Login
Login

Privacy Policy

General 

Royal Flying Doctor Service of Australia ABN 74 438 059 643 and its related bodies corporate and affiliated organisations, including [but not limited to]: 

  1. Royal Flying Doctor Service (Queensland Section) ABN 80 009 663 478;
  2. Royal Flying Doctor Service (SA/NT) ABN 81 108 409 735
  3. Royal Flying Doctor Service (South Eastern Section) ABN 86 000 032 422; 
  4. Royal Flying Doctor Service (Victoria) ABN 71 004 196 230; 
  5. Royal Flying Doctor Service (Western Operations) ABN 29 067 077 696; and 
  6. Royal Flying Doctor Service (Tasmania) ABN 93 785 910 050, 

(collectively referred to in this document as RFDS, we, us or our) recognises that your privacy is very important and we are committed to protecting the personal information we collect from you.  The Privacy Act 1988 (Cth) (Privacy Act), and the Australian Privacy Principles (APPs) govern the way in which we must manage your personal information and this policy sets out how we collect, use, disclose and otherwise manage personal information about you. 

The RFDS provides emergency and aeromedicine, primary health, mental health, dental services and medical chests to our patients. As a not-for-profit organisation, we also manage employee records, communicate with our stakeholders, conduct publicity campaigns with media and online, fundraise, handle feedback, and report to our funders. The RFDS collects personal information from our patients, their carers, representatives, family and friends, medical chest custodians, employees and volunteers including those applying to work with us, our supporters (donors), and others. 

We take all reasonable efforts to safeguard all personal information. 

In general, we: 

  1. ensure fair, open and transparent management of information; 
  2. collect information lawfully and through fair means; 
  3. collect, use and disclose only the information we need for its intended purpose or to comply with the law; 
  4. take reasonable steps to ensure accuracy of information; 
  5. collect information about a patient from them directly (although we may also need to collect from a representative, referee or other agency like a hospital or medical service, if the patient is unable to give us the information, or has given consent for someone else to do this for them); 
  6. regulate access and correction;  
  7. ensure appropriate storage and security;  
  8. destroy or de-identify information not needed for the intended purpose as soon as we can; 
  9. ensure all of our staff are aware of privacy expectations; and 
  10. acknowledge that people with vision or hearing impairments, and culturally and linguistically diverse people, may require special consideration. 

Collection 

Types of information collected 

We may collect and hold personal information about you, that is, information that can identify you, and is relevant to providing you with the goods and services you are seeking, and to our functions and activities. 

The kinds of information we typically collect depends on our relationship with you, but may include name, gender, date of birth, address, phone number, email address, bank account details, and other information relevant to providing you with goods and services or reasonably necessary for one or more of our functions or activities. 

Depending on our relationship with you, we may also typically collect: 

  1. If you are a patient: health information about you (as that term is defined in the Privacy Act), as well as the name, contact details and address of your emergency contact/s. 
  2. If you are an employee or preferred applicant: personal and emergency contact information, referee details and opinion, medical details, tax file number, proof of identity, superannuation details, criminal history, citizenship or residency status, employment and education history and training details. 
  3. If you are a candidate seeking employment with us: employment history, references, résumé and qualifications. 
  4. If you are a contractor or supplier: your personal and business contact details, name and type of business, ABN and payment details. 
  5. If you are a supporter or donor: contact and financial information (such as credit card) when a donation is made. 
  6. If you attend an RFDS event or base: you may be filmed or photographed (including for official event documentation and for security CCTV purposes in external and public access areas) 

We may also collect and hold sensitive information about you, including information about your health, medical details.   

We only collect sensitive information about you if you consent to the collection of the information and if it is reasonably necessary for the performance of our functions and activities (such as the provision of a health service, as that term is defined in the Privacy Act) unless required or authorised by law.  Consent may be implied by the circumstances existing at the time of collection.  There may also be circumstances where we may collect sensitive information without your consent, as required or authorised by law (including where an exception applies under the APPs). 

Method of collection 

We collect information in different ways, including: 

  • Paper or digital forms (such as our employment forms),  
  • Electronically in approved RFDS systems as well as over the internet (including where you participate in an online survey),  
  • via email or  
  • through other digital channels including but not limited to the Oceans to Outback App, social media or other mobile applications, through a telephone conversation with you or via a face to face interaction.   

Personal information will generally always be collected directly from you.  There may, however, be some instances where personal information about you will be collected indirectly because it is unreasonable or impractical to collect personal information directly from you.  We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.  By way of example, if you are a patient we generally collect information from you directly (although we may also need to collect from a representative, referee or other agency like a hospital or medical service, if you are unable to give us the information, or you have given consent for someone else to do this for you). 

