Privacy Policy
Policy Statement
Anglicare NQ collects, holds, uses and discloses personal information from a range of individuals through services and organisational activities. This Policy outlines Anglicare NQ’s commitment to your privacy when managing your personal information. As required by the Privacy Act 1988 (Cth), Anglicare NQ manages your personal information in accordance with the 13 Australian Privacy Principles which govern standards, rights and obligations around:
- The collection, use and disclosure of personal information
- An organisation or agency’s governance and accountability
- Integrity and correction of personal information
- The rights of individuals to access their personal information
Purpose
This policy outlines the standards required of employees and volunteers in respect to our obligations under the Privacy Act, along with providing information to the public on why and how we collect, store and dispose of information.
Scope
This policy covers:
- The people we work with, supporters and donors
- Anglicare NQ Board of Directors and Sub-Committee, employees and volunteers
- All contractors, consultants, representatives and agents engaged by Anglicare NQ
- Any students on fieldwork placements or people undertaking work placements at Anglicare NQ
Definitions
Anglicare NQ refers to Anglicare North Queensland
APPs refers to the Australian Privacy Principles as outlined in the Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 1988.
Board refers to those persons appointed (and who serve in an honorary capacity) by the Diocesan Council in accordance with Clause 7 of the Constitution.
Client refer to individual(s) who access Anglicare NQ services
Current records are the most recent information on an individual up to a period of seven years
Donor refers to a person or organisation who makes a one-off or occasional financial contribution to Anglicare NQ or through an appeal for public donations
Employees refers to paid staff and volunteers of Anglicare NQ
Grace refers to the secure information management partner who utilises highly secure facilities, vetted personnel and an unbroken chain of custody to safeguard and properly protect hard copy information, and to provide access to stored personal information.
In-kind donor refers to a person or organisation that gives goods or services to Anglicare NQ or to beneficiaries through Anglicare NQ
Managers are persons appointed to lead specialist (functional or knowledge areas) or complex, multidisciplinary teams. An individual at the Manager level typically reports to an individual at the Executive level.
Personal Information includes a broad range of information, or an opinion that could identify an individual. What is personal information will vary, depending on whether a person can be identified or is reasonably identifiable in the circumstances.
Privacy Act refers to the Privacy Act 1988 Act No. 119 of 1988 and as amended, along with the QLD Information Privacy Act 2009
Sensitive Information refers to personal information that is about a person’s racial or ethnic origins, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientations or practices, criminal record, health, genetics or biometric information or templates.
Principles
Why We Collect and Use Your Personal and Sensitive Information
Anglicare NQ collects and uses personal information when it is necessary for service delivery and organisational activities, or otherwise required by law. The personal information provided by you is our primary source data collection.
Information for the People We Work with and Donors
Anglicare NQ collects and uses certain kinds of personal information on the people we work with and donors for a range of reasons. This can include sensitive information on your race, ethnic origins or health. Examples of personal information Anglicare NQ may require from you include:
- Your name, age, gender and contact information so that responses to inquiries and referrals to services can be provided.
- Details on your engagement or disengagement with a service to analyse the effectiveness of a service.
- Your bank or card details so that donations can be processed.
- Whether you are Indigenous or of ethnic origin so you can be referred to appropriate services.
- Whether you suffer from any mental or physical disabilities or have any health conditions or limitations in order to refer you to appropriate services.
Information for Staff, Volunteers or Other People Performing Work for Anglicare NQ
If you are performing or applying for work with Anglicare NQ, we will collect and use your personal information for a broad range of recruitment, human resource, service delivery and other purposes. This includes sensitive information on your criminal history.
How We Collect and Hold Your Personal Information
Anglicare NQ will generally collect and use your personal information by consent. You may be asked for your consent directly or it may be implied from the situation. Anglicare NQ will take particular care to obtain your consent when the personal information we are collecting or using is of a sensitive nature.
