Privacy policy

1. Protecting Your Privacy

We provide a range of services and collect Personal Information (see definitions table) to help enable a holistic approach to the provision of those services. We recognise and respect your right to privacy, dignity and confidentiality. We will:

• provide environments that help enable you to maintain relationships with privacy;
• be transparent about how we manage Personal Information; and,
• comply with applicable privacy obligations, including under the Privacy Act 1988 (Cth) (Privacy Act); the 13 Australian Privacy Principles (APPs) in the Privacy Act; the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act); and on and from commencement, the Aged Care Act 2024 (Cth) (Aged Care Act).

2. Personal Information

We collect Personal Information so we can provide services to our residents, clients and customers, together with information for individual applicants for employment, contractors and volunteers. Examples of Personal Information we may collect include your: 

• name;
• contact details including phone number, email, and address;
• date of birth;
• marital status;
• family details, including Personal Information about your next of kin;
• information concerning any relevant attorneys, legal personal representatives or other decision makers authorised to act on your behalf, including your power of attorney and Supporters; 
• contact details for your medical professionals;
• health fund details, if applicable;
• information on prior dealings with us;
• details of any complaints or feedback lodged by you or regarding services provided to you;
• information regarding any individual contributions made by you;
• Health Information (see definitions table), including health provider information, care assessments, clinical notes, photographs of skin injuries for clinical management etc;
• registration numbers for government services such as Medicare, the Department of Veteran Affairs and a pension card (see paragraph 11 below on Commonwealth Government Identifiers);
• identification documents such as driver's licence or passport details or both;
• financial information including banking information, card details, bank or income statements etc.;
• social care records including foster care and adoption records, community services records, care records, NDIS and mental health records etc.;
• information provided by you or a third party about you in the provision of services or when making an enquiry or complaint;
• interests and preferences;
• image, as may be captured on closed-circuit television (CCTV) within or around our premises;
• device and browsing information when you access our website;
• criminal history record; and, 
• Sensitive Information (see definition table) as described in paragraph 5.1 below.

If you apply for employment with us, or to be an Anglicare contractor or volunteer, we may also collect your: 

• employment history and qualification;
• academic records;
• references;
• medical information;
• tax file number;
• personal alternative contact details;
• superannuation fund details;
• Working With Children Check outcome;
• National Disability Insurance Scheme Worker Screening outcome;
• right to work status;
• criminal history record;
• other relevant probity checks; and, 
• diversity information you provide to us (e.g. gender identity, disability status etc).

Sometimes we will ask you for other information depending on the type of service you would like to access from Anglicare. 

3. Collecting and Storing Information

3.1  Collecting Information

When you contact Anglicare to access our services, we will ask you questions about yourself so we can provide support that meets your needs and preferences. We may collect Personal Information from or about you in different ways. 

How we Collect Personal Information

We usually collect Personal Information directly from you, unless it is unreasonable or impracticable to do so. We only collect and handle your Personal Information that is provided by you, with your consent or where otherwise permitted by law. We will assume that you have consented to us collecting all information that is provided to us in accordance with this Privacy Policy unless you tell us otherwise at the time you provide it to us.

Please note that if you provide us with Personal Information about a third party, for example your legal personal representative or emergency contact, you represent to us that the person consents to us collecting and handling their Personal Information in accordance with this Privacy Policy, and we will collect it on this basis.

We sometimes also collect Personal Information through other sources and third parties that we interact with to provide our services, including: 

• Third party service providers (for example, your current or previous health care provider that holds medical records, including via referrals);
• My Health Record; 
• an accountant holding financial records or Centrelink;
• via CCTV in operation at our premises;
• family members or attorneys authorised to act on your behalf;
• Supporters (see definitions table) under the Aged Care Act; 
• next of kin; 
• referrals from existing clients receiving funded aged care services;
• debt collection agencies if you default in a payment to us; or
• our online platforms (including your interactions with us on our social media platforms).

We may also collect Personal Information from publicly available sources, including social media. 

Where third parties provide us with information about you, we will take reasonable steps to ensure that you are made aware of the information and about your rights under this Privacy Policy.

If you apply for employment with us, or seek to volunteer or contract with us, we may also collect Personal Information about you from third parties and publicly available sources, including: 

• recruiters; 
• government departments to verify your entitlement to work in Australia; 
• police agencies to obtain your criminal history record; 
• academic institutions; 
• consulting medical practitioners;
• superannuation fund providers; 
• online platforms (including social media); 
• current or previous employers; or, 
• referees. 

