Wishlist (Sunshine Coast Health Foundation) PRIVACY POLICY Protecting Your Privacy
The Sunshine Coast Health Foundation (known as Wishlist) is committed to providing you the highest levels of service. Protecting your privacy is important to us. Wishlist is a Queensland state statutory body and as such must comply with the Information Privacy Principles (IPPs) contained in the Information Privacy Act 2009.
Wishlist collects, stores and uses
Wishlist only collects personal information that is necessary for it to carry on its functions and activities, including matters relating to or connected with:
- past, present or potential donations to Wishlist;
- Wishlist use a secure payment portal called Stripe for all payment processing. No credit card data is stored on any Wishlist server or site.
- fundraising for Wishlist generally or events supported or sponsored by Wishlist; past, present or future patients of the Sunshine Coast Hospital and Health Service (SCHHS);
- Wishlist’s activities as a promoter of medical research;
- Wishlist’s functions, events or promotions generally; or
- any other matters reasonably necessary to its function as a charitable organisation.
Personal Information about supporters, volunteers, donors
The purpose of these records is to enable Wishlist to create a healthier Sunshine Coast community with access to the best possible medical services, equipment, research and advice through donations, sponsorships, and general support.
Content may include:
- name, address and previous addresses
- telephone or mobile number and email address
- date of birth
- support given
- credit card payments/details
- research from public documents
- contacts made
- information that is required to be collected for the purpose of Wishlist’s accountability to Government audits.
If you are a research grant applicant, we may also collect information about your career and education.
All Wishlist staff members have access to this information. Wishlist employees are responsible for managing personal information in compliance with the IP Act and the privacy plan. There are strict security procedures in place for the management of information held in the office, and all employees are required to sign an employment contract, which includes a confidentially clause, before gaining access to any information. Employees are given access only to information which is relevant to their duties.
Your personal information may be used to:
- thank you for your support
- market Wishlist activities
- keep you informed of how community support makes a difference, locally
- inform you of our upcoming events and appeals
This information is obtained:
- directly from you, when you provide us with information by phone, mail, web or email or in person.
- when you make an online donation or register for an event or as a volunteer you are automatically added to our database and mailing list.
- from third parties such as friends who have referred you to us.
- from publicly available sources such as the telephone directory or newspaper etc.
Anonymous giving
When we receive anonymous donations we are not able to issue tax receipts. We do not publically name our donors without permission, so you can be assured of public anonymity if you require it.
Opting out
You have the option at any time to opt out or unsubscribe from Wishlist mailing lists. If you do not wish to receive letters from us, but are a donor, you can ask to be marked as ‘no mail’ in our database.
Employee Personal Information
Wishlist holds personal information including banking and taxation details for employees. Employee payroll is managed in-house.
The purpose of employee records is to maintain recruitment and employment history, and payroll and administrative information relating to all permanent, contract and temporary employees of Wishlist. Content may include all matters relating to individual employment, including medical records, disciplinary and/or grievance documentation.
The following staff members have access to this information: CEO and Financial Controller.
Nambour Hospital Staff Parking Records and Complaints
The purpose of these records is to provide a parking service for Health Service staff/customers who have chosen to utilise the parking services of Wishlist at Nambour General Hospital. Content may include all matters relating to billing (including payroll numbers for those utilising payroll deduction schemes), over or under-payment, vehicle identification and contact information, correspondence relating to complaints/accident details.
The following staff members have access to this information: CEO, Financial Controller and the Administration Officers. In addition, the Wishlist accountant and auditor have access.
By agreement with the Sunshine Coast Hospital and Health Service the waiting list of staff seeking access to parking at Nambour Hospital is posted on the SCHHS intranet site and updated regularly.
Personal Information about Vendors
The purpose of these records is to allow normal business processes to take place eg. name, address for payment, contact information, bank account details to allow for electronic payment of accounts, and Australian Business Number.
The following staff members have access to this information: CEO, Financial Controller and Administration Officer. In addition, the Wishlist’s accountant and auditor have access.
