- Privacy Act 1988
- RCS Complaints Management Policy
- RCS Feedback and Continuous Improvement Policy
Dignity refers to the ability of a person to feel respected at all times.
Personal Information refers to information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.
Sensitive Information is a subset of Personal Information and has the meaning provided for that term in the Privacy Act. It includes for example Sensitive Information include racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record and health information.
At all times RCS recognises and respects each person’s right to privacy and dignity by:
- Being treated with respect and with consideration to cultural and personal beliefs; and
- Ensuring that information is protected from access and use by unauthorised persons.
4.1. Collection and Disclosure
Information will only be collected that is reasonably necessary to perform legitimate functions or activities and will only be collected by fair and lawful measures. Personal Information that we collect and hold includes:
Information OBTAINED directly from you
(a) Individual Information
If you use our website we may collect your name, your contact details and any information you provide us if you fill in a form on our website or otherwise contact us. We use this information to be able to get in touch with you and respond to your query.
(b) Client Information
If you are a client of ours we will generally collect Personal Information from you when you fill in a form or provide your details to engage us to provide a service or request information about a service. The Personal Information we collect is guided by the services that we provide you. Additional information will be collected through interaction with us and our services or during consultation with us, such as updates on your progress through use of our services. We collect this information to assist us in providing you the appropriate services, and to customise those services based on your needs.
The Personal Information we collect includes that information necessary to provide you with our services including: your name and contact details, your personal details (including your date of birth, gender and income), details of any personal issues relating to the services we supply, your health information including in some cases your medical history and your credit card or bank account details.
Please note that some of the information we collect about you may be Sensitive Information, which is discussed further below.
(c) Employee Information
If you are a current or prospective staff member, volunteer or contractor of ours, we will generally collect Personal Information about you before we engage you, whether that be an online form submission or in person through interviews or other correspondence.
The Personal Information we collect includes: your name and contact details, your personal details (including date and place of birth, citizenship, gender), your employment history, your relevant skills and experience and your bank account details. Employees should note however, that the employment relationship is exempt from the Privacy Act which means that Personal Information we collect in this regard need not be handled in accordance with the APPs.
(d) Business Partner Information
If you are a business partner/supplier of ours, we will generally collect your name and contact details, the details of the business which you represent and details regarding the services or goods that you provide.
INFORMATION WE COLLECT FROM OTHERS
(a) Information from third parties about you
Where it is unreasonable or impracticable to obtain the information from you, we may collect your Personal Information from someone else such as a responsible person including a family member, a carer or guardian, or other organisations, such as government agencies that we engage with regarding our services in relation to you.
(b) Referral Form Information
We may collect your Personal Information if someone refers you to us. The Personal Information we collect includes your name, address, who the referral was made by, contact details, specialised supports, date of birth, financial details, whether you need assistance, background, behaviours and identified risk.
We may also obtain Personal Information about you that is collected by Australian Government agencies or other bodies.
INFORMATION FROM YOUR USE OF OUR SERVICES AND WEBSITE
(a) Log Data
We may collect a variety of information from your interaction with the Website and our online services including your IP Address; the date, time and duration of your visit; the number of pages you have downloaded; and the type of browser you use.
(b) Location Data
When you use our services, we may collect and process information about your actual location by utilising Google Analytics technology. We use various technologies to determine location, including IP address, GPS, and other sensors that may, for example, provide RCS with information.
Please review our cookies policy below.
In order to operate our services we may also keep track of how you interact with links across our services. This includes links that are embedded in emails and across the website.
As part of delivering our services, we may collect health and other Sensitive Information about you. For example, if you are requesting our services we may collect medical history information about you, or in consultation with us you may provide us with your current health status to assist us in providing you services. In general we attempt to limit the Sensitive Information we collect, however this may not always be possible due to the services we perform. Where we collect Sensitive Information from you we will only do so if it is considered reasonably necessary for us to collect such information for us to perform our functions or activities and you consent, or collection is required by law or another exception under the Privacy Act applies. However, we may also collect Sensitive Information without your consent where we provide you with a health service or where it is otherwise permitted by the Privacy Act in order to carry out our services. This includes where collection is required to lessen or prevent a serious threat to your life, health or safety or to public health and safety. For more information on health services please see below.
4.2. How we collect your Personal Information
We generally collect information directly from you when you provide it to us, such as by filling in a form, during discussions with us in person during a consultation, or when you contact us on the phone or by another method.
