This Policy governs how members of Calyptus Senior Living ABN 91641124441 (we, us, our) collect, store, use, disclose and manage personal information. This Policy also outlines and explains the types of personal information we collect, the purposes for which it is collected, how you can request access to and correct personal information that we hold about you and how you can make a privacy complaint or contact us with your enquiries or concerns.
We take your privacy seriously and are committed to open and transparent management of personal information. When dealing with personal information, we comply with the Privacy Act 1988 (Cth) (Act), the Australian Privacy Principles in the Act, and all other applicable legislation, including State and Territory health records legislation.
Our suppliers and contractors are required to enter into written contracts ensuring their strict compliance with privacy laws.
This Policy does not apply to personal information that is exempt under the Act, including the personal information of our employees relating to their former or current employment with us.
What is personal information?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Sensitive information is a subset of personal information and includes:
- health information about an individual;
- genetic information (that is not otherwise health information); and
- information or opinion (that is also personal information) about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, sexual preferences or practices or criminal record.
What constitutes personal information will vary, depending on whether any individual can be identified or is reasonably identifiable in the particular circumstances.
What kinds of personal information do we collect and why?
The personal information that we collect and hold will depend on your relationship with us, the nature of the product or service we are providing or activity you are involved in and the legal obligations we may have.
However, we generally collect and hold both personal and sensitive information, including:
- contact details including name, occupation, address, postcode, telephone and facsimile numbers, email addresses and family information;
- demographic information including age, date of birth and gender;
- health information including medical and family history, medications, diagnostic imaging and reports, pathology results, diagnoses (including mental health or disability), observations and reported symptoms;
- government related identifiers, including Medicare, Centrelink and Department of Social Services numbers;
- financial details and billing information including to comply with our legal obligations; and
- treating clinicians’ contact details.
For prospective employees:
- contact details including name, address, postcode, telephone and facsimile numbers and email addresses and family information;
- demographic information including age, date of birth and gender;
- sensitive information such as health and psychometric information;
- qualifications and experience;
- information contained in references obtained from third parties; and
- national police certificates.
For contractors and consultants:
- contact details including address, postcode, telephone and facsimile numbers and email addresses;
- financial details and billing information including to comply with our legal obligations;
- qualifications, licences and insurance details;
- information contained in references or referrals obtained from third parties; and
- national police certificates.
If lawful and reasonable to do so, we will destroy and de-identify all unsolicited personal information we receive if we would not normally collect this information to perform one of our functions or activities or if the information is sensitive and no consent has been given.
When do we collect personal information?
We will not collect personal information unless it is reasonably necessary for one of our functions or activities. We will usually only collect sensitive information with your consent. All personal information will only be collected through lawful and fair means.
Where do we collect personal information from?
The sources from which we collect personal information will depend on the circumstances of the collection and may include the following:
From you or with your consent
We will try to collect your personal information directly from you, or alternatively, with your consent. We will collect personal information from you:
- if you provide us with information about yourself and, if necessary, your medical condition;
- if you complete relevant agreements, applications, forms, surveys, competitions, questionnaires or you communicate with us by taking part in a discussion or forum or by email, telephone, in writing or in person;
- if you are providing services or goods to us or our customers; or
- if you apply for employment or engagement with us.
From other people
Where it is unreasonable or impracticable to collect information directly from you, we may obtain personal information about you from a third party. For example, we may collect personal information about you:
- from your general practitioner or another healthcare provider who has information about you to assist us in providing services to you;
- from a member of your family, a carer, a close friend, your authorised representative or responsible person, next of kin, your nominated emergency contact person or the police;
- from any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;
- from relevant government departments such as Medicare, the Department of Health or the Department of Social Services or your health insurer to assist us in providing services or processing billing for services provided to you;
- from third parties who you have asked to provide your personal information to us; or
- from a reference or referral identified in your application for employment or engagement with us.
From our website
Can I choose to remain anonymous?
We automatically gather anonymous information to monitor use. For example, the numbers and frequency of visitors to our website. This collective data helps us determine how our audiences use parts of our website, so we can improve our services. We may publish or provide this aggregate data to other people or organisations.
If you are renting accommodation from us, it is not practical for you to remain anonymous because we need to keep a record of the services provided to you.
We may be able to accommodate you using a pseudonym. However, if you choose not to provide your real identity this may impact the quality of the services provided to you and relevant billing.
If you wish to use a pseudonym that is linked confidentially to your real identity, please let us know and we will discuss with you any arrangements that can be made.
