Diabetes Shop - Privacy Policy

Privacy Policy

Version 2, 2025

 

1. We're here to help. Get in touch.

You can get in touch with us at any time about the way we handle and safeguard your information. 

If you want to:

  • ask questions
  • update your information
  • register a concern
  • opt out of marketing
  • anything else...

we're just a phone call or a few clicks away.

If you have any questions or complaints about how we handle your information, you can get in touch with our Privacy Officer at:

Email: privacy@diabetesaustralia.com.au  
Phone: (02) 6232 3800 
Address: Privacy Officer
Diabetes Australia
GPO Box 3156
Canberra ACT 2601


2. About us

Diabetes Australia (together with our related companies) is the national body for people living with all types of diabetes and those at risk. We support people at risk of and living with diabetes, their families and support persons and their communities, health professionals and researchers particularly concerned with the treatment and prevention of diabetes.

Protecting your privacy and ensuring that you control the way your information is used is our priority. We want to make sure you are fully informed about the way we handle your information. In this policy we explain the different types of personal information we collect, how we may collect and use it, who we may share it with, and the rights you have over your information.

By providing personal information to us, you give your express consent to our collection, use and disclosure of your personal information in accordance with this policy and any other arrangements that apply between us.

In this policy, when we use the terms below, we mean the following:

  • Diabetes Australia, we, our or us – we mean Diabetes Australia Limited (ACN 008 528 461) and each of our subsidiaries and other related companies that we either wholly or majority own or are otherwise related bodies corporate of Diabetes Australia Limited.
  • our products and services – we mean diabetes support, education, and prevention programs, fundraising, research, our services and products offered through the Diabetes Shop, our Diabetes Qualified courses and webinars, and other services provided to both members and non-members and healthcare professionals (whether in person, online, over the phone or otherwise).
  • your information – we mean your personal information, which we describe in section 3.
  • our partners – we mean our related companies, third party service providers and other organisations that we partner with to help us deliver products or services to you (or that provide services to us) or that conduct research or other collaboration activities with us, including software service and hosting providers.
  • privacy laws – we mean all privacy and data protection laws that apply to us when we handle your information, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles contained therein, and applicable State and Territory health information laws such as the Health Records and Information Privacy Act 2002 (NSW), the Health Records Act 2001 (Vic) and the Health Records (Privacy and Access) Act 1997 (ACT).
  • NDSS – we mean the National Diabetes Services Scheme.  


3. What information do we collect?

We collect and hold various categories of your information, including personal information, health information, device information and general information to help us deliver and improve our products and services.

Set out below are the main categories of personal information we collect and hold when you access or use our products and services.  If you choose not to provide the information we request from you, we may not be able to provide you with the products or services you require or access to our events.

Category Details
Your general personal information This includes information or an opinion about you that is reasonably identifiable. For example: your name, address, age or date of birth, gender, contact number and email address. In certain circumstances, this may also include your Medicare number, Department of Veterans' Affairs number, Commonwealth concession card details, passport, or student visa details and NDSS registration number. This may also include your profession and the organisation that you work for. This may also include your image or voice for example where you attend our premises or you attend one of our events.
Payment 
information
 We may collect payment processing information from you for you to pay for purchases or make donations. This includes your credit card and bank account details.  
Your health information  This includes any health information that you provide when accessing or using our products or services. For example, we might ask for your weight, diabetes type, cholesterol and HbA1c levels, details of the medication and NDSS products you require to manage your diabetes, whether your immediate relatives have had diabetes and how your diabetes is currently managed. We may collect this information as part of your initial online or in-person consult or at events so that we can develop the right health care or diabetes management plan for you.

