Privacy Policy

Policy statement

Lung Foundation Australia (LFA) is committed to protecting your privacy in accordance with the Australian Privacy Principles (APP) set out in the Australian Privacy Act 1988 (Cth).

This Privacy Policy outlines how we collect, use, disclose, and manage your personal information, and your rights in relation to it.

LFA aims to only collect personal or sensitive information it requires to carry out its functions and activities and to personalise information and services for you.

Collection of personal information

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable. 

Why do we collect your personal information?

We collect your Personal Information for many purposes in connection with our functions and activities, including the following:  

• to carry out our business, assess and manage the needs of persons and families, provide services, information, tools and resources, and evaluate and report on them.
• provide you with information about disease and lung cancer risk factors, such as tobacco, vaping, air pollution and occupational exposure, and to seek your support for campaigns.
• provide training, education and guidelines to support health professionals and facilitate research grants and partnerships.
• enable you to support our programs and services through donations, volunteering,
• community fundraising, advocacy and other activities.
• contact and communicate with you and enable you to receive information about our goods, services and programs, donations that you have made or have been made on your behalf.
• to enable you to access and use our website, associated applications and associated social media platforms.
• for analytics, market research and business development.
• for advertising and marketing, including to send you promotions and information that we consider may be of interest to you.
• for internal record keeping, donor records, administrative, invoicing, employment and recruitment and billing purposes.
• to comply with our legal obligations or if otherwise required or authorised by law.
• for other purposes explained at the time of collection or otherwise as set out in this Privacy Policy.

What personal information do we collect about you?

• Identity Data including your name, date of birth, age, profession, photographic identification, and gender. 
• Contact Data including your telephone number, address and email. 
• Financial Data your bank account and payment card details which are stored and only accessible through our third party payment processors or platforms. 
• Transaction Data including details about payments between LFA and yourself and other details of products and services you have purchased from us or we have purchased from you. 
• Interaction Data including information you provide to us through subscribing to our mailing lists, form completions, surveys, promotions, activities, events and use of our fundraising and other third party platforms.   This may include images and or/ audio visual recordings taken at events which identify you. 
• Professional data when enquiring, applying or registering for an employment, contract or volunteer opportunity including your work history. 
• Technical and Usage Data about your access and use of our websites, platforms, social media such as IP address and location used including through the use of web tracking tools and your communications with our sites. 

Sensitive information

Sensitive information is a type of personal information that is given additional protection under the Privacy Act. For LFA, this may include health information and, in limited circumstances, other sensitive information that you choose to provide to us or that is reasonably necessary for a service, program, advocacy activity, employment process or volunteer process.  

Depending on the nature of our interaction with you, this may include: 

• health and medical information such as patient medical condition and treatment history 
• information relating to your racial or ethnic origin
• biometric information 
• sexual orientation 
• political affiliations and/or trade union membership 
• criminal history  

Sensitive information may be collected when: 

• you contact or engage with our support services, and information is collected in order to provide tailored and pyou contact or engage with our support services, and information is collected in order to provide tailored and personalised information and services to you;
• a health professional makes a referral on your behalf to our support services;
• you provide information for certain advocacy and promotion initiatives which you agree to participate in, such as the provision of “personal stories” for our website
• you apply for employment, volunteer or contractor opportunities and the information is reasonably necessary for that process.

In certain circumstances, we collect de-identified health information to continuously monitor and improve the services that deliver patient related care and for other purposes.

You do not have to provide sensitive information to us. We will only collect sensitive information where it is reasonably necessary and directly related to our functions and activities.

Where we collect sensitive information, we will generally do so with your consent unless the Privacy Act permits or requires collection without consent (for example, where authorised by law or in limited situations relating to health or safety). Where practicable, we will let you know the relevant basis for collection at the time.

How we collect personal information

Direct collection

We collect personal information directly from you in various ways, including: 

• When you contact us via phone, email, online, mail or in person 
• When you complete forms such as registering for events, newsletters, responding to surveys and promotions. 
• When you use our website and other online platforms. 
• When you make a donation or purchase merchandise 
• When you participate in our events or programs

Indirect collection

We may collect personal information about you, including sensitive information, indirectly from publicly available sources or from third parties such as: 

• your authorised representative, such as your carer; 
• your health professional; or 
• other health service providers or researchers, where information sharing is permitted. 

Unsolicited personal information 

If we receive personal information that we did not request, we will determine whether we could have collected that information in accordance with the Privacy Act. If we determine the information could not have lawfully been collected and where it is lawful and reasonable to do so, we will destroy or de-identify the information as soon as practicable. 

