Privacy Policy

Source Documents
  • Privacy Act 1988
  • RCS Complaints Management Policy
  • RCS Feedback and Continuous Improvement Policy

1.PURPOSE

This Privacy Policy describes the information Real Community Services A.B.N.74 117 218 416 (we, us, our, or RCS) collect, how it is used and shared, and your choices regarding this information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).

To ensure your Personal Information remains compliant with the Privacy Act, we communicate this Privacy Policy to every employee as well as customers, clients and service providers.

2.DEFINITIONS

For the purposes of this Privacy Policy, the following definitions apply:

Confidentiality is a set of rules or a promise that limits access or places restrictions on certain types of information. For this Privacy Policy, it refers to information of a person or organization (written, spoken and observed).

Dignity refers to the ability of a person to feel respected at all times.

Personal Information refers to information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.

Sensitive Information is a subset of Personal Information and has the meaning provided for that term in the Privacy Act. It includes for example Sensitive Information include racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record and health information.

3. POLICY

At all times RCS recognises and respects each person’s right to privacy and dignity by:

  • Being treated with respect and with consideration to cultural and personal beliefs; and
  • Ensuring that information is protected from access and use by unauthorised persons.

4. PROCEDURES

4.1. Collection and Disclosure

Information will only be collected that is reasonably necessary to perform legitimate functions or activities and will only be collected by fair and lawful measures. Personal Information that we collect and hold includes:

Information OBTAINED directly from you

(a) Individual Information

If you use our website we may collect your name, your contact details and any information you provide us if you fill in a form on our website or otherwise contact us. We use this information to be able to get in touch with you and respond to your query.

(b) Client Information

If you are a client of ours we will generally collect Personal Information from you when you fill in a form or provide your details to engage us to provide a service or request information about a service. The Personal Information we collect is guided by the services that we provide you. Additional information will be collected through interaction with us and our services or during consultation with us, such as updates on your progress through use of our services. We collect this information to assist us in providing you the appropriate services, and to customise those services based on your needs.

The Personal Information we collect includes that information necessary to provide you with our services including: your name and contact details, your personal details (including your date of birth, gender and income), details of any personal issues relating to the services we supply, your health information including in some cases your medical history and your credit card or bank account details.

Please note that some of the information we collect about you may be Sensitive Information, which is discussed further below.

(c) Employee Information

If you are a current or prospective staff member, volunteer or contractor of ours, we will generally collect Personal Information about you before we engage you, whether that be an online form submission or in person through interviews or other correspondence.

The Personal Information we collect includes: your name and contact details, your personal details (including date and place of birth, citizenship, gender), your employment history, your relevant skills and experience and your bank account details. Employees should note however, that the employment relationship is exempt from the Privacy Act which means that Personal Information we collect in this regard need not be handled in accordance with the APPs.

(d) Business Partner Information

If you are a business partner/supplier of ours, we will generally collect your name and contact details, the details of the business which you represent and details regarding the services or goods that you provide.

INFORMATION WE COLLECT FROM OTHERS

(a) Information from third parties about you

Where it is unreasonable or impracticable to obtain the information from you, we may collect your Personal Information from someone else such as a responsible person including a family member, a carer or guardian, or other organisations, such as government agencies that we engage with regarding our services in relation to you.

(b) Referral Form Information

We may collect your Personal Information if someone refers you to us. The Personal Information we collect includes your name, address, who the referral was made by, contact details, specialised supports, date of birth, financial details, whether you need assistance, background, behaviours and identified risk.

We may also obtain Personal Information about you that is collected by Australian Government agencies or other bodies.

INFORMATION FROM YOUR USE OF OUR SERVICES AND WEBSITE

(a) Log Data

We may collect a variety of information from your interaction with the Website and our online services including your IP Address; the date, time and duration of your visit; the number of pages you have downloaded; and the type of browser you use.

(b) Location Data

When you use our services, we may collect and process information about your actual location by utilising Google Analytics technology. We use various technologies to determine location, including IP address, GPS, and other sensors that may, for example, provide RCS with information.

(c) Cookies

Please review our cookies policy below.

(d) Links

In order to operate our services we may also keep track of how you interact with links across our services. This includes links that are embedded in emails and across the website.

