IDFA Immune Deficiencies Foundation Australia
Become a Member
Donate
Healthcare Professionals
1800 100 198
Become a Member
Donate
Healthcare Professionals
1800 100 198

Privacy Policy

Background

The Immune Deficiencies Foundation of Australia (IDFA) is a non-profit organisation and a registered charity. IDFA formed in 2005 with support from the IDF/KIDS foundation of New Zealand, which formed in 1987. IDFA is part of the Immune Deficiency Foundation Asia-Pacific Alliance and the International Patient Organisation for Primary Immune Deficiencies (IPOPI). IDFA’s primary aim is to raise awareness of primary and secondary immune deficiencies within both the general and medical communities and support IDFA’s members.

Purpose

IDFA values and respects individual privacy, committing to safeguard member data in line with the Privacy Act 1988 and other relevant Australian privacy laws and regulations.

The IDFA Privacy Policy describes how IDFA collects, holds, uses and discloses personal information, and how IDFA maintains the quality and security of its member’s personal information.

The IDFA Privacy Policy governs employees of IDFA, IDFA’s Board of Directors, IDFA Members (both general and registered), subcommittee members and volunteers. The policy is in addition to and complements any existing or future policies regarding IDFA Policy & Procedures. The responsibility and lines of communication for IDFA Policy & Procedures are as follows:

    1. IDFA Board
    2. IDFA Finance, Risk and Audit Committee Chair
    3. IDFA Chief Executive Officer
    4. IDFA Employees
    5. IDFA Volunteers

This policy is endorsed by the IDFA Board of Directors.

    Policy Statement

    IDFA are committed to protecting the privacy of its member’s personal information. IDFA does not sell or otherwise disclose personally identifiable information in violation of the commitment set out in this IDFA Privacy Policy.

    IDFA may collect and hold the following types of information:

      1. Information about individuals who are members or potential members, as provided to IDFA by those individuals during the course of their IDFA membership.
      2. Information about roles, communication methods, and personal attributes of officers, employees and other representatives of the corporations IDFA deals with, gathered incidentally in the course of dealing with them.
      3. Information held in hard copy form and/or electronic records in data storage systems which permit lawful access only by those company officers and employees who need access to perform their functions.

    IDFA gathers information about members for the purpose of:

      1. Providing members with the information that they request from IDFA.
      2. Marketing, supplying or delivering IDFA’s products and services to members.
      3. Improving and developing IDFA’s products and services for members.
      4. Internal administrative purposes; and
      5. Expanding IDFA’s not-for-profit enterprise.

    IDFA may from time to time employ other companies and individuals to perform functions on IDFA’s behalf e.g., IDFA may retain a third-party contractor to deal with product orders and delivery of products to you. In those circumstances IDFA may disclose information to such companies and individuals to enable them to deliver goods or services on IDFA’s behalf. IDFA may also use de-identified member information provided, for use in grant applications or research. All identifying information such as a member’s name, contact details and addresses will be de-identified for this use.

    Members can request access to their personal information in accordance with the National Privacy Principals.

    IDFA will only collect personal information to the extent deemed reasonably necessary to serve IDFA’s legitimate business purposes. IDFA will store any information that members provide securely and will not sell or release it to any other business or person except in accordance with this IDFA Privacy Policy.

     

    Protection of personal Information

    IDFA will take reasonable steps to ensure that the personal information that IDFA holds is kept
    confidential and secure, including by:

      • Have a robust physical security of IDFA’s premises and databases/records.
      • Taking measures to restrict access to only those IDFA Employees and Board Members who need that member’s personal information to effectively provide programs/information/services to IDFA’s members.
      • Having technological measures in place.

    Other Protections

    As an organisation, IDFA provides support to IDFA’s members in the form of peer support, support calls and online chat groups and social media. IDFA recognises that IDFA is in a unique position and must take all reasonable steps to protect IDFA’s member and volunteer personal information provided within these programs, calls and closed social media groups. IDFA agrees to adhere to mandatory reporting requirements set out in each state.

    Mandatory Reporting

    1. Legal Obligations:
    IDFA are committed to complying with all applicable laws and regulations concerning data protection and privacy. This includes fulfilling any mandatory reporting requirements related to personal data breaches or other incidents.

    2. Reporting Personal Data Breaches:
    In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, IDFA are required to report such breaches to the relevant regulatory authority in accordance with applicable laws. This may include notifying the Office of the Australian Information Commissioner (OAIC) under the Privacy Act 1988.

    3. Notification to Affected Individuals:
    If a data breach results in a high risk to individuals’ rights and freedoms, IDFA will notify affected individuals without undue delay. This notification will include details of the breach, the potential consequences, and the steps IDFA are taking to address the issue.

    4. Internal Reporting Procedures:
    IDFA have established internal procedures for promptly identifying, assessing, and reporting any data breaches or other security incidents. IDFA’s staff is trained to recognise and report incidents that may require mandatory reporting.

    5. Contact Information:
    For any inquiries or concerns regarding IDFA’s mandatory reporting practices or data protection  measures, please contact IDFA’s Privacy Officer at info@idfa.org.au with the email’s attention made to: “Privacy Officer”.