AQA Victoria Ltd (AQA) is a not-for-profit organisation that provides:
- information, peer support, mentoring and community development services to individuals with Spinal Cord Injury through its Spire division; and
- 24 hour in-home personal care and community access support for individuals affected by a physical disability, injury or illness through its Qualcare division.
AQA collects and administers a range of personal information for the purposes of delivering services to clients and members through its employees and volunteers. AQA is committed to handling personal information in accordance with the requirements of the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). These principles govern how we can collect, use, hold and disclose your personal information, as well as ensuring the quality and security of your personal information.
This policy sets out how AQA manages personal information (including sensitive information) collected through membership, client or employee applications, through the use of any of our services or by any other means.
What is Personal Information?
Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from their information. The information or opinion will still be personal information whether it is true or not and regardless of whether we have kept a record of it. The information that we seek to collect about you will depend on services that we provide. If you do not allow us to collect all of the information we request, we may not be able to deliver all of those services effectively. This information could include your name, address, contact details and date of birth.
What is sensitive information?
Sensitive information is personal information including, but is not limited to, health information regarding disability, injury or illness, religious beliefs and criminal records.
AQA will only collect personal information necessary for the efficient delivery of services and to conduct business activities that support these functions. We collect most personal information directly from you. For example, we will collect your personal information when you apply for or use a service or talk to us in person or on the phone. We may directly collect personal information in the following circumstances:
- If you apply become a member of AQA.
- If you apply to become a client of AQA Qualcare.
- If you apply for employment.
- If you apply to become a volunteer of AQA.
- If you agree to sponsor AQA or its members, or make a donation.
- Intermittent collection of information may occur to ensure relevant and up-to-date information records.
AQA uses different means of collecting information, which includes either: electronic, face-to-face interaction, interaction with our website, requests for information / requests to update information, and the provision of products and services.
Sometimes we collect personal information about you from other people or organisations. This may happen without your direct involvement. For instance, we may collect personal information about you from: authorised third party representatives; funding bodies; through referral from other service providers / medical practitioners; or as a result of an informal referral made to support our community activities (i.e. candidate referrals for speakers, presenters, volunteers).
We also collect information from you electronically. Our web server collects the domain names (not the email / IP addresses) of visitors to our website. This information is aggregated to measure basic usage data (such as the number of visits, average time spent on the site; pages reviewed etc.) which is used by our organisation to improve our website content.
Use and Disclosure
AQA uses personal information to provide products and services. Generally, personal information will only be used for the primary purpose for which it was collected and for carrying on business processes, which includes:
- Effectively running operating systems such as rostering, payroll and client management software;
- Maintaining and managing our database of volunteers, members, subscribers, their families and carers and communicating with them;
- To notify individuals of information and opportunities that might be of interest to them through newsletters or ad hoc updates;
- Setting up of legal obligations as an employer, including but not limited to payments for tax and superannuation;
- Delivery of in-home service, community access, mentoring or peer support;
- Providing telephone or email support;
- Raising and administering donations, sponsorships and membership payments; and
- De-identified data may be used to meet reporting and regulatory requirements and assist with system improvements.
However, we may use or disclose your personal information for secondary purposes that relate to our functions and activities if we have your consent do so or without your consent if the APPs permit us to do so, for example if you would reasonably expect us to use your information for the secondary purpose. We will only use your personal information for a secondary purpose if it is related to the reason why we collected your personal information. In some circumstances we are permitted or authorised by or under an Australian law or a court/tribunal order to use or disclose your personal and sensitive information. For example, if our disclosure of your information will reduce or prevent a serious threat to life, health or safety or our disclosure is in response to any unlawful activity.
The types of other entities we may share your information with include:
- your authorised representatives, interpreter or legal advisors acting on your behalf;
- entities who provide services on behalf of a funding body / health department and who will provide services to you, such as our community sector partners, community service organisations, contracted service providers or other health service providers;
- organisations that provide archival, auditing, professional advisory, banking, in-house mail, delivery, information technology, building and property maintenance services; and
- government and regulatory authorities such as Centrelink, government organisations dealing with welfare, child and family support, community support and law enforcement.
