1. What is personal information?
Personal information is defined under the Privacy Act to mean information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
Sensitive information is a form of personal information and includes information or an opinion about an individual’s racial or ethnic origin; political opinions and memberships; religious and philosophical beliefs or affiliations; membership of a trade union; sexual orientation or practices; and criminal record; and health information, genetic information and biometric information.
Health information includes information or opinion about an individual’s illness, injury or disability such as information about an individual’s physical or mental health; notes of an individual’s symptoms, diagnosis and treatment; specialist reports and test results; an individual’s wishes about future health services; and appointing and billing details.
We will not collect sensitive information (including health information) about you unless you consent to the collection, and the information is reasonably necessary for, or directly related to, one or more of our functions or activities. We will only collect health information from you by lawful and fair means, and generally only directly from you.
2. Why we collect personal information
As a provider of personalised home care and support, we collect and hold a range of personal information (including sensitive information) about our clients, employees and job applicants and the contractors we engage.
We collect this personal information so we can deliver the home care services to our clients and to comply with our legal obligations.
3. The personal information we collect and hold
Clients: We collect a range of personal information about our clients and their legal representatives, including names, addresses and contact details; gender, dates of birth, marital status, religion; photographs; health information; information about clients’ requirements for the services we provide and existing conditions that affect the services we provide; and information about the services we provide to clients.
Job applicants and contractors: We also collect and hold certain personal information about applicants for employment with us and contractors wishing to supply products and/or services to us as well as their employees, including resumes, employment histories and qualifications; training records and competency assessments; police checks and other suitability checks; and medical histories directly related to the individual’s ability to perform the inherent requirements of the position.
4. How we collect personal information
We may collect personal information about an individual from a range of sources using a variety of means including forms (either physical or online), mail correspondence, emails and other electronic communications; through feedback provided by our clients to us in relation to the services provided; through interactions between us and case managers, facilitators, social workers, siblings, children, grandchildren and any other individual interested in or involved in providing services to our clients; through telephone, email or in-person inquiries or discussions about us and/or the services we provide; through publicly available sources of information; through interactions with our social media channels that we offer or monitor; from job applicants and staff members; direct contact in the course of us providing services (including the administration of accounts established with us); in the course of conducting market research, including customer satisfaction surveys; and from current and prospective suppliers of goods and/or services to us.
Clients: We collect personal information directly from our clients or their representatives. We also collect information from other sources such as health care providers, government departments and bodies and other people or organisations who have provided or do provide services to our clients.
We collect personal information using lawful and fair means and generally only when the information is relevant to our business and activities (including providing services to clients).
Job applicants and contractors: We always try to collect information about applicants for employment with us directly from them. We also collect information about job applicants through background checks and police checks; and from referees and employment agencies.
Information about contractors and their employees is collected directly from the contractors and from our clients and their representatives.
5. How we store personal information
We strive to ensure the security of personal information we collect and hold. We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.
All personal information is securely stored using appropriate physical and/or electronic security technology, settings and applications, and by ensuring staff dealing with the information are trained in our privacy policies and procedures.
6. How we use personal information
Clients: We primarily use clients’ personal information to provide them with services in their home. We also use clients’ personal information for other purposes including, but not limited to complying with our obligations under laws; and quality assurance, risk management and continuous improvement activities.
From time to time, we use clients’ personal information for direct marketing. Clients who do not wish to have their personal information used for this purpose should contact us on the details below and let us know.
Job applicants and contractors: We use personal information about job applicants and contractors to assess their suitability to perform the duties required and deliver services to our clients, where required; meet our obligations under relevant laws, including the Aged Care Act 1997 and workplace laws; and improve the services we offer through quality improvement activities such as training.
7. Circumstances in which we disclose personal information
Clients: Personal information collected about our clients may be disclosed to other parties involved in the providing services to our clients. This may include disclosure of information to, for example, a client’s doctor or their allied health service providers, cleaners, gardeners or maintenance personnel who provide services to the client at home.
We may disclose personal information (including sensitive information) about our clients to our agents and contractors (eg to enable them to perform services under contract with us which may directly or indirectly benefit the client from whom the information was collected); marketing providers to facilitate our marketing of our services to current and to prospective clients; government agencies where this is necessary for us to receive funding and/or comply with our legal obligations to notify the government and police of certain matters; our professional advisers, such as lawyers or auditors; and related organisations.
We may also disclose personal information (including sensitive information) about a client when required by law or court order or where we are required to do so as a result of any obligations we owe under any contract.
