Torrens Health and its entities understand that privacy is important and are committed to safeguarding all personal information about individuals that we handle. This Policy Directive is intended to provide:
• a general overview of our compliance with the relevant legislative and regulatory requirements for Privacy and provide guidance in respect to the handling of personal information.
• describes generally how we manage this personal information and protect privacy, including how we comply with the Privacy Act (Act) and the Australian Privacy Principles contained in the Act.
2. Privacy Act Compliance
Torrens Health and its related bodies corporate (we, us or our) are organisations and “APP Entities” for the purposes of the Act, and are bound by and complaint with the Australian Privacy Principles.
2.1. Torrens Health Approach to Privacy Act Compliance
Other policies may override this Policy Directive in certain circumstances. For example, when we collect personal information, we may advise a specific purpose for collecting that personal information, in which case we will handle the personal information in accordance with that purpose.
This Policy Directive is intended to cover most personal information handled by us, but is not exhaustive. If there are any queries about our handling of personal information, please the relevant Operations Manager for further information.
No general exemptions under the Act apply to us, or to any of our acts or practices.
3. Personal Information
“Personal information” is essentially information or an opinion about an identified or reasonably identifiable individual.
3.1. How we Collect, Hold and Use Personal Information
3.1.1 Collection of Personal Information
We may collect personal information in the course of providing our products and services to individuals or to an organisation. We will collect personal information directly from individuals unless it is unreasonable or impracticable to do so. We will limit the personal information we collect to that which is reasonably necessary to complete the functions or activities we are engaged in for any individual. The personal information we may collect and hold includes but is not limited to:
• The name, date of birth, address, email address and contact telephone number of an individual;
• Developmental history, previous assessments and medical history, where relevant;
• Assessment results and observations from services provided where relevant;
• Information about homelife, support networks and activities of daily living where relevant; and
• Photos, audio and video recordings (with permission) were relevant;
If the individual is a team member, we may also collect additional information that includes:
• The individuals’ qualifications and certifications for the role;
• The individuals’ current employment details;
• Information in the CV or resume, and details of referees; and
• Other personal information provided voluntarily, for example information in an application. We may collect information where (as applicable):
- Where contact is made with us or submission of an enquiry (such as through our website or by telephone);
- An individual applies for employment with us or join us as a team member; or
- We deal with individuals as suppliers, service providers or other businesses and we collect personal information incidentally to those dealings.
There will not usually be Australian laws or court/tribunal orders which require or authorise us to collect personal information. Will we also advise if there are laws, court or tribunal orders which require or authorise us to collect information, and the main consequences for the individual if they fail to provide it to us.
If an individual fails to provide personal information requested by us, there may be a range of consequences, for example we may be unable to process or respond to requests.
3.1.2 Holding / Storage of Personal Information
We will take reasonable steps to protect all personal information from misuse, interference and loss as well as unauthorised access, modification or disclosure. For example, information stored on our computer network is protected by security features and procedures. We undertake regular monitoring of our practices and systems to ensure the effectiveness of our security policies and identify and implement improvements where appropriate. We will endeavour to destroy or de-identify personal information in line with our professional standards and accreditation requirements.
3.1.3 Use of Personal Information
We will generally only use personal information for the purpose for which we collected it, and for related purposes we consider would be within your reasonable expectations. We generally use personal information for the following purposes (as applicable in the circumstances):
• To create and maintain an individual’s records;
• To provide services for individuals;
• To provide referrals to other professionals as needed;
• To provide services or information that is requested,
• To provide clients with information that we consider is likely to be of interest to then relating to our products or services;
• To seek feedback from clients and perform market research; or
• To engage in other activities where required or permitted by law.
Individuals may request not to receive marketing communications by contacting us, or by using the opt out function provided for in those communications. If individuals do not opt out in either of these ways then the individual will be taken to have consented to receiving such communications from us.
There are no consequences of opting out of receiving our marketing and promotional communications except that individuals will no longer receive them. Individuals may elect to re-join our marketing list at a later stage if they wish. We will only use personal information for the purposes outlined, reasonably expected or with an individuals permission, unless we are required or permitted by law to do so without consent.
3.2. Access to and Correction of Personal Information
Individuals may contact us to request access to or correction of the personal information about them that we hold. We may refuse to allow access or to amend personal information if we are legally required or entitled to do so. If we are unable to complete a request, where possible we will advise the individual in writing of the reasons. We will also provide information on how they can progress the matter if they are unhappy with our response.
We may require payment of certain costs in order to access personal information held by us. If applicable we will advise the amount payable once we have assessed the application. We will not charge a fee for lodging a request for access to, or correction of an individual’s personal information.