 

Category  Details
Your other sensitive personal information In some circumstances, we will collect sensitive personal information other than health information. This includes whether you are of Aboriginal or Torres Strait Islander origin and your main language spoken at home.
Device information
 This includes your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information.  
Product and service details  We may collect details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services to you and respond to your enquiries.
Additional information you provide This includes information you provide to us through surveys, directly through our website or indirectly through your use of our website or online platforms (e.g. Shopify) or through other websites or accounts from which you permit us to collect information.
Information collected for our own business improvement We may de-identify your general personal information and use it in aggregate form to conduct analysis on how our website and services are being used, to help us improve our services and provide benefits back to our members and customers. When we refer to 'de-identified' information, we mean information that has undergone a process of removing all personal identifiers that can reasonably identify you so that there is no reasonable likelihood of re-identification occurring. When we use this information for the purposes of business improvement, it is always in de-identified form and cannot be used to re-identify you.
Information collected by cookies We may collect de-identified information via cookies on our website, such as your browser type, operating systems and other websites visited. We may also collect some personal information when using cookies, such as where a cookie is linked to your account. There are more details about cookies in section 10.
Information collected for recruitment purposes When you apply for a job or position with us (or become a contractor), we may collect certain personal information from you (including your name, contact details, working history and relevant records and background checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us, to assist in our decision on whether or not to make you an offer of employment or engage you under a contract.

 

4. Children and young people's privacy

We are committed to protecting the privacy of children and young people. When we intend to collect personal information from children, we take additional steps to protect their privacy, including:

Category Details
Notify parents We notify parents or guardians about our information practices about children, including the types of personal information we may collect from children, the uses to which we may put that information, and whether and with whom we may share that information.
Obtain consent
 In accordance with applicable law, and our practices, we obtain consent from parents or guardians for the collection of personal information from their children, or for sending information about our products and services directly to their children.  
Limit collection  We limit our collection of personal information from children to no more than is reasonably necessary to participate in our services.

Parents and guardians can exercise privacy rights on their children’s behalf, however, we may need to verify that you are authorised to act on their behalf and collect additional information from you to do so.


5. How do we collect your information?

We collect your information directly from you when you engage with us, or indirectly from third parties.

In many instances, we collect your information directly from you. Here are some examples of ways we do this:

Category Details
Face to face When we speak in person, for example during expos, events or interviews.
Over the phone
 When you call us, including on our telephone information lines in New South Wales, Queensland, Victoria, and Tasmania which may include through the Diabetes Qualified Helpdesk.
Online When you interact with our online services, products, courses or events, including when you sign up to and use our online member and donation portals, our online shop, course or other services or the member email system.
In writing When you provide us with written information, including via letters, when you use our online member and donation portals, platforms, the online shop, learning portals, email us or complete our questionnaires or surveys.

We may also collect information about you from third parties (including our partners). For example:

  • with your consent, we may collect information like your diabetes care plan and contact details from organisations, legal guardians or health care professionals associated with providing the NDSS;
  • we may collect information from providers of personal information available in the public domain or list purchase providers;
  • we may collect information from your employers (e.g. if you are participating in a Diabetes Qualified course);
  • we may collect information from partners that provide products or services to us or on our behalf; and
  • when you apply for a job or position with us (or to be engaged as a contractor), we may collect information about you from any recruitment consultant, your previous employers, referees, CV checking agencies, police and other background checks or others who may be able to provide information to assist us with our decision.

As a NDSS Agent (usually a State or Territory diabetes organisation), providing NDSS services, any personal information we receive as Agents of the NDSS is handled in accordance with the NDSS privacy policy.


6. How do we use your information?

We won't use your health or sensitive personal information without your consent.

We won't collect or use your health or sensitive personal information for any purpose without your consent to use it in that way (for example, if you agree to us providing you with information to improve your health, well-being, or care), except where we are permitted or required to do so by law.

Even once you've provided your consent for a particular use, you can withdraw it at any time.  As well as getting your consent, we always handle your health or sensitive personal information in accordance with our applicable legal requirements, including our obligations when we collect those types of information from our partners (with your authorisation).

Before you provide your consent, you should know that we may from time to time need to respond to legal requests for information (like any organisation does).

We use your personal information to enable us to deliver and improve our products and services.

