PRIVACY AND CONFIDENTIALITY POLICY
Purpose
The purpose of this policy is to set out the responsibilities of Culture Connex relating to collecting, using, protecting and releasing personal information in compliance with privacy legislation. The Culture Connex Privacy Policy and related procedures meet relevant legislation, regulations and standards as set out in Schedule 1, Legislative References for NDIS Services.
This policy and procedure applies to all:
- Culture Connex’s staff;
- aspects of Culture Connex’s business; and
- staff and client personal and health information.
Definitions
Personal information – Recorded information (including images) or opinion, whether true or not, about a living individual whose identity can reasonably be ascertained.
Health information – Any information or an opinion about the physical, mental or psychological health or ability (at any time) of an individual.
Policy
Privacy and confidentiality are of paramount importance to Culture Connex. Culture Connex recognises the importance of protecting the personal information of individuals. Clients’ right to privacy and confidentiality is recognised, respected and protected in all aspects of their contact with Culture Connex. All clients or their legal representatives have the right to decide who has access to their personal information.
Culture Connex will collect, use and disclose information in accordance with relevant state and federal privacy legislation. All staff are responsible for upholding Culture Connex’s privacy and confidentiality responsibilities.
Culture Connex will only collect information necessary for safe and effective service delivery. It will only use information collected for the purpose it was collected, and secure it appropriately. Information related to clients will not be released to other individuals or services without informed consent from the client or their representative, or in exceptional circumstances.
We are committed to protecting your privacy as a client and an online visitor to our website at cultureconnex.com.au. We use the information we collect about you to maximise the services that we provide to you. We respect the privacy and confidentiality of the information provided by you and adhere to the Australian Privacy Principles. Please read our privacy policy carefully.
Culture Connex complies with the requirements of the Privacy Principles as outlined in the Health Records and Information Privacy Act 2002, and, where applicable, the Privacy Act 1988 by developing, reviewing and implementing processes and practices that identify:
- how people can consent to their information being collected;
- what information Culture Connex collects about individuals, and the source of the information;
- why and how Culture Connex collects, uses and discloses the information;
- who will have access to the information; and
- risks in relation to the collection, storage, use, disclosure or disposal of and access to personal and health information collected by Culture Connex.
Information we collect from you
In the course of your visits to our website or use of our services, information Culture Connex collects includes, but is not limited to:
- contact details for clients and their representatives or family members;
- details for emergency contacts and persons authorised to act on behalf of clients;
- clients’ health status and medical records;
- medication records;
- service delivery intake, assessment, monitoring and review information;
- service delivery records, plans and observations;
- external agency information;
- feedback and complaints;
- incident reports;
- consent forms; and
- geographic location, IP address, survey responses, support queries, blog comments and social media handles (together ‘Personal Data’).
How we use your information
Culture Connex will only request and retain personal or health information that is necessary to:
- assess a potential client’s eligibility for a service;
- provide a safe and responsive service;
- monitor the services provided; and
- fulfil contractual requirements to provide non identifying data and statistical information to a funding body.
Marketing communications are only sent to you if you have requested or subscribed to them. You can opt out of our marketing communications at any time by unsubscribing or emailing us and your request will be actioned immediately.
Non-Personally Identifiable Information: We also use the information we collect in aggregated and anonymised forms to improve our services, including: administering our website, producing reports and analytics, advertising our services, identifying user demands and assisting in meeting customer needs generally.
How we use your information
Culture Connex will only request and retain personal or health information that is necessary to:
- assess a potential client’s eligibility for a service;
- provide a safe and responsive service;
- monitor the services provided; and
- fulfil contractual requirements to provide non identifying data and statistical information to a funding body.
Marketing communications are only sent to you if you have requested or subscribed to them. You can opt out of our marketing communications at any time by unsubscribing or emailing us and your request will be actioned immediately.
Non-Personally Identifiable Information: We also use the information we collect in aggregated and anonymised forms to improve our services, including: administering our website, producing reports and analytics, advertising our services, identifying user demands and assisting in meeting customer needs generally.
Any information you choose to make publicly available, such as blog comments and testimonials on our website, will be available for others to see. If you subsequently remove this information, copies may remain viewable in cached and archived pages on other websites or if others have copied or saved the information.
How we collect information from you
When collecting personal information from clients or their supporters, Culture Connex staff must explain:
- what information is required;
- the occasions when information may need to be released;
- why information is being collected and how it will be used;
- their right to decline providing information;
- their rights in terms of providing, accessing, updating and using personal information, and giving and withdrawing consent;
- who or where their information may be disclosed; and
- the consequences (if any) if all or part of the information required is not provided.
