PRIVACY POLICY

What is privacy?

Diabetes Australia is covered by the Privacy Act 1988 (‘the Privacy Act’). New Privacy laws commence on 12 March 2014 that introduce the new Australian Privacy Principles (‘APPs’). The APPs set out the way organisations and government agencies such as Diabetes Australia can collect, use, disclose and provide access to personal and sensitive information.

Personal information is any information that identifies or could identify a person, whether it is true or not. It includes, for example, your name, age, gender and contact details. Personal information can also include sensitive information, which is information about your health and health services provided to you.

Who is Diabetes Australia and what do we do?

Diabetes Australia is the national body for people affected by all types of diabetes and those at risk. We are committed to reducing the impact of diabetes. Diabetes Australia also administers the National Diabetes Services Scheme (‘NDSS’) on behalf of the Australian Government.

Diabetes Australia is committed to the protection of your privacy. This Privacy Policy sets out how Diabetes Australia handles your personal and sensitive information, and ensures we manage personal and sensitive information consistently with the APPs.

This Privacy Policy applies to all employees, consultants, contractors and agents of Diabetes
Australia, and covers all information collected on the Diabetes Australia website and other sites administered by Diabetes Australia.

Collection of your information

Diabetes Australia collects your personal and sensitive information only if you have consented to the information being collected, if the information is reasonably necessary for one or more of our functions or activities or if one of the other exceptions applies under the APPs.

We collect personal information about you, such as your name, contact details, gender, date of birth, Medicare or Department of Veterans’ Affairs number, country of birth, details of your parent or carer and details of your medical practitioner. We also collect sensitive information about you such as whether you are of Aboriginal or Torres Strait Islander origin, main language spoken at home, diabetes type, height, weight, whether your immediate relatives have had diabetes, treatment information and insulin status. We collect information about NDSS product sales, including the products purchased, date and location of purchase, and method of payment. We also collect your credit card or bank account details if you make an online donation or are involved in a regular giving initiative with Diabetes Australia. We collect information from individuals who elect to register with the NDSS locator bookmark. These individuals receive a regular e-newsletter with information on membership, diabetes research, activities and information.

We only collect your information by lawful and fair means. We collect your information in a few different ways, including:

  •  forms
  •  electronically, such as through our website
  •  phone calls
  •  information you provide while visiting NDSS Access Points, such as your local pharmacy, health centre and hospital
  •  information you provide while visiting NDSS Agent shop fronts or participating in diabetes support services provided by NDSS Agents
  • Find NDSS locator bookmark
  • other correspondence, such as email and mail.

We will always collect personal information from you directly unless it is unreasonable or impractical for us to do so.

If we receive personal information about you that we did not request (for example, if you complete a form and you attach extra documents that we did not ask for) and we could not have collected this information as set out in the dot points above, we will destroy or de-identify the information (i.e. any information that could reasonably identify you as an individual is removed) as soon as practicable. This will apply except where the information is part of a Commonwealth record, or we are required by law or a court/tribunal order to retain the information.

When we collect your information, or as soon as practical after, we will take reasonable steps to let you know:

  • that the information has been received by Diabetes Australia and how to contact us
  • if we received your information from another source, details of the information we have received and why we received it
  • the main consequences (if any) for you if you do not provide all or part of the information we have requested
  • the organisations or types of organisations to which we normally pass on information
  • that you can access and seek to correct your information and that our Privacy Policy explains how that can be done
  • that our Privacy Policy contains information about how someone can complain if they believe we may have breached the APPs and how we will handle that complaint and
  • whether we are likely to disclose information to overseas parties and if so, the countries in which those parties are located.

Cookies

The Diabetes Australia website and sites administered by Diabetes Australia use software known as ‘cookies’ to record your visit to the website and collect some statistical information. We use this information to help administer and improve our websites. We do not use this information to personally identify you. Information we may collect includes:

  • your server address
  • your domain name
  • the date and time of access to the website
  • pages accessed and documents downloaded
  • the previous site visited
  • if you have visited the website before
  • the type of browser software in use.

You may set your web browser to disable cookies when visiting our websites. However, some website functions may be unavailable if you choose to do so.

Can I remain anonymous?

It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself or to use a fictional name when interacting with us.  You can remain anonymous when using some parts of the Diabetes Australia website or sites administered by Diabetes Australia. However, it may be necessary for us to collect your personal or sensitive information if you would like to access certain materials or services. If you choose to withhold the information we require, we may not be able to provide the services you have requested.

Security of your information

We take appropriate steps to protect your personal and sensitive information held by us from misuse, interference, unauthorised access, modification, loss or disclosure. This includes during storage, collection, processing, transfer and destruction of the information.

