This policy explains what personal information Hearts of Hope Foundation collects, how we use and protect it, who we share it with, and how you can access, correct, or delete it.
As a registered charity with annual turnover under $3 million, the Foundation may currently fall within the small-business exemption in s 6C of the Privacy Act 1988 (Cth). We have chosen to operate as if the Australian Privacy Principles (APPs) apply in full, because (a) we expect to handle health and safeguarding-related information about beneficiaries, (b) we want our donors to have the same protections they would expect from any public-facing organisation, and (c) state and territory privacy regimes, the EU/UK GDPR, and the Spam Act 2003 (Cth) may apply to particular interactions regardless of our turnover.
The data controller and Australian Privacy Officer for the purposes of this policy is Islamic Aid Worldwide Project Ltd, ABN 68 686 194 034, trading as Hearts of Hope Foundation. The Foundation is a registered charity with the Australian Charities and Not-for-profits Commission (ACNC).
You can reach our Privacy Officer by email at privacy@heartsofhope.org.au or by writing to 119 Telegraph Road, Bald Hills QLD 4036, Australia.
We only collect personal information that is reasonably necessary for one of the activities described in this policy. Depending on how you interact with us, we may collect:
We do not knowingly collect “sensitive information” (as defined in the Privacy Act health, racial origin, religion, sexual orientation, criminal record, etc.) unless it is necessary for a specific safeguarding or program-eligibility purpose, in which case we collect only with consent and store it under restricted access.
We use personal information only for purposes that are reasonably connected to your interaction with us. Specifically:
We will not use your personal information for a purpose unrelated to the one for which it was collected without your consent, except where required or authorised by law.
We share personal information only as follows:
We do not sell, rent, or trade personal information for marketing purposes. We do not share donor lists with other charities or commercial third parties.
We store personal information in cloud services operated by reputable providers (including Australian and international cloud platforms). Some of our service providers process data in jurisdictions outside Australia for example, email and analytics providers headquartered in the United States or the European Economic Area. Where we transfer personal information overseas, we take reasonable steps to ensure the recipient handles it in a manner consistent with the APPs.
We protect personal information using a combination of access controls, encryption in transit (HTTPS / TLS), encryption at rest where our providers offer it, role-based access for staff and volunteers, and regular review of accounts with access to donor and beneficiary records.
No system is perfectly secure. If a notifiable data breach occurs, we will assess and respond in accordance with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act, and we will notify affected individuals and the OAIC where the scheme requires.
We keep personal information only for as long as we have a legitimate reason to hold it.
When we no longer need personal information, we delete or de-identify it.
You have the right to ask us what personal information we hold about you, to correct it if it is wrong, and (subject to our legal obligations) to ask us to delete it. We will respond to access and correction requests within a reasonable period usually within 30 days. We do not charge for access requests unless they are unusually large or repeated.
To exercise any of these rights, email privacy@heartsofhope.org.au and tell us what you would like us to do. We may ask you to verify your identity before acting on a request.
The Foundation's website does not currently set non-essential cookies, run a third-party analytics platform (e.g. Google Analytics), or embed advertising tracking pixels. Server logs that record IP address and pages requested are kept for short periods by our hosting provider for security and reliability purposes only.
If we add analytics or non-essential cookies in future, we will publish a cookie notice and for visitors located in the EU, UK, or other consent-required jurisdictions present a consent banner before any non-essential cookies are set. This page will be updated at the same time.
When we send you a commercial electronic message for example, a donation impact update, a campaign appeal, or an event invitation we comply with the Spam Act 2003 (Cth):
You can also unsubscribe at any time by emailing privacy@heartsofhope.org.au. Transactional emails such as donation receipts and replies to enquiries you have sent us are not commercial electronic messages and will be sent regardless of marketing preferences.
The Foundation supports children and vulnerable people. Personal information about a child or a family in one of our programs is some of the most sensitive information we hold, and we treat it accordingly.
If you are located in the European Economic Area or the United Kingdom at the time you give us your personal information, the EU General Data Protection Regulation (GDPR) and the UK GDPR apply to that information regardless of the Foundation's Australian status. In addition to the rights set out above, you have the right to:
Our lawful bases for processing under the GDPR are (a) consent for marketing communications, (b) contract to process your donation or partnership, (c) legitimate interests to manage donor relationships and run our programs, and (d) legal obligation to meet our tax and charity-law obligations. To exercise any GDPR right, contact our Privacy Officer at privacy@heartsofhope.org.au.
If you think we have mishandled your personal information, please contact our Privacy Officer first. We will acknowledge your complaint within 7 days and respond substantively within 30 days. Most privacy concerns can be resolved quickly when raised directly with us.
If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au/privacy/privacy-complaints. If you are in the UK or EU, you can also complain to your local data protection authority.
We will update this policy from time to time. Material changes for example, a change in the purposes for which we collect information, or a new analytics or marketing service that processes personal data will be flagged at the top of this page for at least 30 days following the change.
Personal information already held continues to be governed by the version of this policy in force at the time it was collected, except where you consent to the new terms or where the new terms are required by law.
Email our Privacy Officer at privacy@heartsofhope.org.au, or write to us at 119 Telegraph Road, Bald Hills QLD 4036, Australia.