Privacy policy

1. Protecting Your Privacy

We provide a range of services and collect Personal Information (see definitions table) to help enable a holistic approach to the provision of those services. We recognise and respect your right to privacy, dignity and confidentiality. We will:

• provide environments that help enable you to maintain relationships with privacy;
• be transparent about how we manage Personal Information; and,
• comply with applicable privacy obligations, including under the Privacy Act 1988 (Cth) (Privacy Act); the 13 Australian Privacy Principles (APPs) in the Privacy Act; the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act); and on and from commencement, the Aged Care Act 2024 (Cth) (Aged Care Act).

2. Personal Information

We collect Personal Information so we can provide services to our residents, clients and customers, together with information for individual applicants for employment, contractors and volunteers. Examples of Personal Information we may collect include your: 

• name
• contact details including phone number, email, and address
• date of birth
• marital status
• family details, including Personal Information about your next of kin, power of attorney etc.; 
• Health Information (see definitions table), including health provider information, care assessments, clinical notes, photographs of skin injuries for clinical management etc
• Medicare number
• identification documents such as driver's licence or passport details or both
• financial information including banking information, card details, bank or income statements etc.
• social care records including foster care and adoption records, community services records, care records, NDIS and mental health records etc.
• information provided by you or a third party about you in the provision of services or when making an enquiry or complaint
• interests and preferences
• image, as may be captured on closed-circuit television (CCTV) within or around our premises
• device and browsing information when you access our website
• criminal history record; and, 
• Sensitive Information (see definition table) as described in paragraph 5.1 below.

If you apply for employment with us, or to be an Anglicare contractor or volunteer we may also collect your: 

• employment history and qualification
• academic records
• references
• medical information
• tax file number
• personal alternative contact details
• superannuation fund details
• Working With Children Check outcome
• National Disability Insurance Scheme Worker Screening outcome
• right to work status
• criminal history record
• other relevant probity checks; and, 
• diversity information you provide to us (e.g. gender identity, disability status etc);

Sometimes we will ask you for other information depending on the type of service you would like to access from Anglicare. 

3. Collecting and Storing Information

3.1  Collecting Information

When you contact Anglicare to access our services, we will ask you questions about yourself so we can provide support that meets your needs and preferences. We may collect Personal Information from or about you in different ways. 

How we Collect Personal Information

We usually collect Personal Information directly from you, unless it is unreasonable or impracticable to do so. Consequently, we sometimes also collect Personal Information through third parties that we interact with to provide our services, including: 

• your current or previous health care provider that holds medical records; 
• My Health Record; 
• an accountant holding financial records or Centrelink;
• via CCTV in operation at our premises;
• Supporters (see definitions table) under the Aged Care Act; or 
• next of kin. 

We may also collect Personal Information from publicly available sources, including social media. 

If you apply for employment with us, or seek to volunteer or contract with us, we may also collect Personal Information about you from third parties and publicly available sources, including: 

• recruiters; 
• government departments to verify your entitlement to work in Australia; 
• police agencies to obtain your criminal history record; 
• academic institutions; 
• consulting medical practitioners;
• superannuation fund providers; 
• social media; 
• current or previous employers; or, 
• referees. 

3.2   Storing Information

We securely store Personal Information generally in electronic form, and a limited number of records in hard copy (stored in secure cabinets and buildings and recorded in a file register). Anglicare stores and retains Personal Information in accordance with the applicable record retention laws.

4. Anonymity and Pseudonymity

Where practicable and it is lawful to do so, you may interact with us anonymously or using a pseudonym (for example, when enquiring about our services). We will be able to discuss services that might be suitable, including costs which might be charged for those services. However, we cannot provide services (or a binding quote) without confirmation of identity.  

5. Purposes for which we Collect, Use and Disclose Personal Information and Sensitive Information

We use Personal Information (including Sensitive Information): (a) for the primary purpose for which that information was collected; (b) with your consent; or (c) otherwise in accordance with the APPs and Australian law.