Personal Information of Members of Wishlist Board of Directors
The purpose of these records is to allow Wishlist to meet the governing requirements of the Hospitals Foundation Act. Content may include contact information, previous employment history, personal interests, correspondence from the Minister for Health and Director General of the Health Department, and other personal information needed for Wishlist to hold bank accounts, investments, and trade accounts.
The following staff members have access to this information: Foundation Chairman, Wishlist CEO.
Disclosure of personal information
For the purpose outlined above we may disclose your personal information to organisations outside Wishlist. These organisations to which information is disclosed include:
- Your representatives (eg your authorised representatives or legal advisors) only upon your written authorisation.
- Our professional advisers, including our accountants, auditors and lawyers.
- Government and regulatory authorities and other organisations, as required or authorised by law.
- An appeal mailing house.
- Telemarketing company (for the purpose of updating our database records).
Forms and guidelines used by Wishlist that solicit personal information will specify the purpose for which the information is being collected; and to whom the information will be shared. (IPP 2 notice)
Future contracts, licenses and outsourcing arrangements that utilise personal information of Wishlist, if any, will contain the necessary provisions in order to comply with the IPPs.
Personal Information Quality
The goal of Wishlist is to ensure that the personal information it holds is accurate, complete and up-to-date. Please contact Wishlist if any of the details provided have changed.
Procedure to Gain Access to Personal Information
Access to your personal information is upon request to the Freedom of Information Officer of Wishlist who is the Wishlist CEO (07) 5202 1777 or info@wishlist.org.au
Review Procedure
If an individual believes that their personal information has not been dealt with in accordance with an IPP they may make a complaint to Wishlist seeking an internal review. A request for an internal review must be made in writing and must be made within six months from the date when the breach was suspected to have occurred. Requests should be forwarded to CEO of Wishlist on (07) 5202 1777 or info@wishlist.org.au
Requests for review will be acknowledged in writing within 14 days from the date on which the application was received, and Wishlist will process the request within 60 days from the date on which the application was received. Applicants will be advised in writing of Wishlist’s decision.
If you subsequently remain dissatisfied with Wishlist’s response to your complaint you may lodge your complaint with the Office of the Information Commissioner at the following address:
The Manager, Corporate and Executive Services
Office of the Information Commissioner
PO Box 10143
Adelaide Street
Brisbane Qld 4000
Personal Information Security
Wishlist is committed to keeping secure the personal information you provide to us. Wishlist takes all reasonable precautions to protect the personal information it holds from misuse, loss, modification, disclosure, or from unauthorised access.
Contact Us about Privacy Practices
If you have any further questions or would like further information about Wishlist’s privacy policy and information handling practices, please contact:
CEO
Wishlist
PO Box 5340
SCMC QLD 4560
Phone: (07) 5202 1777
Fax: (07) 5202 0422
Email: info@wishlist.org.au
Attachment I – Privacy Policy and Security Statement for Wishlist Website
Wishlist is committed to protecting your privacy. We understand and appreciate that visitors and users of Wishlist’s website are concerned about their privacy and the confidentiality and security of any information provided to us.
The Queensland Government has established a privacy regime for the Queensland public sector based on 11 Information Privacy Principles. These are contained in an Information Standard that we are required to adhere to. A copy of this standard can be accessed at http://www.iie.qld.gov.au
This is NOT a cookie-free site. When you look at this web site, our Internet Service Provider makes a record of your visit and logs the following information for statistical purposes only – the user’s server address, the user’s top level domain name (for example .com, .gov, .au, etc) the date and time of visit to the site, the pages accessed and documents downloaded, the previous site visited, and the type of browser used. No attempt is or will be made to identify users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect activity logs.
Our Internet Service Provider for system trouble shooting and maintenance purposes may monitor e-mail messages.
Right of access and correction is limited to existing rights under the Right to Information Act 2009 (QLD) and Information Privacy Act 2009. If one wishes to obtain access to records under the Right to Information Act 2009 or Information Privacy Act 2009, they should apply to Wishlist’s CEO on (07) 5202 1777 or info@wishlist.org.au.
If you have any queries about our privacy policy and security practices, please contact CEO on (07) 5202 1777.
Join Our Daisy Chain
Keep up to date with our latest funding news, patient stories or upcoming events.