Privacy policy

Sydney Children's Hospitals Foundation Limited (ACN 003 073 185) (the Foundation) values your privacy. 

This privacy policy sets out the Foundation's practices in relation to the collection use, storage and disclosure of personal information. The Foundation is bound by the Privacy Act 1988 (Cth) (the Privacy Act) as well as other applicable laws protecting privacy, including State and Territory health information legislation (Australian Privacy Laws).

The Foundation may modify or update this privacy policy from time to time by publishing a modified or updated version of it on its website. The Foundation encourages individuals to check the Foundation's website periodically to ensure that they are aware of the Foundation's current privacy policy.

By providing personal information to us, you consent to our collection, use and disclosure of that personal information on the terms of this privacy policy and any other contractual or other arrangements that apply between us (if any).

What personal information do we collect and why?

The Foundation collects personal information from donors, supporters, volunteers, patients and other contacts that is necessary for it to perform its functions. The types of personal information the Foundation collects, and the purposes of collecting that information, include:

  • Donors: When you make a donation, including via this website, in person, over the phone, by direct deposit, via email, by post, or through our fundraising personnel or volunteers as part of any of our fundraising events or activities or at our offices, the Foundation collects and stores in our database your name, phone number, address, email address, date of birth, payment and billing details (including credit card details if relevant), and other contact information. With your consent, this information may include health or other sensitive information, for example we may ask you if you or your family members have been treated at the Sydney Children's Hospital previously. We will use this information to process your donation, complete your tax receipt, send you further information about the Foundation for promotional purposes.
  • Supporters and volunteers: The Foundation may also collect its supporters' and volunteers' names, phone numbers, addresses, email addresses, and other contact information, records of communication between them and the Foundation and other personal information about our current and potential supporters and volunteers so that we can encourage, record and acknowledge their support and communicate with them about the Foundation and our activities.
  • Patients: The Foundation may receive or request details about individual patients, such as their name, age and with the patient’s consent, their medical condition, medical treatment, and medical history, for media purposes, and may communicate directly with patients and their families for this purpose. All patient information received and collected by the Foundation will be treated in the strictest confidence, and will not be made public or distributed to the media without prior patient consent.
  • Distributing publications: We collect contact details (which may include name, phone number, address, email address, and other contact information) when individuals contact or interact with us in order to distribute newsletters and other communications in print and electronic form from time to time. Recipients may choose to have their contact details removed from our distribution lists by contacting our Privacy Officer using the contact details at the end of this privacy policy.
  • Conducting events: We collect contact details, donation history and other personal information, including photographs and videos, about patients and their family members, donors, volunteers and other supporters who wish to join or participate in our events, programmes we conduct and our publications. This information is used to administer these events, promote and seek support for such events, share individuals' stories with the community and for the activities of the Foundation. With the consent of the relevant person, this information may include health or other sensitive information.
  • Assisting with your queries: You may choose to provide us with your name or other contact details when you call us by phone or write to us so that we can respond to your requests, for our newsletter or for other information about the Foundation's services or operations.
  • Conducting our general business activities: The Foundation collects personal information about individuals who are, or are employed by, our suppliers (including service and content providers), contractors and agents for our general business operations.
  • Applying for a position (as a volunteer or employee) with the Foundation: We may collect your personal information, including name and contact details, information about your working history and relevant records checks (including criminal and working with children checks) when you apply for a position with us, in order for us to assess your suitability for that or other positions. With your consent, this information may include information or an opinion about your criminal record or other sensitive information.
  • Credit Card Data: Any credit card transactions information processed via our database is not stored by the Foundation, but rather with a contracted cloud based third party storage provider. Credit card transaction data for recurring donations is stored tokenised in a secure payment gateway that is PCI compliant. Any manual forms returned to the Foundation with credit card details on them are masked and stored securely.

Generally, we collect information directly from the relevant individual. Sometimes, we may need to collect information about an individual from third parties including parents, carers, guardians or other third party information sources. We will do this if the individual has consented for us to collect the information in this way, or where it is not reasonable or practical for us to collect this information directly from the individual.

Provision of your personal details is the most effective method for the Foundation to communicate with you, and to assist in the efficient delivery of services. While we previously collected personal information from other charities to communicate with their donors and to assist us to raise awareness regarding our fundraising activities, we no longer do so.

How do we use and disclose personal information?

We use and disclose personal information we collect to:

  • process donations and communicate with our donors and supporters, including sending them information (which may be by phone, post, email or other electronic means directly from us or a third party mailing house);
  • communicate with donors and supporters, patients and their family members, employees and volunteers (including responding to queries and complaints) and to distribute our publications, conduct fundraising events, appeal for further donations and support and raise awareness about our fundraising activities and our mission; and
  • conduct our general business activities, including interacting with contractors and service providers, billing and administration including measuring and assessing the level of support we receive and the effectiveness of our fundraising activities and assessing applicants for positions with us.