We may collect, hold, use, and disclose your personal information for the following purposes:

Category Details
Access & 
administration
 To provide our products and services to you and to enable you to access and use our products and services, perform any applicable obligations to you and to provide you access to online services, applications, platforms, learning portals and manage your online accounts (including conducting billing or other administrative activities like providing you with certificates of completion of our courses). To enable the sale of our business or its assets.
Improvement
 To design, provide, improve and manage our products and services and your experience, including to perform analytics, conduct research and for advertising and marketing, identify usage trends and develop new products or services, understand how you and your device(s) interact with our products and services, track and respond to safety concerns, determine the effectiveness of our promotional campaigns, conduct surveys and maintain quality assurance.
Support To send you service, support and administrative messages, reminders, technical notices and product safety updates, general updates, security alerts and information requested by you.
Contact To allow us to identify and communicate with you, respond to your requests, inquiries or complaints, provide support for products and services (including courses), provide you with important information (e.g. about our products or services or your information, administrative information and required notices).
Marketing To send you marketing and promotional messages/material and other information that may be of interest to you, including information sent by, or on behalf of, our business partners or like-minded charities that we think you may find interesting. More details about our use of your information for marketing is outlined in section 7.
Promotions To administer offers, rewards, surveys, contests/competitions or other promotional activities or events sponsored or managed by us or our business partners.
Law To comply with laws, regulations and assist government or law enforcement agencies where we are required and authorised to do so. To comply with any accounting, fraud prevention, reporting, risk management, insurance requirements or other professional obligations. To protect, establish or enforce any legal rights we may have.
Employment To consider your employment or contract application and conduct police and other background checks.
Other purposes when de-identified and/or aggregated We may de-identify and/or aggregate your personal information. When we do this, we may use that de-identified information for other purposes that may not be set out in this policy. We may also share this de-identified information with our partners for those partners' other purposes, which are not set out in this policy.

 

7. How do we use your personal information for marketing?

We may use your information for marketing purposes and you can opt-out at any time.

We may send you direct marketing communications and information about our services, events, programs or other initiatives or about other like-minded organisations' products and services, where you provide us with your consent to do so. This may take the form of emails, SMS, mail or other forms of communication. We'll always conduct our marketing practices in accordance with privacy laws and other applicable laws.

We may collect and use your personal information to send you communications for purposes including:

  • Membership benefits - Information about the status of your membership and updates and how your membership can make a difference, join a health education journey and receive exclusive offers and updates.
  • Youth and families - Resources, events and support tailored for young people and families.
  • Fundraising and events - Get involved in community events and fundraising activities that make a real difference.
  • Donations and appeals - Support our mission through special appeals and donation opportunities throughout the year.
  • Educational events and courses - Grow your knowledge and skills with our educational offerings.
  • News and updates - Stay in the loop with what’s happening across our organisation and the wider community and receive exclusive offers.

Other programs, promotions, competitions or other initiatives - Other programs, promotions, competitions, events or other initiatives that we think may be of interest to you. We may also market our products, services, programs or other initiatives to you generally – including general marketing channels like social media, our websites, third-party platforms and other digital or non-digital media. This will always be done in compliance with legal requirements and in partnership with trusted providers.

If you receive marketing communications from us, you can opt out at any time by:

  • Contacting us via the details set out in section 1;
  • Calling us on 1800 177 055;
  • Emailing info@diabetesaustralia.com.au;
  • Clicking the unsubscribe link in any marketing email you receive. From there, you may manage your preferences and select which topics you wish to receive communications on; or
  • Emailing: service@diabetesshop.com for any marketing communications sent by Diabetes Shop.


8. Do we store or share your information outside of Australia?

We may store and disclose your personal information overseas.

We may disclose personal information or de-identified information outside of 
Australia to third party suppliers (including cloud providers) including those located in Singapore, Canada, the United States, Germany and Ireland. We take reasonable steps to ensure that any overseas recipient will deal with personal information (including health-related and other sensitive personal information) in a way that is consistent with the Australian Privacy Principles. 


9. Who do we share your information with?

We may share your personal information with our partners and for other reasons we tell you about in this policy (including in sections 6 and 7 of this policy).

We may share your personal information with:

  • our employees and related companies;
  • third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
  • other like-minded charities or other partners, for the purpose of them providing you with information about their activities or services that you may find interesting;
  • professional advisers, auditors, insurers, dealers and agents;
  • payment systems operators (e.g. merchants receiving card payments);
  • our existing or potential agents, business partners or partners;
  • our sponsors or promoters of any competition that we conduct via our services;
  • anyone to whom our assets or businesses (or any part of them) are transferred;
  • other specific third parties authorised by you to receive information held by us;  
  • other persons, including government agencies or departments, research organisations, regulatory bodies, courts and law enforcement agencies; or
  • other entities as required, authorised or permitted by law. 


