Privacy Policy – Detailed

Sub Heading

Your privacy is important to us. Below is a summary of how Adssi In-home Support (Adssi) (ACN 119 632 825) handles your personal information.

This document sets out how we handle your personal information, including the collection, storage, use and disclosure of your personal information, and how you can access and change your information, provide us with feedback or make a complaint.

Adssi is bound by the Privacy Amendment Act 2012 (Cth) (the Privacy Act) as well as other applicable laws protecting privacy, including State and Territory health information legislation. Adssi may modify or update this privacy policy from time to time by publishing it on this website.

We will comply with the Act and the Australian Privacy Principals (APP’s) by:

·       Managing a privacy compliance program including establishing policies and procedures to identify and manage privacy risks and compliance issues, establishing procedures to manage privacy complaints and inquiries, training staff in privacy requirements, and monitoring performance of the program;

·       Making the organisation’s privacy policy accessible to Clients (provided in the Service Information Brochure and on the organisation’s website);

·       Obtaining Clients’ written consent prior to sharing information with external agencies;

·       Encouraging and assisting Clients to access/obtain feedback, or making complaints relating to privacy matters including any perceived breaches of privacy and confidentiality;

·       Respecting all Clients rights to privacy, dignity and confidentiality with respect to the collection, use and disclosure, quality, security, access and correction of all Personal and Sensitive Information;

·       Maintaining systems for the correct disposal/destruction of both hard copy and electronic Personal and Sensitive Information.

 

Definitions

APP – Australian Privacy Principals. The key components of the Privacy Act.

Staff – includes all Adssi employees and volunteers.

Confidentiality – ensuring that information is accessible only to those authorised to have access and is protected throughout its lifecycle.

Personal Information (PI) – means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

a)    whether the information or opinion is true or not; and

b)    Whether the information or opinion is recorded in a material form or not.

 

Sensitive information (SI) - means:

a)    information or an opinion about an individual’s:

·       racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; sexual orientation or practices; criminal record;

b)    health information about an individual; or

c)    genetic information about an individual that is not otherwise health information.

Health information – an example of Sensitive Information. It is information or an opinion about:

·       the physical or mental health or a disability (at any time) of an individual, or

·       an individual’s express wishes about the future provision of health services, or

·       a health service provided, or to be provided, to an individual, or

·       other PI/SI collected to provide, or in providing, a health service, or

·       other PI/SI about an individual collected in connection with the donation, or intended donation, of an individual’s body parts, organs or body substances, or

·       other PI/SI that is generic information about an individual arising from a health service provided to the individual in a form that is or could be predictive of the health (at any time) of the individual or of any sibling, relative or descendant of the individual, or healthcare identifiers.

Privacy – the claim of individuals, groups or institutions to determine when, how and to what extent information about them is communicated to others; it is the right to control what happens with PI/SI.

Unsolicited Personal Information - is Personal Information that AHLA receives (from an individual) but has taken no active steps to collect or request.

Direct marketing - involves the use and/or disclosure of Personal Information to communicate directly with an individual to promote goods and services.

Overseas recipient - is a person or group who receives Personal Information and is: not in Australia or an external Territory; not part of the Adssi organisation; and not the individual to whom the Personal Information relates.

Identifier - is a number, letter or symbol, or a combination of any or all of those things, that is used to identify the individual or to verify the identity of the individual. A government related identifier is an identifier that has been assigned by a government agency or authority e.g. Medicare number, Centrelink reference number.

By Unlawful [JA1] and Fair Means – In the context of this policy, this statement refers to the method of collection of personal and sensitive information. A ‘fair means’ of collecting information is one that does not involve intimidation or deception, and is not unreasonably intrusive.  For example, it would usually be unfair to collect personal information covertly without the knowledge of the individual. ‘Unlawful’ means of collecting information is one that is in breach of any legislation or court order.

Responsible Person - A ‘responsible person’ includes for example, a parent, adult child, spouse, partner, relative, guardian or nominee of an individual.

The following outlines how Adssiwill meet the Australian Privacy Principals.

1.     Open and transparent management of Personal Information

1.1  Adssi will manage Personal Information in an open and transparent way. Various procedures are implemented to guide staff in the requirements of PI/SI management (refer to ‘Related Documents’);

1.2  Adssi will maintain a clearly expressed and up-to-date Privacy Policy about how it manages Personal Information for public use. This policy will be made available free of charge on this website. It will consist of a ‘plain English’ condensed version, which will contain a link to a more detailed version;

1.3 Adssi will also, upon request, take reasonable steps to provide a person or body with a copy of its Privacy Policy in an alternate form if they do not have internet access.

2.     Anonymity and pseudonyms

2.1  Adssi recognises that the Privacy Act requires an option for individuals of not identifying themselves, or of using a pseudonym. However, due to the nature of the services that are provided, it is impracticable for Adssi to deal with individuals who have not identified themselves, or who have used a pseudonym.

3.     Collection of solicited Personal Information

3.1  Adssi will only collect Personal Information and Sensitive Information (PI/SI) that is necessary to provide the service and to conduct normal business activities.

3.2  The Personal Information will only be collected by lawful and fair means (refer to definitions), and from the individual concerned unless circumstances make this impractical.  In an emergency, health information may be collected from someone else, like a partner, a carer, a family member, , guardian or person holding a health care related Power of Attorney;

3.3  Consent will be obtained from the individual prior to collection of Sensitive Information and the individual will be adequately informed before giving consent. The consent must be voluntary, and the individual must have the capacity to understand and communicate their consent;

3.4  The types of Personal Information collected, and the purposes for collecting that information include:

i.         Client Services - clients', and their family members' names, addresses and other contact details, date of birth, living or financial circumstances, health details about the individual and other sensitive information (subject to consent). The specific information will depend on the type of service provided and may be collected from the Client before and during provision of services;

ii.         Volunteers - Adssi may also collect its volunteers' names, addresses and other contact details;

iii.         Conducting general business activities - Adssi collects Personal Information about individuals who are, or are employed by, brokers (including service providers), contractors and agents engaged by Adssi for general business operations;

iv.         Applying for a position (as a volunteer or employee) with Adssi – will require the collection of applicant Personal Information, including name and contact details, working history and relevant records checks (including criminal and working with children checks) in order for Adssi to assess applicant suitability for that or other positions.