There may also be circumstances in which we will collect Personal Information about you from your representative or a third party, for example in the circumstances outlined above. If we collect information about you from someone else we will whenever reasonably possible (unless we are legally exempt from this obligation) make you aware that we have done this and why. If you have provided us with Personal Information in relation to another person you warrant that you have that individual’s consent to the disclosure (or that you are otherwise legally entitled to do so). As described above we also collect your information from your use of computers, phones or other connected devices to our services.
We provide a health service to you when we provide services that are intended to (a) assess, maintain or improve your health (including physical or psychological health) (b) to treat or record your illness, disability or injury or suspected illness, disability or injury (c) an activity that takes place in the beforementioned (a) or (b) in the course of providing aged care, palliative care or care for a person with a disability. Where we provide a health service to you, we may collect your Personal Information from you without consent where the information is necessary to provide the health service to you and it is collected as required or authorised under Australian law or the information is collected in accordance with rules established by competent health or medical bodies. We may also collect Personal Information from someone else without your consent where it is necessary for us to collect the family, social or medical history of a client of ours to provide the health service to the client and your health information is part of the family, social or medical history necessary for us to provide the services to the client.
4.3. Why we collect, use and disclose your Personal Information
(a) help us provide you with our services and to customise the support services that we provide you;
(b) enable better co-ordination between us and other providers involved in your care and treatment;
(c) to communicate effectively with you to ensure that both parties are meeting their obligations;
(d) to document your progress with our services;
(e) to engage the services of, and document our relationship with staff, volunteers and contractors;
(f) maintain your account and contact details;
(g) send marketing communication to you;
(h) conduct our business, generate content and provide customer support and payment options;
(i) communicate with you;
(j) provide you with access to protected areas of our website;
(k) conduct surveys to determine use and satisfaction;
(m) verify information for accuracy or completeness;
(n) comply without legal obligations;
(p) protect a person’s rights, property or safety;
(q) process transactions to which you are a party;
(r) credit reporting purposes;
(s) advertise, promote and provide you with products or services distributed by us;
(t) improve our website and web services; and
We agree to not use or disclose this information for a secondary purpose unless you consent to us doing so, or another exception applies under the Privacy Act.
4.4 Who we disclose your Personal Information to
(a) Our staff members
(b) Service Providers
We may share your Personal Information with other companies, organisations and contractors and outsourced service providers who assist us to provide, or who perform the services we provide to you, including:
- information technology service providers;
- mailing houses;
- market research organisations; and
- specialist consultants.
(c) Third parties and those you ask
We may disclose your Personal Information to third parties to whom you expressly ask us to send the Personal Information to or to third parties that also provide you care and treatment. This also includes:
- your authorised representatives;
- government and regulatory authorities and other similar organisations, as required or authorised by law; and
- such entities that we propose to merge with or be acquired by.
4.5 Employee obligations
If you are an employee of RCS you must:
- inform clients about their privacy rights including the right to have access to their Personal Information and correction of that Personal Information;
- ensure that you only collect Personal Information (other than Sensitive Information) which is reasonably necessary to perform the legitimate functions or activities of RCS;
- where sensitive or health information is collected from an individual, ensure that the individual consents to the collection and the information is reasonably necessary for one or more of RCS functions or activities or some other exception applies under the Privacy Act;
- ensure that collection is only done via fair and lawful measures;
- take reasonable steps to protect any Personal Information from misuse, loss, unauthorised access, modification or disclosure, including without limitation:
- keeping records where there is constant supervision;
- ensuring copies of Personal Information including in internal applications are kept out of view and not accessible by the public;
- ensuring that you keep your account details to internal applications including username and password confidential at all times;
- not allowing any other user (except those authorised) to access your account to internal applications and view client Personal Information;
4.6 Cookies Policy
What are cookies?
A cookie is a small piece of text sent to your browser by a website that you visit. It helps the website to remember information about your visit, like your preferred language and other settings. That can make your next visit easier and the site more useful to you.
Our websites, online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behaviour, enable us to provide you a customised experience, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non Personal Information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered Personal Information by local law, we also treat these identifiers as Personal Information.
How to manage cookies
Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. Please review your browser provider to find out how to disable cookies. Please note that certain features of our website will not be available once cookies are disabled.
4.7 Anonymity and Pseudonymity
We will allow our customers to transact with us anonymously or by using a pseudonym, wherever that is reasonable and practicable. However, this will not be possible if we are required or authorised by law or other instrument to deal with customers who have been appropriately identified; or where it is impracticable for us to deal with individuals who have not identified themselves or who would prefer to use a pseudonym.
