Uniting WA collects personal information in order to conduct its business and to meet its legislative obligations. Organisationally it is bound by legislation in the management of matters relating to the privacy of personal information.
Uniting WA is committed to treating the personal information we collect in accordance with the Australian Privacy Principles in the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Reform Act).
This policy statement explains in general terms, what sort of personal information Uniting WA holds and why we hold it, and how Uniting WA collects, uses and discloses that information. This policy statement does not apply to personal information collected by Uniting WA that is exempted under the Privacy Act.
WHAT IS PERSONAL INFORMATION
Personal information: Means information or an opinion about an identified individual, or an individual who is reasonably identifiable (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in material form or not.
- A person’s name and address
- Information about likes and dislikes
- Place of employment
Sensitive information: As set out in section 6 of the Privacy Act means:
(a) Information or an opinion about an individual’s:
- Racial or ethnic origin
- Political opinions
- Membership of political associations
- Religious beliefs or affiliations
- Philosophical beliefs
- Memberships of professional / trade associations
- Sexual preferences or practices
- Criminal record
That is also personal information; or
(b) Health information about an individual; or
(c) Genetic information about an individual that is not otherwise health information
Health information: Means information or an opinion about (a) the health or a disability of an individual or (b) an individual’s expressed wishes about the future provision of health service to him or her; or (c) a health service that has been provided.
In order to provide you with the services you have requested, Uniting WA will need to collect and use your personal information. If you provide incomplete or inaccurate information to us or withhold personal information from us, we may not be able to provide you with the services you are seeking.
REQUIREMENTS OF LEGISLATION
The Commonwealth Government has enacted privacy legislation to protect information held by organisations about their customers’ personal information (Privacy Act 1988).
In December 2000 the Privacy Amendment Act (Private Sector) (Cth) further enacted the Privacy Act, (implementing the National Privacy Principles) to include provisions that regulate the way private sector organisations collect, use, disclose, keep secure and provide access to personal information.
Under the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Reform Act) Uniting WA is required to comply with the Australian Privacy Principles. This legislation regulates how we may collect, use, disclose and store personal information including sensitive information and how individuals may access and correct their personal information that Uniting WA holds.
A further amendment to the Privacy Act was the Privacy Amendment (Notifiable Data Breaches) Act 2017 which established the Notifiable Data Breaches (NDB) scheme that commenced in February 2018. Under the NDB, affected individuals and the OAIC must be notified when a data breach is likely to result in serious harm to the individual whose personal information is involved.
WHY WE COLLECT YOUR PERSONAL INFORMATION
Personal information is collected so that we can provide you with the services you require and to enable us to comply with our legal obligations.
WHAT PERSONAL INFORMATION DOES UNITING WA COLLECT AND HOLD?
The information we collect may include the following:
- Date of birth
- Address (postal and email)
- Telephone numbers
- Medicare number
- Police checks
- Pension or other concession details
- Medical history, test results, diagnosis and treatments
- Names and telephone numbers of persons to contact in an emergency
In the case of an individual applying for a position, information will be collected relative to the application.
HOW UNITING WA COLLECTS YOUR PERSONAL INFORMATION
Wherever practicable, we will collect your personal information from you directly, unless for a particular reason, you are unable to provide the information. We obtain the details when you:
- Apply for an advertised role;
- Complete an administrative form;
- Give personal and sensitive information in person or over the telephone; or
- lodge a complaint.
Additionally, we may obtain further information from a third party such as:
- An authorised representative (e.g. your Next of Kin or legal adviser)
- A health service provider (e.g. order prosthetics)
- A family member (e.g. a complaint)
- Other sources where necessary to provide services
HOW WE HANDLE YOUR PERSONAL INFORMATION
Personal information is information or opinion that allows others to identify you. Uniting WA will act to protect your personal information in accordance with the Australian Privacy Principles. We collect personal information to provide you with the services you request. The law also requires us to collect personal information.
Personal information may be used within the Uniting WA to administer our services, for risk management purposes and, unless you tell us otherwise, to provide you with marketing information and fundraising information.
We disclose relevant personal information to external organisations to help us provide services. These organisations are bound by confidentiality arrangements and legislation. You can seek access to the personal information we hold about you. If the information we hold is inaccurate, incomplete, or out-dated, please inform us so we can update it. If we deny access to your personal information, we will let you know why.
YOUR RIGHT TO ANONYMITY / PSEUDONYMITY
Where it is lawful and practicable to do so, you may deal with Uniting WA anonymously or use a pseudonym (e.g. when enquiring about a service generally) however, in order for us to provide you with a service, there are circumstances where this won’t be achievable.
CONSENT TO USE AND DISCLOSE YOUR PERSONAL INFORMATION
Uniting WA will only collect and use personal and sensitive information that relates directly to the legitimate purpose for which it is being collected e.g. to provide a service or an activity relating to the specific health service such as collection of details for procurement of prosthetics, contract details.
In most cases, before or at the time of collection of personal or sensitive information (if that is not practicable, as soon as practicable thereafter), the collecting staff member obtains your consent to the purposes for which we intend to use and disclose your personal information.
Having provided your consent, you are able to withdraw it at any time. To withdraw consent, please contact Uniting WA. Please understand that by withdrawing your consent, we may not be able to provide you with the services you require.
USE OF YOUR PERSONAL INFORMATION
Uniting WA only uses your personal information for the purpose for which you have given it to us unless one of the following applies:
- The other purpose is directly related to the purpose for which you have given us and information and you would reasonably expect, or we have told you, that your information is usually disclosed for another purpose or to other individuals, organisations or agencies.