Job applicants and contractors: We use personal information about job applicants and contractors to assess their suitability to perform the duties required and deliver care and services to our clients, where required; meet any obligations under relevant laws, including the Aged Care Act 1997 (Cth) and workplace laws; improve the services we offer through quality improvement activities such as training; and assess and manage the supply of goods and services to us by a prospective or current contractor.
Cross-border disclosure: In the event we engage in cross border transfer of information, such as routing or storing information on cloud servers located overseas or transferring information to an office of our company overseas, we will ensure that adequate security mechanisms are in place to protect your information. For example, we will enter into a contract with the cloud server that ensures the information is for the limited purpose of storing and managing the Personal Information.
Sale or merger of Luxe Care: Personal information about individuals we have collected and hold may be disclosed to third parties in the event we offer to sell and/or sell our business and/or assets, at or before the time of a merger, acquisition or sale.
8. Anonymity and pseudonymity
You have the option of dealing with us anonymously or pseudonymously, unless it would be impracticable to do so.
When you deal with us anonymously, you will not be identified and we will not collect any personal information about you. When you deal with us using a pseudonym, you will use a name, term or descriptor that is different to your name. In some circumstances you may still be identifiable — for example when you consent to provide us with personal information that is linked to the use of the pseudonym.
9. Direct marketing
We may directly market Luxe Care and our services to an individual on the basis that the individual would reasonably expect us to do so, where we have already collected the individual’s personal information directly from the individual.
Where we collect information about an individual from a third party, we will not use that information to directly market to that individual unless the individual consents to this. Such consent may be express or may be implied.
10. Accessing and correcting your personal information
It is important that the information we hold about our clients, employees, job applicants and contractors is accurate. Except in certain situations, you have the right to access your personal information and ask us to correct it. We will take reasonable steps to update or correct, as soon as possible, any information in our possession that is inaccurate, incomplete, out-of-date, irrelevant or misleading.
We may refuse to grant you access where this is allowed or required by law, for example, where this would have a negative impact on someone else’s privacy. If we do refuse to grant access, we will give you written reasons.
If you would like to access your personal information, please contact The Privacy Officer, PO Box 2167, Hawthorn, Victoria, 3122 or via 1300 848 365.
We may charge you a small fee for accessing your personal information, as permitted by law.
11. Data breaches
We have internal processes in place to deal with any data breaches. There is a mandatory notification scheme currently in place for notifiable data breaches under the Privacy Act.
What is a data breach?: An eligible data breach under the Privacy Act arises when the following three criteria are satisfied: • there has been unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information; • this access, disclosure or loss is likely to result in serious harm to one or more individuals; and • we have not been able to prevent the likely risk of serious harm with remedial action.
Luxe Care staff members must immediately notify a Director if they suspect or know that any data breach has occurred in relation to personal information.
Assessment and action: Where we become aware of or suspect that a data breach has occurred, we will investigate and assess whether a data breach has in fact occurred; take all steps to prevent a suspected data breach from occurring; and if a breach has occurred, take steps to minimise the risk of the data breach recurring.
If we determine that a data breach has occurred, we will determine the date of the breach and the nature of the personal information exposed; unless prohibited by law, notify affected individuals and provide them with any necessary assistance; notify any relevant regulatory body; and contain the breach and remediate any effects.
12. Feedback and complaints
We welcome any questions, feedback and complaints about our systems and processes for handling personal information. You have the right to complain if you believe we have breached this policy or your rights under the APPs. To lodge a complaint, please write to Suzanne Petterson, Director at via PO Box 2167, Hawthorn, Victoria, 3122 or firstname.lastname@example.org.
We will promptly acknowledge receipt of your complaint and we will endeavour to deal with your complaint and to provide you with a response within a reasonable time period following receipt of your complaint (generally within 30 days of receipt). Where a complaint requires a more detailed investigation, it may take longer to resolve. If this is the case, then we will provide you with progress reports.
We reserve the right to verify the identity of the person making the complaint and to seek (where appropriate) further information from the complainant in connection with the complaint.
Where required by law, we will provide our determination on your complaint to you in writing. Please note that we may refuse to investigate or to otherwise deal with a complaint if we consider the complaint to be vexatious or frivolous.
If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner.
Office of the Australian Information Commissioner
1300 363 992
Further information can be found at http://www.oaic.gov.au/privacy/making-a-privacy-complaint.