Privacy Policy
General (Applies to everyone)
We respect your privacy
At ChildFund Australia (ChildFund) we understand the importance of protecting the personal information we hold. We are committed to handling that personal information in accordance with our obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles and to respecting the privacy of everyone whose information we collect and hold.
Who this policy is for
This policy applies to two broad groups of people, whose information we handle differently. The first is our supporters and the public, including donors, sponsors, staff, contractors, partners, suppliers, website users and others who interact with us. The second is the people we work with through our programs, including children, families, community members and other program participants.
This policy is organised in two main parts. Part A describes how we handle information about our supporters, donors and members of the public. If you give to us, sign up to hear from us or use our website, Part A is written with you in mind.
Because we also work directly with children, families and communities through our programs, we handle their information differently and with particular care. Part B explains how we handle that information. Where a person takes part in our programs, our Informed Consent Policy and Child Safeguarding Framework apply in addition to this policy.
The final part of this policy sets out matters that apply to everyone, including how we protect information, how you can access it and how to make a complaint.
Reviewing and updating this policy
To ensure it remains relevant and contemporary, we periodically review and where necessary, update this policy. The date of the most recent review is indicated above.
The current version of this policy is always available on our website at www.childfund.org.au/privacy and that version takes precedence over any printed or saved copy. Hard copies of this policy are available by post or email on request.
Part A - Supporters, donors and the public
This part explains how we handle personal information about people who support us or interact with us, donors, sponsors, website users and members of the public.
The sorts of personal information we collect
Depending on how you interact with us, the personal information we collect and hold might typically include:
- your name and contact details (postal address, phone numbers, email addresses)
- your date of birth, gender and occupation
- your preferred method of communication and the types of communications you wish to receive
- any preferences or interests you share with us, such as the causes, themes or programs you most want to support or hear about
- your employer’s details if you participate in workplace giving
- payment information needed to process donations, such as direct debit details or payment card information (full payment card details are processed by accredited payment providers and are not stored in full by ChildFund Australia)
- a history of your donations, emails, letters and other interactions with ChildFund
- your ChildFund website username and password and your interactions with ChildFund related websites
We may collect personal information when you interact with us through third-party platforms, including social media platforms, fundraising platforms, event platforms, survey tools and payment providers. Those platforms may also collect and handle your information under their own privacy policies.
Sensitive information
Some personal information is considered sensitive information under the Privacy Act. This can include information about health, ethnicity, religious beliefs, criminal records or other matters given special protection under privacy law.
We only collect sensitive information where it is reasonably necessary for our work and where we have consent or where we are otherwise permitted or required by law to do so.
This may occur in limited circumstances, such as when we support program delivery, assess eligibility for services, manage safeguarding obligations or undertake staff or contractor screening.
Why we collect this information
We collect personal information to use it to carry out and support our charitable activities.
For example, we might use your personal information to:
- process or confirm your donation and issue a receipt
- send you information about how your donation was used
- update you if we have information that may affect your support
- keep you informed about our work
- respond to your questions, comments, compliments or complaints
- inform you about new opportunities to support our work
We might also use personal information more broadly, including in the following ways:
- to analyse donor and website activity in order to improve our effectiveness, including for quality assurance
- for reporting on our activities, including to government, to funding bodies or producing our Annual Report
- to collect pledges of support for campaigns
We may use your personal information to keep you informed about our work, appeals, events, campaigns and other ways you can support ChildFund Australia.
From time to time, we may work with trusted service providers or partner organisations to help us communicate with supporters or identify people who may be interested in our work. Where this involves personal information, we take steps to ensure it is handled appropriately and in accordance with privacy law.
Occasionally we may share your contact details with other trusted organisations so that they can contact you with information that may be of interest to you and those organisations may share their supporters' details with us in the same way. This helps each of us reach more people who may wish to support our work. We do not sell or rent your personal information
You can ask us not to share your details with other organisations at any time and you can opt out of these communications using any of the contact channels at the end of this policy. If we have used personal information about you for direct marketing, you may also ask us to tell you the source of that information and we will do so unless it would be unreasonable or impracticable.
