Impakt Care is committed to protecting the privacy of an individual’s personal information. The following sets out how we aim to protect the privacy of your personal information, your rights in relation to your personal information managed by us, and the way we collect, use and disclose your personal information.
In handling your personal information, we will comply with the Privacy Act 1988 (Cth) (Privacy Act) and with the thirteen Australian Privacy Principles in the Privacy Act.
We have policies and procedures in place to ensure that:
- personal information is managed in an open and transparent way
- the privacy of personal information of participants and staff are protected
- we collect and handle personal information fairly
- personal information we collect is used and disclosed for legally permitted purposes only
- we regulate access to and correction of personal information
- we maintain the confidentiality of personal information through appropriate storage and security.
The kinds of information we collect
Participants' personal information is collected to provide care and services. Personal information we collect could include your:
- name, address, telephone number and email address
- date of birth
- advocate or emergency contact’s telephone number and email
- health information
- diversity status (ethnicity, lifestyle preferences).
How we collect personal information
Participant personal information may be collected from:
- you, the participant
- your family members or significant others
- your advocate
- your doctor or other service providers or facilities.
We will collect personal information directly from you unless:
- we have your consent to collect the information from someone else
- we are required or authorised by law to collect the information from someone else
- it is unreasonable or impractical to do so.
You can withdraw your consent at any time by contacting us; although you should be advised that this may impact on our capacity to provide services.
Purpose of collecting personal information
Personal information is collected for the purposes of providing care and services. The information may be used to:
- provide support services
- enable service providers and medical practitioners to provide care and services
Disclosure of personal information
We may disclose your personal and health information, for the purpose of your care and services, to:
- service providers who assist us in providing care and services, medical practitioners, external health agencies such as the ambulance service, hospitals, the National Disability Insurance Scheme, and other relevant government organisations.
- a person you have nominated as being your advocate, e.g. parent, child or sibling, spouse, a relative, a member of your household, a guardian, an enduring power of attorney, or a person you have nominated to be contacted in case of emergency, provided they are at least 18 years of age.
We may not use or disclose personal information for a purpose other than providing care and services, unless:
- you have consented
- the purpose is related to providing care and services, and you would reasonably expect disclosure of the information for that purpose
- we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to your life, health or safety or a serious threat to public health or public safety
- we have reason to suspect unlawful activity and disclosure is required or authorised by law.
We will not disclose your personal information to an overseas recipient.
Security of personal information
We take all reasonable steps to ensure that the personal information we hold is protected against misuse, loss, unauthorised access, modification or disclosure. We hold personal information in both hard copy and electronic forms in secure databases on secure premises and on secure, cloud-based technology, accessible only by our authorised staff.
Accessing the personal information that we hold about you
Under the Privacy Act, you have a right to access your personal information that is collected and held by us. If at any time you would like to access or change the personal information that we hold about you, or you would like more information on our approach to privacy, please contact us.
To obtain access to your personal information, you will have to provide us with proof of identity. We will take all reasonable steps to provide access to your personal information within seven (7) days from your request.
Records of current and past employees which are related to the employment relationship are managed in accordance with workplace laws. Privacy laws may apply to employee personal information if the information is used for something that is not related to the employment relationship between our organisation and the employee.
Personal information collected and held by us in relation to our volunteers will be managed in accordance with the Privacy Act.
Privacy data breaches
In the event that your personal information is lost, stolen or subject to unauthorised access or disclosure, we will implement our Management of Data Breach Policy and Procedure.
All complaints regarding privacy can be lodged via our complaint handling process.
At all times, privacy complaints will:
- be treated seriously
- be dealt with as promptly as possible
- be dealt with in a confidential manner
- not affect your existing obligations or affect the commercial arrangements between you and us.
You will be informed of the outcome of your complaint following completion of the investigation.