If a request is lodged for access to personal information, we may fulfil that request in any of a range of ways at our discretion. We may supply a copy of the personal information or with the opportunity to inspect our records. We may require the individual to comply with certain procedures before we allow access to or amendment of personal information to ensure the integrity and security of information that we hold. Depending on the nature of the request, this may include completing a personal information request form or otherwise verifying identity to our satisfaction.
We will take reasonable steps to ensure that the personal information that we collect or disclose is accurate, current, complete and relevant. If we are satisfied that any personal information, we hold about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will amend our records accordingly.
3.3. Disclosure of personal information to other organisations and overseas
Torrens Health prides itself on the high calibre of customer service we provide, especially in the area of confidentiality, and right to privacy, dignity and respect. All Torrens Health staff are to be mindful of and respect the right to confidentiality and privacy. We will only disclose personal information for the purpose for which we collected it, and for purposes we consider would be within your reasonable expectations. We may disclose personal information to the following third parties under appropriate circumstances and with the individual’s consent:
• Health care providers the individual has, or wish to work with;
• Educational settings;
• Funding providers such as NDIA and other government agencies;
• Clients who book a staff members service, if they are a team member;
• References named in an application for employment; and
• Members of our corporate group where appropriate.
We are not generally likely to disclose personal information to overseas recipients.
3.4. Online privacy
This Policy Directive sets out the way we handle personal information in respect of online services provided by us. This includes any services provided by us via the Internet, such as our website, and includes email communications between us. We collect personal information about individuals if they send us an email or complete any online forms or applications.
3.4.1 Automatic server logs
Our servers automatically collect various details when an individual use our website, including:
• The individual’s IP (Internet Protocol) address. This is an identifier assigned to the individual’s computer when it is connected to the Internet;
• The operating system and Internet browser software used that an individual is currently using; and
• The data an individual access, such as web pages, social media, document or files, and the time that it was accessed.
We do not attempt to identify individuals using this information, and only use it for statistical analysis, system administration, and similar related purposes. This information is not disclosed to any other party.
We use “cookies”, which identify an individual’s computer to our servers when they visit our website. Our website may store cookies on those individuals’ computer in order to improve and customise their future visits to the website. By using cookies, our site can provide customised content. If individuals do not want information collected using cookies, they may be able to configure their Internet browser to disable cookies. We do not attempt to specifically identify or track individuals using cookies.
3.4.3 Email and Messages
We may collect personal information from an individual if they send us email or if they submit information to us. This information may include an individual’s name and email address, and any other personal information they volunteer. We will use this to contact the individual to respond to their message, send them information, or for other functions we believe they would reasonably expect. We will not use or disclose any such information for any other purpose without the individual’s consent.
3.5. Storage and Transmission of Personal Information Online
Unless we indicate encryption is being used prior to sending information, any information we exchange electronically cannot be guaranteed to be private and secure. If we receive personal information, we will take reasonable steps to store it securely to prevent unauthorised access, modification, disclosure, misuse or loss.
3.6. Other Online Services
We are not responsible for the privacy practices of any other organisation. We are not responsible for external services even if we linked to them in any of our services or communications. By providing such links we do not endorse or approve the other services or assume responsibility for their privacy, confidentiality or legal responsibilities.
3.7. Data Breach
If a data breach or suspected data breach occurs, we will undertake a prompt investigation, which will include an assessment of whether the incident is likely to result in serious harm to any individuals. In such a situation we will comply with the requirements of the Act which may require notification to the Office of the Australian Information Commissioner (OAIC) and affected individuals. If any employee of Torrens Health and its Entities has reason to believe or suspect that a data breach may have occurred, they must contact their relevant Operations Manager so that we can investigate and undertake appropriate actions if required.
We reserve the right to amend this Policy Directive at any time. We publish our current Policy Directive on our website. A copy of this Policy Directive is available from our website.
If any individual believe that a breach of their privacy has occurred, we encourage them to contact us to discuss their concerns. Any complaint will be considered and dealt with by our nominated representative. A complaint may be escalated internally within our organisation if the matter is serious, or if needed to resolve it. If the complainant is not satisfied with our resolution, they may make a complaint to the Office of the Australian Information Commissioner, whose contact details can be found at: http://www.oaic.gov.au/.
6. Further Information and Contact Details
Further information about the ways we manage personal information can be made via the relevant Operations Manager. Internal staff see also Section Error! Reference source not found. Error! Reference source not found. and Section Error! Reference source not found. Error! Reference source not found., and Section 13 Security Management System.
Date Created: 1 June 2012 Version: 9.0 Last Review: 2023
Review Period: Annually