ChildFund Australia may also send you information about products or services offered by businesses that support our work. We do not disclose your personal information to these businesses. If you choose to become a customer of one of these businesses, by purchasing these products or services, they may choose to collect your information and send further offers to you.
Opting out
You can opt out of receiving marketing or campaign communications from ChildFund Australia at any time by:
- contacting us through any of our contact channels at the end of this policy
- using the ‘unsubscribe’ link in electronic communication
We will action opt-out requests within a reasonable period. Please note that even if you opt out of marketing or campaign communications, we may still contact you where necessary for administrative, transactional or legal reasons, such as issuing donation receipts, responding to your enquiries or providing important information about your support.
You may also ask us to identify the source of personal information we have used for direct marketing, unless it would be unreasonable or impracticable for us to do so.
How we collect personal information
We primarily collect information directly from you, when you engage with us. This might be, for example:
- when you donate, or sign up to receive information or respond to a fundraising appeal
- if you contact us with a general query or to make a complain
Engagement might also occur in a number of ways:
- over the phone, in correspondence (letters, emails, texts etc) or in person
- via our website or through related social media platforms
We also collect information indirectly, including:
- from public records, such as telephone directories, lists and third-party surveys which we purchase for direct marketing and telemarketing. We use these sources only in relation to supporters and prospective supporters and not to collect information about program participants
- through our own research and analysis, for instance of the use of our website or your interactions with our programs and services
- if someone donates on your behalf and asks that you receive information about their gift, we will collect the personal information they provide about you
- from third parties, including organisations who conduct fundraising on behalf of ChildFund (in person or through telemarketing) and individuals who personally conduct fundraising for us or organise workplace giving
When we collect your personal information, including from a third party, we will take such steps as are reasonable in the circumstances to ensure that you are notified in compliance with the Privacy Act.
In practice, this notification typically takes the form of a collection statement provided at the point you give us your information. For example, on donation forms, sponsorship sign-up pages, registrations, surveys and other online or paper forms. Where personal information is collected through our website, we provide notice through this Privacy Policy and through specific notices on relevant pages.
By providing personal information to us, you acknowledge that we will handle it for the purposes described at the point of collection and in this policy. Where consent is required, we will seek it.
Unsolicited information
From time to time, we receive personal information that we have not asked for. For example, where a supporter includes additional details in correspondence with us or where a third party provides information without our request.
When this happens, we will consider whether the information is something we could have collected under this policy. If it is, we will handle it in accordance with this policy. If it is not, and where it is lawful and reasonable to do so, we will destroy or de-identify the information as soon as practicable.
Being anonymous
It is possible in some circumstances to remain anonymous or use a pseudonym when you deal with us, for example when you donate or raise a query or complaint (see Making a complaint below for our anonymous reporting options, including our secure Whispli platform).
However, if you choose not to provide us with your personal information, we may not be able to fully assist you, for instance to provide you with an official tax-deductible receipt or follow up your matter.
Disclosure of personal information
Within Australia we may disclose your personal information to:
- financial institutions in order to authorise your payments
- an authorised legal representative nominated by you
- mailing house, marketing, telemarketing and door-knocking service providers
- courts, law enforcement agencies and government or other organisations as required by law
Because ChildFund Australia works internationally, we may disclose personal information to overseas recipients where this is reasonably necessary for our activities. This may include ChildFund offices, ChildFund Alliance partners, service providers, program partners or other organisations involved in delivering, supporting or administering our wor
The countries involved will depend on the nature of your relationship with us but may include countries where ChildFund Australia supports programs or where our partners and service providers operate.
Before disclosing personal information overseas, we take reasonable steps to ensure that it will be handled appropriately and in a way that is consistent with Australian privacy requirements, unless an exception under the Privacy Act applies.
Cookies, our website and your privacy
We use cookies and similar technologies to help operate and improve our website and digital platforms, understand how people use them, measure campaign performance and support our communications.
These technologies may collect information such as your browser type, device information, IP address, website activity and how you arrived at our website. This information may not directly identify you, but in some circumstances, it may be personal information
We may also use third-party analytics and advertising technologies. These third parties may collect and use information in accordance with their own privacy policies. You can adjust your browser settings to disable cookies, although this may affect how some parts of our website work
Our website may contain links to other websites that we do not operate. This policy does not apply to those websites, and we are not responsible for the privacy practices of their operators. We encourage you to read the privacy policy of any website you visit.