4.8 Storage and security of your Personal Information
We take all steps reasonable under the circumstances to protect your Personal Information from misuse, interference, loss; and unauthorised access, modification or disclosure. We store your Personal Information on web servers in Australia. Please be aware that we may use third-party cloud providers that provide hosting, data storage and other services.
We take the security of your Personal Information very seriously. We currently have the following in place:
- our online services protect your Personal Information during transit using encryption such as Transport Layer Security (TLS);
- hard copy confidential information is stored in key lockable filing cabinets. Filing cabinet keys are only accessible to persons with authority to access the particular information contained within each filing cabinet;
- electronic information is stored on a password secured computer network. Password access to RCS network drive is provided to office-based staff only;
- Your Personal Information is stored in encrypted form including when we utilise third party storage providers.
Although we use reasonable security measures, no method of transmission over the internet is completely safe, therefore we are unable to guarantee the security of your Personal Information.
4.9 Access to and correction of your Personal Information
Subject to the Privacy Act, you have a right to access and correct any personal information about you that we may hold. Should a person request access to information or correction of information, the Privacy Officer or representative will coordinate assessment of the requested information and determine if access or correction can be made in full, in part or if it must be denied (for example where requests are frivolous).
If we determine that Personal Information we hold on you, having regard to the purpose for which it is held, is inaccurate, out of date, incomplete, irrelevant or misleading, or you request us to correct the information, we will take all such steps as are reasonable in the circumstances to correct the information we hold, after considering the reason why we hold the information, and to make sure it is accurate, up to date, complete, relevant and not misleading.
If we receive a request from you to access or correct Personal Information we will respond to you within a reasonable time after receiving your request and in the manner requested by you, if it is reasonable and practicable for us to do so. We may charge a reasonable fee for giving access to the information.
4.10 If we can’t collect your Personal Information
If you do not provide us with the Personal Information described above, some or all of the following may happen:
- we may not be able to provide the requested products or services to you, either to the same standard or at all;
- we may not be able to provide you with information about products and services that you may want; or
- we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful.
4.11 Integrity and Retention of Personal Information
4.12 Cross border disclosure of Personal Information
We will generally not transfer Personal Information about an individual to anyone who is in a foreign country. We advise that all information is stored domestically within Australia. Where we are required to use supplier outside of Australia, we ensure that all our suppliers are required to commit to adherence with the Australian Privacy Principles.
4.13 Notifiable Data Breach
In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act or any other subsequent sections or legislation which supersede this Part IIIC, we will follow our relevant notifiable data breach procedures in compliance with the Privacy Act and relevant laws.
We understand the importance of taking extra precautions to protect the privacy and safety of children using our products and services. Information about children is collected so that we can provide children with treatment and advice, in the same manner as set out in this document. For each child or young person, it is important to assess their competency. The proposed use or disclosure must also be taken into account for the safety of the child. Where a child or young person is not competent to make their own privacy decisions we can discuss the child or young person’s Personal Information and health information with a parent or legal guardian. Information will be limited to that which is necessary. Even where a child or young person is not competent their views should still be considered, as should the risks and benefits of disclosure in the circumstances (such as for example if a parent is abusive toward a child, or other issue).
For children under the age of 15, or equivalent minimum age in the relevant jurisdiction, we require parent provided verifiable consent. If we learn that we have collected the Personal Information of a child under 15, or equivalent minimum age depending on jurisdiction, outside the above circumstances we will take steps to delete the information as soon as possible (where applicable). If you are a parent or guardian of a child and do not wish for us to collect certain information about your child, or you wish to access, correct, or delete data associated with your child, please contact our Privacy Officer.
4.15 Third Party Links
4.17 Enquiries, requests, complaints
If you think your Personal Information, held by us, may have been compromised in any way or you have any other Privacy related complaints or issues, you should also raise the matter with the Privacy Officer.
We will ensure your claims are investigated and a formal response will be provided to you, within a reasonable time, considering the circumstances of your claims. If any corrective action is determined to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you of such, again within a reasonable time considering the circumstances.
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commission, whose contact details are below.
Office of the Australian information Commission
|Telephone||1300 363 992|
|Office Address||Level 3, 175 Pitt Street, Sydney NSW 2000|
|Postal Address||GPO Box 5218, Sydney NSW 2001|
|Entity||Real Community Services Pty Ltd|
|Telephone||1300 007 270|
|Office Address||Unit 1/8-14 St Jude Ct Browns Plains QLD 4118|
|Postal Address||As above|
|Review Date||26 May 2020|
|Review Cycle||12 Months|
|Next Review Due||31 May 2020|