Privacy Policy

Royal Flying Doctor Service of Australia’s policy for the collection, storage and disclosure of personal information. 

The Royal Flying Doctor Service provides emergency and aeromedicine, primary health, dental services and medical chests to our patients. As a not-for-profit organisation, we also manage employee records, communicate with our stakeholders, conduct publicity campaigns with media and online, fundraise, handle feedback, and report to our funders. The RFDS collects personal information from our patients, their carers, representatives, family and friends; employees and volunteers including those applying to work with us; our supporters (donors); and others.

We are committed to meeting our legal requirements under the Privacy Act 1988 (the Act), Australian Privacy Principles (the Principles) and any other legislation.

We take all reasonable efforts to safeguard all personal information.

In general we:

  • Ensure fair, open and transparent management of information;
  • Collect information lawfully and through fair means;
  • Collect, use and disclose only the information we need for its intended purpose or to comply with the law;
  • Take reasonable steps to ensure accuracy of information;
  • Collect information about a patient from them direct (although we may also need to collect from a representative, referee or other agency like a hospital or medical service, if the patient is unable to give us the information, or has given consent for someone else to do this for them);
  • Regulate access and correction; 
  • Ensure appropriate storage and security; 
  • Destroy or de-identify information not needed for the intended purpose as soon as we can;
  • Ensure all of our staff are aware of privacy expectations
  • Acknowledge that people with vision or hearing impairments, and culturally and linguistically diverse people, may require special consideration.

What information do we collect, and why?

The RFDS collects personal and sensitive information only if an individual has consented to the information
being collected, if the information is reasonably necessary for one or more of our functions or activities, or
if one of the other exceptions applies under the Australian Privacy Principles. The RFDS will only collect information by lawful and fair means and may collect information in different ways, including:

  • forms, such as the employment forms
  • electronically, via email or website
  •  phone calls
  •  member and stakeholder lists
  •  organised meetings or conferences
  •  mailing lists
  •  direct personal contact.
  • Oceans to Outback App

          The RFDS will always collect personal information directly from an individual unless it is unreasonable or
          impractical for the RFDS to do so.

          If you have participated in a national RFDS campaign, we may provide your data to the RFDS in your state, so you can be kept informed of local RFDS activities, news, and campaigns that are relevant to where you live. Any communications you receive from the RFDS will give you the opportunity to opt out or update your communication preferences.

          Patients

          At the RFDS, we are committed to protecting the privacy and confidentiality of our patient's personal information. This Privacy Policy outlines how we handle, use, store, and disclose patient information in compliance with the Privacy Act 1988 (Cth) and other relevant Australian privacy laws.

          Employees
          We collect information from people applying to work with us, and during their employment for these purposes. This includes identity, contact, employment and education history, referee details and opinion, medical details, criminal history, finance (banking, tax and superannuation) and other details. The RFDS will collect personal information such as name, contact details (address, email, phone number), date of birth, citizenship or residency status, and details of an emergency contact person. We also collect sensitive information about an employee such as bank details for direct credit of salary, tax file number, superannuation and reimbursement of work-related expenses.If the individual is a candidate seeking employment with the RFDS we will collect information including name, contact details, employment history, references, résumé and qualifications.

          Supporters

          We usually collect identity, contact and financial information (such as credit card) when a donation is made. We are guided by the Fundraising Institute of Australia Code of Conduct and use contact details to let supporters know about events and other fundraising campaigns by mail, email and SMS/MMS (they can opt out at any time using our simple mechanism). If they choose not to provide identity or contact information, we cannot provide a receipt or details about upcoming events and opportunities.

          Other

          Anyone attending an RFDS event or base may be filmed or photographed. For individuals, we seek to obtain written consent prior to using their images for promotional purposes. For crowd scenes, in a public place, it would be impractical to seek consent and we may use these images and not include any personal details (such as name, even if known). All RFDS bases have security CCTV cameras in external and public access areas.

          Overseas disclosure

          We do not disclose personal information overseas unless:

          • It is to the person themselves
          • Consent has been provided
          • Information is de-identified
          • It’s a permitted general situation or authorised by Australian law (eg: offshore payment or data processing such as credit cards).

          How can you access your personal information? Who else has access?


