Anglicare’s Approach to Privacy
Anglicare provides a wide range of services to our residents & clients, and collects personal information to ensure a holistic approach to the care and services we offer. Anglicare recognises and respects every person’s right to privacy, dignity and confidentiality, and this is reflected in our values as well as our legal requirements under the Privacy Act 1988.
Anglicare will therefore:
- Provide environments that enable residents & clients to maintain relationships with privacy and dignity.
- Develop practices to enable residents & clients to undertake personal activities with privacy.
- Promote respectful relationships between all staff, residents, clients and their representatives.
- Ensure compliance with the Privacy Act 1988 (see below for further detail)
In relation to the Privacy Act 1988, Anglicare will endeavour to always comply with the 13 Australian Privacy Principles (APPs) outlined in the Act in all facets of operations. Specifically, this means as follows:
What Types of Personal Information Will Be Collected
Personal information is defined by the Act as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not. Examples of personal information might include an individuals name, address, phone number, email address, medical records, family details or any other information from which an individual could reasonably be identified. Clients have the right to not identify themselves or use a pseudonym when requesting services. However, this will not apply if it is impracticable for Anglicare to provide services to the individual.
We may collect a variety of personal information relating to the provision of our services. Examples of personal information which we regularly collect include an individual’s:
- contact details;
- date of birth;
- marital status;
- family details, including personal information about an individual’s next of kin;
- health and medical details
- Medicare number
- financial details; or
- Other personal information particular to a specific individual to allow us to tailor our services to that individual.
We will generally only collect the personal information we need to provide and market our services. We will use fair and lawful ways to collect it.
We will usually ensure we have consent to collect sensitive information.
Where reasonably practicable, we will attempt to collect personal information directly from individuals, however, in some cases this may be impracticable, or the information may be held by a third party. Common examples of these situations may include:
- medical records held by an individual’s current or previous health care provider;
- financial records held by an accountant or Centrelink; or
- next of kin details.
When collecting information, we will take reasonable steps to let individuals know why we are collecting it, who we will give it to and how we will use or disclose it.
While an individual may choose not to provide personal information to us, failure to do so may hamper the provision of services. In some case failure to provide personal information may result in us being incapable of providing services to a particular individual at all.
Use and Disclosure
We will usually only use or disclose personal information:
- for the primary purpose for which it was collected;
- for related purpose which the individual would reasonably expect; or
- with consent.
Some examples of situations where we may use an individual’s personal information include:
- assessing an individual potential eligibility for our services;
- determining deposits or other amounts payable by an individual for the provision of our services;
- corresponding with an individual regarding the services being provided, including regarding an individual’s satisfaction with the services;
- tailoring our services to an individual’s specific needs;
- discussing the services being provided to an individual with the individual’s family or next of kin; or
We may also use or disclose non sensitive personal information for a secondary purpose (such as marketing or fundraising if:
- the individual has consented, or
- where it is impracticable to seek consent before this use (assuming consent has not already been denied). In such cases, the individual is given the opportunity to opt out of further communications.
Situations where we may use or disclose information without an individual’s consent include:
- where we reasonably believe that use or disclosure is necessary to reduce or prevent a threat to a person’s life, health or safety or a serious threat to public health or safety
- where we are investigating or reporting on suspected unlawful activity.
- where the use or disclosure is required by law.
- where we reasonably believe that the use is necessary for law enforcement, public revenue protection, prevention and remedying of serious improper conduct , or conduct of court or tribunal proceedings, either by or on behalf of an enforcement body.
If we use or disclose information without consent we will make a written note of such disclosure.
We will take reasonable steps to ensure that the personal information we hold is accurate and current. This may involve us contacting you from time to time to verify your personal information. If you believe any information that we hold about you is incorrect, incomplete or out of date, please contact us.
We will implement measures to protect personal information from misuse, loss, unauthorised access, changes or disclosure.
We will destroy or permanently de-identify personal information when we no longer need it.
Security measures used to protect your data during transmission
We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.
We will be open about how we manage personal information. If asked, we will provide information on our approach to privacy.
Accessing and Correcting Personal Information
Usually, when asked, we will give an individual access to their personal information, unless there is a reason why we cannot do so.
We may deny a request for access if we reasonably believe:
- It would pose a serious or imminent threat to the life or health of any person.
- The privacy of others would be unreasonably affected.
- The request is frivolous or vexatious.
- The information relates to existing legal proceedings with the person who is the subject of the information and would not be accessible through discovery.
- Providing access would prejudice negotiations with the person who is the subject of the information by revealing our intentions regarding those negotiations.
- Providing access would be unlawful or denying access is required or authorised by law.
- Providing access would be likely to prejudice an investigation of unlawful activity or law enforcement, public revenue protection, prevention and remedying of seriously improper conduct, or preparation or conduct of court or tribunal proceedings, either by or on behalf of an enforcement body.
- An enforcement body performing a lawful security function requests denial of access to protect national security.
- Where evaluative information generated by us in making a commercially sensitive decision would be revealed by providing access. In this situation we may provide an explanation for the commercially sensitive decision instead.
If we refuse access, we will explain why.
An individual may request access to their personal information by contacting us using the details contained at the end of this document.
When requesting access or correction of personal information we will require an individual to verify their identity by reference to their personal information. In some circumstances it may be necessary for an individual to visit one of our locations to properly verify their identity before access to personal information can be granted.
Generally we will not charge a fee to grant access to an individual’s personal information, however in the case of requests for old or particularly voluminous information it may be necessary for us to charge a reasonable fee, commensurate with the work required to comply with the request. However, there will be no fee charged in relation to the making of the request for access itself.