4.     Dealing with unsolicited Personal Information

4.1  Any Unsolicited Personal Information considered unnecessary for service provision or other business activity, will be destroyed immediately;

4.2  Any Unsolicited Personal Information considered necessary for service provision or other business activity, will be retained and afforded the same privacy protection as solicited Personal Information. However, this will only occur if the information could have been collected as per section 3 (above), or the information is contained in a Commonwealth record;

4.3  Any Unsolicited Sensitive Information received must be destroyed immediately.

5.     Notification of the collection of Personal Information

5.1  When collecting PI/SI, Adssi will take steps to ensure that the individual is made aware of the following:

i.         The organisation’s identity and contact details;

ii.         The staff member’s identity and position;

iii.         Circumstances of information collection (if information was collected from a third party);

iv.         What the information will be used for;

v.         The consequences if the information is not collected (provided by the individual);

vi.         Other organisations or persons to which the PI/SI is usually disclosed to (generically speaking) e.g. a broker who supplies community support workers;

vii.         How the individual may access or seek correction of their PI/SI;

viii.         How the individual may complain to Adssi about a breach of the APPs, and how Adssi will deal with such a complaint.

5.2  Notification of the above should be made at or before the time Adssi collects an individual’s Personal Information.

6.     Use or disclosure of Personal Information

6.1  Adssi will only use or disclose Personal Information for the purposes for which it was collected;

6.2  Adssi will obtain written consent from the individual prior to disclosure of their PI/SI. Exceptions to this will include (but not be limited to):

i.        Adssi has reason to suspect that unlawful activity, or misconduct of a serious nature has occurred;

ii.         Legal reasons demand it;

iii.         The recipient of the information is a ‘responsible person’ for the individual;

iv.         Lessening or preventing a serious threat to life, health or safety.

7.     Direct marketing

7.1  Adssi will not use or disclose the Personal Information that it holds about an individual for the purpose of direct marketing unless the individual has first consented to the use or disclosure for that purpose;

7.2  For any individuals who have consented to receive direct marketing, Adssi will provide a simple means for them to opt out of receiving the direct marketing communications.

8.     Cross-border disclosure of Personal Information

8.1  Adssi will not disclose any Personal Information outside of Australia and its territories.

9.     Adoption, use or disclosure of government related identifiers

9.1  Adssi will not adopt government related identifiers of an individual except when:

i.         It is required by law. For example, healthcare providers are authorized by law to adopt the individual healthcare identifiers of their patients as their own identifier;

ii.         The identifier is prescribed by regulations.

9.2  Adssi will not use or disclose government related identifiers of an individual except when:

i.         The use or disclosure is reasonably necessary for Adssi to verify the identity of the individual for the purposes of its activities or functions;

ii.         The use or disclosure is reasonably necessary for Adssi to fulfill its obligations to an agency or a State or Territory authority;

iii.         It is reasonably necessary to perform a Commonwealth or State or Territory contract;

iv.         It is required or authorised by or under an Australian law.

10.  Quality of Personal Information

10.1        Adssi will:

i.         take reasonable steps to ensure that the Personal Information it collects is accurate, up-to-date and complete;

ii.        Adssi will also take reasonable steps to ensure that the Personal Information it uses and discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant;

iii.         Provide individuals with a simple means to access and update their Personal Information on an on-going basis.

11.  Security of Personal Information

11.1         AAdssi will take reasonable steps to protect Personal Information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure;

11.2         Where Adssi no longer needs Personal Information for any purpose (including legal) it will take reasonable steps to destroy the information or ensure that it is de-identified. This applies except when:

i.         the Personal Information is part of a Commonwealth record;

ii.        Adssi is required by law or a court/tribunal order to retain the Personal Information.

12.  Access to Personal Information

12.1         If Adssi holds Personal Information about an individual, then it must, on request, give that individual access to the information;

12.2        Adssiwill have procedures in relation to giving access, including how access is to be given, verifying the requestors’ identity, when access can be refused; as well as time frames to process requests.

 

13.  Correction of Personal Information

13.1        Adssi will take reasonable steps to correct Personal Information to ensure that it is accurate, up-to-date, complete, relevant and not misleading. This includes where an individual requests Adssi to correct their Personal Information;

13.2         If Adssi refuses to update an individual’s Personal Information (where the individual has made this request), Adssi will provide a written response to the individual and outline the reasons for refusal.

[JA1]Is it lawful or unlawful

Your feedback, questions or complaints

If you have any questions, feedback or concerns about this policy or how your information is handled by Adssi, you can contact us during business hours on 1300 578 478. Alternately you may contact us via this website (please use the 'contact us' section at the bottom of each page) or you send us a letter to

Adssi In-home Support
3A Pioneer Avenue
Tuggerah NSW 2259

You may make a complaint about our handling of your personal information, including if you think we have breached the Privacy Act, by contacting our Privacy Officer by post or email. We will generally acknowledge your request within 14 days and respond within 30 days after your request is made or let you know what the next steps are for resolving your complaint.

If you are not happy with our response, or if you do not feel your complaint has been resolved, you are able to seek advice from the Office of the Australian Information Commissioner by calling 1300 363 992.

Last updated 2018

Translate This Website: