CFC Global Pty Ltd (ABN 68 146 707 708) and its Related Corporate Entities trading as Addam Donor Bank.
If you have any concerns about the manner in which your personal information has been collected, used or disclosed by us, we have put in place an effective mechanism and procedure for you to contact us so that we can attempt to resolve the issue. We can be e-mailed within Australia at email@example.com or write to us at PO Box 3298, Newmarket, Qld 4051. International enquiries can contact us at firstname.lastname@example.org and our privacy officer will then attempt to resolve the issue.
We recommend that you keep this information for future reference.
1. What is personal information?
The Privacy Act 1988 (Cth) defines ‘personal information’ to mean information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable, from the information or opinion.
2. Sensitive Information
What is Sensitive Information?
(a) Sensitive information is a subset of personal information. It means information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.
(b) In general, we attempt to limit the collection of sensitive information we may collect from you but given the nature of the fertility and reproductive services that we offer this may not always possible and it is likely that we will be required to collect sensitive information from you in order for us to carry out the services provided to you. However, we do not collect sensitive information from you without your consent, nor do we collect sensitive information that is not required for the services we offer.
(c) The type of sensitive information we may collect from you or record about you is dependent on the services provided to you by Addam Donor Bank and will be limited to the purpose(s) for which it is collected. We have set out some of the instances in which we collect sensitive information from you in the table in Section 3. We do not use sensitive information to send you Direct Marketing Communications (as defined in Section 9 below) without your express consent.
The particular categories of sensitive information may be collected by us, and you consent and agree to the collection of such information:
(a) the criminal record of an individual;
(b) religion or religious beliefs;
(c) racial or ethnic information of an individual;
(d) the sexual orientation, practices or history of an individual; and
(e) the health or medical information of an individual, including but not limited to genetic information regarding an individual, but only to the extent that where you volunteer such information or if it is necessary for, or incidental to, the purposes of collection set out in Section 3.
You give us your informed consent that we may share the sensitive information we collect in accordance with this Section 2.2 with any entity listed in this Policy and any of our other Related Bodies Corporate (as defined by s9 of the Corporations Act 2001 (Cth)).
3. The kinds of information collected, used and disclosed by Addam Donor Bank
3.1 We will only use or disclose your personal information for the primary purposes for which it was collected or as consented by you. At or around the time we collect personal information from you, we will endeavour to provide you with a notice which details how we will use and disclose that specific information. We set out some common collection, use and disclosure instances in the table below.
|Purpose||Type of Information||Uses (Types of uses we will make of personal information)||Disclosures|
|Sales||Transaction Sales: Such as:|
- Delivery information.
- Billing and account details (including bank account details, direct debit, billing address, repayment information and invoice details).
- Payment card details.
|Services: the purchase of any goods or services from you or the provision of our services to you including the administration and management of our products and services, including charging, billing, credit card authorisation and verification, credit-worthiness, fraud and collecting debts, which shall include but is not limited to instructing a debt collecting services in the event you have not paid for our services, or as required or authorised by law.||The types of disclosures we will make of personal information collected for the type of purposes listed include, without limitation, to:
- Service providers (including IT service providers and consultants) who assist Addam Donor Bank in providing our products and services.
- Third party softwares including but not limited to online payment gateway and mobile applications.
- Our contractors and agents or other external companies who assist us in providing our products and services to you, including but not limited to any debt collection services and data storage providers.
- As required or authorised by law.
|Enquiries||- Contact information: Such as your name, address, email address, or phone numbers.|
- Identifying information: such as your date of birth.
- Mobile device information: such as device ID, manufacturer, model and OS version and IP address.