          Patients

          We disclose patient information:

          • For the primary purpose of providing health and medical service
          • When we have the patient’s, or their representative’s, consent
          • To other health professionals (in an emergency, this may be done without notice or express consent)
          • When legally required (eg: mandatory reporting of certain diseases, abuse, warrant or subpoena)
          • Unlawful activity or to prevent a serious and imminent threat to life, health or safety (to an individual or the public);
          • De-identified, for research, statistics and public health;
          • During a formal quality review;
          • To our government funders.

          You can access other personal information we hold about you by giving a written request which we will respond to within 10 business days. We will need to confirm your identity before providing access and we may charge a reasonable fee. There are some instances under the Act where we can deny a request such as impacting another person’s privacy. If we deny a request, we advise the reasons in writing. Please note that information is not provided over the phone unless we are certain the enquirer is the individual or the legal or nominated representative. If a detail we hold is incorrect or outdated, you can let us know at any time and we will change it. At times we may not agree to remove or change it (eg: medical opinion) but they can add separate information to the file.

          Employees

          Unsuccessful employment applications are held for a period of time in case they may be suitable for any similar opportunities that become available. We will destroy any application, and no longer consider it as part of the recruitment pool, on request from the Applicant. Whilst our employees do not have a legal right to access under the Privacy Act, they can make a written request to their manager and review their file contents. They cannot make any changes to their records but may add a note to their file if they wish.

          Supporters and Others

          If the information we hold about you is incorrect or not up to date, we will update it as soon as possible after you have shown us how and why it is incorrect, and we’re certain the enquirer is the individual or the legal or nominated representative. In the unlikely event that we are unable to provide you with access to your personal information, we will advise the reasons. We sometimes use third-party service providers to conduct surveys, collect information and register events. When we do this, we ensure our privacy standards are met. At times, these providers operate from overseas. A supporter can choose to opt out of communication with us at any time. How we safeguard your information We secure information by giving access to only the staff that need it for the primary collection purpose. The RFDS uses a range of hardware and software security measures to protect your information. We keep all paper records safe - patient records are always kept with our clinical staff and copies are handed directly to transfer or hospital staff. All documentation is brought back to our bases and kept in locked storage. It is always sealed when being transferred. Information collected via our website is stored securely in our databases and only accessed by authorised staff. Our website uses cookies to track site visits and improve user experience. Our online credit card processor may also use cookies for identification and anti-fraud purposes. Cookies can be disabled but some site functions may become unavailable. Social media providers, including Facebook and Twitter, set cookies through our website which may enhance your profile on their website or contribute to the data they hold. We encourage you to read their privacy policies.

          Our website may contain links to other sites of interest. We cannot control, or be responsible for, their content or privacy practices. Certain sections of our websites (eg: donation payments) are secured using SSL technology to encrypt data between your browser and the website. We make every possible effort to make donations and transactions within our website as secure and safe as possible. However, everyone should be aware that there are inherent risks associated with the transmission of information over the internet including by email or by facsimile. While all reasonable efforts are made to secure information transmitted to this website, there is a possibility that the information you submit could be observed by a third party while in transit. By using our online system, you acknowledge that you do not hold the RFDS liable for any security breaches, viruses, or other malicious software that may infect your computer or any loss of data, revenue or otherwise that may occur.

          If you have participated in a national RFDS campaign, we may provide your data to the RFDS in your state, so you can be kept informed of local RFDS activities, news, and campaigns that are relevant to where you live. Any communications you receive from the RFDS will give you the opportunity to opt out or update your communication preferences.

          From time to time, we contact our regular supporters directly to update or confirm their personal or credit card details. When we do this, we provide you with sufficient information from our existing database (including, where appropriate, the last four digits of your credit card) for you to be satisfied that the caller is our representative. If you receive a request for your full credit card number and CVV number, you should consider this a hoax, disregard and report the contact to www.scamwatch.gov.au or contact us at enquiries@rfds.org.au as soon as possible.

            The RFDS is committed to privacy protection in line with the Privacy Act 1988 and the Australian Privacy Principles and as outlined in the Policy. If anyone has questions or concerns about how the RFDS is handling personal information, would like to lodge a complaint, or would like further information about the RFDS Privacy Policy, they may do so by contacting the RFDS Privacy Officer via the following:

            For further information on our privacy policy, please refer to this document

            At the RFDS, we are committed to meeting our legal requirements under the Privacy Act 1988 (the Act) and Australian Privacy Principles (the Principles). We make all reasonable efforts to safeguard all personal information, including ensuring appropriate IT usage and security measures are in place in accordance with the IT Usage and Security Policy (FOP031).