Generally, we will collect, use and disclose your information to: 

• assess your eligibility to access our services; 
• adjust services to meet your specific needs; 
• provide care and services to you; 
• for billing purposes and to determine if you need to make any payments; 
• contact you to discuss the services you are using and give you the opportunity to provide feedback;  
• discuss the services you are using with your authorised guardian or next of kin in certain circumstances (for example, where you have impaired capacity or are a minor); 
• manage and conduct our business; 
• offer or promote our services; 
• help us manage, develop and enhance our services, including our websites and applications; 
• consider your suitability as a volunteer, contractor or for employment;  
• comply with our reporting obligations to regulatory bodies and our legal obligations, including under the Privacy Act, HRIP Act, Aged Care Act, Children & Young Persons (Care and Protection) Act 1998 (NSW), Adoption Act 2000 (NSW), Retirement Villages Act 1999 (NSW), Poisons and Therapeutic Goods Regulation 2008 (NSW), Family Law Act 1975 (Cth), Inspector-General of Aged Care Act 2023 (Cth), My Health Record Act 2012 (Cth) (for example when inputting information into My Health Record, BestMed, or SafeScript);
• monitor and manage safety and security;
• resolve any disputes, and enforce our agreements and rights with third parties; and
• enable research or marketing, with your consent or as otherwise permitted by law (see paragraph 7 below on Direct Marketing).  

Use and Disclosure of Personal Information Connected with Funded Aged Care Services 

Where Anglicare delivers funded aged care services to you under the Aged Care Act, use or disclosure of your Personal Information by Anglicare will be in accordance with that Act.  

Use and Disclosure of Personal Information Connected with Artificial Intelligence

Anglicare does not use or disclose Personal Information on public Artificial Intelligence (AI) (see definition table) platforms. Anglicare does not permit Personal Information to be used or disclosed on public Generative AI (see definition table) platforms. 

5.1  Collection of Sensitive Information

Anglicare will not collect your Sensitive Information unless:

a)  You consent, and your Sensitive Information is reasonably necessary for one or more of Anglicare’s functions or activities; or

b)   one of the following apply:

i.    the collection is required or authorised by or under an Australian law or a court or tribunal order; or

ii.   a  Permitted General Situation (see definitions table) exists; or

iii.  a Permitted Health Situation (see definitions table) exists.

6. Disclosing Personal Information

When we provide services to you, we may disclose your Personal Information in accordance with relevant laws.[1] Further we may disclose information to:

• Anglicare’s related body corporates;
• third parties in order to provide our services;
• authorised individuals, for example:
• an individual with power of attorney or legal guardianship; or,
• Supporters under the Aged Care Act;
• Independent Aged Care Advocates (see definitions table) under the Aged Care Act (where you consent and where that authorisation directly relates to your Personal Information). 
• organisations we contract to provide services on our behalf including software suppliers and mail houses; 
• anyone to whom part or all of our assets or businesses are transferred or sold;
• our professional advisers including lawyers, accountants, and auditors; and 
• government agencies, regulatory bodies and law enforcement agencies, or other similar entities.

We do not disclose Personal Information to overseas recipients, except in relation to onboarding employment applicants (where the onboarding platform organisation is in the United States of America, the United Kingdom, Ireland and India). In which case appropriate controls are in place to comply with the requirements of the Privacy Act and our Privacy Policy.

6.1  Use and Disclosure of Sensitive Information

Anglicare will not use or disclose your Sensitive Information unless either you have consented to that use or disclosure, or where:

a)  you would reasonably expect Anglicare to use or disclose the Sensitive Information for a secondary purpose directly related to the primary purpose for which the information was collected;

b)  this is required or authorised by or under an Australian law or a court or tribunal order;

c)  a Permitted General Situation exists in relation to the use or disclosure of the information by Anglicare; or

d)  a Permitted Health Situation exists in relation to the use or disclosure of the information by Anglicare; or

e)  Anglicare reasonably believes that the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

7. Direct Marketing

We may use your Personal Information to identify a product or service that you may be interested in or to contact you from time to time about events, promotions or fundraising activities, whether by email or phone. 

Anglicare will only use or disclose your Sensitive Information for direct marketing with your consent. You may withdraw your consent to receive direct marketing communications from us at any time by unsubscribing from the mailing list or by contacting the Privacy Officer via email (privacy@anglicare.org.au).

8. Data Processing

Anglicare uses third party systems to process some of the data that we collect. Overseas data processing of Personal Information only occurs as described in paragraph 6 above.