Prior to collecting information, staff must obtain consent from the client or their supporter, using the relevant Consent Form where required.
Information must be collected sensitively and within lawful limits and only for a specific purpose.
Staff will provide information to clients about their privacy and confidentiality in ways that suit clients’ individual communication needs. This includes using the language, mode of communication and terms that the client is most likely to understand. Methods include providing written information in Easy English, explaining information either face-to-face or over the phone and using interpreters and advocates. Where a client is a child, Culture Connex will provide information to their family in the language, mode of communication and terms that they are most likely to understand.
Client and Representative Privacy and Confidentiality
Clients and their representatives and families are responsible for:
- providing accurate information when requested;
- maintaining the privacy of any personal or health information provided to them about others, such as contact details;
- completing all consent and permission forms and returning them to the service in a timely manner;
- understanding their right to decline to provide personal information, which in turn could impact or restrict the services Culture Connex are able to provide;
- being sensitive and respectful to other people who do not want to be photographed or videoed; and
- being sensitive and respectful of the privacy of other people in photographs and videos when using and disposing of them.
Access to information
Client and their representative’s or family’s information supporter information may be accessed by relevant staff with a genuine need to know.
Individuals have the right to:
- request access to personal information Culture Connex holds about them, without providing a reason for requesting access;
- access this information; and
- make corrections if they consider the information is not accurate, complete or up to date.
There are some exceptions set out in the Privacy and Personal Information Protection Act 1998, where access may be denied in part or in total. Examples of some exemptions are where:
- the request is frivolous or vexatious;
- providing access would have an unreasonable impact on the privacy of other individuals;
- providing access would pose a serious threat to the life or health of any person; and
- the service is involved in the detection, investigation or remedying of serious improper conduct and providing access would prejudice that.
If an individual requests access to or the correction of personal information, within a service benchmark of 2 working days (and no more than 45 days after receiving the request), staff will:
- provide access, or reasons for the denial of access;
- correct the personal information, or provide reasons for the refusal to correct the personal information; or
- provide reasons for the delay in responding to the request for access to or correction of personal information.
Storage and security of your information
We will use all reasonable means to protect the confidentiality of your Personal Information while in our possession or control. All information we receive from you is stored and protected on our secure servers from unauthorised use or access. Personal files are kept in a secure filing cabinet in a private room, which is kept locked outside of operational hours. Personal files are available for viewing upon request.
To enable us to deliver our services, we may transfer information that we collect about you, including Personal Information, across borders for storage and processing in countries other than Australia. If your Personal Data is transferred and processed outside Australia, it will only be transferred to countries that have adequate privacy protections.
We retain your personal information for as long as needed to provide services to you and as otherwise necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
In the event there is a breach of our security and your Personal Information is compromised, we will promptly notify you in compliance with the applicable law.
Information disclosure
Client personal and health information will only be disclosed:
- for medical treatment or emergency;
- to outside agencies with the clients’ or parent or guardians’ permission;
- with written consent from person/s with lawful authority; or
- when required by Commonwealth Law, or to fulfil legislative obligations such as mandatory reporting.
Sharing your information with third parties
We do not and will not sell or deal in Personal Data or any client information.
Your Personal Information details are only disclosed to third party suppliers when it is required by law, for services which you have requested, for payment processing or to protect our copyright, trademarks and other legal rights. To the extent that we do share your Personal Information with a service provider, we would only do so if that party has agreed to comply with our privacy standards as described in this privacy policy and in accordance with applicable law. Our contracts with third parties prohibit them from using any of your Personal Information for any purpose other than that for which it was shared.
Cookies and pixels
A cookie is a small file placed in your web browser that collects information about your web browsing behaviour. Use of cookies allows a website to tailor its configuration to your needs and preferences. Cookies do not access information stored on your computer or any Personal Data (e.g. name, address, email address or telephone number). Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. This may, however, prevent you from taking full advantage of our website.
Our website uses cookies to analyse website traffic, provide social media sharing and liking functionality and help us provide a better website visitor experience. In addition, cookies and pixels may be used to serve relevant ads to website visitors through third party services such as Google Adwords and Facebook Adverts. These ads may appear on this website or other websites you visit.
Links to other websites
This website may contain links to other websites. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we are not responsible for the privacy practices of such other websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personally identifiable information. This privacy policy applies solely to information collected by this website.
Change in Privacy Policy
As we plan to ensure our privacy policy remains current, this policy is subject to change. We may modify this policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on this website. Please return periodically to review our privacy policy.
Contact us
If you have any questions or concerns at any time about our privacy policy or the use of your Personal Data, please contact us at [email protected] and we will respond within 48 hours.