Our privacy commitment

Protecting your privacy is very important to us because we are committed to valuing people – our supporters, workers, and volunteers – as well as the families we support.

Mummy’s Wish is a program of Rare Cancers Australia (ABN 24 159 196 997) (“we”, “us” and “our”). We will endeavour to handle your personal information in accordance with our Privacy Policy and the Australian Privacy Principles.

This Privacy Policy summarises how we handle your personal information. We may revise this Privacy Policy from time to time by updating this page. The revised Privacy Policy will take effect when it is posted on our website.

What is personal information?

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

The types of personal information we collect may include your name, date of birth, gender, contact information, credit/debit card information, health information, and other information about your history with, or relationship to cancer.

Whose personal information do we collect?

We collect personal information from people who are connected to our operations and activities – including employees, donors, recipients of support services, health professionals, suppliers, volunteers, and service providers.

How do we collect your personal information?

Where possible, we will collect your personal information directly from you. Typically, we might ask for your name, address, telephone number, email, payment card details, and date of birth. We also use “cookies” to track visits to our website; you can usually disable cookies in your internet browser settings.

You can find out more about cookies by looking at our Website and logo use page.

We collect information about you from you and with your knowledge where we can. You might:

  • fill out a form online
  • donate online, by mail, or on the telephone
  • complete a survey
  • contact us by email or social media
  • call us
  • send us photos or recordings.

We need certain information to meet your expectations as a supporter; we can’t give you a tax receipt or send you information about how we are performing if we don’t have your name and address.

We take special care with your payment card details as we must under the Payment Card Industry Data Security Standard.

If you apply to work with us (including as a volunteer) then we will collect information (such as your work experience and references) so that we can decide whether to engage you.

Sometimes we might have photos or stories about you if you have attended one of our events.

We also obtain personal information from third parties such as contractors (including fundraising service providers), list vendors, health professionals, and social and community workers. If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, we will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we collected your personal information.

Using and sharing your information

We will use your information as you would expect. If you are a supporter – to process your donations, newsletter subscriptions, change of details – and to tell you about our work. It is important that we tell you about how your support is making a difference to the families we serve. You can set your preferences for how you will hear from us by contacting us.

We may collect your personal information for many purposes, including:

  • Marketing: to communicate with you about donations, products, services, campaigns, causes and events
  • Support services: to provide you with information and support services, and to evaluate and report on these services
  • Volunteering and other support: to enable you to assist us with volunteering, community fundraising, advocacy, and other activities where we seek the community’s assistance
  • Other issues: communicating with you about our operations, activities, and objectives, verifying your identity, improving and evaluating our programs and services, and complying with relevant laws.

Where we collect your personal information for a specific purpose not outlined above, we will provide you with a collection notice that explains the primary purpose and any related secondary purposes for which we are collecting your personal information

Health information and other sensitive information

As part of administering our services, we may collect health information and other sensitive information. For example, we may collect medical history information from you. Sensitive information includes the following types of information: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or associations; philosophical beliefs; memberships; sexual orientation; genetic information; biometric information; and biometric templates. We will limit the collection of sensitive information to the minimum amount required to perform our services.

Sometimes we have to disclose your information to other people for a specific purpose and to carry out our activities. For example, health care professionals, lawyers, other professionals, counsellors, funders, financiers, coordinators, volunteers, service providers, agencies, and not-for-profits that provide support services.

Wherever we propose to disclose your personal information to a third party not outlined above, we will provide you with a collection notice that explains the circumstances in which we might disclose your personal information.

We generally don’t disclose your information to anyone else – importantly, we don’t rent, sell, or exchange your information without your consent. When we tell you about opportunities with other partner organisations, we will not give your information to them; it will be up to you to contact them directly.

If we use or give others your information in any other way not described here, we will still protect your privacy.

What happens if you don’t provide all this information?

If you do not provide some or all of the personal information requested, we may not be able to offer you services or provide you with information about our causes, events, programs, and projects.

Using a pseudonym or engaging with us anonymously

Where practicable, you will be allowed to engage with us on an anonymous basis, or using a pseudonym.

Website usage information and cookies

When you access our website, we may use software embedded in our website (such as Javascript) and we may place small data files (or cookies) on your computer or other device to collect information about which pages you view and how you reach them, what you do when you visit a page, the length of time you remain on the page, and how we perform in providing content to you.

A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.

We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.