            In general we:
            a. Ensure fair, open and transparent management of information;
            b. Collect information lawfully and through fair means;
            c. Collect, use and disclose only the information we need for its intended purpose or to comply with the law
            d. Take reasonable steps to ensure accuracy of information;
            e. Collect information about a patient from them direct (although we may also need to collect from a representative, referee or other agency like a hospital or medical service, if the patient is unable to give us the information, or has given consent for someone else to do this for them); 
            f. Regulate access and correction;
            g. Ensure appropriate storage and security;
            h. Destroy or de-identify information not needed for the intended purpose as soon as we can;
            i. Ensure all of our staff are aware of privacy expectations;
            j. Acknowledge that people with vision or hearing impairments, and culturally and linguistically diverse people, may require special consideration.

            2. Open and Transparent Management of Personal Information

            The RFDS Federation Office is committed to complying with Australian Privacy Principal 1 to ensure that information collected about its employees and other workers will be accessible by its employees and other workers in an open and transparent way under appropriate circumstances. 
            This policy is to be made available to any individual or organisation via the RFDS website, or in such a form as requested by any individual or organisation.

            3. Anonymity and Pseudonymity
            In line with Australian Privacy Principle 2, except for employees as provided under the Fair Work Act 2009, an individual wherever it is lawful and practicable, can exercise the option not to identify him or herself in dealing with the RFDS.
            An individual may remain anonymous regarding certain matters. However, it may be necessary for the RFDS to collect personal or sensitive information if the RFDS is required or authorised to do so under an Australian law, or by a court or tribunal.

            4. Collection of personal information

            4.1 Collection of Solicited Personal Information

            The RFDS collects personal and sensitive information only if an individual has consented to the information being collected, if the information is reasonably necessary for one or more of our functions or activities, or if one of the other exceptions applies under the Australian Privacy Principles.
            The RFDS will only collect information by lawful and fair means and may collect information in different ways, including:
            • forms, such as the employment forms
            • electronically, via email or website
            • phone calls
            • member and stakeholder lists
            • organised meetings or conferences
            • mailing lists
            • direct personal contact.
            The RFDS will always collect personal information directly from an individual unless it is unreasonable or impractical for the RFDS to do so.

            4.1.1 Employees

            If the individual is an employee, the RFDS will collect personal information such as name, contact details (address, email, phone number), date of birth, citizenship or residency status, and details of an emergency contact person. 
            We also collect sensitive information about an employee such as bank details for direct credit of salary, tax file number, superannuation and reimbursement of work related expenses.
            If the individual is a candidate seeking employment with the RFDS we will collect information including name, contact details, employment history, references, résumé and qualifications.
            If the candidate is unsuccessful in gaining employment with the RFDS, we will destroy any personal information we have received through the recruitment process.

            4.1.2. Board Directors and Committee Members

            To fulfil RFDS reporting requirements as a charity registered with the ACNC, the RFDS will collect personal information of Board Directors or Board Committee members such as name (and previous name/s), contact details (address, email, phone number), signature, qualifications, other directorships, director ID, contact details of an Executive Assistant (if applicable), airline memberships and additional information related to event logistics may be collected such as travel and any special needs or dietary requirements. We may also collect sensitive information such as date of birth, place of birth, bank details, tax file number, and details of an emergency contact person.

            4.1.3. Delegates of Member Organisations

            The RFDS may collect personal information of member delegates including name, contact details and signature for the purpose of the RFDS Annual General Meeting and other related activities. If the delegate attends RFDS functions or activities, additional information related to event logistics may be collected such as travel and any special needs or dietary requirements. 

            4.1.4. Contractors, Consultants, Sponsors, Partners and Suppliers

            The RFDS may collect information including name, contact details, ABN, business records, relevant insurance policies, billing information and information about goods and services supplied.

            4.1.5. Donations and Bequests

            The RFDS may be required to collect personal information from organisations or members of the public should they wish to make a donation or bequest to the RFDS. Such information includes organisation name, contact person or individual’s name, contact details and bank or credit/debit card details. Organisations and members of the public are also entitled to make donation or bequest payments direct to the RFDS should they prefer to do so via cash, cheque or EFT. All personal and sensitive information is encrypted using SSL technology.

