The Child Cancer Foundation (the Foundation, we, our or us) recognises the importance of protecting every individual’s privacy and is fully committed to complying with its obligations under applicable privacy law, primarily the Privacy Act 2020, the Health Information Privacy Code 2020 and the Health (Retention of Health Information) Regulations 1996.
This Privacy Statement sets out how we collect and use your personal information, which may include ‘health information’.
We may update this Privacy Statement from time to time, so we recommend you regularly review it to see what might have changed.
Information we collect
The types of personal information and/or health information we collect varies depending on our relationship with you.
For children being supported through one of the Foundation’s programmes:
We may collect personal information and/or health information about you such as:
- your name, contact details, date of birth, gender, and ethnic identity
- your spoken language and preference for an interpreter
- your emergency contact details
- information about your mental and physical health (including medical history)
- information about the support we have provided to you
- details about your family
For families of supported children, including Whānau Connect and Foundation members:
If you are a family member of a child we are supporting, a Whānau Connect member or Foundation member, we may collect personal information and/or health information about you such as:
- your name, contact details, date of birth, gender, and ethnic identity
- your spoken language and preference for an interpreter
- information about your mental health
If you are a family member of a supported child, we may also collect personal information and/or health information that you provide to us during or in connection with the provision of our support services.
For volunteers:
If you are a volunteer, we may collect personal information such as:
- your name, contact details, date of birth and demographic information
- your emergency contact details
- information about your volunteer role and commencement date
- information about your suitability to provide services for the Foundation, such as to ascertain whether there are any concerns with you providing support services to children
For donors and Foundation partners:
If you are a donor or a partner of the Foundation, we may collect personal information such as:
- your name, contact details, date of birth
- if applicable, your payment details
Cookies
We collect the following information through cookies:
- Google Analytics – allows for standard site stats to be collated
- Facebook Pixel
- Hotjar – records user interactions on the site via heat mapping and actual video of the sessions, but no personal information is stored/seen
- WooCommerce – to enable normal use of shopping cart, all standard ecommerce settings
How we collect your information
We collect personal information and/or health information directly from you wherever possible. However, we may also collect personal information and/or health information from other sources, including from third parties authorised by you and from health practitioners, your family and other representatives.
What happens if you don’t provide us with your information?
If we ask you for information and you decide not to supply it, we may not be able to provide some or all of our services or process receipts, applications or enquiries.
Use and retention of your information
Any information that we collect from you will only be used for the purpose for which it was collected. Generally, this will be one or more of the following:
- to provide you with our services
- to process any applications, requests or donations you make to us
- to communicate with you
- to inform you about upcoming events, including fundraising activities and volunteering opportunities (we will always comply with the Unsolicited Electronic Messages Act 2007 when doing so)
- to undertake research or statistical analysis
- to use your personal and/or health information for our own internal business purposes including record keeping, reporting and improving/enhancing our services, activities and systems
- to use it for any other purpose communicated to you at the time of collection or otherwise authorised by you
We note that where we use your information for data analysis, this may be shared publicly, but only on an anonymised, pseudonymised or de-identified basis so that you cannot be identified by the general public from the information shared.
We will keep your information for as long as we need it for these purposes or to meet legal requirements, including those in the Health (Retention of Health Information) Regulations 1996.
Disclosing your information
Subject to applicable laws and depending on our relationship with you, we may disclose your personal information and/or health information to:
- your family members, including parents, representatives or guardians
- carers, social support agencies, health professionals and providers, employees and contractors who are performing services for or with us
- other support groups and organisations such as CanTeen
- meet any applicable legal obligations
Your personal and/or health information will only be disclosed for the purposes for which it was collected or otherwise in accordance with laws that require or allow us to disclose it.
Accessing and correcting your information
You have the right to ask for a copy of any personal information and/or health information we hold about you and to ask for it to be corrected if you think it is wrong or needs to be updated.
If you would like to stop receiving communications from us, you can unsubscribe from electronic communications using unsubscribe functionality in the communication, or contact us directly.
If you’d like a copy of your information or to have it corrected or updated please contact us at:
0800 424 453
privacy.officer@childcancer.org.nz
Privacy Officer, PO Box 152, Shortland Street, Auckland 1140
Organisations who are listed on the Marketing Association’s Data Warranty Register have demonstrated that they:
- Collect personal information in a professional and responsible manner.
- Abide by the Privacy Act and follow Industry Best Practice.
- Have a designated Privacy Officer to care for customer data.
- Ensure that only authorised personnel can access personal data.
- Maintain all personal records in a password-protected system.
- Regularly train staff on Privacy procedures.
- Only transfer data via strict security links.
- Operate only under the terms of formal written contracts.
- Are required to undergo industry compliance checks