive information is defined by law as the following type of information: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or associations; philosophical beliefs; memberships; sexual orientation; genetic information; biometric information; biometric templates. We will only collect these types of information if it is necessary to deliver a service to you, or where it is required for research purposes and you have specifically consented to the collection of that information.
What happens if you don’t provide all this information?
You are free to provide (or not provide) any information you choose. However, if you do not provide some or all of the personal information requested, we may not be able to offer you services or provide you with information about our causes, events, programs and projects.
Website usage information and cookies
A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance. You can also opt out of Google Analytics by clicking on Ad Settings.
We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
Opting out of direct marketing communications
Where we use your personal information to send you marketing and promotional information by post, email or telephone, we will provide you with an opportunity to opt out of receiving such information. By electing not to opt-out, we will assume we have your implied consent to receive similar information and communications in the future. We will always ensure that our opt-out notices are clear, conspicuous and easy to take up.
If you do not wish to receive direct marketing communications from us, please contact us at Sosmai.com email@example.com.
To whom does Cancer Council disclose your personal information?
We may need to disclose your personal information to others in order to carry out our activities. This may include:
- External support services: to health care professionals, lawyers, other professionals, counsellors, funders, financiers, co-ordinators, volunteers, service providers, agencies and not-for-profits that provide support services.
- Researchers: to conduct research studies to the causes of cancer, as well as diagnosis, treatment and cures.
- Third parties for marketing purposes: we may provide your contact details to other like-minded organisations to contact you with information that may be of interest to you. From time to time, we participate in data collectives where we share your personal information (other than sensitive information) with other organisations.
- Contractors and service providers: who perform services on our behalf, such as mailing houses, printers, information technology services providers (including offshore cloud computing service providers), database contractors and telemarketing agencies.
- Cancer Council Australia and state and territory Cancer Councils: that are members of Cancer Council Australia
Wherever practicable, we will provide you with a collection notice which explains the circumstances in which we might disclose your personal information.
Where is your personal information stored?
Your personal information will be stored on a password protected electronic database, which may be a Sosmai.com database, a database maintained by a cloud hosting service provider or other third party database storage or server provider. Backups of electronic information are written to tapes which are stored with a third party provider of secure archiving services. Data stored on archived tapes will not be altered or destroyed except in extraordinary circumstances.
Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. It may be stored for a time with a third party for specific purposes, for example at a mailing house or for data entry. Any personal information not actively being used is archived, usually for 7 years, with a third party provider of secure archiving services.
Where personal information is stored with a third party, we have arrangements which require those third parties to maintain the security of the information. We take reasonable steps to protect the privacy and security of that information, but we are not liable for any unauthorised access or use of that information.
Your personal information will stay on the database indefinitely until you advise you would like it removed, unless we de-identify it or destroy it earlier in accordance with privacy law requirements.
Due to the complexity of Cancer Council’s operations, your personal information may be stored simultaneously in more than one database or location.
We comply with the Payment Card Industry standards when handling payment card transactions. This means that we handle payment card information extremely securely while transactions are made, and do not retain payment card details afterwards.
Your direct debit or credit cards
We use Secure Socket Layer (SSL) certificates which is the industry standard for encrypting your credit card and debit card numbers, your name and address so that it cannot be viewed by any third party over the internet. Your financial information is encrypted on our servers and access to this information is restricted to authorised Sosmai.com staff only.
Access to your personal information
Sosmai.com will, upon your request, and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, we request that you identify, as clearly as possible, the type/s of information requested. We will deal with your request to provide access to your personal information within 30 days and you agree we may charge you our reasonable costs incurred in supplying you with access to this information.
Your rights to access personal information are not absolute and in certain circumstances, privacy laws dictate that we are not required to grant access such as:
- access would pose a serious threat to the life, safety or health of any individual or to public health or public safety
- access would have an unreasonable impact on the privacy of other individuals
- the request is frivolous or vexatious
- denying access is required or authorised by a law or a court or tribunal order
- access would be unlawful, or
- access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.
Participants in research studies should note that access to personal information such as DNA sequences is not generally granted. This is notified to participants where applicable, at the time of committing to the research study.
Updating your personal information
You may ask us to update or delete the personal information we hold about you at any time. We will take reasonable steps to verify your identity before granting access or making any corrections to or deletion of your information. We also have obligations to take reasonable steps to correct personal information we hold when we are satisfied that it is inaccurate, out- of-date, incomplete, irrelevant or misleading for the purpose for which it is held.
If you require access to, or wish to update your personal information, please contact us at Sosmai.com, Donor & Supporter Services Unit, PO Box 572, Kings Cross NSW 1349, 1300 780 113, firstname.lastname@example.org.