AQA may use, upon receiving explicit consent, photographs of members, clients, employees, volunteers, their families and carers for marketing, communication and community engagement purposes – such as social media, annual reports, internal and external newsletters, and websites.
Disclosure of personal information overseas will only occur where explicit request to do so is received from the person or an authorised representative, in order for an individual to receive services in that country. AQA may outsource technological or administrative projects to overseas providers where local services are unavailable or cost prohibitive. In such cases, AQA will take reasonable steps to ensure that the overseas recipient does not breach the APPs.
AQA will not otherwise disclose any personal information about a person unless required or permitted by law.
Use and disclosure of sensitive information
AQA may collect sensitive information about the health of and any disabilities and conditions (including physical and mental disabilities) experienced by our clients, members or peer support volunteer applicants. We may also seek medical clearance from a doctor (if required) in order to evaluate a person’s application for employment or service delivery. Where we are required to collect such information, AQA will only use that information with the person’s consent unless otherwise required or permitted by law. We will only use your sensitive information you for a secondary purpose if it is directly related to the reason why we collected the sensitive information about you.
Security of Personal Information
AQA will take reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification or disclosure. For example:
- access to information systems is controlled through identity and access management;
- employees are bound by internal information security policies and are required to keep information secure;
- all employees are required to complete training about information security; and
- we regularly monitor and review our compliance with internal policies and industry best practice.
Personal information held by AQA is stored electronically in secure databases located in Australia, or where retention of hard copy documents is required, in secure filing cabinets. Only authorised personnel are given access to individual’s personal information. We take reasonable steps to destroy or permanently de-identify any personal information after it can no longer be used.
Access and Correction
You can request access to the personal information we hold about you. You can also ask for corrections to be made. To do so, please contact us. AQA takes all reasonable steps to ensure the personal information collected, used or disclosed is accurate, complete and up-to-date. If we hold personal information about you we will generally provide you access to that information free of charge. Access to personal information will not be granted to an unauthorised third party, without express written authority granted by the individual.
There are some circumstances in which we are not required to give you access to your personal information. Where access to personal information has been denied, AQA will provide reasons for the refusal.
Corrections or updates to information must be made by the individual or their authorised representative. Corrections may occur where information is inaccurate, incomplete, misleading or not up-to-date. Where updates are made by an unauthorised third party, AQA will verify the information with the individual before any amendments are made.
Where practical, individuals may engage with AQA anonymously or using a pseudonym. You have the option of not identifying yourself during questionnaires, opinion surveys or evaluation forms however the collection of personal information is required to enable AQA to deliver efficient goods and services or a response to a complaint or concern. If you do not wish to provide the personal or health information that we require in order to deliver a service to you, then we may not be able to provide you with that service.
Complaints about Privacy at AQA
AQA takes complaints or concerns about privacy very seriously. If you are concerned about the personal information which AQA might hold about you or wish to complain about how your personal information is handled please write to the AQA Privacy Officer either via post or email provided below.
Who else protects your privacy?
We take any privacy complaint seriously and will deal with your complaint fairly and promptly. However if you are not satisfied with our response or how we handled your complaint, you may complain to the Office of the Australian Information Commissioner (in writing) at:
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 1042
Phone: 1300 363 992
TTY: 1800 620 241
Another source of privacy information is the Office of the Health Services Commissioner Ph: 1800 136 066 Web: www.health.vic.gov.au/hsc
More information about Privacy
AQA’s approach to privacy is reviewed for improvement and amended from time to time. Any changes or updates will be updated on the AQA, Qualcare and Spire websites. Individuals who would like more information about any aspects of privacy at AQA please can contact the AQA Privacy Officer on 03 9489 0777 or firstname.lastname@example.org.
For further information about privacy, your rights and legislation, the following may be helpful:
Department of Human Services www.dhs.vic.gov.au/for-individuals/your-rights/your-privacy