Your heartHealthy livingFor professionalsResearchHow you can helpAbout us
The Yarra River leading into Melbourne CBD, outside city scape

Privacy Notice

This is the Privacy Notice of the National Heart Foundation of Australia, ABN 98 008 419 761 (Heart Foundation).

The Privacy Act 1988 requires entities bound by the Australian Privacy Principles to have a privacy policy. This Privacy Notice is the Heart Foundation’s externally facing privacy policy. This Privacy Notice outlines the Personal Information handling practices of the Heart Foundation.


The Heart Foundation was established in 1959 and since then has played a leading role in decreasing the death rate from heart disease by 80%. Despite this success, heart disease remains the single biggest cause of premature death in Australia today and the Heart Foundation is working to help all Australians live longer healthier lives.

The Heart Foundation is Australia's leading heart health charity, saving lives through funding heart health research, community education programs and services to patients.

The Heart Foundation collects, holds, uses and discloses Personal Information to carry out functions or activities of the Heart Foundation.

The Australian Privacy Principles

The Heart Foundation respects and upholds your right to privacy protection under the law, including the Australian Privacy Principles. This regulates how we collect, use, disclose and hold your Personal Information. We have a detailed policy and set of procedures to ensure that only authorised staff have access to your Personal Information and that your Personal Information remains confidential and is only used for appropriate purposes and in accordance with this Privacy Notice.

The collection of personal information

Your personal and sensitive information, including any health information, will only be collected as necessary for a particular function or activity, or to enable the Heart Foundation to carry out its work and deliver services to the community.

When you give us Personal Information such as your name, address, telephone number and email address, we record it on our database and may use it to contact you in the future.

We may use your Personal Information to send you information on a variety of topics, including heart health, or to let you know about our programs, research funding, special events and fundraising programs. Each time we send you a direct marketing communication we will provide you with a simple way to ’opt out’ of receiving similar communications in the future.

You can also let us know that you do not wish to receive any further communications by contacting the Privacy Officer at any time by emailing [email protected].

The Heart Foundation will not collect Sensitive Information about health, racial or ethnic origin, political opinions or membership, religious or philosophical beliefs, trade association or union membership, sexual preferences or criminal record unless you have voluntarily consented to give this information and it is relevant to the work of the Heart Foundation. We will always collect such information in a non-intrusive, lawful and fair manner.

We will offer you the option of not identifying yourself or of using a pseudonym where it is practical to do so.

Remarketing to website visitors

The Heart Foundation may, from time to time, use remarketing services to advertise the Heart Foundation. Remarketing services will display ads to you based on what parts of the Heart Foundation website you have viewed, by placing a cookie on your web browser.

Remarketing services allow us to tailor our marketing to better suit your needs and only display ads that are relevant to you. 

If you do not wish to see ads from the Heart Foundation, you can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings (Link:

Further information regarding behavioural advertising, including ways to manage your online privacy, is available at

How we collect your personal information

We collect your Personal Information when you provide it to the Heart Foundation in a number of ways, including but not limited to: 

  • completing a form on a Heart Foundation website

  • completing a paper-based form and returning it to the Heart Foundation

  • by participating in one of the Heart Foundation's many community fundraising and information events

  • when you respond to our fundraising campaigns.  

 We may also collect your Personal Information in other ways, for example through the purchase of commercial lists, and from publicly available sources such as the telephone directory.

You may be photographed when you attend Heart Foundation events. Wherever reasonably practical we will seek to obtain your consent prior to using any image obtained.

The Heart Foundation also collects usage data when you visit our site. This includes the name of your internet service provider, the website from which you visited us from, the parts of our site you visit, the date and duration of your visit, and information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, including any data you provided to us during your visit, in order to present the most relevant content to you.

Data profiling and analysis

The Heart Foundation may analyse the personal information you provide, including for the purpose of adding publicly available information to create a profile of your interests, preferences, and your ability to support us, including the amount or level of potential donation or legacy you may be able to give.