Sensitive Information

As part of delivering our services, we may collect health and other Sensitive Information about you. For example, if you are requesting our services we may collect medical history information about you, or in consultation with us you may provide us with your current health status to assist us in providing you services. In general we attempt to limit the Sensitive Information we collect, however this may not always be possible due to the services we perform. Where we collect Sensitive Information from you we will only do so if it is considered reasonably necessary for us to collect such information for us to perform our functions or activities and you consent, or collection is required by law or another exception under the Privacy Act applies. However, we may also collect Sensitive Information without your consent where we provide you with a health service or where it is otherwise permitted by the Privacy Act in order to carry out our services. This includes where collection is required to lessen or prevent a serious threat to your life, health or safety or to public health and safety. For more information on health services please see below.

4.2. How we collect your Personal Information

We generally collect information directly from you when you provide it to us, such as by filling in a form, during discussions with us in person during a consultation, or when you contact us on the phone or by another method.

There may also be circumstances in which we will collect Personal Information about you from your representative or a third party, for example in the circumstances outlined above. If we collect information about you from someone else we will whenever reasonably possible (unless we are legally exempt from this obligation) make you aware that we have done this and why. If you have provided us with Personal Information in relation to another person you warrant that you have that individual’s consent to the disclosure (or that you are otherwise legally entitled to do so).  As described above we also collect your information from your use of computers, phones or other connected devices to our services.

Health Services

We provide a health service to you when we provide services that are intended to (a) assess, maintain or improve your health (including physical or psychological health) (b) to treat or record your illness, disability or injury or suspected illness, disability or injury (c) an activity that takes place in the beforementioned (a) or (b) in the course of providing aged care, palliative care or care for a person with a disability. Where we provide a health service to you, we may collect your Personal Information from you without consent where the information is necessary to provide the health service to you and it is collected as required or authorised under Australian law or the information is collected in accordance with rules established by competent health or medical bodies. We may also collect Personal Information from someone else without your consent where it is necessary for us to collect the family, social or medical history of a client of ours to provide the health service to the client and your health information is part of the family, social or medical history necessary for us to provide the services to the client.

4.3. Why we collect, use and disclose your Personal Information

The primary purpose we collect, use and disclose your Personal Information is as specified in this Privacy Policy or as otherwise specified to you at the time of collection, and includes to:

(a) help us provide you with our services and to customise the support services that we provide you;

(b) enable better co-ordination between us and other providers involved in your care and treatment;

(c) to communicate effectively with you to ensure that both parties are meeting their obligations;

(d) to document your progress with our services;

(e) to engage the services of, and document our relationship with staff, volunteers and contractors;

(f) maintain your account and contact details;

(g) send marketing communication to you;

(h) conduct our business, generate content and provide customer support and payment options;

(i) communicate with you;

(j) provide you with access to protected areas of our website;

(k) conduct surveys to determine use and satisfaction;

(l) detect, investigate and prevent potentially unlawful acts or omissions or acts or omissions with the potential to breach our Privacy Policy or any other policy;

(m) verify information for accuracy or completeness;

(n) comply without legal obligations;

(o) combine or aggregate your Personal Information with information we collect from third parties and use it for the purposes set out in this Privacy Policy;

(p) protect a person’s rights, property or safety;

(q) process transactions to which you are a party;

(r) credit reporting purposes;

(s) advertise, promote and provide you with products or services distributed by us;

(t) improve our website and web services; and

(u) any other purpose made known in this Privacy Policy or other policy.

We agree to not use or disclose this information for a secondary purpose unless you consent to us doing so, or another exception applies under the Privacy Act.

4.4 Who we disclose your Personal Information to

We may disclose your Personal Information to third parties for the purposes contained in this Privacy Policy, including without limitation to:

(a) Our staff members

If you are a client of ours we will disclose your Personal Information including Sensitive Information in our internal applications that our employees can access. The Personal Information that is disclosed in the internal applications include your address, so that our employees are able to attend on you, as well as a general overview of your Personal Information including health information, to assist our employees in providing our services to you. The applications may be accessed on mobile or computer devices and are only accessible to employees we authorise. The employees use of your Personal Information is governed by this Privacy Policy and the Terms of Use.

(b) Service Providers

We may share your Personal Information with other companies, organisations and contractors and outsourced service providers who assist us to provide, or who perform the services we provide to you, including:

  • information technology service providers;
  • mailing houses;
  • market research organisations; and
  • specialist consultants.

(c) Third parties and those you ask

We may disclose your Personal Information to third parties to whom you expressly ask us to send the Personal Information to or to third parties that also provide you care and treatment. This also includes:

  • your authorised representatives;
  • government and regulatory authorities and other similar organisations, as required or authorised by law; and
  • such entities that we propose to merge with or be acquired by.