Your personal information and child sponsorship
To ensure your privacy is maintained, please ensure you follow ChildFund's guidelines on communicating with and visiting, sponsored children. All communication between you and your sponsored child, including but not limited to post, electronic and online communication, and face-to-face visits must go through a ChildFund office in Australia or overseas.
To protect the safety, privacy and dignity of children, families and communities, all visits to sponsored children or communities must be arranged through ChildFund. Sponsors should not contact or visit a sponsored child or community independently.
Part B - Program participants, children and communities
This part explains how we handle personal information about the children, families and communities we work with through our programs. This information is also governed by our Informed Consent Policy and Child Safeguarding Framework. We do not use program participant information for fundraising or marketing unless separate informed consent for communications use has been given.
Our approach to program participants personal information
We collect and use program participant information to deliver and improve our programs, to keep people safe and meet our safeguarding obligations and to meet donor, legal and regulatory reporting requirements.
In our international programs, we may collect limited personal information about parents, guardians, community members, local partners or other program participants where this is needed to deliver programs, manage safeguarding, monitor outcomes, meet donor or regulatory reporting requirements or tell stories about our work with appropriate informed consent
Where we collect personal information from program participants, we do so with informed consent in line with our Informed Consent Policy. Consent to take part in a program or activity is sought separately from consent to collect or use photographs, videos, stories or other content for communications and consent can be withdrawn at any time.
We may also collect and handle personal information about adults and young people who access support services, helplines, digital programs or other program activities, including people who may be experiencing vulnerability, crisis, family or community violence, mental distress, safety risks or other sensitive circumstances. We take particular care with this information and limit its collection, use and disclosure to what is reasonably necessary to provide support, manage safety and safeguarding risks, monitor and improve services, meet legal or regulatory obligations, and report on program outcomes in a de-identified or aggregated form where appropriate.
Our approach to children’s personal information
A significant part of our work involves children, and we take particular care with their personal information. For the purposes of this policy, a child is any person under the age of 18.
We collect and hold personal information about children in the following main contexts:
Sponsored children and child participants in programming: Children in our overseas programs are enrolled with the consent of their parent or guardian and, where age-appropriate, the child. The information we share with sponsors is limited to what is needed to support the sponsorship relationship, typically a first name, age, country and general information about the child’s circumstances. All correspondence and exchanges of photographs are managed through ChildFund Australia and the ChildFund office in the child’s country.
Photographs, videos and stories: When we share photographs, videos or stories of children (for example in fundraising appeals, newsletters, program evaluation activities, our Annual Report or on social media) we do so in line with our Child Safeguarding Framework and the Informed Consent Policy, including by using pseudonyms or modifying identifying details to protect children’s identities. We do not include information that could put a child or participant at risk.
In all our handling of children’s personal information, we are guided by the principle of the best interests of the child. Our informed consent process includes privacy information in child-friendly formats.
We will continue to monitor developments in children’s privacy law and update our practices and this policy where required. We will meet the requirements of the Children’s Online Privacy Code being developed by the Office of the Australian Information Commissioner, once it commences.
General (How we manage your information)
These sections apply to all the personal information we hold, whoever it relates to.
How we hold and protect information
We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure
These steps may include a combination of technical, administrative and physical safeguards, such as access controls, secure systems, staff training, supplier due diligence, secure storage of hard copy records and processes for managing privacy and data security incidents.
Where we use third-party providers to process payments, we expect those providers to maintain appropriate payment security standards. ChildFund Australia does not store full payment card details in its own systems
We keep personal information for as long as it is reasonably needed for the purpose of which it was collected or as required for legal, audit, tax, safeguarding, dispute resolution or operational purposes.
When personal information is no longer needed, we take reasonable steps to destroy it or de-identify it. We may retain de-identified information for purposes such as reporting, analysis, planning and understanding program or fundraising trends.