- Medical or health information: Information regarding your health (including but not limited to whether you smoke and consume alcohol), medical information or any related sensitive personal information that may be required in order for you to be provided the services we offer, including but not limited to the types of information outlined in section 2.1
- Customer Service: Which includes:
◦ Information collected in connection by our customer services department, including information you provide via any live chat facilities we offer through our website which are related to the services we provide to you
◦ Your opinions, statements and endorsements collected personally or via surveys and questionnaires, including but not limited to your views on the products and services offered by Addam Donor Bank.
|- Identity verification: if applicable, the verification of your identity and date of birth.|
- Live chat and third-party chat and messaging services: if applicable, answering your enquiry through our Live Chat functionality or a third-party chat and messaging service
- Services: the provision of our services to you including:
◦ The administration and management of our products and services.
◦ To provide customer service functions, including handling customer enquiries and complaints.
- Marketing: using your personal information for the purposes set out in ‘Marketing Services’ section of this table below (excluding in relation to any sensitive information you have provided to us, which we will not use for marketing purposes, unless you have provided your express consent as per Section 8).
- General administrative and security use:
◦ To protect Addam Donor Bank’s website and/or Addam App from security threats, fraud or other criminal activities.
◦ To facilitate the administration and management of a fertility and reproductive clinic and/or day hospital, including but not limited to the use of your personal information collected in accordance with paragraph 3.1
◦ In connection with the improvement of our services (including to contact you about those improvements and asking you to participate in surveys about our products and services) and the maintenance and development of our products and services, business systems and infrastructure.
◦ To provide customer services to clients and for quality assurance purposes.
◦ In relation to the sale, and matters in connection with a potential sale, of our business or company to a third party.
◦ Any other matters reasonably necessary to continue to provide our products and services to you.
|We may disclose your personal information to the parties listed in this table in the Disclosure column for ‘Sales’.|
|Marketing Services||Contact information: Such as your name, email address, current postal and residential addresses and phone numbers.||General marketing and consumer analytics: using your personal information:|
- To aggregate with other information (or provide to a third party to aggregate) and to then use it for marketing and consumer analytics.
- To offer you updates on products, events or information that may be of interest to you.
- For Marketing and promotional activities by us and our related bodies (including by direct mail, telemarketing and email), SMS and MMS messages and via social media platforms.
- For the Uses detailed in this table above in the ‘Enquiries’ section
- To help us create, develop, operate, deliver and improve our services, content and advertising.
- To send important notices, such as communications about changes to our operational hours, or changes to our terms, conditions, and policies.
|We may disclose your personal information to:
- Third parties connected with the marketing process who assist us in providing our products and services to you, including but not limited to online survey providers, email and marketing service providers and social media
- The parties listed in this table in the Disclosure column for ‘Sales’.
|Providing our medical services to you||- Contact information: Such as name, e-mail address, current postal and delivery address (if different to postal address), and phone numbers.|
- Employee record information: details relating to your employment (if applicable) or your previous employment.
- Identifying information: Such as your photo, passport, driver’s licence, Medicare number, private health fund, birth certificate and date of birth.
- General information: Such as details regarding your education, interests, personality traits, if you have tattoos, have lived overseas, information regarding the number of children you may have, a description of your physical features (and your parent’s and children’s physical features, if applicable), whether you may have been adopted, your use of injectable non-prescription drugs and any other information that may be required in order for you to be provided the services we offer.
- Medical or health information: Information regarding your health (including but not limited to whether you smoke and consume alcohol and fertility history), medical information or any related sensitive personal information that may be required in order for you to be provided the services we offer, including but not limited to the types of information outlined in section 2.2.
- Customer Service: Which includes your opinions, statements and endorsements collected personally or via surveys and questionnaires, including but not limited to your views on the products and services offered by Addam Donor Bank.
|Services: Only for the provision of our products and services to you, including without limitation:|
- fertility and women’s health services;
- day hospital services;
- counselling services;
- telehealth consultation services;
- and any other support services.
Informed consent: To ensure that, as a patient, you have provided your full and informed consent to any procedure.
Treatment assessment: For the assessment of the types of treatment you may require or be legally required to undertake, and arranging any necessary referrals.