The disclosures referred to above may include disclosure to our third parties such as our contractors, service providers, partners, employees and volunteers only to the extent necessary for them to perform their duties to us. We use a range of suppliers, service providers, contractors and partners to enable us to perform the activities and functions of the Foundation.  They include information technology service providers, direct marketing agencies, banks, credit card companies and recruitment agencies.

Such disclosure may include disclosure to contractors and services providers located outside of Australia, including in the United States of America, Japan, China, Hong Kong, the United Kingdom and Canada. The privacy laws of these countries may not provide the same level of protection as the Australian Privacy Laws.

We take all reasonable steps to ensure that overseas recipients of personal information handle the information in accordance with the Privacy Act and the Australian Privacy Principles contained therein. Further to this, we generally require contractors and service providers to sign our Supplier Privacy Agreements prior to commencing any work to ensure that they comply with our security guidelines and the Australian Privacy Laws.

We may also disclose the personal information of patients to their family members or guardian, for the purpose of discussing stories about their experience with the Sydney Children's Hospital which the patients have agreed to share via our publications or for other fundraising activities. We may, with your permission, also send the patient stories to third parties to help promote their fundraising efforts for the Foundation and refer to patient stories in our publications, including on our website. Any personal information disclosed via our website may include disclosure to recipients who access our website in countries outside Australia.

Who may act on a patient’s behalf?

The following responsible persons may, depending on the circumstances of a patient, be treated as being able to act on a patient's behalf for the purposes of this privacy policy and the collection, use and disclosure of personal information:

  • a guardian, parent, carer or other person responsible for the care of the patient;
  • someone with a general power of attorney or a power of attorney which includes health-related power;
  • a person recognised under a law as responsible for any aspect of the care or welfare of the patient which is relevant to something the Foundation does or intends to do; and
  • a person nominated in writing by the patient while the patient is capable of giving consent.

How secure is your personal information?

Your personal information is stored with a third party storage provider. We regard the security of your personal information as a priority and implement a number of physical and electronic measures to protect it, including the use of passwords and firewalls. We remind you, however, that the internet is not a secure environment and although all care is taken, we cannot guarantee the security of information you provide to us via electronic means.


The Foundation's website may use cookies to collect statistics on visitor traffic. No personal information is collected, rather the patterns of usage of visitors to the website may be tracked for the purposes of providing improved service and content based on aggregate or statistical review of user site traffic patterns. 

The Foundation’s website may also use Google Analytics features which allow us to tailor our marketing to better suit your needs. 

If you prefer not to allow this, you may be able to adjust your browser to turn off the use of “cookies” or notify you when they are being used. However, if you disable cookies, you may not be able to access certain areas or take advantage of certain features of the Foundation’s website. If you choose to not have your browser accept cookies from the Foundation’s website, you will need to re-enter your personal information each time that you attempt to access information. You can also opt out of programs like Google Analytics if you wish:

Accessing and correcting your personal information

Generally, you have the right to access the personal information we have about you. The Foundation will handle requests for access to personal information in accordance with Australian Privacy Laws. To request access to your personal information, please contact our Privacy Officer using the contact details at the end of this privacy policy.

When you request access, we may need to take measures to verify your identity. If you would like a copy of the personal information that we have about you, in order to verify your identity, please send the request to our Privacy Officer in writing, by mail or fax to the address or fax number set out at the end of this privacy policy. In some cases, we may need time to consider and respond to your request for access. If we need time to consider your request, we will acknowledge your request within 14 days and respond within 30 days after your request is made.

Depending on the information you want to access, where it is stored and the time it will take us to respond to your request for access, we may charge you a fee for the administrative cost of providing the information to you. This charge will not be excessive. If for any reason we refuse to give you access to your personal information, or do not give you access in the manner in which you have requested, we will provide you with a written notice giving you the reasons for our refusal (unless it would be unreasonable for us to do so).

If you believe that your personal information held by us is inaccurate, incomplete or out of date, you may contact our Privacy Officer using the contact details at the end of this privacy policy to request that we correct that information. In most cases, we will amend any inaccurate, incomplete or out of date information. If we are not able to correct your personal information in the way requested by you, we will notify you of our reasons for refusing your request (unless it would be unreasonable for us to do so) and let you know how you may make a complaint about our decision, should you wish to do so.

Making a complaint

You may make a complaint about our handling of your personal information, including if you think we have breached the Privacy Act, by contacting our Privacy Officer in writing, by mail, email or fax to the address or fax number set out at the end of this privacy policy. We will generally acknowledge your request within 14 days and respond within 30 days after your request is made or let you know what the next steps are for resolving your complaint. If we are not able to resolve your complaint, you may wish to contact the Office of the Australian Information Commissioner at the details set out below, who will be able to provide you with information about your other options.

Making contact with us

If you would like to access your personal information held by us or wish to make a complaint about the way we have collected, used, held or disclosed your personal information, please contact our Privacy Officer:

Phone: (02) 9382 1188
Mail: Privacy Officer, Sydney Children's Hospitals Foundation, Locked Bag 2005, Randwick NSW 2031
Fax: (02) 9314 6195

If you want to obtain additional information about your privacy rights and how you can enforce them, please contact the Office of the Australian Information Commissioner.