Privacy Policy


The Cystic Fibrosis Association of the ACT Inc (CFACT) complies with the requirements of the Privacy Act (1988) as amended from time-to-time.

The fundamental requirements of the Privacy Act (1988) are set out in the National Privacy Principles (NPPs). They set out how an organisation such as CFACT should collect, use, keep, secure, and disclose personal information. Furthermore, the NPPs give individuals a right to know what information the organisation holds about them and a right to rectify it if it is incorrect.

Application of This Statement

CFACT is committed to compliance with the Privacy Act (1988) and this statement sets out the policy parameters for handling of personal information collected when conducting its business or dealing with clients and/or members.

What Personal Information Does CFACT Collect and Why?

Personal information is any information from which an individual’s identity may be ascertained. CFACT collects information that is necessary for it to provide its services, conduct its business operations that support these services and provide database demographics such as identifying fundraising activities, donors or volunteers.

The nature of the personal information collected can include: name(s), age, address (home, work, postal), contact details including telephone numbers and e-mail addresses, banking or transaction details, occupation, and family relations. In addition, CFACT collects health information from members to better inform the services provided to them.

Disclosure of Personal Information

CFACT, in using personal information/health information for the above purposes, may need to disclose information to various organisations and/or third parties such as the ATO, financial institutions, superannuation authorities and contracted service providers.

CFACT may also disclose information in special cases where such action is considered reasonably necessary to, for example:

  • To conform to legal requirements.
  • To enforce CFACT’s contractual arrangements.
  • Act to protect the interests of CFACT clients and/or members.

How Does CFACT Protect Personal Information?

  • All employees sign a “Confidentiality Statement” upon commencement of employment
  • Access to the client database is restricted to employees or third parties (i.e. volunteers) on a “need-to-know” basis for them to perform their duties.
  • Archiving and destruction of information is performed in accordance with a Records Management Policy.
  • Personal information is securely held with restricted access.
  • Email communications contain privacy statements.

How You Can Help Protect Your Information and Privacy

If you are providing CFACT with personal information, or conversely, CFACT sends correspondence which includes personal details, CFACT requests you take the necessary steps to ensure that it is accurate, complete and current.

CFACT also provides recipients of information relating to specific events, the opportunity to consent or otherwise for CFACT to collect and use the information for purposes other than the specified event. An example for the Santa Speedo Shuffle is provided below:

Private Sector Provisions (Privacy Act 1988): All information provided on the Registration Form will be collected and placed on CFACT’s donor data base and used for the purposes associated with the Santa Speedo Shuffle and other CFACT events. It will not be provided to any other person or organisation, unless required by Law. If you do not consent to CFACT collecting and using the information for any purpose other than the Santa Speedo Shuffle, please tick this box.

How Personal Information May be Corrected, Accessed or Updated

An individual may view their personal information at any time (subject to the Privacy Act (1988)) and advise CFACT if they believe the information to be correct by contacting CFACT’s General Manager. Email: or write to PO Box 909, Civic Square ACT 2608

Version Date: February 2019