Opting out of direct marketing communications

Where we use your personal information to send you marketing and promotional information by post, email, or telephone, we will provide you with an opportunity to opt out of receiving such information. By electing not to opt out, we will assume we have your implied consent to receive similar information and communications in the future. We will always ensure that our opt-out notices are clear, conspicuous, and easy to take up.

If you do not wish to receive direct marketing communications from us, please contact us at Mummy’s Wish, PO Box 440, Bowral, NSW 2576, Tel: (02) 4862 2768 or email: contact@rarecancers.org.au

Keeping your information safe

We take all reasonable steps to protect all of the personal information we hold from misuse, interference, loss, and unauthorised access, modification, or disclosure. Your personal information will be stored on a password-protected electronic database, which may be on our database, a database maintained by a cloud hosting service provider, or another third-party database storage or server provider. Backups of electronic information are written to drives that are stored offsite.

Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. Any personal information not actively being used is archived, usually for 7 years, with a third-party provider of secure archiving services.

Where personal information is stored with a third party, we have arrangements that require those third parties to maintain the security of the information. We take reasonable steps to protect the privacy and security of that information, but we are not liable for any unauthorised access or use of that information. Your personal information will stay on the database indefinitely until you advise you would like it removed unless we de-identify it or destroy it earlier following privacy law requirements.

Our website uses secure response forms when we ask for your personal and payment card details and we work hard to keep your information secure by having safe systems in place. We commit to de-identify or destroy your information where we no longer need to keep it.
Our employees and service providers are also expected to keep personal and payment card information confidential and secure.

Your direct debit or credit cards

We use Secure Socket Layer (SSL) certificates which are the industry standard for encrypting your credit card and debit card numbers, your name, and your address so that they cannot be viewed by any third party over the internet. Your financial information is encrypted on our servers and access to this information is restricted to our authorised staff only.

Cross-border disclosures of your personal information

We use data hosting facilities and third-party service providers to assist us with providing our goods and services. As a result, your personal information may be transferred to, and stored at, a destination outside Australia, including but not limited to New Zealand, Netherlands, China, Singapore, Hong Kong, Ireland, Canada, the United States of America, and the United Kingdom.

Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, or partners. We take such steps as are necessary in the circumstances to ensure that any overseas third-party service providers we engage do not breach the Australian Privacy Principles, including through contractual arrangements.

If your personal information is collected using a collection notice that references this Privacy Policy, you are taken to consent to the disclosure, transfer, storage, or processing of your personal information outside of Australia. You also acknowledge and understand that by providing such consent we will not be required to take such steps as are reasonable in the circumstances to ensure such third parties comply with the Australian Privacy Principles.

Access to your personal information

We will, upon your request, and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, we request that you identify, as clearly as possible, the type(s) of information requested. We will deal with your request to provide access to your personal information within 30 days and you agree we may charge you our reasonable costs incurred in supplying you with access to this information.

Your rights to access personal information are not absolute and privacy laws dictate that we are not required to grant access in certain circumstances such as where:

  • access would pose a serious threat to the life, safety, or health of any individual or public health or public safety
  • access would have an unreasonable impact on the privacy of other individuals
  • the request is frivolous or vexatious
  • denying access is required or authorised by a law or a court or tribunal order
  • access would be unlawful, or
  • access may prejudice commercial negotiations, legal proceedings, enforcement activities, or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.

If we refuse to grant you access to your personal information, we will provide you with reasons for that decision (unless it is unreasonable to do so) and the avenues available for you to complain about the refusal.

Updating your personal information

You may ask us to update, correct, or delete the personal information we hold about you at any time. We will take reasonable steps to verify your identity before granting access or making any corrections to or deletion of your information. We also have obligations to take reasonable steps to correct personal information we hold when we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant, or misleading for the purpose for which it is held.

If you require access to or wish to update your personal information, please contact us at Mummy’s Wish, PO Box 440, Bowral, NSW 2576, Tel: (02) 4862 2768 and email: contact@rarecancers.org.au


If you have any queries or would like to make a complaint relating to our Privacy Policy or how we handle your personal information, please contact us at (02) 4862 2768 and email: contact@rarecancers.org.au. We endeavour to respond to complaints and queries within fourteen days of their receipt. If you are dissatisfied with our response, you may refer the matter to the Australian Information (Privacy) Commissioner (see www.oaic.gov.au).

This page was last updated on: 1 March 2024