Privacy Policy

1.  Purpose:

This Policy Statement and related operating procedures outlines how Can:Do Group manages personal information collected from clients, parents, carers, guardians, donors and other stakeholders.  It describes the types of information held by Can:Do Group and why, in addition to how that information is collected, held, used and disclosed.

Employees’ and volunteers’ records are managed under specific Employment Legislation.

2.  Scope:

This Policy Statement applies to all employees, volunteers and other individuals involved with the organisation.

3.  Policy Statement:

Can:Do Group is committed to the right to privacy and the protection of personal information in accordance with the  Privacy Amendment Act (2012) and the  Australian Privacy Principles enshrined in that Act, and as amended.

Concerns or complaints about the way in which Can:Do Group handles personal information should be lodged in accordance with Commendations and Complaints Procedure.

This Policy will be available in the Can:Do Group website.

4.  Guiding Principles:

Consistent with the Act and the Australian Privacy Principles the development of procedures under this policy will be based on the following:

4.1 Collection:

Can:Do Group will only collect, in a fair, non-intrusive and lawful way, personal information that is necessary for the organisation to undertake its day to day operations, including, but not limited to, the provision of quality services to clients. Sensitive information will only be collected with the individual’s consent to the collection of the information. Sensitive information is a subset of personal information and is defined in the Act as:

  • information or an opinion (that is also personal information) about an individual’s:
    • racial or ethnic origin
    • political opinions
    • membership of a political association
    • religious beliefs or affiliations
    • philosophical beliefs
    • membership of a professional or trade association
    • membership of a trade union
    • sexual preferences or practices, or
    • criminal record
  • health information about an individual
  • genetic information (that is not otherwise health information)
  • biometric information that is to be used for the purpose of automated biometric verification or biometric identification, or
  • biometric templates

Can:Do Group will take reasonable steps to ensure the individual is aware of how to access their information, how it is collected, other organisations to which Can:Do Group may disclose the information and any other action required by the Privacy Amendment Act and the Australian Privacy Principles.

Personal information will be collected by Can:Do Group staff that might require access to that information in connection with service delivery, employment or other requirements.

Wherever possible and practicable, personal information will be collected directly from the individual, rather than from someone else. Where personal information is collected from a third party, the consent of the individual will be obtained prior to collection of the information and the individual will be informed the reason for the information collection and how it will be used. Where the collection of information is regarding a child under the age of 18 or a person who has a guardian responsible for them can provide the information and will be informed the reason for collection and how it will be used.

In case the Can:Do Group receives unsolicited personal information, it will determine whether it could have collected the information as per prescribed in this Policy whereby the information will be treated , If not, the information must be destroyed or de-identified as soon as practicable.

We collect information when a prospective employee or volunteer registers their application to join the dedicated team at Can:Do Group. Consent forms are signed to allow Can:Do Group to keep the information given to us voluntarily in the form of resumes, references, etc. Unsuccessful applicants will have their information securely destroyed after a period of three months.

4.2 Use and Disclosure:

Can:Do Group will use or disclose personal information only for the purpose for which it was collected (the primary purpose), or for purposes related to the primary purpose except where personal information is required to be disclosed by law.

Can:Do Group will not divulge any information gathered from clients, staff and other stakeholders to any third party without prior written consent of the individual (or the written consent of a person who is responsible for the individual) except:

  • non-identifying data required by funding bodies and by government departments for planning purposes;
  • where it is reasonable that the disclosure is necessary to prevent or lessen serious threat to the life or health of the client or another person. Please see Information Sharing Guidelines for promoting safety and wellbeing issued by Ombudsman SA and CS03.1 Information Sharing Guidelines (Appendix) (both available from the FishNet) for more details in regards to disclosing personal information to other organisations.
  • where lawfully required to ensure that the business operations of the organization are maintained;
  • where required by law or by Government Offices/ Agencies.

Non-sensitive information may be used for direct marketing purposes in accordance with the Australian Privacy Principles, the Do Not Call Register Act 2006 and the Spam Act 2003

4.3 Data Quality:

Can:Do Group will endeavor to take all reasonable steps to ensure that the personal information collected, used or disclosed, is accurate, complete and up-to-date.

4.4 Data Security:

Can:Do Group will ensure that all personal information held is protected from misuse, unauthorized access, modification or disclosure. Can:Do Group will destroy or de-identify personal information that is no longer required.

Under the legislative and or contractual obligations, Can:Do Group is required to retain client records for up to seven years after closure of a file.

For more details about how the Can:Do Group manages records please see OP QUA01-02(14) Record Management Operating Procedures.

4.5 Openness:

On request by clients, staff and other stakeholders Can:Do Group will take reasonable steps to let them know,  an overview of the type of personal information held and the purpose for it being held, the method of collection, use and disclosure of the information.

 This Policy Statement must be available to anyone who asks for it and must be published on the Intranet.

4.6 Access and Correction:

A right of access is available to individuals regarding personal information held by the organisation, by way of a written request to the Chief Executive. Can:Do Group will take all reasonable steps to provide this access within twenty-one days of original request.

Wherever possible and reasonable, steps will be taken to correct inaccurate or incomplete personal information.

Can:Do Group reserves the right not to provide requested information on certain circumstances stated in the Privacy Act – Australian Privacy Principles.

4.7 Identifiers:

Can:Do Group will generate and use its own unique identifying code or numbers for its clients, staff or other stakeholders.

 In order to fulfil its obligations to specific agencies, Can:Do Group will use and disclose an identifier assigned to an individual by that agency.

4.8 Anonymity:

Can:Do Group will give clients and other stakeholders the option of not identifying themselves, or of using a pseudonym, when entering transactions with Can:Do Group, whenever it is lawful and practicable.

4.9 Transborder data flows

Can:Do Group does not transfer or send information outside of Australia. In some instances electronic data storing may be outsourced in which case Can:Do Group will require the supplier not to transmit or store any information overseas.

4.10  Sensitive Information:

Can:Do Group will only collect or disclose sensitive information about clients, staff and other stakeholders with the consent of the individual concerned, or if it is required by law.

5.  Related documents:

This policy statement is related to, and should be read in conjunction with the following documents:

  • OP QUA01-02(14) Record Management Operating Procedures
  • CS03.1 Information Sharing Guidelines (Appendix)
  • Information Sharing Guidelines for promoting safety and wellbeing
  • Privacy Amendment Act ( 2012) – Australian Privacy Principles
  • Do Not Call Register Act 2006
  • Spam Act 2003
  • Commendations and Complaints Procedure
 
 

facebook twitter youtube linkedin rss flickr

Can:Do Group
PO Box 43 Brighton SA 5048
T: 08 8298 0900 | TTY: 08 8298 0960

© 2014 Your Organization. All Rights Reserved. Privacy Policy