Purpose of collection 

The personal information that we collect and hold about you, depends on your interaction with us.  Generally, we will collect, use and hold your personal information if it is reasonably necessary for or directly related to the performance of our functions and activities and for the purposes of: 

  1. providing health care services (where you are a patient); 
  2. responding to your enquiries; 
  3. providing you with promotional material and other information about other events, campaigns, goods and services that we and other organisations that we have affiliations with, offer that may be of interest to you; and 
  4. facilitating our internal business operations, including: 
    1. establishing our relationship with you; 
    2. maintaining and managing our relationship with you and communicating with you in the ordinary course of that relationship (including responding to feedback or complaints); 
    3. the fulfilment of any legal requirements; and 
    4. analysing our business operations, services and customer needs with a view to developing new or improved business operations or services. 

Except as otherwise permitted by law, we only collect sensitive information about you if you consent to the collection of the information and if the information is reasonably necessary for the performance of our functions (including for the provision of health services), as set out above. 

Failure to provide information 

If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you with the goods, services or information you, are seeking.  If you are a supporter or a donor and you choose not to provide your name or contact details, we will not be able to provide you with a tax invoice or share details about upcoming events, campaigns and opportunities. 

Internet users 

If you access an RFDS website or app, we may collect additional personal information about you in the form of your IP address and domain name.   

Links to external sites 

Our website may contain links to other websites.  We cannot control, and are not responsible for the content or privacy practices of linked websites and linked websites are not subject to our privacy policies. 

Social networking services 

We use social networking services such as X (formerly Twitter), Facebook, Instagram, LinkedIn, TikTok and YouTube to communicate with the public about our work.  When you communicate with us using these services, we may collect your personal information (including your name, handle/username and contact information) but we will only use it to help us to communicate with you and the public.  The social networking service will also handle your personal information for its own purposes in accordance with their own privacy policies and practices.  We are not responsible for the privacy practices of social networking sites and social networking sites are not subject to our privacy policies and procedures. 

Cookies 

Our website uses cookies to track site visits and improve user experience.  The main purpose of cookies is to identify users and to prepare customised web pages for them.  Cookies do not identify you personally, but they may link back to a database record about you.  We use cookies to monitor usage of our website and to create a personal record of when you visit our website and what pages you view so that we may serve you more effectively. 

Our online credit card processor may also use cookies for identification and anti-fraud purposes. Cookies can be disabled but some site functions may become unavailable.  Social media providers, including Facebook and Twitter, set cookies through our website which may enhance your profile on their website or contribute to the data they hold. We encourage you to read their privacy policies. 

Google Analytics 

Our website uses Google Analytics, a web analytics service provided by Google, Inc. (Google).  Google Analytics uses cookies.  The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.  Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. 

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.  Google will not associate your IP address with any other data held by Google.  You may refuse the use of cookies by selecting the appropriate settings on your browser, but please note that if you do this you may not be able to use the full functionality of this website.  By using this website, you consent to the handling of data about you by Google in the manner and for the purposes set out above. 

Payment security 

We use third party credit card processors to facilitate credit card payments through our website and Point of Sale systems, including but not limited to Square, Stripe and Quest. Certain sections of our websites (eg: donation payments) are secured using SSL technology to encrypt data between your browser and the website. We make every possible effort to make donations and transactions within our website as secure and safe as possible.  However, there are inherent risks associated with the transmission of information over the internet including by email or by facsimile.  While all reasonable efforts are made to secure information transmitted to this website, there is always a possibility that the information you submit could be observed by a third party while in transit. By using our online system, you acknowledge that you do not hold us liable for any security breaches, viruses, or other malicious software that may infect your computer or any loss of data, revenue or otherwise that may occur. 

Email 

Email addresses provided via this website will only be used to respond to specific enquiries and will not be added to any mailing lists or disclosed to any other party without your prior consent, unless required or authorised by law. 

Use and disclosure 

Generally, we only use or disclose personal information about you for the purposes for which it was collected (as set out above), unless you consent to another use or disclosure, in an emergency or as otherwise required or authorised by law.  We may use and disclose personal information about you: 