Medical record: For the creation of a medical record for you.
Practice management: Including without limitation:
- Electronic Medical Records System
- Patient Portal
Data reports: De-identified patient data may be sent to Addam Donor Bank’s Australian holding company.
- Donor identification: For the purposes of children contacting their biological parent at the age of 18 years.
- Identity verification: If applicable, the verification of your identity and date of birth.
|We may disclose your personal information to:
- External bodies such as the Reproductive Technologies Accreditation Committee (RTAC) & National Safety and Quality Health Service Standards (NSQHSS) who may undertake a clinical audit of medical records held by Addam Donor Bank in order to improve the quality and safety of patient care.
- National bodies such as the National Perinatal Epidemiology and Statistics Unit (NPESU), Fertility Society of Australia (FSA), Health Complaints Commissioner (HCC).
- Australian Department of Digital Health – My Health Record.
- Victorian Assisted Treatment Authority, Health Insurance Commissioner.
- Regulatory Bodies.
- Medicare (Department of Human Services).
- Health fund providers.
- Practice management.
- Counselling or psychology service providers.
- Related entities, particularly CHA SMG Australia Holding Pty Ltd ACN 624 086 371 and CHA SMG Australia Holding Pty Ltd ACN 624 086 737 and subsidiaries of Addam Donor Bank.
- To children conceived from donors, contact information of the donors (supplied at the age of 18 years)
- Third-party software services who assist us in providing our products and services to you, including but not limited to mobile applications, text messaging services, live chat services and general online software/ web services.
We may also disclose your personal information to the parties listed in this table in the Disclosure column for ‘Sales’.
|Human resources||Contact information: Such name, e-mail address, current postal and residential address, phone numbers, country of residence, next of kin contact details.|
- Employee record information
- Identifying information: Such as your photo, passport and residency details, date of birth.
- CV, resume, qualifications or application related information: Such as the details provided in your resume or CV, your eligibility to work in Australia, your education & qualifications, previous employment details, professional memberships, trade qualifications & criminal history police checks.
- Tax, superannuation and payroll information: Such as your Tax File Number and ATO Declaration,
- Superannuation details and financial institution details.
- Background check information: Information obtained from you or third parties to perform background checks.
- Medical or health information which you voluntarily provide to us as part of pre-employment medicals, random drug and alcohol testing or such other information which may be related to an incident which has occurred during the course of your employment.
- Performance related information: Pre-employment testing and other information collected by Addam Donor Bank’s systems in the course of the employee or contractor’s engagement with Addam Donor Bank.
- Information collected from referees
- Security information: Such as CCTV footage and photographs taken on our premises.
|Background checks: Utilising the information collected for the purpose of assessing candidate suitability for role, including by obtaining:|
- Verification of your identity and age.
- Criminal history background checks through
publicly available information including Facebook, Twitter, Google, and more.
- Confirmation of eligibility to work in Australia.
- Confirmation of education and qualifications.
- Confirmation of previous employment.
- Consideration regarding medical leave.
Administration and performance monitoring use:
Utilising the information collected for the purpose of:
- Dealings related to the employer/employee relationship or the contractor/principal relationship (as the case may be).
- Use of such information whether or not the employment or contractor relationship is prospective, current or past.
- Use of such information to monitor systems, performance and time usage and internet usage.
- The use of your personal information collected in the administration and management of Addam Donor Bank.
- In connection with the sale of any part of Addam Donor Bank’s business or a company owned by a Addam Donor Bank entity.
|We may disclose your personal information to:
- Relevant superannuation company.
- Government agencies, including but not limited to The Australian Taxation Office, link and Child Support Agency.
- Relevant Worker’s Compensation organisation (e.g. WorkCover etc).
- Third party referees provided by you in connection with an application made to Addam Donor Bank.
- Service providers (including IT service providers and payroll providers), if any.
- Recruitment agents used in connection with your application with us.