- You have consented for us to use your information for another purpose.
- Uniting WA is required or authorised by law to disclose your information for another purpose; or
- The disclosure of your information is reasonably necessary for the enforcement of the law.
Examples of when your personal information may be used include:
- To enable other services providers involved in your treatment to provide continuity of care;
- Conveying information to a responsible person (e.g. a parent, guardian, spouse) when the individual is incapable or cannot communicate, unless the individual has requested otherwise;
- Conveying information to close family members in accordance with the recognised customs of medical practice;
- Management, funding, service monitoring, planning, evaluation and complaint handling
- Legislative and regulatory compliance reporting;
- Billing and debt recovery;
- Addressing liability indemnity arrangements including reporting to an insurer or legal representative;
- Preparing the defence for anticipated or existing legal proceedings;
With your consent we may also provide your information to / use your information for:
- Marketing, fundraising or research undertaken by Uniting WA
Contractors: Where Uniting WA outsources any services or hires contractors to perform professional services within Uniting WA, the contractor is required to comply with the requirements of the Privacy Act 1988 (Cth) and other relevant legislation.
Job Applications: Uniting WA only collects personal information of individuals who apply for positions within Uniting WA for the primary purpose of assessing (and if successful) engaging the applicant. This information is then used to:
- Manage the individual’s employment;
- Insurance purposes;
- Ensuring relevant contact information is held; and
- Satisfying legal obligations.
Uniting WA may store information about an unsuccessful applicant for the purpose of future recruitment.
Employee Information: Personal information directly related to the employee relationship collected by Uniting WA as part of the employment process, including pre-employment checks, becomes exempt under the Privacy Act 1988 immediately the employment relationship is established. Uniting WA will review employee access requests on a case by case basis.
Under the Act, Uniting WA cannot sell a list of employees to another organisation for the purposes of marketing.
Uniting WA acknowledges the recommendation by the Privacy Commissioner that the personal information of employees be handled in a manner that is consistent with that for other personal information.
Volunteer Records: Records of personal information collected and held by Uniting WA in relation to its volunteers will be managed in accordance with the APP’s.
USE OF COMMONWEALTH GOVERNMENT IDENTIFIERS
In certain circumstances we are required to collect government identifiers such as Medicare numbers. We will only use or disclose this information in accordance with the law.
SECURITY OF YOUR PERSONAL INFORMATION
Uniting WA will take all reasonable steps to keep the personal information you provide to us secure and to protect it from misuse, interference and loss as well as unauthorised access, modification or disclosure.
We have a range of procedures and policies in place to provide a secure environment for the personal (and other information) we hold. Our security measures include, but are not limited to:
- Educating our staff about their obligations with regard to your personal information;
- Requiring our staff to use passwords when accessing our systems;
- Employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses entering our systems;
- Using dedicated secure networks or encryptions when we transmit electronic data; and
- Providing secure storage for physical records.
When information we hold is identified as no longer needed for any purpose, we ensure it is effectively and securely destroyed e.g. by shredding and other means as in the case of electronic records and equipment.
ACCURACY OF YOUR PERSONAL INFORMATION
It is our aim to ensure that the personal information we hold is accurate, complete, up-to-date and relevant. If you believe that any of the information we hold is not accurate, complete or up-to-date, please contact us by applying in writing to have it corrected.
Where we are satisfied that that the information we hold is faulty, we will take all reasonable steps to correct the fault. If we are unable meet your request, we will advise you formally you of the reason we cannot change your information.
No charge will be made with respect to a request to correct or for the correction of your personal information.
CROSS BORDER DISCLOSURE [TRANSFER OF INFORMATION OVERSEAS]
If Uniting WA transfers personal information to countries outside Australia, we will only do so in compliance with applicable Australian data protection and privacy laws. We will take all reasonable steps to protect personal information no matter what country it is stored in or transferred to.
GAINING ACCESS TO YOUR PERSONAL INFORMATION
You can request to access your own personal and sensitive information held by a Uniting WA, subject to some limited exceptions permitted or by law. Such requests must be made in writing to us.
You may be charged a reasonable fee for providing this information. Provision of the copied documents will be conditional upon payment of the fee. You will be advised of this when you submit your request.
VISITING THE UNITING WA WEBSITE
When you visit the web site of Uniting WA, we do not attempt to identify you as an individual or collect personal information about you unless you specifically provide it to us for example, you choose to provide your personal details via an online form or by email e.g. you make a general enquiry via the ‘contact us’ page.
Our website may automatically collect statistics about your visit. We may monitor statistics such as how many people visit our sites, the user’s IP address, which pages people visit, the domains our visitors come from and which browsers they use. These statistics are used to assist us to improve the performance of our web sites.
We are, by law, obliged to allow law enforcement agencies and other government agencies with relevant authority to inspect our IP logs, if an investigation warrants such inspection.
Cookies: Our web sites may collect “cookies’ when you access them. While they do not identify individual users i.e. no personally identifiable information is collected, they do identity your IP address and browser type. You can choose to either accept or reject cookies either individually or by disabling the function at browser level (which while not affecting use of the website, this may affect its functionality).
Security: Our websites take every precaution to protect user information they collect and measures are in place to protect the loss, misuse and alteration of this information.
MAKING A COMPLAINT OR CONTACTING US
If you have a concern about the personal or sensitive information we collect, use, hold or disclose, believe we have breached your privacy rights in any way and/or wish to correct inaccurate information we hold about you, please do not hesitate to contact us.
Privacy Act 1988 (Cwlth)
Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cwlth)
Effective date – first authorised by the Board: July 2014 and is reviewed annually.