  1. to our employees, volunteers, contractors and consultants (workers), our affiliated organisations (such as the RFDS Section/Operation in your state or territory), and other parties who require the information to assist us with facilitating our internal business processes, providing you with information and services, and with establishing, maintaining, managing, or ending our relationship with you (including payment processors, insurers, IT and technology service providers, and professional advisers such as lawyers, accountants and auditors) and these service providers may not be required to comply with our privacy policy; 
  2. to third parties to whom you have agreed we may disclose your information (for example, your emergency contacts) or where the information was collected from you (or from a third party on your behalf) for the purpose of passing it on to the third party; 
  3. If you are a patient: 
    1. for the primary purpose of providing a health service to you,  
    2. family members, guardians or legal representatives 
    3. to other health professionals or health service providers to assist in your care  
    4. where authorised or required by law (such as in connection with mandatory reporting of certain diseases, in the event of a permitted health situation as that term is defined in the Privacy Act, instances of abuse, under warrant or subpoena, or where reasonably necessary to prevent a serious or imminent threat to life, health safety or welfare of an individual or the broader public); 
    5. to our government funders;  
    6. for formal quality review processes in connection with our health care services;  
    7. we may also communicate with you after your service interaction for feedback on your experience to obtain testimonials or to see if you would like to stay up to date with our activities and services in your local area. Where possible, we will ask for your consent for this to occur; and 
    8. (in a de-identified form) for research, statistics and public health purposes. 
  4. If you are an employee: to the Australian Taxation Office, and your superannuation fund; 
  5. If you are a supporter or a donor:   
    1. We may share information with you about upcoming events and other fundraising campaigns (including by mail, email and SMS/MMS).  You can opt out of receiving these communications at any time by clicking ‘unsubscribe’ in these communications.   
    2. From time to time, we may contact our regular supporters directly to update or confirm their personal or credit card details.  When we do this, we provide you with sufficient information from our existing database (including, where appropriate, the last four digits of your credit card) for you to be satisfied that the caller is our representative. 
    3. We are guided by the Fundraising Institute of Australia Code of Conduct in connection with the use or disclosure of any personal information collected about supporters and donors; 
  6. If you attend an RFDS event or base: we may use photographs or other footage for promotional purposes in a variety of formats (including print, video and digital).  For footage of individuals, we will obtain your prior written consent before using your image for promotional purposes.  However, where you are photographed while in a crowd in a public place, you acknowledge that it would be impractical to seek specific consent from all people in a crowd, and we may use these images for promotional purposes; 
  7. If you have participated in a national RFDS campaign: to the RFDS Section/Operation in your state or territory, so that you can be kept informed about local RFDS activities, news and campaigns that are relevant to where you live.  You can opt out of receiving these communications at any time by clicking ‘unsubscribe’ in these communications; 
  8. If you have applied for an employment opportunity: we may use and hold your application details for a reasonable period of time in the event you may be suitable for similar opportunities that become available in the future.  We will destroy any application, and no longer consider it as part of the recruitment pool, on written request from you; and 
  9. to any other entity as otherwise permitted or required by law.
Sensitive information (including health information) is only used and disclosed for the purposes for which it was collected, unless your further consent is obtained or otherwise as permitted or required by law. 

We may anonymise or aggregate any of the information we collect and use it for any purpose detailed above, including for research and development purposes.  Such information will not identify you individually. 

Disclosure of personal information overseas 

  1. We are likely to disclose personal information about you overseas.  For instance, we are assisted by a variety of external service providers to operate our business, some of whom may be located overseas or may use infrastructure outside of Australia.  These third parties are too numerous to list, and they change from time to time.  Some examples of the types of third parties include technology service providers who may be located in the United States of America, such as Google Analytics, Campaign Monitor, Shopify, Stripe and Hubspot 

Security 

We store your personal information in different ways, including in paper and in electronic form.  The security of your personal information is important to us.  We take all reasonable measures to ensure that your personal information is stored safely to protect it from interference, misuse, loss, unauthorised access, modification or disclosure, including: 

  1. limiting access to documents containing personal information to staff that require such access in order to fulfil the primary purpose for which the personal information was collected; 
  2. deploying a range of electronic (hardware and software) and physical security measures; and 
  3. training staff on how to securely store and protect personal information,  
  4. retaining personal information for the relevant period of time to meet our legal, compliance and policy requirements,  
  5. Disposing of information in a secure manner, 
  6. keeping all paper patient records in secure storage, with sealed copies handed directly to transfer or hospital staff as applicable. 

Access and correction 

You may access the personal information we hold about you, upon making a written request.  We will respond to your request within a reasonable period.  We may charge you a reasonable fee for processing your request (but not for making the request for access). 

We may decline a request for access to personal information if we are unable to confirm your identity or otherwise circumstances prescribed by the Privacy Act, and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.  Personal information will not be provided over the phone unless we are certain that the enquirer is the individual to whom the personal information relates, or their legal or nominated representative. 

If, upon receiving access to your personal information or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately.  We will take reasonable steps to correct the information so that it is accurate, complete and up to date. 

If we refuse to correct your personal information, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint. 

Deletion of personal information 

We are committed to ensuring your personal information is handled in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.  

You have the right to request the deletion of your personal information held by us when it is no longer needed for the purpose for which it was collected, or where we are no longer legally required to retain it.  

To request deletion of your personal information, please contact us using the details provided in the Contact Us section of this policy. We will take reasonable steps to delete your personal information from our records, unless we are required by law or a lawful purpose to retain it.  

Please note that in some cases, deletion may result in the loss of access to certain services or communications (e.g., donation receipts, newsletters, or event participation).  

Complaints and feedback 

If you wish to make a complaint about a breach of the Privacy Act or the APPs that applies to us, please contact us using the details below and we will take reasonable steps to investigate the complaint and respond to you. 

If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner.  To lodge a complaint, visit the ‘Complaints’ section of the Information Commissioner’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office. 

If you have any queries or concerns about our privacy policy or the way we handle your personal information, please contact our privacy officer at: 

Postal address: PO Box 4350, Kingston ACT 2604 

Email address: enquiries@rfds.org.au 

Telephone: 02 6269 5500 

Website: https://www.flyingdoctor.org.au/ 

For more information about privacy in general, you can visit the Office of the Information Commissioner’s website at www.oaic.gov.au.