            4.2. Sensitive information

            In addition, and in accordance with Australian Privacy Principal 3.4(e) this policy sets out the following additional requirements for the collection of sensitive information for a non-profit organisation:
            a. The information relates to the activities of the organisation.
            b. The information relates solely to the workers or members of the organisation, or to individuals who have regular contact with the organisation in connection with its activities.

            4.3. Dealing with Unsolicited Personal Information

            If the RFDS receives personal information about an individual that was not requested and the information was not by the means set out in 4.1 above, the RFDS will destroy or de-identify the information (i.e. any information that could reasonably identify an individual is removed) as soon as practicable. This will apply except where the information is required by law or a court or tribunal order to retain the information.

            4.4. Notification of the Collection of Personal Information

            The RFDS will take reasonable steps when seeking personal information to either to notify the individual of certain matters or to ensure the individual is aware of those matters.
            The matters include:
            a. the RFDS’ identity and contact details;
            b. the fact and circumstances of collection;
            c. whether the collection is required or authorised by law;
            d. the purposes of collection;
            e. the consequences if personal information is not collected;
            f. information about the RFDS’ Privacy Policy; and
            g. whether the RFDS is likely to disclose personal information to overseas recipients, and if practicable, the countries where they are located

            The RFDS will take reasonable steps, before, or at the time it collects personal information. If this is not practicable, reasonable steps must be taken as soon as practicable after collection.
            Examples of where the RFDS collects personal information is as follows:
            a. Conducting stakeholder surveys where some or all of the responses cannot be anonymous for the purpose of being reasonably necessary for, or directly related to, the organisation’s functions or activities.
            b. Employee pre-employment reference, health and security checks
            c. managing donations and bequests

            4.5 Oceans to Outback App

            a. Push Notifications
            b. Background device location - required for activity tracking
            c. We store the start lag long and end lat long + total distance and time
            d. Use of non-personal information for app performance
            e. The user has the option to update their name but all other information is collected from the website

            4.5. Cookies

            Cookies are pieces of information that a website can transfer to an individual’s computer when accessing information on that site. Cookies can make websites easier to use by storing information about an individual’s preferences on a particular website. This information remains on the individual’s computer after they close their browser. Some pages on the RFDS website may use cookies to collect anonymous traffic data. This data does not collect personal information.  Where non-personal information is collected the Australian Privacy Principles do not apply.

            4.6. Online videoconferencing and chat data

            In response to the national footprint of the RFDS and its association with many geographically diverse stakeholders, the RFDS may use a range of platforms to hold videoconference meetings and online ‘chat’ forums. Administrators can identify individuals and their comments by the name of the attendee joins the event. This means if an attendee nominates their name and/or permits video to be used, the administrator would be able to attribute any comment made by that person either verbally or in the ‘chat’ function.The RFDS only utilises verbal and written comments to inform its policy and advocacy positions and will not pass on comments as attributable to any individual. The RFDS seeks explicit agreement with video/webinar presenters and attendees if it is going to record and or/publicise any video, or any section of video, from its webinars with members and stakeholders.

            5. Dealing with personal information

            5.1. Use or Disclosure of Personal Information

            The RFDS will only use personal and sensitive information (including photographs and other images) for purposes which are directly related to the reason provided to an individual and where an individual would reasonably expect the RFDS to use the information, including for public health and research purposes.

            The RFDS will not use personal information for another purpose unless an individual has given consent or one of the exceptions under the Privacy Act applies. For example, if the use of information is authorised by Australian law or is necessary for law enforcement by an enforcement body, such as the Australian Federal Police. When an individual employee provides the RFDS with their personal and sensitive information through the induction process, the RFDS will seek the consent of the individual to disclose the information for the purpose of administering payroll. 

            The RFDS will only disclose personal and sensitive information for purposes which are directly related to the reason provided to the individual with the personal information in the first place and where an individual would reasonably expect us to disclose the information.  

            For example, information related to payroll data will be provided to the Australian Taxation Office, and superannuation companies chosen by the individual.

