POL-CP-04 PRIVACY, DIGNITY AND CONFIDENTIALITY – June 2019
At all times Deaf Children Australia recognises and respects the confidentiality of any personal information relating to our stakeholders (clients, activity participants, donors, employees and volunteers). We aim to ensure that our stakeholders enjoy:
- Freedom from intrusion and public attention
- Being treated with respect
- Assurance that their personal information is protected from unauthorised access
2. Deaf Children Australia’s Privacy Officer
The CEO will appoint a Privacy Officer to continually monitor, ensure staff awareness of and compliance and address requests for access and/or complaints relating to this Policy.
3.Privacy at Deaf Children Australia
Deaf Children Australia deals with personal information in accordance with the Commonwealth Privacy Act (1988) and it’s Australian Privacy Principles (APPs).
Deaf Children Australia is bound by laws which impose specific obligations when it comes to handling information. Deaf Children Australia will:
- Collect only information which the organisation requires for its primary function of providing services and improving service delivery
- Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered
- Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent
- Take reasonable steps to ensure the information it collects is accurate, complete, up to date and relevant to the functions we perform
- Store personal information securely, protecting it from unauthorised access
- Only destroy records in accordance with the organisation’s Records Management Policy
- Give stakeholders the option of not identifying themselves when completing evaluations forms or surveys
- Provide stakeholders with access to their own information, and the right to seek its correction
- Only release personal information about a person with that person’s express permission (signed release form) or asrequired to do so by law
4. What is personal information?
- true or not; and
- recorded in a material form or not
5. What personal information do we collect?
The types of personal information we collect will depend on how you interact with us. Typically we collect the following personal information:
- Name (yours and that of other family members)
- Date of birth
- Street /Postal address
- Contact telephone numbers
- Email address
- Service / program feedback
- Online survey responses
- Hearing status
- Preferred communication mode
- Transactional information such as credit card details or bank details in the event of a purchase from or donation to Deaf Children Australia
- Staff / Volunteer information for human resources, finance and general administration purposes
- Contractors / Partnership information to conduct administrative and business functions
6. How do we collect personal information?
How Deaf Children Australia collects personal information from its stakeholders may include (but is not limited to) the following:
- Directly from the person we are working with to provide service support
- When you purchase a resource / service or make a financial donation
- Through referral forms completed and submitted to us from third parties
- During conversations and email exchanges between you and our representatives
- When we obtain feedback from you about our services
- When you register for our events, workshops or activities
- When you subscribe to our newsletters
- Through your access / use of our website
- Through expressions of interest in employment or volunteering opportunities with our organisation
- From publically available sources
7. For what purposes do we use and disclose personal information?
We collect, hold, use and disclose personal information for the following purposes:
- to send you communications and information about our organisation that we consider may be of interest to you
- to manage and maintain our service delivery
- to respond to enquiries
- to improve our services
- to inform you about our services
- to deliver a tailored service solution
- to obtain feedback from you about our services
- to update our records and keep contact details up to date
- to enable you to subscribe to our website, newsletters, fundraising materials, register for events and workshops
- with your express consent and for an authorized purpose to a third party
- to process and respond to complaints
- to comply with reporting requirements associated with government funding
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority
Your personal information will not be used for any purpose other than the purpose for which it was collected unless
- such use is authorized or required by law
- you have consented to the use
If your information is no longer needed, we will take reasonable steps to either delete it from our systems or de-identify it, except with Deaf Children Australia is required by law or a court/ tribunal order to retain the information.
8. How do we store and secure personal information?
Deaf Children Australia makes every effort to protect your personal information from unauthorized access, improper use, alteration and destruction.
We store personal information in order to ensure that we can manage and maintain communication with individuals and organisations we work with. Deaf Children Australia holds personal information in either:
- Hard copy (paper based) format in secure access controlled offices; or
- Electronic format (databases and email files) which requires login and passwords and are stored on our secure servers.
9. Unauthorised access, use or disclosure of personal information
We will take seriously and deal promptly with any unauthorised access, use or disclosure of personal information.
The Notifiable Data Breaches (NDB) scheme which commenced on 22 February 2018, generally requires organisations to notify individuals whose personal information is involved in a data breach which is likely to result in serious harm to those individuals. These entities are also required to notify the Office of the Australian Information Commissioner. We comply with the NDB scheme when dealing with these types of data breaches.
DCA also has regard to relevant guidance material issued by the Office of the Australian Information Commissioner, including the ‘Data breach preparation and response — A guide to managing data breaches in accordance with the Privacy Act 1988 (Cth)’, when responding to any incidents involving the unauthorised access of, use or disclosure of personal information.
10. Using the internet
When visiting the Deaf Children Australia website, a record of your visit is logged and information is automatically recorded for statistical purposes to enable us to analyse trends, administer the website, and improve this site and our services. This information does not identify you personally and Deaf Children Australia does not track information about individuals and their visits.
Your web browser supplies information including:
- your internet domain and the IP address from which you access our website
- the type of web browser used
- your computer’s operating system
- the date and time you access the site
- the pages you visit and any documents downloaded
- If you followed a link to the Deaf Children Australia website from another website – the address of that website.
No attempt will be made to identify users or their browsing activities except where otherwise required or authorised by law eg. In the event of an investigation, a law enforcement agency may exercise its legal authority to inspect the service provider’s log.
Our website may contain links to other websites operated by third parties. We make no representations or warranties on relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website.
When Deaf Children Australia receives information from you, either via email or any other means, the information is stored in a secure environment. Please be aware that there are inherent risks associated with the transmission of information via the internet. Although Deaf Children Australia has implemented security measures, it is not possible to provide absolute guarantees as to the security of data provided via online transmission. If you have concerns in this regard, Deaf Children Australia has alternative methods of obtaining and providing information e.g. mail, telephone and facsimile.
11. How to access or correct your personal information or make a privacy related complaint.
Deaf Children Australia is transparent about the personal information it collects and aims to ensure that the personal information is holds is accurate. You are entitled to access your personal information held by Deaf Children Australia. Should you wish to access or correct your personal information that we hold, please make your request in writing to the Privacy Officer by email firstname.lastname@example.org . We will provide you with access in the manner that you request where it is reasonable and practical to do so, except where we are entitled to deny access as permitted by the Privacy Act. The privacy Officer will respond to your request within 30 days of receiving your request.
If we deny your request for access or to correct your personal information, we will provide you with written reasons for this and mechanisms available to your to complain about our refusal.
You may also use the above contact details to notify us of a privacy complaint that you may have against us if you think we have failed to comply with our obligations under the Australian Privacy Principles.