If you send us an application to be considered for an advertised position (or unsolicited), this information may be used to assess your application or suitability for employment with us. This information may be disclosed to our related bodies and service providers for purposes such as aptitude and psychological testing or other human resources management activities.

As part of the application process, you may be asked for your consent to the use and disclosure of certain Personal Information about pre-employment testing. We may also ask you to consent to the disclosure of your Personal Information to those people who you nominated to provide references. A refusal to provide any of this information, or to consent to its proposed disclosure, may affect the success of the application.

3.2   Storing Information

We securely store Personal Information generally in electronic form, and a limited number of records in hard copy (stored in secure cabinets and buildings and recorded in a file register). Anglicare stores and retains Personal Information in accordance with the applicable record retention laws.

4. Anonymity and Pseudonymity

Where practicable and it is lawful to do so, you may interact with us anonymously or using a pseudonym (for example, when enquiring about our services). We will be able to discuss services that might be suitable, including costs which might be charged for those services. However, we cannot provide services (or a binding quote) without confirmation of identity.  

5. Purposes for which we Collect, Use and Disclose Personal Information and Sensitive Information

We use Personal Information (including Sensitive Information): (a) for the primary purpose for which that information was collected; (b) with your consent; or (c) otherwise in accordance with the APPs and Australian law.

Generally, we will collect, use and disclose your information to: 

• assess your eligibility to access our services; 
• adjust services to meet your specific needs; 
• provide care and services to you; 
• for billing purposes and to determine if you need to make any payments; 
• contact you to discuss the services you are using and give you the opportunity to provide feedback;  
• discuss the services you are using with your authorised guardian or next of kin in certain circumstances (for example, where you have impaired capacity or are a minor); 
• manage and conduct our business; 
• offer or promote our services; 
• help us manage, develop and enhance our services, including our websites and applications; 
• consider your suitability as a volunteer, contractor or for employment;  
• comply with our reporting obligations to regulatory bodies and our legal obligations, including under the Privacy Act, HRIP Act, Aged Care Act, Children & Young Persons (Care and Protection) Act 1998 (NSW), Adoption Act 2000 (NSW), Retirement Villages Act 1999 (NSW), Poisons and Therapeutic Goods Regulation 2008 (NSW), Family Law Act 1975 (Cth), Inspector-General of Aged Care Act 2023 (Cth), My Health Record Act 2012 (Cth) (for example when inputting information into My Health Record, BestMed, or SafeScript);
• obtain funded aged care services from our suppliers;
• respond to enquiries;
• enforce agreements between you and us;
• monitor and manage safety and security;
• resolve any disputes, and enforce our agreements and rights with third parties;
• enable research;
• enable marketing (such as to notify you about our new or existing products, services, upcoming events, promotions, general information relating to services) with your consent or as otherwise permitted by law (see paragraph 7 below on Direct Marketing); and 
• as otherwise permitted or required by law.

Use and Disclosure of Personal Information Connected with Funded Aged Care Services 

Where Anglicare delivers funded aged care services to you under the Aged Care Act, use or disclosure of your Personal Information by Anglicare will be in accordance with that Act.  

Unless we have your consent, we will only disclose your Personal Information for the following reasons:

• a purpose connected with the delivery of a funded aged care services to you by us or one of our Associated Providers;
• for the purpose for which the Personal Information was given to us by you or on your behalf;
• to comply with our obligations under the Aged Care Act;
• where disclosure is required to be provided to a court, tribunal, authority or person with the power to request such disclosure.

You can, at any time, nominate another person who may receive information about your health status and care. This person does not have to be a next of kin.

Use and Disclosure of Personal Information Connected with Artificial Intelligence

Anglicare does not use or disclose Personal Information on public Artificial Intelligence (AI) (see definition table) platforms. Anglicare does not permit Personal Information to be used or disclosed on public Generative AI (see definition table) platforms. Anglicare engages Microsoft and other platforms and their agents to process your Personal Information on closed AI platforms. Your Personal Information is not used for training large language models.  

5.1  Collection of Sensitive Information

Anglicare will not collect your Sensitive Information unless:

a)  You consent, and your Sensitive Information is reasonably necessary for one or more of Anglicare’s functions or activities; or

b)   one of the following apply:

i.    the collection is required or authorised by or under an Australian law or a court or tribunal order; or

ii.   a  Permitted General Situation (see definitions table) exists; or

iii.  a Permitted Health Situation (see definitions table) exists.

6. Disclosing Personal Information

When we provide services to you, we may disclose your Personal Information in accordance with relevant laws.[1] Further we may disclose information to:

[1] For example, the Privacy Act; HRIP Act; Aged Care Act; Children & Young Persons (Care and Protection) Act 1998 (NSW); Adoption Act 2000 (NSW); Retirement Villages Act 1999 (NSW), Family Law Act 1975 (Cth); Inspector-General of Aged Care Act 2023 (Cth).

