1.1 Mambourin Enterprises Ltd (“Mambourin”) is committed to protecting the privacy of information about the people to whom we provide supports (“participants”), and other people where relevant in the context.
1.2 The purpose of this policy is to:
- Clearly communicate how personal information will be handled
- Enhance transparency
- Aid understanding of personal information held and how it is handled.
2.0 REFERENCE DOCUMENTS
Procedure – Records Control
Resource – Your Privacy-Privacy Statement
Personal Information – is information or an opinion about an identified person, or a person who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.
Sensitive Information – is information or opinion (that is also personal information) about an person’s racial or ethnic origin, political opinions, membership of a political asociation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health, genetic, biometric information or biometric templates.
3.2 The Act and this Policy do not apply to acts or practices which directly relate to employee records of Mambourin’s current and former employees.
- Notice and disclosure – ensuring the person is aware of what information is collected and how this information is managed
- Choice and consent – always obtaining the appropriate level of agreement from each person in relation to their personal information
- Access and correction – the person’s right to view, modify or delete information
- Security – ensuring the integrity and protection of all information
- Redress – ensuring a simple and easily understood pathway for requests, complaints and dispute resolution.
4.0 Collection of personal information
4.1 Mambourin is required to collect information about participants. The primary purpose (“primary purpose”) Mambourin collects information is to:
- accurately assess the participant’s needs for the provision of suitable services
- accurately tailor services to meet the specific needs of the participant
5.0 Types of information collected
5.1 Information which may be collected includes, but is not limited to:
- person’s name, date of birth and address
- participant’s disability and any supports/funding required
- any health issues/medications
- any other issues which may affect/impact on the participant’s ability to participate in services provided.
6.0 How information is collected
6.1 We will only collect information legally and fairly and not by intruding unneccesarily.
6.2 We will try to collect information directly from the person (or those acting on their behalf).
6.3 Where information pertaining to a person is obtained by a third party, reasonable steps will be taken to ensure that the person is made aware of this.
6.4 When we collect information, reasonable steps will be taken to ensure that the person is aware:
- why the information is collected
- to whom we might disclose the information
- how the privacy of the person is protected
- that the person may access the information if they wish to.
6.5 We will provide this advice to the person:
- and/or in writing
- where possible, we will obtain the person’s (or their legal guardian’s) consent regarding how we collect, use, disclose and store information held about them.
7.0 Use and disclosure of information
7.1 If we collect or disclose information for reasons other than the primary purpose, we will ensure that:
- the use or disclosure of information is related to the primary purpose, or
- the person could reasonably expect that Mambourin would use or disclose the information in that way, or
- the person has provided consent to use/disclose their information for the other purpose, or
- the use or disclosure is otherwise permitted under the Act
8.0 Data quality and security
8.1 To the extent required under the Act, Mambourin will take reasonable steps to:
- ensure that the information collected and disclosed is accurate, current and complete
- protect information held from misuse, loss, unauthorised access, modification or disclosure
- destroy or permanently de-identify information that is no longer needed for any purpose permitted under the Privacy Act
9.1 Mambourin will provide people with the option of remaining anonymous in the disclosure of information if we can.
10.0 Access to and correction of information
10.1 People will be made aware of how to contact Mambourin if they wish to access, correct or amend their information.
10.2 Mambourin will provide people with access to their information and will amend information which is incorrect.
11.1 A privacy complaint relates to any concern regarding Mambourin’s privacy practices or our handling of person’s information. This could include matters such as how information is collected, stored, used, disclosed, or accessed.
11.2 Complaints will be resolved as quickly as possible and usually within 20 days unless the matter is particularly complex.
11.3 All complaints about Mambourin’s privacy practices can be reported to the General Manager – Operations.
11.4 All complaints will be lodged on Mambourin’s data base, MERP.
12.1 Mambourin will periodically review, amend and/or update this policy.