Link to our Whistleblower Policy
Link to our AEC Terms of Reference
Our privacy commitment
What is personal information?
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
The types of personal information we collect may include your name, date of birth, gender, contact information and credit/debit card information.
Whose personal information do we collect?
We collect personal information from people who are connected to our operations and activities – including employees, donors and volunteers
How do we collect your personal information?
Where possible, we will collect your personal information directly from you. This may be in person (for example, when you attend an event), on the telephone (for example, if you are contacted by our telemarketers), or online (for example, if you donate or you sign up for an event online).
Why do we collect your personal information?
We may collect your personal information for a number of purposes, including:
- Marketing: to communicate with you about donations, campaigns, causes and events
- Volunteering and other support: to enable you to assist us with volunteering, community fundraising, advocacy and other activities where we seek the community’s assistance
- Other issues: communicating with you in relation to our operations, activities and objectives, to verify your identity and to comply with relevant laws.
Where we collect your personal information for a specific purpose not outlined above, we will provide you with a collection notice which explains the primary purpose and any related secondary purposes for which we are collecting your personal information.
What happens if you don’t provide all this information?
If you do not provide some or all of the personal information requested, we may not be able to offer you a receipt for a donation or provide you with information about our causes, events, programs and projects.
Using a pseudonym or engaging with us anonymously
Where practicable, you will be given the opportunity to engage with us on an anonymous basis, or using a pseudonym.
Website usage information and cookies
A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
Opting out of direct marketing communications
Where we use your personal information to send you marketing and promotional information by post, email or telephone, we will provide you with an opportunity to opt-out of receiving such information. By electing not to opt-out, we will assume we have your implied consent to receive similar information and communications in the future. We will always ensure that our opt-out notices are clear, conspicuous and easy to take up.
If you do not wish to receive direct marketing communications from us, please contact us at Harry Perkins Institute of Medical Research, PO Box 7214, Shenton Park, WA, 6008 or call us on 08 6151 0708 or email us at [email protected].
To whom does the Harry Perkins Institute of Medical Research disclose your personal information?
We do not share your information with any other organisation.
Where is your personal information stored?
We take all reasonable steps to protect all of the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Your personal information will be stored on a password protected electronic database, which may be on our secure servers, a database maintained by a cloud hosting service provider or other third party database storage or server provider. Backups of electronic information are written to drives which are stored offsite in controlled facilities.
Hard copy information is stored in our offices, which are secured to prevent entry by unauthorised people. Only authorised staff has access to your personal information. We require our employees to respect the confidentiality of any personal information held by us and that they abide by our confidentiality policy and procedures.
Where personal information is stored with a third party, we have arrangements which require those third parties to maintain the security of the information. These organisations are also bound to adhere to the privacy requirements under the relevant legislation. We take all possible steps to protect the privacy and security of that information, but we are not liable for any unauthorised access or use of that information. Your personal information will stay on the database indefinitely until you advise you would like it removed, unless we de-identify it or destroy it earlier in accordance with privacy law requirements.
Your direct debit or credit cards
Handling and storage of this information is subject to compliance requirements with Payment Card Industry Data Security Standards (PCI-DSS) as well as the Australian Privacy Principles. We use Secure Socket Layer (SSL) certificates which is the industry standard for encrypting your credit card and debit card numbers, your name and address so that it cannot be viewed by any third party over the internet. Your financial information is encrypted on our servers and access to this information is restricted to our authorised staff only. The company we use is Tier 1 PCI compliant and all information is stored only in Australia. No information is sent overseas.
Access to your personal information
We will, upon your request, and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, we request that you identify, as clearly as possible, the type(s) of information requested. We will deal with your request to provide access to your personal information within 30 days . Your rights to access personal information are not absolute and privacy laws dictate that we are not required to grant access in certain circumstances such as where:
- access would pose a serious threat to the life, safety or health of any individual or to public health or public safety
- access would have an unreasonable impact on the privacy of other individuals
- the request is frivolous or vexatious
- denying access is required or authorised by a law or a court or tribunal order
- access would be unlawful, or
- access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.
If we refuse to grant you access to your personal information, we will provide you with reasons for that decision (unless it is unreasonable to do so) and the avenues available for you to complain about the refusal.
Updating your personal information
You may ask us to update, correct or delete the personal information we hold about you at any time. We will take reasonable steps to verify your identity before granting access or making any corrections to or deletion of your information. We also have obligations to take reasonable steps to correct personal information we hold when we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading for the purpose for which it is held. If you require access to, or wish to update your personal information, please contact us at Harry Perkins Institute of Medical Research, PO Box 7214, Shenton Park, WA, 6008 or call us on 08 6151 0708.
Last updated: 5 March 2020