- Third parties in connection with the sale of any part of Addam Donor Bank’s business or a company owned by a Addam Donor Bank entity.
- Third party parties in connection with obtaining any background checks, preemployment screening.
- Financial institutions for payroll purposes.
- HR Management Software.
- As required or authorised by law.
4. Collection and storage of your personal information
4.2 Before we are able to provide you with any services as a patient of Addam Donor Bank, you must provide certain personal information so that we may allocate you with a unique identification number.
4.3 When you engage in certain activities, such as entering a promotion, filling out a survey or sending us feedback, we may ask you to provide certain information. It is completely optional for you to engage in these activities.
4.4 Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory data or any other information we require in order for us to provide our services to you, we may be unable to effectively provide our services to you.
4.5 In the event we collect details about you from someone else, we will, whenever reasonably possible, make you aware that we have done this and why unless:
(a) information is collected form any personal referee you have listed on any application form (including any employment application) with us;
(b) information is collected from publically available sources including, but not limited to court judgments, directorship and bankruptcy searches, social media platforms (such as Facebook Twitter, Google, Instagram etc.); or
(c) as otherwise required or authorised by law.
4.6 In the event we collect personal information from you, or a third party, in circumstances where we have not requested or solicited that information (known as unsolicited information), and it is determined by Addam Donor Bank (in its absolute discretion) that the personal information is not required, we will destroy the information or ensure that the information is de-identified.
4.7 Once we collect your information, we will either hold it securely and store it on infrastructure owned or controlled by us or with a third-party service provider. We provide some more general information on our security measures in Section 12.1 (Data security and quality).
5. Using Our Website and/or App
5.1 If you use our website and/or app, we may utilise ‘cookies’ or other data collection technologies such as ‘web beacons (also calls pixel tags or clear gifs), tracking URLs or software development kits (SDKs) to enable us to monitor traffic patterns, monitor app usage and engagement and to serve you more efficiently if you revisit a Addam Donor Bank website and or app. In most cases, a cookie or these other technologies does not identify you personally but may identify your internet service provider, computer or device. For simplicity, we will refer to the technologies listed above as ‘cookies’
5.3 We also use permanent cookies and/or other technologies and analytics tools to enable basic app usage and engagement analysis and/or web traffic analysis using Google Analytics which, for example, shows us which areas of our website and/or app are popular against those that are not visited often. This allows us to prioritise our enhancements to our website and/or app and increase the productivity and the engagement of our website and/or app. We also use remarketing with Facebook, Google and other advertising tools to display content specific advertisements to users that have previously interacted with our advertisements.
5.4 We undertake the following Google features on our Website and/or App: Google Analytics (including features such as Remarketing with Google Analytics, Google Display Network Impression Reporting and Google Analytics Demographics and Interest Reporting), Google Ads (including features such as remarketing, affinity audiences, custom affinity audiences, inmarket audiences, similar audiences and demographic and location targeting), Remarketing with Google Analytics, Google Display Network Impression Reporting, Google Analytics Demographics and Interest Reporting, Integrated services that require Google Analytics to collect data via advertising cookies and anonymous identifiers, and Double Click. These features do not use any sensitive personal information you have provided us, nor do they use any personal information. Google may include in-ads notice labels to disclose interest-based advertising to you. Third-party vendors, including Google, will show Addam Donor Bank ads on websites across the Internet and/or apps. Addam Donor Bank and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimise, and serve ads based on an individual’s past visits to the Addam Donor Bank Website and/or App.
5.5 We undertake the following app store features on our Website and/or App: App Analytics, Apple Search Ads and Google Play Ads.
5.7 We may gather your IP address, device ID and type, device-specific and apps settings and characteristics, app crashes, model and OS version, IP address, advertising IDs (such as Google’s AAID and Apple’s IDFA, both of which are randomly generated numbers that you can reset by going into your device’ settings), browser type, version and language, operating system, time zones, identifiers associated with cookies or other technologies that may uniquely identify your device or browser (e.g., IMEI/UDID and MAC address) as part of our business or marketing activities and to assist with any operational difficulties or support issues with our services. In most cases, this information does not identify you personally.
