Policy Name: Privacy Policy
Date of Approval: March 2024
Approved By: Chief Executive Officer

1. Policy briefs & purpose

Consumers Health Forum (CHF) Privacy Policy explains how our organisation protects your Privacy Information. Along with our Collection Statement, our Privacy Policy lays down the principles by which we collect, store, use and disclose any personal information you provide to us or we collect from other sources.

Our Privacy Policy also informs consumers, prospective consumers, stakeholders and anyone else whose private information is collected, stored, used and disclosed to or by CHF, about how:

  • we protect that information
  • they can access and correct their Privacy Information held by us
  • they can lodge complaints or make any related enquiry.

2. Scope and definitions

All CHF staff are required to comply with this policy.

APPsThe Australian Privacy Principles in the Privacy Act 1988 (Cth)
Health InformationInformation about a person’s health, which may include, but is not limited to:
  • the physical, mental or psychological health or disability of an individual
  • the health services an individual is receiving
  • an individual’s wishes about the provision of health services
NDBPrivacy Act 1988 (CTH). Under the scheme, any organisation or agency the Privacy Act 1988 covers must notify affected individuals and the OAIC when a data breach is likely to result in serious harm to an individual whose personal information is involved.
OAICOffice of the Australian Information Commissioner
Personal InformationInformation that can identify an individual, including but not limited to name, address, email address, date of birth and bank account details
Privacy InformationIncludes Personal Information and Sensitive Information
Privacy OfficerThe CHF representative to whom members of the public may address any queries and concerns they have about CHF’s collection, storage, use and disclosure of any Privacy Information. This role is held by our Director People and Culture.
Sensitive InformationInformation about a person that if disclosed inappropriately might lead to discrimination, mistreatment, humiliation or embarrassment. Examples of sensitive information include health information, religion, racial or ethnic origin, political opinions and memberships, philosophical beliefs, sexual preferences and orientation, genetic information or biometric information.
CHFConsumers Health Forum of Australia. Refers to the organisation representing the interests of Australian healthcare consumers and works to achieve safe, quality, timely healthcare for all Australians.
We, us and ourCHF

3. Policy elements

Why we collect and hold information about people

CHF collects information about people from the following groups to assist our work in representing the interests of Australian healthcare consumers.

Type of information we collect and hold

We collect Privacy Information from individuals in order to fulfil our role as Australia’s peak health consumer representative body.
The type of information we collect can include:

  • name
  • contact and demographic details
  • role/health services provided
  • health Information
  • connection with CHF.

CHF collects Privacy Information about its members, Governing committee members, advocates, consumer representatives, potential consumer representatives, potential staff, stakeholders and other individuals who from time-to-time contact CHF for advice or to participate in CHF activities.

The types of information collected typically include, but are not limited to:

  • contact details (name, address, telephone number, email address, next of kin)
  • age, date of birth, gender, marital status
  • personal identifiers, including driver’s licence number, Medicare number, passport number,
  • health Information
  • banking/credit card details

Website visitors

If you visit our website, we will collect information such as your IP address, internet service provider, the web page directing you to our website and your activity on our website. Although this information is usually anonymous and we do not use it to identify individuals, this information might contain details that identify you because of the nature of internet protocols. This information is also used for statistical purposes to assess and improve the CHF website.

Collecting this information helps us ensure that our information has reached our target audience.


We collect Personal Information regarding CHF members and their representatives in order to comply with our Constitution and to maintain a membership register under the Corporations Act 2001 (Cth). We need these details to can send out notices of general meetings so members can exercise their rights.

The type of information collected can include:

  • name
  • contact details (address, phone, email)
  • proxy, attorney or representative appointments
  • class of member
  • date membership commenced
  • date membership ceased (for past members).

Prospective employees and directors

We collect Personal Information about prospective employees and directors, that can include their skills, interests, qualifications and experience. We collect this information to:

  • assess their suitability for potential employment or directorships with us
  • match them to suitable projects or roles.


We may collect Privacy Information about the general public in order to facilitate our research, advocacy and policy. This information is generally de-identified as soon as it is collected.

How we collect your information

Collecting Personal Information that does not include Sensitive Information

We may collect Personal Information (not including Sensitive Information) through our marketing, business development, operational, human resources, research, or other activities.

We have a general policy to collect Personal Information directly from you, unless it is unreasonable or impracticable to do so.

Collecting Sensitive Information

We will always obtain your consent to collect Sensitive Information (which includes Health Information) about you and where practicable we will obtain your consent in writing.

We generally collect Personal Information directly from individuals, however, if you are a health provider or stakeholder, we may collect your Personal Information from colleagues, other health providers, other stakeholders, or clients.

In some cases, we collect your Personal Information from public sources (for example national health practitioner register, internet) or through your memberships.


CHF employees sometimes collect Personal Information directly from individuals and our stakeholders unless it is unreasonable or impracticable to do so. We collect Sensitive Information with your consent in a fair and unobtrusive way.

We also collect information about consumers from:

  • clients and their representatives through forms, agreements, mail, email, telephone, in-person inquiries and website inquiries
  • our stakeholders and those who we subcontract to
  • referrers and third parties
  • publicly available sources of information.

Website visitors

We collect data from our website using various technologies, including cookies. A cookie is a text file that our website sends to your browser to be stored on your computer that allows us to identify your computer. You can set your browser to disable cookies, although this may mean that our website, or parts of it, may not function properly (or at all) on your computer.


We collect members’ Personal Information directly from the member. If you are a proxy or a representative of a CHF member, we collect your details from you or the appointing CHF member.

Prospective employees and directors

We generally collect Personal Information directly from the prospective candidate, but may also collect information from recruitment agents, recruiters, referrers, referees, CHF officers/employees, and other relevant parties.


