In keeping with our commitment to protecting your privacy, this statement is intended to inform you of our personal information processing practices.
RIDBC complies with the Australian Privacy Principles (APP) and ensures we meet legislative responsibilities to protect the personal information of our clients, website visitors, employees, donors and volunteers. This policy applies to the whole of RIDBC, with relation to all clients, employees and donors.
We ensure we are transparent about what information is collected and how it is used. RIDBC only collects client information that is necessary in relation to the services it provides. We store all personal information securely.
We need to collect some personal and sensitive health information so we can provide services to our clients. Written consent is gained when clients come onto Services, through our ‘consent to collect and use personal information’ form, which is part of the RIDBC Privacy Notice. This Privacy Notice details how we collect, store, provide access to, use and disclose that personal information. The RIDBC Privacy Notice is emailed to our clients after their first appointment with RIDBC.
RIDBC sometimes needs to disclose information to do our job. Sometimes this will be because the law or funding requirements requires such disclosure and sometimes it will be because the welfare of the client demands it.
RIDBC is regulated by legislation and government-imposed rules of practice, which impacts the personal information we collect and what we do with it. We seek to protect privacy within the parameters of those laws and requirements.
We provide our clients and donors with the opportunity to lodge a complaint or concern regarding privacy issues within the organisation through the feedback procedure.
Complaints or concerns about privacy issues are addressed promptly. Clients may request to make changes to their privacy consent form, which is stored in their client file.
Employees can lodge a complaint or concern that relates to another employee. Complaints or concerns should initially be addressed to their manager. If the matter is escalated, the People & Culture Team or the relevant Senior Leadership Team Member will investigate.
Personal information collected must be kept to at least the minimum period necessary for service provision and legal accountability.
Personal information will only be collected by fair and lawful means and consent will be sought at the point of collection.
RIDBC only collects client information that is necessary in relation to the services it provides.
Verbal consent from clients is gained at the enquiry point of data collection.
Written consent from clients is gained when clients come onto Services, through the ‘consent to collect and use personal information’ form, which is part of the RIDBC privacy notice given to clients.
If any collection or usage practices change, RIDBC will notify clients as soon as practicable.
Use and disclosure
RIDBC collects clients’ personal information for the primary purpose of providing them with RIDBC’s services.
Personal information from clients, donors and employees will only be used and disclosed for the primary purpose it was collected. This may include improvement of services, statistics and/or reports.
Communicating with medical practitioners and other health service providers is often essential and necessary in providing clients with RIDBC’s services. These cases of disclosure are considered to be a primary purpose.
RIDBC clients may also consent to disclosures for secondary purposes. These instances are clearly explained to clients, who may choose not to consent.
The client, donor or employee’s consent will be obtained before personal information is given to a third party, except when other legal obligations take priority
RIDBC will take reasonable steps to ensure the personal information it collects, uses or discloses is accurate, complete and up to date.
Clients may update the information they have provided, which includes the information recorded in the ‘consent to collect and use personal information’ form.
RIDBC will ensure that personal information is protected from misuse, loss, unauthorised access, modification or inappropriate disclosure.
Client files are stored securely. Information about a client is only accessible by relevant employees who have been trained in best practice for privacy and information handling.
Client files are password protected.
Openness, access and correction
RIDBC’s policies and procedures for the management of personal information will be openly available.
Clients, donors and employees have a right to access personal information held about themselves.
If it is found that personal information is inaccurate, incomplete or out of date, steps will be taken to correct the information. Clients may contact us at any time to make changes to the information held on file, including changes to their “consent to collect and use personal information” form.
Identifiers and anonymity
Codes that identify an individual and are assigned by another agency won’t be adopted for our clients, donors or employees.
Trans‐border data flows
Personal information can only be transmitted outside of Australia when consent has been obtained from the individual. RIDBC does not routinely provide client data outside of Australia.
The recipient must be subject to laws or binding schemes which are similar to the Australian Privacy Principles.
External website links
RIDBC is not responsible for the content of other websites accessed via links from its own website and you are advised to comply with any copyright restrictions applicable to material downloaded from websites accessed via links from this site. RIDBC tries to maintain up-to-date links to other relevant websites but is not responsible for the accuracy of these links which may change without our knowledge.
Generally, this information does not contain personally identifiable information such as your name or email address and therefore cannot be used to identify you.
In some circumstances it may include a visitor’s internet protocol (IP) address, which could be linked to an individual.
This consolidated information provides a more accurate picture of visitor journeys and use of our services and website.
Information that can directly identify an online visitor is collected only when offered by the visitor voluntarily via our online forms.
RIDBC employees will be told about clients’ rights to privacy and confidentiality, and how to protect these, through induction and training programs.
Services will tell all new clients about their rights to privacy and confidentiality, and how these will be protected.
The Privacy and Confidentiality policy must be applied to all forms of information. This includes, but is not limited to, all information in written and electronic files, information obtained by word of mouth, from photographs and from recordings.
Specific written consent must be obtained from each client, donor or employee before any information is released or requested from other sources. This must be maintained according to Management of Client Record Policy.
Clients, donors and employees must be accurately informed about who will have access to the information and why it is being requested/released.
Clients and employees have the right to access to their own files.
Employees must not intrude into areas of clients’ lives which are not relevant to the services provided.
Consent that protects privacy and confidentiality will be obtained when requesting clients’, donors’ and employees’ cooperation in any fundraising or public relations activities. They will always be free to refuse if they don’t want to be involved.
Breach of policy
There are a range of consequences for breaches of this policy depending on the nature and seriousness of the matter. Should any breach be identified, RIDBC complies with the requirements for data breaches as defined by the Office of the Australian Information Commissioner.
Managers have a responsibility to address alleged breaches of the policy promptly, in a fair and reasonable manner and in line with the Data Breach Procedures.
They need to assess the seriousness of any alleged breaches, and how they should be dealt with.
Possible outcomes for an employee who has breached the policy may include:
- Performance improvement plans
- Formal disciplinary action
- Referral to the relevant registration or membership board
- Referral to the police in cases of suspected possible criminal activity
- Termination of employment
RIDBC will be responsible for ensuring that all clients, donors and employees are aware of their rights and responsibilities about privacy.
RIDBC employees are expected to be aware of and understand their responsibilities with regards to privacy and to act as required.
Complaint handling process
If you would like to make a complaint about a breach of the APPs, please get in touch with us via our feedback form.
We will endeavour to address all complaints within a reasonable time. If you are unhappy with the outcome of your complaint, you may take your complaint to the Office of the Australian Information Commissioner (OAIC).