It is acknowledged that some circumstances prevent the provision of written consent. Where verbal consent is provided, the identity of the person providing consent must be verified and the consent recorded on a consent form as “verbal consent”, including all details of why and how verbal consent was provided and how the person’s identity was verified. Verbal consent forms should be signed by the consenting person at the next available opportunity.
There are some situations where Anglicare NQ may need to collect or use your personal information without consent. This may be because it is impracticable to obtain your consent, we need to use your personal information to protect you or others’ safety or we are required to collect or use the information to comply with a law or court/tribunal order.
Information that You Give to Anglicare NQ
If you provide personal information in person, over the phone, by fax, email, in writing or another form then that information may be held and used by Anglicare NQ. We will not sell, trade or rent personal or sensitive information to third parties.
Information Collected Through our Website
Anglicare NQ does not collect personal information about you when you visit Anglicare NQ websites, unless you choose to provide such information.
The Anglicare NQ website may from time to time contain links to other sites. Anglicare NQ is not responsible for the content and the privacy practices of other organisations and other websites and we encourage you to examine each sites privacy policy and make your own decisions regarding the accuracy, reliability and correctness of material and information found.
Information Collected Through Social Networking Services
Anglicare NQ uses social networking services such as LinkedIn, and Facebook to communicate to the public about our work. When you communicate with us using these services, we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies, you can access their privacy policies on their websites.
Information Collected for Planning, Research or Publicity
Information may be collated for planning, research or publicity purposes but must not identify individual clients, except where specific permission from the client and/or their legal guardian has been given.
For example, Anglicare NQ develops promotional and educational materials that can be published in print or digital environments, by Anglicare NQ or a third party promoting or in partnership with Anglicare NQ’s services. Consent to use images for this purpose must be obtained prior to images being published or shared.
Information Collected from Other Parties
Sometimes Anglicare NQ receives your personal information from a third party. Anglicare NQ may accept this personal information when it is unreasonable or impracticable for us to collect it directly from you. Examples of this type of personal information could include a report from a medical practitioner or from a government agency.
Holding Your Information
Anglicare NQ takes care to store your personal information in safe and secure locations. Only people with a requirement to access information are able to access your personal information. Information may be held in a physical file in an Anglicare NQ office or secure storage facility or in a digital format in a database or on a server held in secure locations.
Anglicare NQ has put in place a range of security mechanisms including (but not limited to) user authentication, access controls, firewalls and security monitoring.
Disclosing Your Personal Information Anglicare NQ will not disclose personal or sensitive information unless:
- You have provided written consent to do so
- The use or disclosure of the personal information is required by law, a court/tribunal order, police or other enforcement body
- There is suspicion of an offence(s) being committed and the information is needed to act
- The information is required to lessen or prevent a serious threat to an individual’s life, health or safety or to public health or safety.
Quality of Personal Information
To ensure that the personal information Anglicare NQ collects is accurate, up-to-date and complete we:
- Record information in a consistent format
- Where necessary, confirm the accuracy of information we collect from a third party or a public source
- Promptly add updated or new personal information to existing records
- Regularly audit our contact lists to check their accuracy
- We also review the quality of personal information before we use or disclose it
Client File Management
Many people accessing Anglicare NQ services will be given a standard consent form which will be fully explained, in a manner that is easily understood. It is important to ensure people accessing Anglicare NQ services understand their rights and the conditions under which their personal information is collected and used. It will also be explained that clients may opt out of having their personal information collected at any time. The client may also be asked for consent to be contacted in the future. Some reasons may be:
- checking eligibility
- demographic data for trends, planning and advocacy
- further appointments and follow-up information
- surveys or focus groups, feedback, or research
Where additional forms need to be completed, this will also be discussed with the person.
A consent form will remain valid while the client receives a service from Anglicare NQ. If there are significant changes to the client’s situation or details, or a change or substantial break in the provision of service, a new form should be completed. Changes to the service providers or organisation for which consent was given also requires a new consent form to be completed. Where possible and reasonable, Anglicare NQ offers clients the option of not identifying themselves, or using a pseudonym. When recording information in client files, it is essential to:
- be clear and not make unwarranted personal or judgmental comments
- explain and justify your conclusion and assessment in factual terms
- be descriptive instead of subjective when recording observations and interventions
- write clearly so others can read what’s written
- date and sign entries
- initial corrections made without using white-out.