10. Using our website and cookies

We use cookies on our website to track your website usage and remember your preferences.

When you access our website(s), we may use software embedded in our websites and we may use cookies (small data files) on your computer, mobile phone or other device to collect information about your number of website visits, when you visit our websites,  which pages you view and how you reach them, what you do when you visit a page, the length of time you remain on the page and how we perform in providing content to you. We may use persistent cookies (which remain on your computer even after you close your browser) to store information that may speed up your use of our websites for any of your future visits to the website(s). We may also use session cookies (which no longer remain after you end your browsing session) to help manage the display and presentation of information on the websites.

We may also use third party analytics tools to help us gather and analyse device information. For example, our websites use Google Analytics, a web analytics service. Google Analytics also uses cookies. Although these cookies do not identify you personally, they allow information about your use of our websites (including your IP address) to be transmitted to Google.

Diabetesshop.com uses the platform Shopify to provide our services to you. For more information about Shopify, a copy of their privacy policy can be found here https://www.shopify.com/legal/privacy. More information on how Shopify manage security of your information can be found here: https://www.shopify.com/security.

We may also use Hubspot and Microsoft Dyanmics 365 to help us provide services to visitors to our websites (e.g. Diabetes Australia, Diabetes Shop and Diabetes Qualified). For more information about how Hubspot handles your information, a copy of their Privacy Policy can be found here https://legal.hubspot.com/product-privacy-policy. More information about how Hubspot manage security can be found here: https://www.hubspot.com/security. For more information about how Microsoft Dynamics 365 handles your information, a copy of their Privacy Policy can be found here https://www.microsoft.com/en-us/privacy/privacystatement

We may also use Bing, to collect or view website traffic information (e.g. on Diabetes Australia, Diabetes Qualified and Diabetes Shop). More information about how they manage information can be found here: Microsoft Privacy Statement – Microsoft privacy

You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent. You can also opt out of Google Analytics by clicking on Ad Settings. For more information, please see Google’s site “How Google uses data when you use our partners’ sites or apps”, located at https://www.google.com/policies/privacy/partners/.

If you refuse the use of cookies in this way, then you may not be able to access the full functionality of our websites. Please refer to your internet browser’s instructions or help screens to learn more about these functions.

By using our websites, you consent to the processing of data about you by such analytic tools (including Google) and cookies in the manner and for the purposes set out above.

Our websites may contain links to websites operated by third parties. Those links are provided for your convenience and may not remain current or be maintained. We have no control over and are not responsible for any content or privacy practices of those linked websites. As the privacy policies that apply to those other websites may differ substantially from ours, we encourage you to read them before using those websites.


11. How do we protect your information?

We take a number of measures to keep your information safe and secure.

We generally hold personal information in our electronic databases but also store personal information in hard copy form and in various third-party databases and platforms (including those managed by our external service providers).

Our websites and our working environment are built with integrated physical, electronic, and managerial processes designed to safeguard your information and protect it from misuse, interference loss and unauthorised access, modification or disclosure.

Here are some of the key things we may do from time to time to protect your information.

Category Details
Staff training We put our staff through training about how to always keep your information safe and secure.
Secure storage and handling We use a combination of techniques and measures to maintain the security of our websites and to protect your account and your information.
Partner standards We take reasonable steps to ensure that our partners to whom we disclose your information, protect it to the same standard and using equivalent measures and safeguards.
Destroying or de- identifying your information
 We only keep your information for as long as we need it or are lawfully required to keep it.

 

12. What are your rights in relation to your information?

You have various rights in relation to your personal information. You can contact us to exercise any of your rights in relation to your information at any time.

Here are the things you can ask us to do in relation to your information at any time while you use our website(s) or services:

Category Details
Access You can request a copy of your information.
Correct

You can ask us to correct or update your information.

However, there are some circumstances in which we are not required to give you access to your personal information.
Complain You can express your concerns or complaints to us about your privacy or the way we are handling your information. We take your concerns seriously and will seek to resolve any issue or concern as soon as possible.