How do we use and disclose personal information?
We may use and disclose personal information for the particular purpose for which it was collected (Primary Purpose).
For customers, this will include the use and disclosure necessary to provide retirement and accommodation services. We may use or disclose your personal information:
- to staff or other service or healthcare providers involved in providing services to you or your care (including your general practitioner, nurses, physiotherapists, occupational therapists) or administrative staff (involved in preparation of documentation, billing and other administrative and management duties);
- in assessing whether you are eligible to be a resident of a Calyptus Senior Living property;
- to government authorities for the purposes of providing aged care or health services;
- to funding bodies and government agencies;
- to a member of your family, a carer, a close friend, your authorised representative or responsible person, next of kin, your nominated emergency contact person or the police; or
- any third party that you request or authorise us to.
For prospective employees, this may be for assessing and processing employment applications.
We will only generally use or disclose personal information collected for a Primary Purpose. However, it may be necessary in some cases to disclose personal information for a secondary purpose, including:
- if we have your consent;
- if required for the management of our services. For example:
- billing or debt-recovery, service-monitoring, funding, complaint-handling, incident reporting, developing and planning services, evaluation and improvement, quality assurance or audit activities, and accreditation activities;
- education and training of our staff (who may not be our employees), where de-identified information is not sufficient for this purpose; and
- disclosure to our advisors and contractors who provide services to us, for example IT and database management service providers.
- for research, compilation or analysis of statistics;
- if use or disclosure is necessary to lessen or prevent a serious or imminent threat to someone’s life, health or safety or a serious threat to public health and safety; or
- if we are required or authorised by or under an Australian law or a court or tribunal order.
We will take reasonable steps to ensure that the personal information we collect is accurate, complete, up to date and relevant to the purpose for which it is to be used, both at the time of collection and use.
How do we hold personal information and keep it secure?
All personal information collected is securely stored on our electronic databases. In some instances, it may also be held in hard copy files in secure and locked facilities in Australia.
We will take reasonable steps to ensure that the personal information we hold is protected from misuse, loss, interference, unauthorised access, modification or disclosure.
We will notify you, as soon as reasonably practicable, if we find that there has been any unauthorised access, disclosure or loss of your personal information that is likely to result in serious harm to you.
If requested, we will let you know what kind of personal information of yours we hold, for what purpose, and how we handle that information. We will also make this Policy available to anyone who requests a copy of it.
How can I access or correct my personal information?
You can request access to your personal information held by us, upon written request to our Director. We may charge reasonable costs for carrying out your request. To obtain access to your personal information, you must provide us with proof of identity. This is necessary to ensure that your personal information is provided only to the correct individuals and that the privacy of others is protected.
If, upon receiving access to your personal information or at any other time, you believe your personal information is inaccurate, incomplete or out of date, you can notify our Privacy Officer to correct your personal information. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.
We may decline a request for personal information in circumstances prescribed in the Act. If so, we will give you a written notice setting out the reasons for refusal and the complaint mechanisms available to you.
Do we disclose personal information overseas?
We may disclose personal information to entities outside of Australia, in which case we will take all steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles, unless we reasonably believe the disclosure is necessary or authorised by Australian law.
Do we use your personal information for direct marketing and can you opt out?
There may be occasions where personal information is used for direct marketing purposes including direct contact, telephone enquiries, email, SMS, letters, internet and web interactions, surveys and other forms of communication. Any such use will be limited to circumstances where you would reasonably expect us to use or disclose your personal information for that purpose and it has been collected from you, or if you have otherwise consented or requested this information.
You have the right:
- to contact us to ‘opt-out’ of receiving direct marketing communications; or
- to request that we provide the source of your personal information where reasonable and practicable.
If you have consented to us providing direct marketing to you and you wish to stop receiving such marketing, please contact us on the details set out in this Policy or provided in the marketing communication.
How can I complain about the handling of my personal information?
If you believe we have at any time breached this Policy, you may lodge a written complaint with our Director on the contact details in this Policy.
We will endeavour to acknowledge your complaint within 14 days of its receipt, and to make a determination on the complaint within 30 days of its receipt.
Contact details and further information
Director (Privacy Officer)
Post: Shop 3, 8 Edmondstone St, Newmarket Qld 4051
Phone: 0434 604 634
Further information about the Australian Privacy Principles and the application of the Act to us can be found at the website of the Office of the Australian Information Commissioner at http://www.oaic.gov.au.
Monitoring and review
This Policy will be reviewed every two years or when changes to legislation and regulation or the operating environment occur.