Diabetes Australia – Vic respects and upholds people’s privacy rights in the way we collect, use, disclose, hold and destroy personal information. Personal information includes any information where someone’s identity is apparent or can be reasonably ascertained from that information. Personal information includes sensitive information such as health information about an individual. The kinds of information we collect and hold may include a person’s name, gender, age, contact details and the details of their dealings with Diabetes Australia – Vic. This includes information we have collected over the telephone, via mail, personal contact or over the internet.
We collect information about individuals for a number of reasons, including, but not limited to:
- Providing information about and evaluating our programs, services and events;
- Providing support and information in regard to diabetes prevention and management;
- Providing information and resources about fundraising;
- Development and maintenance of our donor, sponsor and supporter databases;
- Being able to contact our volunteers and committee members;
- Evaluation of employment applications;
- For the recruitment of members
- For fundraising purposes
- For research and surveys.
Reasonable steps are taken to protect personal information from loss, misuse, improper disclosure or unauthorised destruction. We apply generally accepted standards of technology and operational security to keep personal information secure i.e.: computer backups being taken at regular intervals, information stored in databases only being accessed by authorised DA–Vic staff, all hard copy data disposed of appropriately when no longer required, etc.
When we contact individuals, or someone contacts DA–Vic, we like to be sure that our staff are as skilled as possible, therefore, an authorised supervisor may monitor or record calls for quality assurance and improvement.
We will only collect personal information from an individual if the individual has consented to their information being collected and the information is reasonably necessary for one or more of our functions or activities, unless the collection is required:
- to lessen or prevent a serious and imminent threat to an individual’s health and/or safety and it is unreasonable or impracticable to obtain the individual’s consent; or
- by law or a court/tribunal order; or
- in preparation for, or conduct of legal proceedings in a court or tribunal; or
- in the public interest, e.g. to lessen or prevent a serious threat to public health or safety and it is unreasonable or impracticable to obtain the individual’s consent.
We will only collect personal information by lawful and fair means, and will only collect personal information of an individual from the individual themselves unless it is unreasonable or impracticable to do so.
When we collect personal information about an individual, or as soon as practicable after, we must take reasonable steps to let the individual know:
- how to contact Diabetes Australia – Vic;
- if we have received the information from another source, details of the information received and the circumstances in which we received it;
- the reasons for Diabetes Australia – Vic collecting the information;
- the main consequences (if any) for the individual if they do not provide the requested information;
- the organisations or types of organisations to which we normally pass on the information;
- if we are likely to disclose an individual’s personal information to overseas recipients, and if so, the countries in which those recipients are located.
Any personal and sensitive information collected will only be used by us for the primary reason it was collected, unless:
- It could be reasonably expected that DA–Vic would use the information for a purpose directly related to the primary purpose for which it was collected; or
- The person has agreed to the use of their information for a purpose other than the primary purpose for which it was collected.
From time to time, we may send out further information and promotional materials to individuals for the purposes of Diabetes Australia – Vic, e.g. information about events. This may only occur where the individual would reasonably expect Diabetes Australia – Vic to use their personal information (e.g. their contact details) for this purpose, or where the individual has consented to the use of their personal information for this purpose. Diabetes Australia – Vic will not use sensitive information (e.g. health information) of an individual to provide them with further information without the individual’s consent. Individuals are able to opt out of receiving further information from Diabetes Australia – Vic. Any direct communication or promotional material sent to an individual must be provided with a notification or statement to the effect that if the individual wishes to opt out of receiving further information from Diabetes Australia – Vic they should contact our privacy officer by email on email@example.com or by telephone on 1300 136 588. If submitting a request, individuals should provide as much information as possible to assist with this process, e.g. name, address, member number (if applicable) and reference to the piece of promotional material.
We do not lend or give away information collected from any of our activities, except:
- To lessen or prevent a serious and imminent threat to an individual’s health and/or safety and it is unreasonable or impracticable to obtain the individual’s consent;
- When required by law or a court/tribunal order;
- In preparation for, or conduct of legal proceedings in a court or tribunal;
- In the public interest, eg: to lessen or prevent a serious threat to public health and/or safety and it is unreasonable or impracticable to obtain the individual’s consent.
- Deidentified data may be used for research purposes.
Commencing February 2014, DA–Vic may, occasionally, and only with the consent of the member/donor, disclose our member/donor mailing details to other like- minded charities so that they can provide information about their activities or services that may be of interest to our members/donors. In return, these organisations do the same and allow us to contact their donors with important diabetes information and requests for support of DA–Vic. Individuals may request that we do not disclose their details to other like-minded charities. If an individual does not wish to receive mail from like-minded charities, they should be notified to contact our privacy officer by email on firstname.lastname@example.org or by telephone on 1300 136 588. If submitting a request, individuals should provide as much information as possible to assist with this process, e.g. name, address and member number, if applicable.
We will only record your email address if you provide it to us. Your email address will not be used for any other purpose, other than those purposes specified within this Policy and Procedure Manual without your consent.
Like many organisations, we track usage patterns on our websites, specifically, we record:
- Internet providers;
- Date and time of website visitors;
- Web pages accessed and documents downloaded;
- Search items entered.
Sometimes we need to store temporary information, which can personalise a website visit, using ‘cookies’. Cookies are simply an alternative for storing information used by webpage scripts in a computer’s browser rather than on a computer server. Cookies cannot gather any more information about an individual than what is already publicly available when the web is surfed or what an individual offers in a web form.
DA–Vic’s website contains links to other websites. We do not control, and are not
responsible for, the content or privacy practices of those websites.
The internet is inherently insecure and accordingly, we cannot provide any definite assurance regarding security or personal information. DA–Vic will not be liable in any way in relation to any breach of security or any unintended loss or disclosure of that information.
If an individual requests access to personal information we hold about them, we must allow the individual access to their information, unless one of the exceptions under the Privacy Act applies, for example:
- where providing access would pose a serious threat to the life, health or safety of an individual or to public health or safety;
- where giving access would be unlawful; or
- where denying access is required under law or a court/tribunal order.
If an individual requests that we correct personal information we hold about them, unless there is a sound reason under the Privacy Act or other relevant law to not make the correction, we must take reasonable steps to make the correction to the information requested, to ensure that the information is accurate, up-to-date, complete, relevant and not misleading. Where requested to do so by the individual, we must also notify third parties that have previously been disclosed the individual’s personal information of the correction.
If an individual requests access to, or correction of, personal information we hold about them, we must respond to their request within a reasonable time (usually within 30 days). If we refuse an individual’s request for access and correction, we must provide them with written notice setting out the reasons for the refusal, and how the individual may complain about the decision.
If the individual does not wish to raise a complaint with Diabetes Australia – Vic directly, they should be directed to contact the Office of the Australian Information Commissioner.