Where we are not able to fulfil your request to access or correct your personal information for a legal or other reason, we will let you know why. We may also need to verify your identity when you request your personal information. We will aim to respond to your request within 30 days unless there is a reasonable basis for requiring additional time.

There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access.

If you're not happy with the way we handle your query or handle your information (including our response to your request to access or correct your personal information), you have a right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by visiting the OAIC website (the details are set out at section 16 below).


13. Employees

We are bound by the Australian Privacy Principles contained in the Privacy Act. However, those principles do not apply to certain records and practices relating to the employment relationship between us and our current and former employees in Australia. As such, much of the information contained in this policy does not apply to how we use and disclose information relating to our current and former employees.  If you are a current or former employee of us (including our related companies) we may collect personal information from you as part of our employment relationship.

This information may include:

Category Details
Your general personal information This includes information or an opinion about you that is reasonably identifiable. For example: your name, address, age, or date of birth, contact number, email address and image.
Educational and social information This includes details of your education, references from your institutions of study, and information relating to your interests and extra-curricular activities. It also includes lifestyle information and social circumstances, for example ‘life events’ such as marriage, divorce, bereavement, or adoption or birth of children.
Sensitive information This includes information concerning your health and medical conditions, disability, certain criminal convictions, police and other background checks and offences, racial or ethnic origin, religious or philosophical beliefs, sexual orientation and trade union membership.
Financial information This includes your bank account number, tax identifier and status (including residence status), and credit checks (where required).
Work related information This includes details of your work history, professional activities and interests, involvement with and membership of industry bodies and professional associations and any personal information captured in the work product(s) you create while employed by us.

If you are a current or former employee and you have any questions in relation to our handling of your personal information, please contact the Privacy Officer using the contact information in section 1.


14. Changes to this policy

If we need to change this policy in a way that affects how we handle your information, we will publish the changes to it on our website(s). If you are a Diabetes Australia member or existing or former customer, and we have your email on file, we may also send you an email to let you know about the changes. We encourage you to check our websites periodically to ensure that you are aware of our current privacy policy.


15. Related companies

All our related companies handle your personal information in accordance with this policy (except as outlined below). Our related companies include all companies that are wholly owned or majority owned by Diabetes Australia Limited or are otherwise related bodies corporate. However this policy does not apply to the Diabetes Overseas Aid Fund (which trades as Life for a Child). While Diabetes NSW is its registered trustee, Life for a Child is its own registered charity that runs separately to Diabetes Australia and has its own privacy policy that outlines how it handles personal information, which is available at https://lifeforachild.org/privacy/. This policy does not apply to personal information collected, used or disclosed in connection with government funded programs (e.g. the NDSS, KeepSight or My Health for Life).


16. Find out more

You can find out more about the various privacy laws and other rules, regulations and standards we've mentioned in this policy, or lodge a complaint where you are not happy with the way we've handled your query or your information (as explained in section 12), by visiting the website of the Office of the Australian Information Commissioner.


17. Privacy collection notice

Your personal information is being collected by Diabetes Australia Limited (ACN 008 528 461), its subsidiaries and other related companies (together, “our”, “we” or “us”). We collect, use, store and disclose personal information about you to assist in providing certain products, services, courses or events including communicating with you in relation to our products, services, courses and events.  If we cannot collect this information we may not be able to provide these products, services or courses, process your enquiries or facilitate attendance to our events.

We collect this information usually through our direct communications with you, but we may also collect information indirectly from other sources in the course of providing our products and services to you (e.g. via our service providers or the other entities specified in our privacy policy).  We generally do not disclose information about you to any person except as required in the course of providing our products and services to you (e.g. service providers), for the ordinary administration of our business and for any of the purposes specified in our privacy policy. Some of your personal information may be transferred overseas including to Singapore, Canada, the United States, Germany and Ireland. In certain circumstances, we may disclose information about you where required, permitted or authorised by law.

Our privacy policy contains information about accessing and seeking correction of your personal information, making a privacy-related complaint and our complaint handling process.

This collection notice may be supplemented or superseded by another collection notice from time to time depending upon the specific circumstances relating to your interaction with us.