We collect information about others directly from those people. We may also collect information about them from:

  • forms, agreements, general inquiries
  • researchers or contractors engaged by CHF
  • public sources

Direct Marketing

Collecting information indirectly about an individual for marketing to that individual

All subsequent direct marketing you receive will include an easy opt-out procedure if at any time you wish us to cease sending you information.

Collecting information directly about an individual for marketing to that individual

If we collect information about you and you would reasonably expect us to use or disclose the information for the purpose of marketing, we will use an opt-out procedure in all our marketing communications. This means you will be able to easily unsubscribe from all future marketing communications.

Purpose for which we collect and deal with your information

All the information collected by CHF will be used only to assist our work in representing the interests of Australian healthcare consumers.
As a general principle, we use Privacy Information only for:

  • the primary purpose for which we collect the information, or
  • a secondary purpose related to the primary purpose for which you would reasonably expect us to use the collected information.

We will inform you of the purpose for which we collect your information and explain all the relevant matters of that collection.

We will not use your information for an unrelated secondary purpose unless we obtain your written consent or an exception applies, such as it is impracticable to obtain your consent and we believe that collecting, using or disclosing your information is necessary to lessen a serious threat to the life, health or safety of any individual, or if the disclosure is required by law.


We collect Personal Information about employees, volunteers and officers from our stakeholders:

  • to assist our work in representing the interests of Australian healthcare consumers
  • to pursue collaborative projects and matters of common interest
  • to distribute information about our activities and publications by way of direct communications/marketing to improve our health system and the health of our clients
  • we may collect Personal Information about your interests in order to personalise your interactions with us.


We collect and use Privacy Information in order to assist our work in representing the interests of Australian healthcare consumers.


We use Personal Information of members for the purposes of ensuring compliance, to administer membership rights, and to process membership documents. We may also supply our membership list to government in order to comply with funding requirements. We also use our member lists to distribute information about our activities and identify people interested in a directorship.

Prospective employees and directors

We use Personal Information about our prospective employees and directors predominately in order to consider their applications.

Website visitors

We use information about website visits for the purpose of personalising your website visit or to enable remarketing website functionality.


CHF may also collect and use Personal Information from others for our operational, human resources, research, referral or other corporate activities.

Cross border transfer or disclosure of information

In the event we engage in cross border transfer of information, such as routing or storing information on cloud servers located overseas or transferring information to an office of our company overseas, we will ensure that adequate security mechanisms are in place to protect your information. For example, we will enter into a contract with the cloud server that ensures the information is for the limited purpose of storing and managing the Privacy Information.

Maintaining integrity, currency and safety of your privacy information

This section explains how CHF holds your Privacy Information, how you can access your Privacy Information, update your Privacy Information, complain about an alleged breach of the APPs or make any related enquiry.

Correcting and maintaining currency of your information

CHF relies on accurate and reliable information to represent the interests of Australian healthcare consumers. If we are satisfied that any of the information we have about you is inaccurate, out-of-date, irrelevant, incomplete or misleading, or you request we correct any information, we will take reasonable steps to ensure the information held by us is accurate, up-to-date, complete, relevant and not misleading. Requests to correct Privacy Information held by CHF can be made to the Director People and Culture (CHF’s Privacy Officer) using the contact details listed below.

If we disclose your Privacy Information that is later corrected, we will, or else you may ask us to, notify the entity that received the incorrect information about that correction.

Should we refuse to correct the information, we will explain the reasons for refusal. We will also show you the complaint procedure if you wish to lodge a formal complaint about our refusal.

Safety of your information

All Privacy Information is securely stored using appropriate physical and/or electronic security technology, settings and applications, and by ensuring staff dealing with privacy information is trained in our privacy policy and procedures. These are designed to protect Privacy Information from unauthorised access, modification or disclosure; and from misuse, interference and loss.

Accessing your information or lodging a complaint

Accessing information

You are entitled at any time, upon request, to access your Privacy Information held by us. We will respond within a reasonable time after the request is made and give access to the information in the manner requested by you, unless it is impracticable to do so. We are entitled to charge you a reasonable administrative fee for giving you access to the requested information.

Should you be refused access to your information, we will explain the reasons for refusal - any exceptions under the Privacy Act or other legal basis relied upon as the basis for such refusal – and, if you wish to lodge a formal complaint about our refusal, we will explain the complaint procedure. 

Requests for access to Privacy Information held by CHF can be made to the Director, People and Culture, CHF using the contact details listed below. 

Lodging a complaint

If you wish to complain about a potential breach of this Privacy Policy or the APPs, please contact our Director, People and Culture. The Director, People and Culture will make good faith efforts to investigate the issue and respond within a reasonable period after the complaint is made. See Contact Information below for more details on how to lodge a complaint.

If you are not satisfied with the way we have investigated and addressed your concerns, complaints regarding unreasonable interference with your privacy can also be made directly to the OAIC. Further information can be found on the OAIC’s website.

Notifiable Data Breaches Scheme

The Notifiable Data Breaches (NDB) scheme under the Privacy Act establishes requirements for entities in responding to data breaches. Entities have data breach notification obligations when a data breach is likely to result in serious harm to any individuals whose personal information is involved in the breach. We have procedures in place to ensure compliance with the NDB scheme.

Contact information

Queries, feedback and complaints about CHF’s systems and processes for handling personal information may be directed to:

Director, People and Culture
Consumers Health Forum of Australia
Email: privacyofficer@chf.org.au

Office of the Australian Information Commissioner: 

Tel: 1300 363 992
Online complaint form


Chief Executive Officer
29 February 2024
Consumers Health Forum of Australia