• Anglicare’s related body corporates;
• third parties in order to provide our services;
• authorised individuals, for example:
  • an individual with power of attorney or legal guardianship; or,
  • Supporters under the Aged Care Act;
  • Independent Aged Care Advocates (see definitions table) under the Aged Care Act (where you consent and where that authorisation directly relates to your Personal Information). 
• organisations we contract to provide services on our behalf including software suppliers and mail houses; 
• Third-party digital analytics and marketing tools and platforms for advertising Anglicare services (hashed email address only) to create custom audiences and measure ad performance. This allows us to show relevant Anglicare services to potential customers;
• anyone to whom part or all of our assets or businesses are transferred or sold;
• our professional advisers including lawyers, accountants, and auditors; and 
• government agencies, regulatory bodies and law enforcement agencies, or other similar entities.

We do not disclose Personal Information to overseas recipients, except in relation to:

• onboarding employment applicants (where the onboarding platform organisation is in the United States of America, the United Kingdom, Ireland and India).
• managing probity checks and reference checks (United States of America); and
• data transfers through digital platforms like Google Analytics and Microsoft Advertising (United States of America).

We ensure appropriate controls and contractual safeguards are in place for all overseas transfers to comply with the requirements of the Privacy Act and our Privacy Policy.  

6.1  Use and Disclosure of Sensitive Information

Anglicare will not use or disclose your Sensitive Information unless either you have consented to that use or disclosure, or where:

a)  you would reasonably expect Anglicare to use or disclose the Sensitive Information for a secondary purpose directly related to the primary purpose for which the information was collected;

b)  this is required or authorised by or under an Australian law or a court or tribunal order;

c)  a Permitted General Situation exists in relation to the use or disclosure of the information by Anglicare; or

d)  a Permitted Health Situation exists in relation to the use or disclosure of the information by Anglicare; or

e)  Anglicare reasonably believes that the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

7. Direct Marketing

We may use your Personal Information to identify a product or service that you may be interested in or to contact you from time to time about events, promotions or fundraising activities, whether by email or phone.  We ensure opt-outs from marketing communications are promptly respected. Anglicare will only use or disclose your Sensitive Information for direct marketing with your consent.

You may withdraw your consent to receive direct marketing communications from us at any time by unsubscribing from the mailing list (for example, by ‘updating your preferences’)  or by contacting the Privacy Officer via email (privacy@anglicare.org.au).

8. Data Processing

Anglicare uses third party systems to process some of the data that we collect. Overseas data processing of Personal Information only occurs as described in paragraph 6 above.

9. Accessing and Correcting Personal Information 

We endeavour to ensure that the Personal Information collected from you is up to date, accurate and complete.  You can access or change your information in the first instance by contacting the Anglicare service that you use directly. Alternatively, you can email privacy@anglicare.org.au. You will need to verify your identity and may need to visit an Anglicare site to access the information.

Where requested or consented to by you, we can also provide the required information to your Supporter, your legal counsel, an Independent Aged Care Advocate, a new service provider, or an aged care volunteer visitor. We will provide you or the relevant individual access to the requested information held by us in accordance with the relevant laws.  However, we may deny a request for access if any exemptions or requirements apply. We will not unreasonably refuse requests to access Personal Information. If we do not give you access to your information, we will explain why and how you can make a complaint (see paragraph 16 of this Policy). 

10. Data Security 

We implement technological and organisational measures to help protect Personal Information from misuse, loss, unauthorised access, change or disclosure. These measures include by securing access to premises; using cyber security protection such as identity and access management, requiring strong passwords and multi-factor authentication; encrypting data; using anti-virus software; data asset management; data sensitivity classifications; staff training; etc. We protect the security of information during transmission by using software that encrypts information that you input. 

All electronic data is classified and handled appropriately based on its classification / level of sensitivity. Any physical records are stored in locked and secure locations, and access controls are applied. Access is restricted to those who need to access the information including those providing services to you. Our staff are contractually required to keep your Personal Information secure at all times, and are bound by internal processes and policies that confirm this. If this obligation is breached, there are consequences for the employee. Those who work with us are aware of the importance we place on protecting your privacy and their role in helping us to do so.  

We only keep Personal Information for as long as it is required for the purpose for which it was collected or as otherwise required by applicable laws. If we no longer need to hold the Personal Information for any reason or we are no longer required by law to keep it, we will take reasonable steps to de-identify or destroy that information. These steps may vary depending on the nature of the information, the way it was collected and how it was stored. 