4.5 Employee obligations

If you are an employee of RCS you must:

  1. inform clients about their privacy rights including the right to have access to their Personal Information and correction of that Personal Information;
  2. ensure that you only collect Personal Information (other than Sensitive Information) which is reasonably necessary to perform the legitimate functions or activities of RCS;
  3. where sensitive or health information is collected from an individual, ensure that the individual consents to the collection and the information is reasonably necessary for one or more of RCS functions or activities or some other exception applies under the Privacy Act;
  4. ensure that collection is only done via fair and lawful measures;
  5. ensure that you only use or disclose Personal Information about an individual for the particular purpose it was collected (as contemplated by this Privacy Policy), and not use it for a secondary purpose unless the individual has consented, or another exception applies under the Privacy Act. Some examples include where disclosure is necessary to lessen or prevent a serious threat to the life, health, safety or welfare of an individual or to public health, safety or welfare or where disclosure is necessary for law enforcement;
  6. not disclose the information to any other party that is not contemplated by this Privacy Policy;
  7. not tamper with or interfere with any Personal Information in a way that is not contemplated by this Privacy Policy;
  8. not collect, store, input, upload, post, disclose or transmit Personal Information or data about others in a way that is not contemplated by this Privacy Policy;
  9. take reasonable steps to protect any Personal Information from misuse, loss, unauthorised access, modification or disclosure, including without limitation:
    1. keeping records where there is constant supervision;
    2. ensuring copies of Personal Information including in internal applications are kept out of view and not accessible by the public;
    3. ensuring that you keep your account details to internal applications including username and password confidential at all times;
    4. not allowing any other user (except those authorised) to access your account to internal applications and view client Personal Information;
  10. not collect, use, or otherwise deal with information that is inconsistent with this Privacy Policy and the Terms of Use (accessible on the website); and
  11. comply with this Privacy Policy.

4.6 Cookies Policy

What are cookies?

A cookie is a small piece of text sent to your browser by a website that you visit. It helps the website to remember information about your visit, like your preferred language and other settings. That can make your next visit easier and the site more useful to you.

Use of cookies

Our websites, online services, interactive applications, email messages, and advertisements may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behaviour, enable us to provide you a customised experience, tell us which parts of our websites people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non Personal Information. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered Personal Information by local law, we also treat these identifiers as Personal Information.

How to manage cookies

Some people prefer not to allow cookies, which is why most browsers give you the ability to manage cookies to suit you. Please review your browser provider to find out how to disable cookies. Please note that certain features of our website will not be available once cookies are disabled.

4.7 Anonymity and Pseudonymity

We will allow our customers to transact with us anonymously or by using a pseudonym, wherever that is reasonable and practicable. However, this will not be possible if we are required or authorised by law or other instrument to deal with customers who have been appropriately identified; or where it is impracticable for us to deal with individuals who have not identified themselves or who would prefer to use a pseudonym.

4.8 Storage and security of your Personal Information

We take all steps reasonable under the circumstances to protect your Personal Information from misuse, interference, loss; and unauthorised access, modification or disclosure. We store your Personal Information on web servers in Australia. Please be aware that we may use third-party cloud providers that provide hosting, data storage and other services.

We take the security of your Personal Information very seriously. We currently have the following in place:

  1. our online services protect your Personal Information during transit using encryption such as Transport Layer Security (TLS);
  2. hard copy confidential information is stored in key lockable filing cabinets. Filing cabinet keys are only accessible to persons with authority to access the particular information contained within each filing cabinet;
  3. electronic information is stored on a password secured computer network. Password access to RCS network drive is provided to office-based staff only;
  4. Your Personal Information is stored in encrypted form including when we utilise third party storage providers.

Although we use reasonable security measures, no method of transmission over the internet is completely safe, therefore we are unable to guarantee the security of your Personal Information.

4.9 Access to and correction of your Personal Information

Subject to the Privacy Act, you have a right to access and correct any personal information about you that we may hold. Should a person request access to information or correction of information, the Privacy Officer or representative will coordinate assessment of the requested information and determine if access or correction can be made in full, in part or if it must be denied (for example where requests are frivolous).

If we determine that Personal Information we hold on you, having regard to the purpose for which it is held, is inaccurate, out of date, incomplete, irrelevant or misleading, or you request us to correct the information, we will take all such steps as are reasonable in the circumstances to correct the information we hold, after considering the reason why we hold the information, and to make sure it is accurate, up to date, complete, relevant and not misleading.

