Anchor is committed to responsible corporate governance and compliant business practices and complies with relevant privacy laws. Anchor is bound by Commonwealth and Victorian privacy laws including the Privacy Act 1988 (Cth), the Privacy and Data Protection Act 2014, the Health Records Act 2001 (Vic) as well as other laws, which impose specific obligations when it comes to handling information.
This Policy outlines Anchor’s commitment to protecting the privacy of personal, sensitive and Health information which the organisation collects, holds and administers in order to perform its functions and activities
The purpose of this document is to outline how we collect, use and manage personal, sensitive and Health information and to provide a framework for how Anchor deals with privacy considerations.
Health information under the Health Records Act 2001 (Vic) is information that may identify a person, including a person who has died, that relates to the person’s physical, mental or psychological health, disability or genetic makeup. It also includes information about health services provided, or that will be provided to a person, and their wishes about health services.
Personal information for the purposes of the Act means any information or an opinion about an identifiable individual, or an individual who is reasonably identifiable. This may include for example, an individual’s name, address, telephone number, email address, credit card details, account number and profession or occupation.
Notifiable Data Breaches for the purposes of the Act, a notifiable data breach is one that is likely to result in serious harm to any of the individuals whose information was involved.
Sensitive information under the Act includes:
- Health information;
- Genetic information;
- Information or an opinion (that is also a personal opinion) about an individual’s:
- criminal record;
- racial or ethnic origin;
- religious beliefs or affiliations; or
- sexual orientation.
The Act means the Privacy Act 1988 (Cth).
In broad terms this policy means that we:
- collect only information which is reasonably necessary for a function or activity of the organisation;
- will take reasonable steps to ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
- use and disclose information only for our primary purpose or a directly related purpose, for another purpose with the person’s consent, or as permitted by law;
- store information securely, protecting it from unauthorised access;
- provide stakeholders with access to their own information, and the right to seek its correction; and
- provide stakeholders with contact details on how to raise concerns.
- all sites
- all programs
- all staff, contractors, volunteers and members of the organisation.
Anchor is committed to protecting the privacy of personal and health information it collects, holds and administers. We collect, use and disclose personal and health information in accordance with the law. We are transparent and accountable for how we deal with Personal information.
6.1 The kinds of information we collect, hold, use and disclose:
The type of information collected by Anchor may include:
- email address;
- telephone number;
- date of birth;
- profession, occupation or job title and education information;
- bank account and/or credit card details;
- forms of identification, such as, drivers licence or passport;
- results of probity checks;
- goods/funds donated;
- instructions regarding where donated goods/funds are to be directed (where applicable);
- details of the services an individual has obtained from us or which an individual has enquired about, together with any additional information necessary to provide those services (including reasons for obtaining services);
- information provided by an individual or other agencies, such as the Department of Health and Human Services, so that we can provide funded services;
- information about the health and welfare of clients, children and carers, or health services provided or required by clients, children or carers;
- details of relevant insurance policies; and
- information about employees of Anchor for purposes connected with our employment relationship.
This information may be about:
- employees and volunteers;
- people receiving a service from Anchor
- children and families supported by Anchor in kinship, foster care or other programs
- carers, including kinship and foster carers, and their families;
- donors and supporters;
- people supporting Anchor; and
- other people who come into contact with Anchor.
6.2 How we collect information:
Anchor collects information in a range of different ways including:
- through forms and applications;
- during meetings and interviews;
- through telephone calls and emails;
- through access and use of our website;
- through referrals made to us or by us;
- in correspondence between an individual and Anchor; and
- in correspondence and reports to Anchor by other agencies.
Anchor only collects Sensitive information about an individual in accordance with the Act and only where such information is reasonably necessary to enable Anchor to perform functions or activities of the organisation.
6.3 Purpose of Collection, use and disclosure of information:
Anchor collects, holds, uses and discloses personal, sensitive and Health information so that we can perform our activities and functions. This includes:
to provide services, support and case management to clients, children and carers;
- to respond to referrals and provide information about available support services;
- to comply with our reporting obligations;
- to advise individuals of events, programs, services or updates which we believe may be of interest to them;
- to process donations and provide receipts;
- to communicate with individuals about how their donation is managed; and
- to manage our employees.
We may also use information for other purposes related to those described above, and/or for a purpose for which an individual would reasonably expect it to be used (including recording information in relevant Department of Health and Human Services systems) as permitted by law.
We may send direct marketing communications and information about Anchor that we consider may be of interest to an individual. These communications may be sent in various forms in accordance with applicable marketing laws. At any time an individual may opt-out of receiving marketing communications from us by contacting us or by using opt-out facilities provided in the marketing communications and we will then ensure that their name is removed from our mailing list.
We understand that the safe and secure handling of personal, sensitive and Health information is important and confirm that all information is securely stored in accordance with legal requirements.
Consistent with our commitment to compliance all staff are provided with training and resources to understand and implement these obligations.
6.4 Disclosure of personal, sensitive and health information
We may disclose personal, sensitive and Health information with consent from an individual or as permitted or required by law to:
- Our employees, contractors, service providers, government agencies (including DHHS) or third parties for the purposes of providing services, support and case management, to operate our business and website, and to fulfil requests by individuals;
- Third parties whom we believe may be able to offer support or assistance to an individual;
- PayPal (or an alternative third party secure payment service) to facilitate individual donations via our website and to enable us to provide services ; and
- Any organisation with whom an individual provide us with consent to disclose their personal, sensitive and Health information.
6.5 Data Breaches
If Anchor Inc determines that personal information has been accessed without permission, acquired, used or disclosed in a manner which compromises the security of the personal information, Anchor Inc will assess the risk to affected parties in accordance with the Privacy Act. If Anchor Inc determines that a breach would be likely to result in serious harm to an individual, Anchor Inc will notify all affected individuals and the Office of the Australian Information Commissioner (OAIC) and all affected parties. The notification will provide recommendations about the steps individuals should take in response to the breach.
7.0 How An Individual Can Access And Seek Correction Of Their Personal, Sensitive and Health information
An individual may request access to personal, sensitive and Health information about themselves that we hold and may ask us to correct their information if they find that it is not accurate, up to date or complete by sending a written request to Anchor’s Privacy Officer Paula Barras. Our contact details are:
Telephone: 03 8761 9040
Address: 44 Lakeview Drive, Scoresby VIC 3179
To protect individual privacy we will need evidence of identity before we can grant access to information or change such information.
8.0 Concerns And Complaints
Telephone: 03 8761 9040
Address: 44 Lakeview Drive, Scoresby VIC 3179
We take our privacy obligations seriously and endeavour to respond to any concerns or complaints as soon as reasonably practicable and within 30 days.
9.0 Related Documents
Code of Conduct Policy
Client Access to files procedure
Anchor staff Confidentiality Statement and agreement