We take breaches of privacy very seriously. If we suspect a data breach has occurred, our priority is to contain and assess the suspected breach. If we believe an Eligible Data Breach has occurred, we will, as soon as practicable, notify the Office of the Australian Information Commissioner and all affected individuals or, if it is not possible to notify affected individuals, provide public notice of the breach (in a manner that protects the identity of affected individuals).

11. Identifiers 

We will not adopt Commonwealth Government identifiers for use as our own identifiers. If we are required to collect a Commonwealth Government identifier to provide a service to you, we will not use this number to identify you in our systems. We will not disclose Commonwealth Government identifiers unless you have consented, or we are required by law. 

12. Donations 

Anglicare gathers and retains Personal Information from donors which is managed in compliance with the Payment Card Industry Security Data Standard. 

Donation processing is secured by encryption or masking to protect the transfer of Personal Information (including financial information). Each donation is secured, and credit card details are not stored by Anglicare. The only information collected and retained is the amount donated, transaction date and contact details as completed on the donation form. 

Where donations are made over the phone or via email, a copy of that donation is retained for tax and audit purposes in a secure location. 

13. Website Privacy 

We recognise the importance of protecting the privacy of visitors to our website. We may collect statistical and behavioural information regarding the use of our online platforms, including IP addresses, dates and times of visits, domains and traffic sources such as search engines, referral websites or marketing campaigns, page views, clicks, form submissions, scroll depth, referrer URLs and other clickstream data. We use JavaScript based tracking pixels, also known as tags, to collect this information initially as anonymous behavioural and technical data. These pixels also capture session recordings, heatmaps, browser and device details and interaction timings. When a visitor identifies themselves, for example by submitting a form, those pixels will associate subsequent and prior activity with the visitor’s contact record to enable personalised marketing and support.

13.1 IP Addresses 

Our web servers gather your Internet Protocol (IP) address to assist with the diagnosis of problems with our services.  While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit, search engine referrals and the IP address assigned to your computer. 

13.2 Cookies and Applets 

Anglicare’s website uses Google Analytics to help analyse how you use our website. This tool uses ’cookies’ to collect standard internet log and visitor behaviour information. The information generated by the cookies about your use of the website (including IP address) is transmitted to Google. This information is then used to compile statistical reports on website activity for Anglicare. 

Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. You can disable cookies through your internet browser, but our website may not work as intended for you if you do so. 

13.3 Tracking Technologies

Your tracking pixel information may be disclosed to third parties via the analytics and marketing tools Anglicare uses from third parties such as Google Analytics and Microsoft Clarity. We regularly review and document all tracking and analytics tools in use on our website, including Google Analytics, to ensure transparency and compliance. Currently, users cannot opt out of analytics or advertising tracking through our website. We are implementing enhanced controls and will update this policy when available.  

13.4 Links to Other Sites 

Anglicare’s website provides links to third-party websites. These linked sites are not under our control, and we do not accept responsibility for the conduct of companies linked to our website. We advise you to examine the terms and conditions of those third-party websites and their privacy statements. 

13.5  Credit Cards Details

Payment card information is kept confidential and secure and complies with the Payment Card Industry Data Security Standard. 

14. Feedback and Complaints  

We value feedback on how we have treated your Personal Information. If you are not happy about how we protected your privacy, you may contact the Privacy Officer via email at privacy@anglicare.org.au or the contact person from the Anglicare service you use, and tell us: 

• how you think your information might have been misused; and 
• the details of any of any employees involved. 

The Privacy Officer might ask you for extra information to help understand your circumstances and act to resolve the issue. We will respond to you within a reasonable timeframe to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint. We will keep you updated on how we are addressing your complaint. 

If you are not happy with how we have dealt with your complaint you can ask for it to be referred to mediation. If you are still unhappy, you can refer your complaint to the Office of the Australian Information Commissioner via the government website https://www.oaic.gov.au/ or by emailing enquiries@oaic.gov.au

15. Changes to our Privacy Policy

Over time, aspects of our business may shift as we respond to changing market conditions and legislative obligations. This may necessitate our policies to be reviewed and revised. For example, from 10 December 2026 we will be required to include information on the use of automated decision making by us, including what Personal Information is to be used, and the decisions this process will make. We will update this Privacy Policy at a later date to address this requirement.

We reserve the right to change this Privacy Policy and notify you by posting an updated version of the policy on our website. In light of this, we strongly recommend that you review our Privacy Policy each time you visit or use our online platforms or provide us with any of your Personal Information.

Effective Date  1 November 2025