5.8 If you give us permission, we may collect your geolocation. The collection of your geolocation may occur in the background even when you aren’t using the services if the permission you gave us expressly permits such collection. If you decline permission for us to collect your geolocation, we will not collect it. Similarly, if you consent, we may collect your photos (for instance, if you want to publish a photo on the service).
6. Third party chat and messaging services
6.1 When you make an enquiry with us, we may use third party chat and messaging services to communicate with you, and those services such as WhatsApp or WeChat may collect information about your IP address, activity and usage statistics, and other information that you share (including your current location) while using those platforms. This information is not collected by us.
7. Third party software services
7.1 When you make an enquiry with us, we may use third party software services to assist us in providing our products and services to you, and those services such as mobile applications, text messaging services, livechat services and general online software/web services may collect information about your computer and/or device, activity and usage statistics, and other information that you share (including your current location) while using those platforms. This information is not collected by us.
8. How we may use and disclose your personal information
8.1 We will only use or disclose your personal information for the primary purposes for which it was collected or as consented to and/or as provided in our detailed list at Section 3 of some common uses and disclosures we make regarding the personal information we collect.
8.2 We may also use or disclose your personal information and in doing so we are not required to seek your additional consent:
(a) when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose;
(b) if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
(c) if we have reason to suspect that unlawful activity has been, or is being, engaged in; or
(d) if it is required or authorised by law.
9. The types of organisations to which we may disclose your personal information
9.1 We may disclose your personal information to organisations outside of Addam Donor Bank. Examples of organisations and parties that your personal information may be provided to are outlined in Section 3.
10. Direct Marketing
10.1 You give your express and informed consent to us using your personal information set out in:
(a) the ‘Enquiries’ section of the table at Section 3 of this document above; and
(b) the Marketing Services’ section of the table at Section 3 of this document above; to provide you with information and to tell you about our products, services or events or any other direct marketing activity (including third party products, services, and events) which we consider may be of interest to you, whether by post, email, newsletter, SMS, messaging applications and telephone (Direct Marketing Communications).
10.2 Without limitation of clause 8.1, if it is within your reasonable expectations that we send you Direct Marketing Communications given the transaction or communication you have had with us, then we may also use your personal information (but not your sensitive information) for the purpose of sending you Direct Marketing Communications which we consider may be of interest to you.
10.3 If at any time you do not wish to receive any further Direct Marketing Communications from us, you may ask us not to send you any further information about products and services. You may do this at any time by using the ‘unsubscribe’ facility included in the email or by contacting us at email@example.com or write to us at PO Box 3298, Newmarket, Qld 4051. International enquiries can contact us at firstname.lastname@example.org
11. Cross Border Disclosure
11.1 Any personal information provided to us may be transferred to and stored at destinations outside of Australia. Those destinations include (but are not limited to) the United States of America, European Economic Area, Korea & Singapore where we may utilise overseas data and website hosting facilities or have entered into contractual arrangements with third party service providers to assist Addam Donor Bank with providing our goods and services to you. Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies.
11.2 One of Addam Donor Bank’s third-party service providers who assists with the live chat function on the Addam Donor Bank website is required to comply with the General Data Protection Regulation (including implemented Binding Corporate Rules), and the EU-US and Swiss-US Privacy Shield Frameworks.
11.3 We will, to the extent operationally and technologically possible, retain effective control over any personal information which is used by any organisation located overseas. Where Addam Donor Bank retains effective control of the personal information, there will not be any cross border disclosure within the meaning of the Privacy Act 1988.