In addition to requesting access to personal information an individual may request that we correct any personal information held about them. Once the individual’s identity has been verified we will take reasonable steps to correct their personal information.
We will not adopt Commonwealth Government identifiers for use as our own identifiers. If we are required to collect a government identifier in providing our services to individuals, we will not use this number to identify the individual.
Anonymity or Pseudonymity
If reasonably possible, we will give individuals the option of dealing with us anonymously or by use of a pseudonym. Please note that we will be unable to provide services to a particular individual without confirming their identity. We will be able to discuss our services in a general nature, including costs and charges which we might ordinarily charge for those services, prior to obtaining an individual’s identity. Until such time as we has been provided sufficient information to provide a detailed quotation or outline of services to an individual any communication will be general in nature and will not be binding upon us.
Transborder Data Flows
This principle relates to the transfer of information overseas and is not applicable to the activities of Anglicare. We do not and will not provide an individual’s personal information to any overseas entity unless required by law.
Generally, we will only collect sensitive information with an individual’s consent, except where:
- The collection is required or authorised by law or to establish , exercise or defend a legal or equitable claim, or;
- It is necessary to prevent or lessen a serious or imminent threat to the life or health of the person who is the subject of the information.
Our online donations system and the information it contains are held internally and we do not release that information for external use at all. Donation processing is secured by 128 bit SSL encryption to protect the transfer of personal and financial information between your browser and our server. Each donation is secured, and credit card details are not stored at any time. The only information collected and retained is the amount of donation, transactions date and contact details as completed on the donation form
Where donations are made over the phone or via email, a copy of that donation is retained for tax and audit purposes in a secure location.
If an individual wishes to make a complaint about our collection, use or disclosure of any personal information, or about any potential breach of an APP, they may contact the Privacy Compliance Officer by use of the contact details at the end of this document.
When making a complaint an individual should include as many details as possible, including the nature of the personal information concerned, how it is believed to have been misused, which APP is believed to have been breached (if relevant), the details of any of our employees or representatives involved and any other information which may be relevant. The Privacy Compliance Officer may request additional information to enable them to properly investigate the complaint and take such reparatory action as necessary.
Once a complaint is received the Privacy Compliance Officer will investigate the circumstances of the complaint and determine whether a misuse of personal information has occurred and if so how it may be rectified and whether/what action should be taken in relation to any of our employees or representatives involved. We will endeavour to keep the individual informed regarding the process of their complaint and any action taken.
Should an individual not be satisfied with our handling of their complaint then we will generally agree to the complaint being referred to mediation and/or arbitration. Should the matter remain unresolved then an individual is entitled to refer their matter to the Office of the Australian Information Commissioner.
Personal information about visitors to our site is collected only when knowingly and voluntarily submitted. For example, we may need to collect such information to provide you with further services or to answer or forward any requests or enquiries. It is our intention that this policy will protect your personal information from being dealt with in any way that is inconsistent with applicable privacy laws in Australia.
Use of Information
Collecting information on registered members
As part of registering with us, we collect personal information about you in order for you to take full advantage of our services. To do this it may be necessary for you to provide additional information to us as detailed below.
Registration is completely optional. Registration may include submitting your name, email address, address, telephone numbers, option on receiving updates and promotional material and other information.
Credit Card Details
We use eWAY as our payment provider. This ensures that payment card information is kept confidential and secure, and that there is compliance with the Payment Card Industry Data Security Standard.
Apart from where you have consented or disclosure is necessary to achieve the purpose for which it was submitted, personal information may be disclosed in special situations where we have reason to believe that doing so is necessary to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally or unintentionally) with our rights or property, users, or anyone else who could be harmed by such activities. Also, we may disclose personal information when we believe in good faith that the law requires disclosure.
We may engage third parties to provide you with goods or services on our behalf. In that circumstance, we may disclose your personal information to those third parties in order to meet your request for goods or services.
We strive to ensure the security, integrity and privacy of personal information submitted to our sites, and we review and update our security measures in light of current technologies. Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure.
However, we will endeavour to take all reasonable steps to protect the personal information you may transmit to us or from our online products and services. Once we do receive your transmission, we will also make our best efforts to ensure its security on our systems.
In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us. However, we will not be held responsible for events arising from unauthorised access to your personal information.
Collecting Information from Users
Our web servers gather your IP address to assist with the diagnosis of problems or support issues with our services. Again, information is gathered in aggregate only and cannot be traced to an individual user.
Cookies and Applets
This website uses Google Analytics to help analyse how users use the site. The tool uses "cookies," which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors' use of the website and to compile statistical reports on website activity for Anglicare.
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information (PII) of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a fill-in form on our website.
This aggregate, non-personal information is collated and provided to us to assist in analysing the usage of the site.
Access to Information
We will endeavour to take all reasonable steps to keep secure any information which we hold about you, and to keep this information accurate and up to date. If, at any time, you discover that information held about you is incorrect, you may contact us to have the information corrected.
In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us.
Links to other sites
We provide links to Web sites outside of our web sites, as well as to third party Web sites. These linked sites are not under our control, and we cannot accept responsibility for the conduct of companies linked to our website. Before disclosing your personal information on any other website, we advise you to examine the terms and conditions of using that Web site and its privacy statement.
Problems or questions
For more information about privacy issues in Australia and protecting your privacy, visit the Office of the Australian Information Commissioner’s web site; http://www.oaic.gov.au/.
Persons requiring further information about privacy at Anglicare should contact our Privacy Compliance Officer, currently:
Stefan Procajlo, Business Support Manager