Our Privacy Commitment
- The Mito Foundation Limited A.C.N. 135 324 931 (AMDF) is committed to managing your personal and sensitive information openly and transparently and to keeping your personal and sensitive information safe. We will endeavor to fulfil this commitment, including by:
(a) complying with our obligations under the Privacy Act 1988 (Act), including the Australian Privacy Principles (APPs);
(b) ensuring that we manage your personal and sensitive information openly and transparently;
(c) only collecting personal and sensitive information from you that we need in order to offer you the best possible service and advice;
(d) telling you how we might use your personal and sensitive information;
(e) letting you know if we need to disclose your personal and sensitive information to anyone else (including anyone overseas) and if so, in what circumstances this might occur;
(f) keeping your personal and sensitive information secure;
(g) promptly responding to any request by you not to receive direct marketing material from us;
(h) making sure your personal and sensitive information is kept accurate and up to date and to properly dispose of any personal and sensitive information which is no longer required by us; and
(i) ensuring that, where appropriate, you can access and correct your personal and sensitive information.
About this Policy
- This policy is intended to explain clearly and in plain language some of the keyprocesses and procedures that we have implemented to manage your personal and sensitive information, to protect your privacy and to comply with the Act and the APPs.
- References to “our”, “us” and “we” in this policy are references to the Mito Foundation. Our website which can be accessed through https://www.mito.org.au (Website).
- This policy gives a broad overview of our policies in relation to privacy but if you require further information, you are welcome to contact us or to read any of the privacy statements or notices that will be issued to you as and when personal and sensitive information is collected.
What sorts of personal and sensitive information do we collect?
- We will only collect from you information that is necessary and relevant to our relationship with you, including to enable us to provide to you the best possible service and advice to you.
- The types of personal information we collect includes, but is not limited to:
(a) your full name;
(b) date of birth;
(c) contact details including, your email address, telephone number and address; and
(d) credit card details.
- In administering our services, it may also be necessary for us to collect sensitive information about you, which is defined in the Act to include information about your religion, political views, ethnicity, criminal records and sexual preferences. The types of sensitive information we may collect from you includes :
(a) health information about you, being:
(i) if you currently have, or had, a medical condition or disability; and
(ii) your medical diagnosis, including information about any treatment that was given to you; and
(b) information about your racial or ethnic origin.
The Act places restrictions on collecting sensitive information. Accordingly, we will only collect sensitive information from you where it is reasonably necessary for one or more of our functions or activities and if you have consented to the collection of this information.
Why do we require your personal and your sensitive information?
- We use your personal and sensitive information for various reasons, including to:
(a) allowing access to, and use of our Website, including to administer our Website;
(b) contact you in relation to events and matters that you may be of interest to you;
(c) processing your donation of funds to us;
(d) contacting you, and determining your interest, in relation to donating funds to us;
(e) prevent potentially prohibited or illegal activities, including fraud or other criminal activities;
(f) manage your employment with us;
(g) assist us to run our business and to improve our services and performance,
including staff training, accounting, risk management, record keeping,
archiving, systems development and undertaking planning, research and statistical analysis; and
(h) comply with our reporting and legal obligations.
- There is no obligation for you to provide us with any of your personal and your sensitive information but if you choose not to provide us with your personal and your sensitive information, we may not be able to contact you or to provide you with the services that you require.
- By agreeing to accept the terms of this policy and in providing your personal or sensitive information to us, you are taken to have consented to the use of your personal and sensitive information for the above purposes.
How do we collect your personal and sensitive information?
- There are a few methods through which we may collect your personal and sensitive information depending on the way in which we come in contact with you.
- We may collect your personal and sensitive information from one or more of the following methods:
(a) directly from you, either in person, over the phone or by email;
(b) through the Website; or
(c) from publicly available sources, for example, the electoral role, the telephone directory or from other websites.
- We will always collect your personal and sensitive information directly from you unless it is impracticable to do so.
Collecting personal and sensitive information about others
Unsolicited personal information
- From time to time we may receive personal and/or sensitive information about you that we have not requested. In these circumstances, we will only hold onto such information where it is necessary to do so and where permissible under the Act and the APPs.