9. Accessing and Correcting Personal Information 

We endeavour to ensure that the Personal Information collected from you is up to date, accurate and complete.  You can access or change your information in the first instance by contacting the Anglicare service that you use directly. Alternatively, you can email privacy@anglicare.org.au. You will need to verify your identity and may need to visit an Anglicare site to access the information.

If requested, we will provide and explain to you your Personal Information held by us in accordance with the relevant laws.  However, we may deny a request for access if any exemptions or requirements apply. If we do not give you access to your information, we will explain why and how you can make a complaint (see paragraph 16 of this Policy). 

10. Data Security 

We implement technological and organisational measures to help protect Personal Information from misuse, loss, unauthorised access, change or disclosure. These measures include by securing access to premises; using cyber security protection such as identity and access management, requiring strong passwords and multi-factor authentication; encrypting data; using anti-virus software; data asset management; data sensitivity classifications; staff training; etc. We protect the security of information during transmission by using software that encrypts information that you input. 

All electronic data is classified and handled appropriately based on its classification / level of sensitivity. Access is restricted to those who need to access the information including those providing services to you. 

We only keep Personal Information for as long as it is required for the purpose for which it was collected or as otherwise required by applicable laws. If we no longer need to hold the Personal Information for any reason or we are no longer required by law to keep it, we will take reasonable steps to de-identify or destroy that information. These steps may vary depending on the nature of the information, the way it was collected and how it was stored. 

11. Identifiers 

We will not adopt Commonwealth Government identifiers for use as our own identifiers. If we are required to collect a Commonwealth Government identifier to provide a service to you, we will not use this number to identify you in our systems. We will not disclose Commonwealth Government identifiers unless you have consented, or we are required by law. 

12. Donations 

Anglicare gathers and retains Personal Information from donors which is managed in compliance with the Payment Card Industry Security Data Standard. 

Donation processing is secured by encryption or masking to protect the transfer of Personal Information (including financial information). Each donation is secured, and credit card details are not stored by Anglicare. The only information collected and retained is the amount donated, transaction date and contact details as completed on the donation form. 

Where donations are made over the phone or via email, a copy of that donation is retained for tax and audit purposes in a secure location. 

13. Website Privacy 

We recognise the importance of protecting the privacy of visitors to our website. 

13.1 IP Addresses 

Our web servers gather your Internet Protocol (IP) address to assist with the diagnosis of problems with our services.  While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit, search engine referrals and the IP address assigned to your computer. 

13.2 Cookies and Applets 

Anglicare’s website uses Google Analytics to help analyse how you use our website. This tool uses ’cookies’ to collect standard internet log and visitor behaviour information. The information generated by the cookies about your use of the website (including IP address) is transmitted to Google. This information is then used to compile statistical reports on website activity for Anglicare. 

Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. You can disable cookies through your internet browser, but our website may not work as intended for you if you do so. 

13.3 Links to Other Sites 

Anglicare’s website provides links to third-party websites. These linked sites are not under our control, and we do not accept responsibility for the conduct of companies linked to our website. We advise you to examine the terms and conditions of using those third-party websites and their privacy statements. 

13.4  Credit Cards Details

Payment card information is kept confidential and secure and complies with the Payment Card Industry Data Security Standard. 

14. Complaints 

We value feedback on how we have treated your Personal Information. If you are not happy about how we protected your privacy, you may contact the Privacy Officer via email at privacy@anglicare.org.au or the contact person from the Anglicare service you use, and tell us: 

• how you think your information might have been misused; and 
• the details of any of any employees involved. 

The Privacy Officer might ask you for extra information to help understand your circumstances and act to resolve the issue. We will respond to you within a reasonable timeframe to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint. We will keep you updated on how we are addressing your complaint. 

If you are not happy with how we have dealt with your complaint you can ask for it to be referred to mediation. If you are still unhappy, you can refer your complaint to the Office of the Australian Information Commissioner via the government website https://www.oaic.gov.au/ . 

[1] For example, the Privacy Act; HRIP Act; Aged Care Act; Children & Young Persons (Care and Protection) Act 1998 (NSW); Adoption Act 2000 (NSW); Retirement Villages Act 1999 (NSW), Family Law Act 1975 (Cth); Inspector-General of Aged Care Act 2023 (Cth).