Web tracking tools

Web tracking tools (such as cookie or web beacons) are used to collect data on user behaviour, interactions, or activity on websites for purposes such as personalisation, analytics, advertising and more. We may use them to identify you as a return user and enhance your experience on our websites or apps. Web tracking tools themselves do not tell us your personal information, however they allow third parties such as Google and Meta to display our advertisements on your social media and online media feeds.  

Most internet browsers accept web tracking tools by default, but you may be able to adjust your internet browser settings to refuse some or warn you before accepting them. If you reject these, some features on our websites or apps may be limited. If and when you provide your personal information on our website, it may be linked to the data in these tools. 

We also use IP addresses to analyse trends, administer our website and app, track traffic, and gather demographic information, as well as for credit fraud protection and risk reduction. 

Our websites and apps may use third party services and web technology tools including Google Analytics. We use these services to understand website and app traffic and usage. Google may share these tools with partners and third parties. For more information on Google’s use of these tools please see Google’s Privacy Policy

Links to other websites

Our website may contain links to other websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide or is collected via external websites. Those websites are not governed by this Privacy Policy.

Disclosure / sharing of your personal information 

LFA usually uses your personal and sensitive information for the purpose for which it was collected as set out earlier in the policy.

Other circumstances where your personal and/or sensitive information might be used or disclosed includes:

• To carry out business improvement, market research and reporting
• Contractors and service providers who perform services on our behalf, such as event co-ordinators, mailing houses, printers, payment processors, information technology services providers (including offshore cloud computing service providers), database contractors and telemarketing agencies
• Sponsors or organisers of any promotions or events we run
• Other third parties where you consent to the use or disclosure
• Where required or authorised by law.

Third party contractors and overseas disclosures

LFA may disclose personal information to contractors and service providers who assist us to carry out our functions and activities. This may include providers of database management, printing and mailing, payment processing, information technology, cloud hosting, website services and other administrative or operational services.

We take reasonable steps to ensure that these providers are subject to appropriate privacy, confidentiality and security obligations.

Some service providers may store or process personal information outside Australia, including through cloud-based systems or platforms. Where this occurs, we take reasonable steps to ensure that overseas recipients do not breach the Australian Privacy Principles in relation to your personal information, unless an exception under the Privacy Act applies.

Because technology providers may use infrastructure across multiple locations, it may not always be practicable to identify every country in which personal information is stored or processed.

Rights and choices

You have the right to access the personal information we hold about you and to request corrections if you believe it is inaccurate, incomplete, or out of date. 

Choice

Please read this Privacy Policy carefully. You do not have to provide personal information to us, however, if you do not, it may affect your use of this site, the products and/or services offered on or through it. 

Access requests

To request access to your personal information, please contact us using the details provided below. We will respond to your request within a reasonable period, usually within 30 days.  

Correction and Deletion Requests 

You may request that we correct or delete the personal information that we hold about you.   We will consider requests for deletion in accordance with applicable privacy laws. In some circumstances, we may need to retain certain information to comply with legal, regulatory, accounting, audit, safeguarding, funding or operational requirements. 

We will take reasonable steps to amend your information if it is inaccurate, out of date, incomplete, irrelevant, or misleading. 

Requesting Access, Correction or Deletion of Data 

If you would like to request access to, correction of or deletion of your personal information please email [email protected] citing your name and email address.  

Restriction/ Unsubscribe Request 

You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below or by using the opt-out provision in our communications. 

We will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practical.   

Reasonable steps to protect personal information 

We take reasonable steps to ensure your personal information is protected from misuse, interference, loss and unauthorised access, modification or disclosure. 

We may hold your information in either electronic or hard copy form. The safeguards we use depend on the nature of the information and the way it is held, and may include secure systems, access controls, authentication measures, staff training, confidentiality obligations, documented procedures, secure storage, and careful management of third party service providers. We may hold personal information in electronic systems and in hard copy records. We also take reasonable steps to protect personal information handled on our behalf by third party service providers 

When LFA no longer requires your personal information, we will take reasonable steps to destroy, delete or de-identify your personal information in a secure manner. Retention periods may vary depending on the type of information, the reason it was collected, and our legal, regulatory, funding, audit and operational requirements. 

Complaints

If you have any concerns or complaints about how we have handled your personal information, please contact us using the details provided below. We take all complaints seriously and will investigate and respond to your complaint within a reasonable timeframe, usually within 30 days. 

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) for further assistance. See http://www.oaic.gov.au/ 

Contact details

If you have any questions, concerns, or requests related to this Privacy Notice or your personal information, please contact us at: 

Lung Foundation Australia
Phone: (07) 3251 3600
Email: [email protected]

Changes to this privacy notice

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any changes will be posted on our website, and we encourage you to review this notice periodically.