How do we use or disclose your personal information?
- We may use and disclose your personal information and your sensitive information for the purposes for which it was collected or for a directly related purpose such as to:
(a) collect donations;
(b) enable you to assist us with, or for us to organise, volunteering, fundraising, advocacy and other activities where we seek the assistance of the community;
(c) conduct and fund research into mitochondrial disease, as well as diagnoses, treatment and cures;
(d) provide information to you in relation to mitochondrial disease, including in relation to risk factors;
(e) contact you in relation to clinical trials or medical studies that may be of interest to you;
(f) communicate with you in general, including in relation to our upcoming events and the Website;
(g) carry out and respond to your questions, comments and requirements, including to maintain our relationship with you;
(h) measure interest in, and improve and evaluate our services (including the Website);
(i) resolve disputes or troubleshoot problems;
(j) consider your requirements and how we can best advise and service you;
(k) enable us to provide our services to you;
(l) our third party service providers to assist us in providing and improving our services to you, including IT support and events planning;
(m) analyse developments and trends in mitochondrial disease and to develop, improve and market our services to you;
(n) regulatory bodies and law enforcement officials and agencies as required in relation to our services;
(o) perform administrative and operational tasks (including risk management, systems development, testing and staff training);
(p) seek your feedback in relation to client satisfaction and our relationship with you;
(q) monitor or improve the quality and standard of service that we provide to you;
(r) consider any concerns or complaints you may raise against us;
(s) better understand your preferences;
(t) to lessen or prevent a serious threat to life, health, safety or any individual or to public health safety; and
(u) subsidiaries, related bodies corporate and controlled entities of the Mito Foundation and to our agents, successors and/or assigns, for the uses outlined above.
- Other than as outlined above, we will not disclose your personal and sensitive information without your consent unless such disclosure is permitted or required by law.
Do we share your personal information with others?
- We may share your personal and sensitive information with entities related to the Mito Foundation.
- We deal with third party service providers who may assist us with a variety of functions including with marketing, research, mail and delivery, security, insurance, professional advisory (including legal), banking, payment processing, credit reporting or technology services. Where we engage third party service providers to perform services for us, those third parties may be required to handle your personal and sensitive information. Under these circumstances, those third parties must safeguard this information and must only use it for the purposes for which it was supplied and we will make all reasonable enquiries to try to ensure that this is the case.
- By providing your personal or sensitive information to us, you consent to your personal and sensitive information being shared with third parties as set out in this policy. We will not disclose personal and sensitive information obtained from you to any third parties, other than those set out in the policy, unless you consent otherwise.
Do we use your personal and sensitive information for marketing purposes?
- As part of the services that we provide to you, we may:
(a) use personal information and sensitive information that we have collected about you to identify information or a service that may benefit you; and
(b) contact you from time to time to let you know about information, event or a service that we believe you might be interested in.
- Where we intend to use your personal information and/or your sensitive information for direct marketing purposes (including the purposes set out above), we will specifically request your consent (generally through an opt‐in box on our Website or through a form which we may get you to sign and return to us). Where you do not wish for your personal information and/or your sensitive information to be used for direct marketing purposes, you can opt‐out, unsubscribe or make a request not receive direct marketing communications from us, by emailing us at email@example.com or by logging such a request through our Website at any time. Additionally, each direct marketing communication, including all emails, will include an opt‐out or “unsubscribe” option which will immediately indicate to us that you no longer wish to receive materials of this kind. If you make a request not to receive direct marketing communications from us, we will stop sending you these materials.
How do we store your personal and sensitive information?
- We hold personal and sensitive information in hard copy and electronic formats. We have in place reasonable commercial standards of technology and operational security to protect the information we hold from loss, misuse and interference and from unauthorised access, modification or disclosure.
- We take all necessary steps to destroy or permanently de‐identify your personal and sensitive information where it is no longer required and to protect your personal and sensitive information from loss, misuse and interference and from unauthorised access, modification or disclosure.