Accessing and Changing Personal Information Held by Anglicare NQ
If Anglicare NQ holds personal information on you, then you can request to access or change the information. Under the Privacy Act, you have the right to ask for access to personal information that we hold about you and ask that we correct that personal information. Once a request is made, Anglicare NQ will provide a response and organise to give you access to or change personal information.
When making a request to access personal information, you can request what format you would prefer to receive the information. However, access to some types of information may require you to receive the information in person in the presence of an Anglicare NQ staff member.
We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. A signed consent form may also be required.
In some circumstances, Anglicare NQ may deny access to information, such as situations where Australian Privacy Principle 12 (APP 12) within the Privacy Act 1988 (and as amended) gives appropriate reason to do so.
Reasons you may be denied access to your personal information include:
- the request does not relate to the personal information of the person making the request
- providing access would pose a serious and imminent threat to the life or health of a person
- providing access would create an unreasonable impact on the privacy of others
- the request is frivolous and vexatious
- the request relates to existing or anticipated legal proceedings
- providing access would prejudice negotiations with the individual making the request
- access would be unlawful
- denial of access is authorised, or required, by law
- access would prejudice law enforcement activities
- access discloses a ‘commercially sensitive’ decision making process, or information for any other reason that is provided for in the Australian Privacy Principles, or in the Privacy Act 1988 and QLD Information Privacy Act 2009
If Anglicare NQ denies access to information, written notice explaining reasons for denying access and the processes available to complain about the refusal will be provided to the complainant. Disputes about the right of access to information, or forms of access, will be dealt with in accordance with Anglicare NQ Feedback Policy.
Requests to access or change your personal information can be made by contacting Anglicare NQ Privacy Officer. This role is currently fulfilled by:
Executive Manager – Policy & Service Development
A response will be provided as soon as possible. If further service or program specific information is required, please discuss with an Anglicare NQ staff member.
Data Breaches
A data breach occurs when personal information that Anglicare NQ holds is accessed, disclosed without authorisation, or is lost. For example, when:
- a device with personal information is lost or stolen
- a database with personal information is hacked
- personal information is mistakenly given to the wrong person
Under the Notifiable Data Breaches scheme a data breach becomes ‘notifiable’ when it is likely to cause serious harm to an individual whose personal information is involved. Anglicare NQ has 30 days to determine whether a data breach is likely to result in serious harm. Examples of serious harm include:
- a risk of physical harm, such as by an abusive ex-partner
- serious harm to an individual’s reputation
- serious psychological harm
- identity theft
- financial loss
As soon as any data breach occurs (notifiable or not), remedial action will be taken immediately to limit the possibility of serious harm to the affected individual/s.
Anyone suspecting a data breach must notify the Privacy Officer immediately. The Privacy Officer will then coordinate a response as per the ‘Anglicare NQ Data Breach Response Plan’.
If the remedial action is not sufficient to reduce the chance of an individual experiencing serious harm, Anglicare NQ has to notify affected individuals and the Office of the Australian Information Commissioner (OIAC) of the data breach. Depending on the number of individuals affected,
Anglicare NQ will notify them either in an email, a text message or a phone call. The notification will include
- Anglicare North Queensland’s contact details
- the types of personal information involved in the breach
- a description of the data breach
- recommendations for the steps the individual should take in response
Office of the Australian Information Commissioner
If you believe Anglicare NQ has taken an unreasonable time to respond to your privacy complaint, or you are dissatisfied with the outcome of a decision, you can make a complaint to the Privacy Commissioner at OIAC. For external information please contact:
- telephone 1300 363 992
- email:
- website: oaic.gov.au
Or write to GPO Box 5218, Sydney NSW 2001