Applying this policy across ChildFund country offices
ChildFund Australia works alongside ChildFund country offices and program partners in the countries where we operate. Where appropriate, we seek to apply the privacy protections and mechanisms set out in this Policy consistently across these offices.
Where a country office is subject to a local legal requirement that sets a higher standard of privacy protection than this Policy, we apply that higher standard. Our intention is that, wherever your personal information is handled within the ChildFund network, it receives the strongest level of protection available to it.
Responding to data breaches
Despite the steps we take to protect personal information, data breaches can still occur. A data breach happens when personal information we hold is lost, or accessed, used, disclosed or modified without authorisation.
We maintain a data breach response plan so that we can act quickly to contain a breach, assess the risk it poses and limit any harm to affected individuals. When we become aware of a possible breach, we will take reasonable steps to contain it, investigate what has happened and assess whether it is likely to result in serious harm.
Where a breach is likely to result in serious harm to one or more individuals, it is an eligible data breach under the Notifiable Data Breaches scheme. In that case we will notify the affected individuals and the Office of the Australian Information Commissioner as soon as practicable and tell affected individuals what has happened and the steps they can take to protect themselves.
If you believe your personal information may have been affected by a data breach, please contact us using the details below.
Analytics and automated decision-making
We may use technology, analytics and automated tools to help us understand supporter engagement, improve our communications, detect potential fraud or errors and support operational decision-making
These tools support our work but do not replace appropriate human involvement in decisions that may significantly affect an individual.
We will continue to review our use of automated tools and update this policy where required by privacy law, including in relation to automated decision-making transparency requirements commencing in December 2026.
Keeping your information accurate and up to date
We take reasonable steps to ensure that the personal information we hold is accurate, up to date, complete and relevant. To help us do this, please let us know if your contact details or other information change or if you believe any information we hold about you is incorrect. We will correct or update it, and where we have disclosed it to others, we will take reasonable steps to notify them of the correction where appropriate.
Accessing and correcting your information
You may request access to the personal information we hold about you. You may also ask us to correct your information or delete certain information
Before we provide access or make a correction, we will take reasonable steps to verify your identity, or the identity of a person authorised to make a request on your behalf. This protects your information from being disclosed to the wrong person.
We will respond to your request within a reasonable period, generally within 30 days. In some cases, we may not be able to provide access, make a correction or delete information, for example where we are required or permitted by law to retain it. If this happens, we will explain why, where it is reasonable to do so.
To make a request, please contact us using the details below and include relevant contact details and your ChildFund supporter number, if you have one.
Making a complaint
If you have a complaint about any aspect of our privacy practices, you can contact our Supporter Relations team using the details below. Complaints may be submitted by email, letter or phone
We will acknowledge your complaint promptly and respond within 30 days. You will be kept informed throughout the process. All complaints are handled confidentially on a need-to-know basis and records are securely stored
If you are not satisfied with our response, you may make a written complaint to the Office of the Australian Information Commissioner. For more information, visit www.oaic.gov.au.
As a member of the Australian Council for International Development (ACFID) and a signatory to the ACFID Code of Conduct, ChildFund Australia is committed to high standards of conduct and accountability. If your complaint relates to a possible breach of the Code, you may raise it with the ACFID Code of Conduct Committee, noting that complaints are generally raised with us first. More information is available at www.acfid.asn.au.
For serious matters, such as suspected unlawful conduct or intentional misuse of personal information you may also raise a confidential or anonymous report through our Whistleblower Mechanism (also available via Whispli). Whistleblowers are protected against retaliation under our Whistleblowing Policy. Concerns relating to child safeguarding or sexual exploitation, abuse or harassment (SEAH) should be reported through our dedicated safeguarding channels, which apply a survivor-centred approach, see our Child Safeguarding Policy and PSEAH Policy for details.
Contact Us
For any privacy question, request or complaint, you can contact our Privacy Officer:
- By email at privacy@childfund.org.au, marking your message ‘Attention: Privacy Officer’
- By writing to us at ChildFund Australia,
- Attention: Privacy Officer, ChildFund Australia, Level 8, 162 Goulburn Street, Surry Hills, NSW 2010
- By calling us on 1800 023 600