- While care is taken to protect your personal and sensitive information on our Website, unfortunately no data transmission over the internet is guaranteed as 100% secure. Accordingly, we cannot ensure or warrant the security of any information you send to us or receive from us online. This is particularly true for information you send to us via email as we have no way of protecting that information until it reaches us. Once we receive your personal and sensitive information, we are required to protect it in accordance with the Act.
Maintaining your personal and sensitive information
- We take reasonable steps to ensure that:
(a) the information that we collect about you is accurate, complete and up‐to‐date at the time of collection;
(b) when we use your personal and sensitive information, it is accurate, up‐to-date, complete and accurate at the time of use; and
(c) if we disclose your personal and sensitive information, it is accurate, up‐to‐date, complete and accurate at the time of disclosure.
How can you access your personal and sensitive information?
- Usually we will be able to provide you with access to your personal and sensitive information upon receipt of your email request, sent to firstname.lastname@example.org, and confirmation of your identity. There are some limited circumstances in which we may not be able to provide you with access to your personal and sensitive information when requested. Such circumstances might include where access would pose a serious threat to the life, health or safety of another person or where such access would unreasonably impact on the privacy of others.
- If we deny you access to your personal and sensitive information for any reason, or if we are unable to provide you with access to your information in the manner requested by you, then we will provide you with a written notice confirming:
(a) the reason for such refusal; and
(b) the procedure to complain about the refusal.
- We may recover from you our reasonable costs of supplying you with access to your personal and sensitive information but we will not charge you for any request you might make to access your information.
How can you seek to correct your personal and sensitive information?
- We do what we can to ensure that the information we hold about you is accurate, complete, up‐to‐date, relevant and not misleading. To assist us to do this, please ensure that you provide us with correct information at the time you provide it to us and immediately inform us if your details change at any time. If we are concerned that any of your information is inaccurate, incomplete, out‐of‐date, irrelevant or misleading, or if you request that we correct any of your information, then we will take all reasonable steps to correct the information to ensure that it is accurate, complete, up‐to‐date, relevant and not misleading in the context of the purpose for which it is held.
- If we refuse to correct your personal or sensitive information following a request by you to do so, then we will provide you with a written notice confirming:
(a) the reason for such refusal; and
(b) the procedure to complain about the refusal.
- We will not charge you for any request to correct your personal and sensitive information, nor will we pass on to you any costs incurred by us in correcting your personal or sensitive information or for associating a statement with your personal or sensitive information.
What if you want to make a complaint about some aspect of our privacy procedures?
- We are committed to maintaining and protecting your privacy but it is possible that in limited circumstances, mistakes might be made. If you are concerned with the way your personal or sensitive information has been handled then you are entitled to make a complaint. If you would like to lodge a complaint, please contact us through our Privacy Compliance Officer, whose details are set out below.
Sean Murray, email@example.com
- If your personal or sensitive information has not been handled in an appropriate way, we will do our best to remedy your concerns as quickly as possible, including by acknowledging receipt of your complaint within 48 hours and trying to resolve the complaint within 10 working days. Where this is not possible, we will contact you within this period to let you know an anticipated time frame within which your complaint will be resolved.
- If your complaint is not satisfactorily resolved, you may approach an external dispute resolution service or apply to the Office of the Australian Information Commissioner (OAIC) to have the complaint heard and determined.
Protecting your identity
- Wherever it is practicable, we will always provide you with the option not to identify yourself when dealing with us or to use a pseudonym to protect your identity. Due to the nature of our business however, it will usually not be practicable for us to deal with you anonymously or by pseudonym.
- Our Website may contain links to other applications or websites which are owned or operated by other parties. You should make your own enquiries as to the privacy policies of those parties. We are not responsible for information on, or the privacy practices of, such websites.
Requesting Deletion of Data
- If you would like to request for your data to be deleted pleased email firstname.lastname@example.org citing your name and email address.
Changes to this policy
How can you contact us?
- Please find below our contact details. Please do not hesitate to contact us in relation to any privacy‐related concerns and we will use our best endeavours to address any such concerns thoroughly and in a timely manner.
Sean Murray, email@example.com.
- If it is practical to do so, you can contact us without identifying yourself. However, if you choose not to identify yourself, it may be more difficult for us to assist you with your enquiry. This will depend on the nature of your enquiry.