This profiling and analysis enables us to contact you in the way that is most appropriate to you and provide you with relevant, personalised information. This approach enables us to interact with you in a more meaningful way, and to operate more cost effectively.

The publicly available personal information used to complete any profiling is compiled from sources such as public registers, data brokers, LinkedIn profiles and social media posts.

How we keep your personal information secure  

Information you provide to us is stored securely in our databases and only accessed by staff or contractors authorised by the Heart Foundation. The Heart Foundation uses a range of hardware and software security measures to protect its information and to ensure that only authorised staff and contractors are granted access, as required.

Disclosing your personal information 

The Heart Foundation will not provide your Personal Information to any other individuals or organisations without your prior consent except where required by law to do so or where that information is provided on a confidential basis to contractors who provide services to the Heart Foundation (for example calls and fundraising activities, database management, printing and mailing). In these cases, we ensure that our contractors are also bound by the Australian Privacy Principles, and have sufficient cyber security in place, to keep your Personal Information confidential; 

We do this by asking all our contractors to complete a cyber security questionnaire and provide us with detailed information about their data storage, security measures and destruction of data procedures, which also form part of our contractual arrangement with them.

These measures are in place to ensure that we are comfortable that Heart Foundation data (including the Personal Information of our donors and supporters) will be protected and treated with the care and respect that it demands.

The Heart Foundation is very thankful to people who are willing to share their personal stories of heart disease. We will only use your Personal Information for publicity purposes or as stories in newsletters with your express written permission.

The Heart Foundation may, from time to time, include selected messages from Heart Foundation event sponsors, collaborators or third parties in our communications, however we will not provide your details to any third party for their marketing purposes without your prior consent.

Transfer of information overseas normally only occurs for data processing purposes, for example third party payment facilitators may process their data off-shore. The Heart Foundation’s payment gateway currently processes data in Australia. The Heart Foundation will not transfer your personal information overseas or into the “cloud” unless we have taken reasonable steps to ensure that the information which is being transferred will not be held, used or disclosed by the recipient of the information in a manner which is inconsistent with the Australian Privacy Principles.

The Heart Foundation will sometimes use third party service providers to conduct surveys and facilitate information collection and event registration. Some of these service providers conduct all or part of their business overseas and so your Personal Information may be transferred overseas as a result. The Heart Foundation conducts a due diligence process before entering into any agreement with these service providers and will take all reasonable steps to ensure that your information is not used in a manner inconsistent with the Australian Privacy Principles. 

Opting out, modifying or deleting your information 

 If you want to:

  • change any information that you have previously given us;, or if you want to

  • opt out of future communications; 

  • request we delete your data,

    - please contact the Privacy Officer at the details listed below:

The Heart Foundation’s Privacy Officer can be contacted by:

Phoning: 13 11 12

Writing to: The Privacy Officer Heart Foundation GPO Box 9966 In your capital city

Emailing: [email protected] 

Please note that we may not be able to action your request to be deleted, as in some cases the Heart Foundation is required to maintain certain records for regulatory purposes.

Visiting our websites  

All Heart Foundation websites and pages may use cookies to improve your experience and display targeted content relevant to you. Cookies are also used to display items added while using online shopping or donation facilities. You may refuse all cookies or disable cookies and JavaScript from Heart Foundation websites however some functions may be unavailable. Our online credit card processing company may also use cookies for identification and anti-fraud purposes.  

Cookies do not personally identify you; they recognize your browser. Unless you choose to identify yourself to the Heart Foundation, either by responding to a promotional offer, making a donation, or filling out a web form (such as signing up for our newsletter), you remain anonymous to the Heart Foundation. You have the ability to manage the use of cookies on your computer using controls in your browser.

Heart Foundation websites may use statistical information collection tools (such as Google Analytics) to track site visits, navigation and performance within Heart Foundation sites for the purpose of monitoring and improving the sites. If you are concerned about the use of these tools, you can configure your browser to send a "Do Not Track" request with your browsing traffic.

Heart Foundation websites may also use third party cookies, Google Analytics Advertising Features including: Remarketing with Google Analytics, and Google Analytics Demographics and Interest Reporting.

Visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings. Further information regarding behavioural advertising, including ways to manage your online privacy, is available at  

The Heart Foundation uses Hotjar in order to understand your needs and optimize our website and your experience. Hotjar is a technology service that helps us better understand your experiences (e.g. how much time you spend on which pages, which links you choose to click, what you do and don’t like, etc.) and this enables us to build and maintain our website with user feedback. Hotjar uses cookies and other technologies to collect data on your behaviour and devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in the form of a pseudonymized user profile. Neither Hotjar nor the Heart Foundation will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy at

You can opt-out of the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.

Where you provide your email address to us we will only use it for the purpose it was provided, unless you have consented to us using it for additional purposes, and we will not pass it on to any other person or organisation unless we have disclosed this to you or we are required by law to do so.

The Heart Foundation’s websites may contain links to other sites of interest. The Heart Foundation does not control, and is not responsible for, the content or privacy practices of those websites. Please check the privacy policies on other websites before you provide your Personal Information to them.

Our website security  

The Heart Foundation’s websites use secured payment gateways that use industry-standard SSL/TLS technology to encrypt data between your browser and the website gateway. If you are entering any payment or credit card information on the internet, you should confirm that the page is secured (padlock symbol in your browser) before entering any information. We make every effort possible to make your donations and transactions within our site as secure and safe as possible for you.

By using this website, you acknowledge and agree that the internet is inherently insecure and that you enter any details at your own risk. You acknowledge that you will not hold the Heart Foundation liable for any security breaches, viruses, Trojans or other malicious software that may infect your computer or any loss of data, revenue or otherwise that may occur as a result of using this website.

From time to time the Heart Foundation may contact donors directly to update or confirm their personal or credit card details. We will only disclose to you the last four digits of your credit card number – any contact you receive requesting a full credit card number and CVV number should be considered a hoax and you should disregard it and report the contact to or contact the Heart Foundation’s Supporter Relations team on 13 11 12.

The Spam Act 2003 

The Spam Act prohibits the sending of unsolicited emails, SMS and MMS messages for commercial purposes from or within Australia or to people in Australia, and bans the supply and use of software designed to harvest email addresses. While charities do have some exemptions from this Act, the Heart Foundation will be guided by the best practice guidelines developed on responsible electronic messaging practices by the Association for Data-driven Marketing & Advertising in conjunction with industry and consumer representatives and administered by the Australian Communications and Media Authority.

Changes to our Privacy Notice 

The Heart Foundation may, without notice, amend or modify its Privacy Notice by posting the amended Privacy Notice to the Heart Foundation’s website.  

How to access, correct or update your personal information 

If you have any complaints, questions or concerns about the information the Heart Foundation holds or about the accuracy of that information, please contact the Heart Foundation’s Privacy Officer by phoning 13 11 12 or emailing [email protected].

If you would like to access the information that we hold, or make a complaint about a potential breach of the Australian Privacy Principles, you can write to the Privacy Officer at the address provided above. We will respond to your complaint or endeavour to give you access to the information requested within two weeks. In order to maintain the confidentiality of your Personal Information, we will ask you to come into the Heart Foundation office nearest you and to bring with you specific identification before we give you access. If it is not practical for you to visit our office, we will arrange to check your identification before we mail the information to you. 

If the information that we hold about you is incorrect or not up-to-date, we will update it as soon as possible after you have shown us how and why it is incorrect. 

In the unlikely event that we are unable to provide you with access to your Personal Information for legal reasons as specified in the Privacy Act, we will provide you with reasons for denying access.

If you are not satisfied with the Heart Foundation’s response to your complaint, question or concern, you may wish to lodge a complaint with the Office of the Australian Information Commissioner. Further information can be found on the Commissioner’s website at or by calling 1300 363 992.

Website accessibility

We are committed to providing an accessible experience for users of our website. If you encounter any difficulties with the Heart Foundation’s websites, please direct your enquiry to [email protected].

Last updated17 August 2023