SDECC Public Privacy Policy Statement
Commitment to privacy
SDECC is committed to protecting privacy and confidentiality.
The Privacy Act 1988 (Privacy Act), Australian Privacy Principles and registered privacy codes govern the way in which we must manage personal information.
This policy sets out how SDECC collects, uses, discloses and otherwise manages personal information and provides guidance on our legal obligations and ethical expectations in relation to privacy and confidentiality.
SDECC’s privacy policy is designed to ensure that personal information is collected, stored, used and disclosed in an appropriate manner, complying both with legislative requirements and ethical obligations. We take positive steps to ensure that all our personnel understand their privacy and confidentiality responsibilities in relation to personal and organisational information. This understanding is demonstrated in all work practices.
Consideration of personal information privacy:
Openness and transparency
SDECC has designed our business practices to ensure that we will collect, store, use and manage personal information in an open and transparent manner.
SDECC also acknowledges the importance of treating other information (i.e. not personal information) in a confidential manner. However, we may share information with other involved individuals and organisations where it would be in the best interests of the client, or other individual, to do so (and provided it is lawful to do so).
Anonymity and pseudonymity
Wherever it is lawful and practicable, SDECC will give individuals the option not to identify themselves, to use a pseudonym or to request that we do not store any personal information.
Collection of personal information:
Purpose for collecting information
The personal information which SDECC collects, holds, uses and discloses will vary depending on your interaction with us.
Generally, we will collect, use and hold your personal information if it is reasonably necessary for, or directly related to, the performance of our functions and activities. These functions and activities may include, but are not limited to, the following:
- performing staff members’ duties, including work health and safety obligations
- recruiting and engaging staff and contractors
- providing a service to you or to someone you know
- providing you with information about our organisation
- facilitating our internal business operations, including complying with legal obligations
- conducting organisational functions, operations or development activities
- researching and evaluating programs and activities
- investigating and responding to complaints about our services or general operation
- auditing, investigating and responding to allegations of fraud
- contract management
- managing and responding to correspondence and enquiries from individuals and organisations.
SDECC collects all personal information in accordance with the Privacy Act and provides a privacy notice as per APP5 when we solicit personal information.
How information is collected:
SDECC collects personal information through a range of different channels, including:
- paper-based and electronic forms (including online forms)
- face-to-face meetings, interviews, assessments and counselling sessions
- telephone, email and fax communications
- the organisation’s website and other linked websites
- social media websites and accounts.
There may be some instances where personal information about you will be collected indirectly; for example, from a family member, carer or case worker in another service. This may be because it is unreasonable or impractical to collect personal information directly from you at that time. We will usually notify you about these instances in advance, or as soon as reasonably practical after the information has been collected.
Types of personal information collected
We may collect and hold personal information about you that can identify you, and is relevant to providing you with our services. The kinds of information we typically collect include name, address, telephone number, emergency contact, and may be contained in documents such as:
- records relating to work health and safety matters, including accident and injury records, compensation and rehabilitation case files
- applications, instruments of appointment, and other records relating to the performance of administrative functions and activities
- correspondence, invoices, receipts and other records relating to goods and services supplied to, provided by or purchased by us
- distribution and mailing lists relating to the dissemination of organisational publications, reports, newsletters and other information of interest to our clients, stakeholders and the broader community
- documents relating to contracts, grants, funding agreements and other procurement processes
- documents relating to feedback and complaints.
Failure to provide information
If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else you know, with the services you, or they, are seeking, or otherwise perform our business operations.
Internet users
If you access our website, we may collect additional personal information about you in the form of your IP address and domain name.
Use of cookies
The main purpose of cookies is to identify users and to prepare customised web pages for them. Cookies do not identify you personally, but they may link back to a database record about you. We use cookies to monitor usage of our website and to create a personal record of when you visit our website and what pages you view so that we may serve you more effectively.
Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites, and linked websites are not subject to our privacy policies and procedures
Holding personal information
Any personal information we hold is stored on both electronic files and hard copy files in accordance with this policy and other internal policies.
Dealing with personal information:
Use and disclosure
We only use your personal information for the purpose(s) for which it was collected (as set out above), or for purposes where you would reasonably expect us to and which are related to one of the functions or activities of the organisation. Your personal information may be provided to government agencies, other organisations or individuals if:
- you have given us your consent to do so
- we are required or authorised by law to do so
- by providing the personal information we will prevent or mitigate a serious and imminent threat to somebody’s life or health.
Marketing and promotion
We do not generally use or disclose any type of personal information for the purpose of direct marketing or promotion of our organisation. Even if we do not usually use your personal information for direct marketing purposes, we may seek your consent to use it for that purpose from time to time.
Integrity of personal information
Data quality
We take reasonable steps to ensure that information collected, used and disclosed is accurate, up to date, complete and relevant, as outlined in the Privacy Act 1988.
Data security
We take reasonable steps to protect the personal information we hold. This includes implementing physical, technical and administrative safeguards against loss, interference, unauthorised access, use, modification or disclosure and other information misuse. These steps also comprise reasonable physical, technical and administrative security safeguards for electronic and hard copy records.
Access to, and correction of, personal information
We may charge you a reasonable fee for providing access to your personal information (but not for making a request for access).
We will generally respond to a request to access or amend information within 30 days of receiving the request.
Amendments may be made to your personal information to ensure it is accurate, relevant, up to date, complete and not misleading, taking into account the purpose for which the information is collected and used. If a request to amend information does not meet the above criteria, we may refuse the request.
If we refuse your request for changes to personal information, you may submit a written statement about the requested changes which we will attach to the relevant record of personal information. We will provide you with a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide this information), including details of the mechanisms available to you to make a complaint.
We will respond to a request to access or amend personal information within a reasonable period.
Complaints and feedback
If you wish to make a complaint about anything, including a breach of the Privacy Act, Australian Privacy Principles or a privacy code that applies to us, please contact us using the details provided below and we will take reasonable steps to investigate the complaint and respond to your complaint. If you are not happy with our response, you may send your complaint directly to the Australian Information Commissioner (www.oaic.gov.au).
For more information, contact us to request a copy of our feedback and complaints policy.
If you have any queries or concerns about our privacy policy or the way we handle your personal information, or if you want to make a complaint, please contact our CEO at:
Street address: 91 Pittwater Road, Manly NSW 2095
Email address: admin@sdecc.org.au
Telephone: 02 9977 0711