Information is stored in access-controlled premises or in secure electronic databases. Employees of Diabetes Australia, its NDSS Agents, NDSS Access Points, contracted third parties and other parties to whom we disclose your information, such as the Australian Institute of Health and Welfare (AIHW), sign a confidentiality agreement that requires them to comply with the Privacy Act and our Privacy Policy.
We take steps to ensure the security of the Diabetes Australia website, Find NDSS locator bookmark, NDSS website and its related websites. However, users are advised that there is always some risk when transmitting information across the Internet, including a risk that information sent to or from a website may be intercepted, corrupted or modified by third parties.

The Diabetes Australia website and sites administered by Diabetes Australia contain links to external websites. We recommend that you review the privacy policies of those external websites as we are not responsible for their privacy practices.

When we no longer need personal information for any purpose we will take reasonable steps to destroy the information or ensure that the information is de-identified. This will apply except where the information is part of a Commonwealth record, or we are required by law or a court/tribunal order to retain the information.

Use of your information

We only use your personal and sensitive information for purposes which are directly related to the reason you provided us with your information in the first place and where you would reasonably expect us to use your information. For example, we may send a receipt to people who make a donation to Diabetes Australia.

We will not use your personal information for another purpose unless you have given consent or one of the exceptions under the Privacy Act applies. For example, if the use of the information is authorised by Australian law or is necessary for law enforcement by an enforcement body, such as the Australian Federal Police.

Disclosure of your information

When you provide us with your personal and sensitive information, we seek your consent to disclose the information for the purposes identified.

We only disclose your personal and sensitive information for purposes which are directly related to the reason you provided us with your information in the first place and where you would reasonably expect us to disclose your information.

You can be assured that we will take all reasonable steps to ensure your personal details remain confidential at all times. All external parties who receive your information must sign a confidentiality agreement that requires them to comply with the Privacy Act and our Privacy Policy.

We do not currently disclose your personal information to overseas parties. If your personal information is transferred overseas, we will comply with our obligations under the APPs.

We will not disclose your personal information for another purpose unless you have given consent or one of the exceptions under the Privacy Act applies. For example, we may disclose your personal information if authorised by Australian law or if necessary for law enforcement.

Direct communications and promotional materials

From time to time, we may send out promotional materials for the purposes of Diabetes Australia. If you do not wish to receive these communications, please contact Diabetes Australia to unsubscribe (see contact details below). Your information may also be used by us to provide you with details of our services and events where permitted by the Privacy Act or where you have consented to the use or disclosure of your personal information for direct communications and promotional materials. 

It is our policy that any direct communication or promotional material will include a statement advising that you may request not to receive further material by contacting us using the details provided.

How to access and correct your information

We will take reasonable steps to ensure that all personal information that we collect, use or disclose is accurate, up-to-date, complete, relevant and not misleading.

We will correct any personal information that we believe to be incorrect, out-of-date, incomplete, irrelevant or misleading. This includes taking reasonable steps to notify any organisation or government agency to which information was disclosed about the correction. You may request to access or correct your personal information at any time by contacting the Privacy Officer using the details below. We will give you access to the information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.

If you request to access or correct your information, we will respond within a reasonable time (usually within 30 days). If your request is refused, we will give you a written notice that sets out the reasons for refusal and how to complain about the decision.

The Spam Act 2003

The Spam Act prohibits sending unsolicited commercial emails, SMS and MMS messages for commercial purposes. Examples of unsolicited communications are ones that do not directly relate to a service you have previously signed up with or agreed to. While not-for-profit organisations such as Diabetes Australia do have some exemptions from the Spam Act, we are guided by the Code of Practice developed by the Australian Direct Marketing Association.

See www.adma.com.au/comply/code-of-practice/ for further information.

It is our policy that all electronic communications will include an unsubscribe facility.

Complaints and enquiries

Diabetes Australia is committed to the protection of your privacy. If you have any questions about how we handle personal information, would like to complain about how we have handled your information, or would like further information about our Privacy Policy, please submit a written query or complaint to our Privacy Officer. Our Privacy Officer will assess any complaints and liaise with you to resolve any issues within a reasonable time (usually within 30 days). If you are unhappy with the outcome, you may lodge a complaint with the Australian Information Commissioner who can order the payment of compensation by Diabetes Australia in certain circumstances.

See http://www.oaic.gov.au/privacy/making-a-privacy-complaint for further information.

Contact Details

Privacy Officer
Diabetes Australia
GPO Box 3156
Canberra, ACT 2601

Phone: 02 6232 3800
Email: privacy@diabetesaustralia.com.au

Updated NDSS privacy policy

Read the updated NDSS privacy policy.