11.5 The Privacy Act 1988 requires us to take such steps as are reasonable in the circumstances to ensure that any recipients of your personal information outside of Australia do not breach the privacy principles contained within the Privacy Act 1988. By providing your consent, under the Privacy Act 1988, we are not required to take such steps as may be reasonable in the circumstances. We will also not be accountable nor will you be able to seek redress under the Privacy Act 1988 if the overseas recipient breaches any provisions of the Privacy Act 1988.
11.6 If you do not agree to the transfer of your personal information outside Australia, please contact us by email at email@example.com or write to us at PO Box 3298, Newmarket, Qld 4051. International enquiries can contact us at firstname.lastname@example.org
12. Anonymity and pseudo-anonymity
12.1 Due to the personal nature of the products and services that we provide, it is only practicable or reasonable for us to transact and correspond with you on a named basis and your personal information may be required in order to provide you with our products and services or to resolve any issue you may have.
12.2 However, if you are a donor we will not provide your personal details to our patients or any resulting child until such time as the child reaches the age of 18 years.
13. Data Quality and Security
13.1 We have taken steps to help ensure your personal information is safe. You will appreciate,
however, that we cannot guarantee the security of all transmissions or personal information,
especially where human error is involved or malicious activity by a third party.
13.2 Notwithstanding the above, we will take reasonable steps to:
(a) make sure that the personal information we collect, use or disclose is accurate,
complete and up to date;
(b) protect your personal information from misuse, loss, unauthorised access, modification
or disclosure both physically and through computer security methods;
(c) destroy or permanently de-identify personal information if it is no longer needed for its
purpose of collection; and
(d) comply with all obligations imposed on us in the event of an eligible data breach (as
defined in the Privacy Act 1988).
13.3 However, the accuracy of personal information depends largely on the information you provide
to us, so we recommend that you:
(a) let us know if there are any errors in your personal information; and
(b) keep us up-to-date with changes to your personal information (such as your name or
14. Access to and correction of your personal information
14.2 If you would like to access, delete, or correct any records of personal information we have about you, you are able to access, update and delete that information (subject to the above) by contacting us at email@example.com write to us at PO Box 3298, Newmarket, Qld 4051. International enquiries can contact us at firstname.lastname@example.org. We reserve the right to charge a fee for searching for and providing access to your information
15. Access to Medical Records
15.1 If you would like access to your medical records or results, you are able to do so by completing a consent form to release medical information. All requests for medical records should be made directly to your treating specialist.
15.2 We will comply with our internal Patient Privacy & Confidentiality and Release of Medical Records Procedures in relation to any access to or release or medical records.
15.3 If another person/professional body seeks access to your medical records, that person must have the legal authority to do so. Under the Privacy Act 1998, the only circumstances where your medical record or information can be provided by Addam Donor Bank to a person other than you is if:
(a) there is a serious risk to you or another person;
(b) for reason of significant public interest;
(c) when disclosure is required under the law
16.1 We have put in an effective mechanism and procedure to resolve privacy complaints.
16.2 We will ensure that all complaints are dealt with in a reasonably appropriate timeframe so that any decision (if a decision is required to be made) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision.
16.3 If you have any concerns or complaints about the manner in which we have collected, used or disclosure and stored your personal (and sensitive) information please email us at email@example.com or write to us at PO Box 3298, Newmarket, Qld 4051. International enquiries can contact us at firstname.lastname@example.org Please mark your correspondence to the attention of the privacy officer.
16.4 In order to resolve a complaint, we:
(a) will liaise with you to identify and define the nature and cause of the complaint;
(b) may request that you provide the details of the complaint in writing;
(c) will keep you informed of the likely time within which we will respond to your complaint;
(d) will inform you of the legislative basis (if any) of our decision in resolving such complaint.
(e) will maintain a register of complaints.
(a) certain sections or paragraphs in this policy are incorporated into that contract, but in such a way that they do not give rise to contractual obligations on to Addam Donor Bank, but do create contractual obligations on the other party to the contract; and
(b) the consents provided in this policy become contractual terms provided by the other party to the contract.