Privacy policy

General 

Royal Flying Doctor Service (Queensland Section) ABN 80 009 663 478 and RFDS (QLD) Services Limited ABN 26 161 472 199 (collectively referred to in this document as RFDS, we, us or our) recognises that your privacy is very important and we are committed to protecting the personal information we collect from you.  The Privacy Act 1988 (Cth) (Privacy Act), and the Australian Privacy Principles (APPs) govern the way in which we must manage your personal information, and this policy sets out how we collect, use, disclose and otherwise manage personal information about you. We will also handle your personal information in compliance with relevant state legislation including privacy laws.  

The RFDS provides emergency and aeromedicine, primary health, mental health, dental services and medical chests to our patients. As a not-for-profit organisation, we also manage employee records, communicate with our stakeholders, conduct publicity campaigns with media and online, fundraise, handle feedback, and report to our funders. The RFDS collects personal information from our patients, their carers, representatives, family and friends, medical chest custodians, employees and volunteers including those applying to work with us, our supporters (donors), and others. 

We take all reasonable efforts to safeguard all personal information. 

In general, we: 

Collection 

Types of information collected 

We may collect and hold personal information about you, that is, information that can identify you, and is relevant to providing you with the goods and services you are seeking, and to our functions and activities. 

The kinds of information we typically collect depends on our relationship with you, but may include name, sex, gender, date of birth, address, phone number, email address, and other information relevant to providing you with goods and services or reasonably necessary for one or more of our functions or activities. 

Depending on our relationship with you, we may also typically collect: 

We only collect sensitive information about you if you consent to the collection of the information and if it is reasonably necessary for the performance of our functions and activities (such as the provision of a health service, as that term is defined in the Privacy Act) unless required or authorised by law.  Consent may be implied by the circumstances existing at the time of collection.  There may also be circumstances where we collect sensitive information without your consent, as required or authorised by law (including where an exception applies under the Australian Privacy Principles (APPs)). 

Method of collection 

We will only collect information by lawful and fair means and generally collect information in different ways, including: 

Personal information will generally always be collected directly from you.  There may, however, be some instances where personal information about you will be collected indirectly because it is unreasonable or impractical to collect personal information directly from you. We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.  By way of example, if you are a patient we generally collect information from you directly (although we may also need to collect from a representative, referee or other agency like a hospital or medical service, if you are unable to give us the information, or you have given consent for someone else to do this for you). 

Purpose of collection 

The personal information that we collect and hold about you, depends on your interaction with us.  Generally, we will collect, use and hold your personal information if it is reasonably necessary for or directly related to the performance of our functions and activities and for the purposes of: 

V) fulfilling an order, providing updates for an order, 

Except as otherwise permitted by law, we only collect sensitive information about you if you consent to the collection of the information and if the information is reasonably necessary for the performance of our functions (including for the provision of health services), as set out above. 

Failure to provide information 

If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you with the goods, services or information you are seeking.  If you are a supporter, donor or customer and you choose not to provide your name or contact details, we will not be able to provide you with a tax invoice or share details about upcoming events, campaigns and opportunities. 

Internet users 

If you access a RFDS website or app, we may collect additional personal information about you in the form of your IP address and domain name.   

Links to external sites 

Our website may contain links to other websites.  We cannot control and are not responsible for the content or privacy practices of linked websites and linked websites are not subject to our privacy policies. 

Social networking services 

We use social networking services such as X (formerly Twitter), Facebook, Instagram, LinkedIn, TikTok and YouTube to communicate with the public about our work.  When you communicate with us using these services, we may collect your personal information (including your name, handle/username and contact information) but we will only use it to help us to communicate with you. The social networking service will also handle your personal information for its own purposes in accordance with their own privacy policies and practices.  We are not responsible for the privacy practices of social networking sites and social networking sites are not subject to our privacy policies and procedures. 

Cookies 

Our website uses cookies to track site visits and improve user experience.  The main purpose of cookies is to identify users and to prepare customised web pages for them.  Cookies do not identify you personally, but they may link back to a database record about you.  We use cookies to monitor usage of our website and to create a personal record of when you visit our website and what pages you view so that we may serve you more effectively. 