            The RFDS will take all reasonable steps to ensure personal details remain confidential at all times. The RFDS keeps an internal employee contact list which is regularly updated. Individual employees who have provided permission for mobile phone numbers to be disclosed outside the organisation are clearly marked.  All other contact information is kept confidential.  This also applies to the information provided by stakeholders working with the RFDS. All external parties (such as contractors and consultants) who receive any personal information sign the RFDS Confidentiality / Non-Disclosure Agreement that requires them to comply with the Privacy Act and our Privacy Policy.

            5.2. Direct Marketing and Information Materials

            The RFDS on occasion receives requests from government research bodies to assist them in gathering statistical data. The RFDS conforms to all research requests on specific criteria, such as aggregate and anonymised but not individual personal information. Any personal information such as names, addresses and phone numbers are not divulged by the RFDS as the information is given anonymously. 

            From time to time, the RFDS may contact you for purposes related to our services and events where permitted by the Privacy Act or where an individual has consented to the use or disclosure of personal information for direct communications and promotional materials. 
            We may contact you for reasons including, but not limited to, the following:

            • Updates on Our Mission: To inform you about the RFDS' programs, projects, and the impact of your support.
            • Fundraising and Campaigns: To share opportunities to support our mission through donations, volunteering, or participation in events, provided you have opted in to receive such communications.
            • Supporter Engagement: To respond to your inquiries, acknowledge contributions, or provide assistance related to your involvement with our charity.
            • Compliance: To fulfill legal obligations, including tax receipts, donor reporting, and compliance with applicable regulations.

            If an individual does not wish to receive these communications they can contact the RFDS to unsubscribe by calling 02 6269 5500 or emailing enquiries@rfds.org.au. However, we may still contact you regarding non-promotional matters, such as important updates on donations or participation in our programs.

            6. Integrity of Personal Information

            6.1. Quality of personal information

            The RFDS will take reasonable steps to ensure all personal information collected, used or disclosed is accurate, up-to-date, complete, relevant, and not misleading. 

            The RFDS will correct any personal information it believes to be incorrect, incomplete, irrelevant, or misleading. This includes taking reasonable steps to notify the correction to any organisation or Government agency to which information was disclosed. An individual may request access to or correct their personal information at any time by contacting the RFDS. 

            The RFDS will provide access to the information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.

            If a request to access or correct personal information is made, the RFDS will respond within 30 days.

            6.2. Security of personal information

            The RFDS will take appropriate steps to protect personal and sensitive information from misuse, interference, unauthorised access, modification, loss, or disclosure. This includes during storage, collection, processing, transfer, and destruction of the information. The RFDS complies with the best practice security principles to ensure access to confidential information and data is restricted to authorised persons only, and that all workers are able to lock computers, devices and filing cabinets when leaving desks, and appropriate options for the secure and confidential disposal of hard copy documents are provided.

            The RFDS will take steps to ensure the security of the organisation’s website and does not ask for personal or sensitive details about an individual over the website. All personal and sensitive information collected via the website (eg online donations) is encrypted using SSL technology. All RFDS workers must comply with the RFDS Cyber Security and Data Governance Frameworks and adhere to the procedures within, providing an extra level of protection and accountability for the security of confidential and personal information.

            When the RFDS no longer requires personal and/or sensitive information for any purpose it will take reasonable steps to destroy or archive the information. This will apply except where the information is part of a Commonwealth record, or we are required by law or a court or tribunal order to retain the information.

            6.2.1. Archiving of personal information

            The following types of information are required by law, to be kept (archived) by the RFDS:

            a. Work health and safety records for 5 years and includes;

            b. Work health and safety audits and inspections reports;

            7. Access to personal and confidential information

            7.1. Access to personal information

            The RFDS will provide individual access to their personal information upon written request and at a time to suit both parties.

            7.2. Correction of personal informationThe RFDS will seek to correct any personal information if it is inaccurate, out of date, incomplete, irrelevant, or misleading or if requested the RFDS will amend any information that is incorrect. 

            The RFDS will advise the individual as soon as practicable of the corrections. 

            7.3. Access to RFDS Data for Research StudentsThe RFDS may provide access to RFDS data for research students for the purpose of being reasonably necessary for, or directly related to, the organisation’s functions or activities. 

            In accordance with the Management of Access to RFDS Data Policy (FOP035), the RFDS will ensure that all personal information is desensitised before allowing research students access to such data.

            For further information on our privacy policy, please refer to this document.