If we receive a request from you to access or correct Personal Information we will respond to you within a reasonable time after receiving your request and in the manner requested by you, if it is reasonable and practicable for us to do so. We may charge a reasonable fee for giving access to the information.

4.10 If we can’t collect your Personal Information

If you do not provide us with the Personal Information described above, some or all of the following may happen:

  1. we may not be able to provide the requested products or services to you, either to the same standard or at all;
  2. we may not be able to provide you with information about products and services that you may want; or
  3. we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful.

4.11 Integrity and Retention of Personal Information

We take all reasonable steps to ensure that the Personal Information we collect about you is accurate, up to date and complete. Where we collect that information from you directly, we rely on you to supply accurate information. We make it easy for you to keep your Personal Information accurate, complete, and up to date. Where we use or disclose your Personal Information we will also ensure that your Personal Information is relevant. We will retain your Personal Information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

4.12 Cross border disclosure of Personal Information

We will generally not transfer Personal Information about an individual to anyone who is in a foreign country.  We advise that all information is stored domestically within Australia.  Where we are required to use supplier outside of Australia, we ensure that all our suppliers are required to commit to adherence with the Australian Privacy Principles.

4.13 Notifiable Data Breach

In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act or any other subsequent sections or legislation which supersede this Part IIIC, we will follow our relevant notifiable data breach procedures in compliance with the Privacy Act and relevant laws.

4.14 Children

We understand the importance of taking extra precautions to protect the privacy and safety of children using our products and services. Information about children is collected so that we can provide children with treatment and advice, in the same manner as set out in this document. For each child or young person, it is important to assess their competency. The proposed use or disclosure must also be taken into account for the safety of the child. Where a child or young person is not competent to make their own privacy decisions we can discuss the child or young person’s Personal Information and health information with a parent or legal guardian. Information will be limited to that which is necessary. Even where a child or young person is not competent their views should still be considered, as should the risks and benefits of disclosure in the circumstances (such as for example if a parent is abusive toward a child, or other issue).

For children under the age of 15, or equivalent minimum age in the relevant jurisdiction, we require parent provided verifiable consent. If we learn that we have collected the Personal Information of a child under 15, or equivalent minimum age depending on jurisdiction, outside the above circumstances we will take steps to delete the information as soon as possible (where applicable). If you are a parent or guardian of a child and do not wish for us to collect certain information about your child, or you wish to access, correct, or delete data associated with your child, please contact our Privacy Officer.

4.15 Third Party Links

When you click on a link to any other website or location, you will leave our site and go to another site and another entity may collect personal data from you. We have no control over, do not review, and cannot be responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of data after you click on links to such outside websites

4.16 Updating this Privacy Policy

This Privacy Policy is subject to occasional revision and we reserve the right, at our sole discretion, to modify or replace any part of this Privacy Policy. It is your responsibility to check this Privacy Policy periodically for changes. Continued use of our website or services shall indicate your acknowledgement of that it is your responsibility to review the Privacy Policy periodically and become aware of any modifications. We may amend this Privacy Policy from time to time. Not all changes to our Privacy Policy will require your consent, for example where office security procedures are changed. We will notify you of any change to our information handling policy that requires your consent before being implemented.

4.17 Enquiries, requests, complaints

Enquiries regarding this Privacy Policy or the Personal Information we may hold on you, should be addressed with the Privacy Officer, whose contact details are below.

If you think your Personal Information, held by us, may have been compromised in any way or you have any other Privacy related complaints or issues, you should also raise the matter with the Privacy Officer.

We will ensure your claims are investigated and a formal response will be provided to you, within a reasonable time, considering the circumstances of your claims. If any corrective action is determined to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you of such, again within a reasonable time considering the circumstances.

If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commission, whose contact details are below.

Office of the Australian information Commission

Telephone 1300 363 992
Email enquiries@oaic.gov.au
Office Address Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address GPO Box 5218, Sydney NSW 2001
Website www.oaic.gov.au

Contacting us

Entity Real Community Services Pty Ltd
Telephone 07 3725 6500
Emailenq enquiries@realcommunityservices.com.au
Office Address Unit 1/8-14 St Jude Ct Browns Plains QLD 4118
Postal Address As above
Website www.realcommunityservices.com.au

EVALUATION

Review Date 17 July 2018
Review Cycle 12 Months
Next Review Due 17 July 2019
Version 04