Our online credit card processor may also use cookies for identification and anti-fraud purposes. Cookies can be disabled but some site functions may become unavailable.  Social media providers, including Meta and X, set cookies through our website which may enhance your profile on their website or contribute to the data they hold. We encourage you to read their privacy policies. 

Google Analytics 

Our website uses Google Analytics, a web analytics service provided by Google, Inc. (Google).  Google Analytics uses cookies.  The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.  Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. 

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.  Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, but please note that if you do this you may not be able to use the full functionality of this website.  By using the website, you consent to the handling of data about you by Google in the manner and for the purposes set out above. 

Payment security 

We use third party credit card processors to facilitate credit card payments through our website and Point of Sale systems, including but not limited to Shopify, Square, Stripe and Quest. Certain sections of our websites (eg: donation payments) are secured using SSL technology to encrypt data between your browser and the website. We make every possible effort to make donations and transactions within our website as secure and safe as possible.  However, there are inherent risks associated with the transmission of information over the internet including by email or by facsimile.  While all reasonable efforts are made to secure information transmitted to this website, there is always a possibility that the information you submit could be observed by a third party while in transit. By using our online system, you acknowledge that you do not hold us liable for any security breaches, viruses, or other malicious software that may infect your computer or any loss of data, revenue or otherwise that may occur. 

Use and disclosure 

Generally, we only use or disclose personal information about you for the purposes for which it was collected (as set out above), unless you consent to another use or disclosure, in an emergency or as otherwise required or authorised by law.  We may use and disclose personal information about you: 

to any other entity as otherwise permitted or required by law.Sensitive information (including health information) is only used and disclosed for the purposes for which it was collected, unless your further consent is obtained or otherwise as permitted or required by law. 

We may anonymise or aggregate any of the information we collect and use it for any purpose detailed above, including for research and development purposes. Such information will not identify you individually. 

Disclosure of personal information overseas 

For patients: 

We will not disclosure your health information (as that term is defined in the Privacy Act) overseas without your consent.   

For supporters and donors and rescue swag customers:  

For some of our business functions, we are assisted by a variety of external service providers to operate our business, some of whom may be located overseas or may use infrastructure outside of Australia. These third parties are too numerous to list, and they change from time to time. Some examples of the types of third parties include technology service providers who may be located in the United States of America, such as Google Analytics, Campaign Monitor, Shopify, Stripe and HubSpot.  

For candidates or preferred applicants: 

For some of our candidates or preferred applicants, who have resided overseas and require a criminal history check, we will apply for a global check for these individuals.  

Security 

We store your personal information in different ways, including in paper and in electronic form.  The security of your personal information is important to us. We take reasonable measures to ensure that your personal information is stored safely to protect it from interference, misuse, loss, unauthorised access, modification or disclosure, including: 

Access and correction 

You may access the personal information we hold about you, upon making a written request.  We will respond to your request within a reasonable period.  We may charge you a reasonable fee for processing your request (but not for making the request for access). 

We may decline a request for access to personal information if we are unable to confirm your identity or otherwise in circumstances prescribed by the Privacy Act, and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.  Personal information will not be provided over the phone unless we are certain that the enquirer is the individual to whom the personal information relates, or their legal or nominated representative. 

If, upon receiving access to your personal information or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately.  We will take reasonable steps to correct the information so that it is accurate, complete and up to date. 

If we refuse to correct your personal information, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint. 

Deletion of personal information 

 We are committed to ensuring your personal information is handled in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. While we will consider requests for deletion, there is currently no obligation to delete or erase personal information and sensitive information under the Privacy Act.   

To request deletion of your personal information, please contact us using the details provided in the Contact Us section of this policy. We will take reasonable steps to review the deletion request however due to our legal obligations to retain personal information, we may not be able to delete your personal information.   

 Please note that in some cases, deletion may result in the loss of access to certain services or communications (e.g., donation receipts, newsletters, or event participation).  

Complaints and feedback 

If you wish to make a complaint about a breach of the Privacy Act or the APPs that applies to us, please contact us using the details below and we will take reasonable steps to investigate the complaint and respond to you.