Commitment to Privacy
Guthrie House is committed to protecting privacy and confidentiality.
The Privacy Act 1988 (Privacy Act), Australian Privacy Principles and registered privacy codes govern the way in which we must manage your personal information.
This policy sets out how we collect, use, disclose and otherwise manage personal information and provides guidance on our legal obligations and ethical expectations in relation to privacy and confidentiality.
Consideration of personal information privacy
Open and transparent
We have designed our business practices to ensure that we will collect, store, use and manage personal information in an open and transparent manner.
We also acknowledge the importance of treating other information (that is not personal information) in a confidential manner. However, we may share information with other involved individuals and organisations where it would be in the best interests of the client, or other individual, to do so (and provided it is lawful to do so).
Collection of personal information
Purpose for collecting information
The personal information which we collect, hold, use and disclose will vary depending on your interaction with us.
Generally, we will collect, use and hold your personal information if it is reasonably necessary for, or directly related to, the performance of our functions and activities. These functions and activities may include, but are not limited to, the following:
- performing staff members’ duties, including work health and safety obligations
- recruiting and engaging staff and contractors
- providing a service to you or to someone you know
- providing you with information about our organisation
- facilitating our internal business operations, including complying with legal obligations
- conducting organisational functions, operations or development activities
- researching and evaluating programs and activities
- investigating and responding to complaints about our services or general operation
- auditing, investigating and responding to allegations of fraud
- contract management; and
- managing and responding to correspondence and enquiries from individuals and organisations.
We collect all personal information in accordance with the Privacy Act and provide a privacy notice as per APP 5 when we solicit personal information.
How information is collected
We collect personal information through a range of different channels, including:
- paper-based and electronic forms including Corrective Services portals
- face-to-face meetings, interviews, assessments and counselling sessions
- telephone, email, and fax communications
- organisation website and other linked websites; and
There may be some instances where personal information about you will be collected indirectly; for example, from a family member, carer or case worker in another service. This may be because it is unreasonable or impractical to collect personal information directly from you at that time. We will usually notify you about these instances in advance, or as soon as reasonably practical after the information has been collected.
Types of personal information collected
We may collect and hold personal information about you that can identify you, and is relevant to providing you with our services. The kinds of information we typically collect include name, address, telephone number, emergency contact and may be contained in the documents such as:
- records relating to work health and safety matters, including accident and injury records, compensation and rehabilitation case files;
- applications, instruments of appointment, and other records relating to the performance of the administrative functions and activities
- correspondence, invoices, receipts and other records relating to goods and services supplied to, provided by or purchased by us
- distribution and mailing lists relating to the dissemination of organisational publications, reports, newsletters and other information of interest to our clients, stakeholders and the broader community
- documents relating to contracts, grants, funding agreements and other procurement processes; and
- Documents relating to feedback and complaints.
Failure to provide information
If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else you know, with the services you, or they, are seeking, or otherwise perform our business operations.
If you access our website, we may collect additional personal information about you in the form of your IP address and domain name.
Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites, and linked websites are not subject to our privacy policies and procedures.
Holding personal information
Any personal information we hold is stored on both electronic files and hard copy files in accordance with this policy and other internal policies.
Dealing with personal information
Use and disclosure
We only use your personal information for the purpose(s) for which it was collected (as set out above), or for purposes where you would reasonably expect us to and which are related to one of the functions or activities of the organisation. Your personal information may be provided to government agencies, other organisations or individuals if:
- you have given us your consent to do so
- we are required or authorised by law to do so; or
- by providing the personal information we will prevent or mitigate a serious and imminent threat to somebody's life or health.
We are not likely to disclose your personal information to overseas recipients.
Marketing and promotionWe do not generally use or disclose any type of personal information for the purpose of direct marketing or promotion of our organisation. Even if we do not usually use your personal information for direct marketing purposes, we may seek your consent to use it for that purpose from time to time.
Integrity of personal information
Data qualityWe take reasonable steps to ensure that information collected used and disclosed is accurate, up-to-date, complete and relevant. As outlined in The Privacy Act 1988.
Data securityWe take reasonable steps to protect the personal information held. This includes implementing physical, technical and administrative safeguards against loss, interference, unauthorised access, use, modification or disclosure and other information misuse. These steps also comprise reasonable physical, technical and administrative security safeguards for electronic and hard copy records.
Access to, and correction of, personal information
You have a right to access your personal information and upon request we will provide access unless the Privacy Act or any other relevant law permits or requires us to withhold access. If we refuse you access, we will provide you with a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons).
We may charge you a reasonable fee for providing access to your personal information (but not for making a request for access).
We will generally respond to a request to access or amend information within 45 days of receiving the request. Requests should be made to the Administration Officer at Guthrie House.
Amendments may be made to your personal information to ensure it is accurate, relevant, up-to-date, complete and not misleading, taking into account the purpose for which the information is collected and used. If a request to amend information does not meet the above criteria, we may refuse the request.
If we refuse your request for changes to personal information, you may submit a written statement about the requested changes which we will attach to the relevant record of personal information. We will provide you with a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide this information), including details of the mechanisms available to you to make a complaint.
We will respond to a request to access or amend personal information within a reasonable period.