Diabetes Victoria respects and upholds people’s privacy rights in the way we collect, use, disclose, hold and destroy personal information. Personal information includes any information where someone’s identity is apparent or can be reasonably ascertained from that information. Personal information includes sensitive information such as health information about an individual. The kinds of information we collect and hold may include a person’s name, gender, age, contact details and the details of their dealings with Diabetes Victoria. This includes information we have collected over the telephone, via mail, personal contact or over the internet.
We collect information about individuals for a number of reasons, including, but not limited to:
- Providing information about and evaluating our programs, services and events;
- Providing support and information in regard to diabetes prevention and management;
- Providing information and resources about fundraising;
- Development and maintenance of our donor, sponsor and supporter databases;
- Being able to contact our volunteers and committee members;
- Evaluation of employment applications;
- For the recruitment of members
- For fundraising purposes
- For research and surveys.
Reasonable steps are taken to protect personal information from loss, misuse, improper disclosure or unauthorised destruction. We apply generally accepted standards of technology and operational security to keep personal information secure i.e. computer backups being taken at regular intervals, information stored in databases only being accessed by authorised Diabetes Victoria staff, all hard copy data disposed of appropriately when no longer required, etc.
When we contact individuals, or someone contacts Diabetes Victoria, we like to be sure that our staff are as skilled as possible, therefore, an authorised supervisor may monitor or record calls for quality assurance and improvement. We will only collect personal information from an individual if the individual has consented to their information being collected and the information is reasonably necessary for one or more of our functions or activities, unless the collection is required:
- To lessen or prevent a serious and imminent threat to an individual’s health and/or safety and it is unreasonable or impracticable to obtain the individual’s consent; or
- By law or a court/tribunal order; or
- In preparation for, or conduct of legal proceedings in a court or tribunal; or
- In the public interest, e.g. to lessen or prevent a serious threat to public health or safety and it is unreasonable or impracticable to obtain the individual’s consent.
We will only collect personal information by lawful and fair means, and will only collect personal information of an individual from the individual themselves unless it is unreasonable or impracticable to do so. When we collect personal information about an individual, or as soon as practicable after, we must take reasonable steps to let the individual know:
- How to contact Diabetes Victoria;
- If we have received the information from another source, details of the information received and the circumstances in which we received it;
- The reasons for Diabetes Victoria collecting the information;
- The main consequences (if any) for the individual if they do not provide the requested information;
- The organisations or types of organisations to which we normally pass on the information;
- If we are likely to disclose an individual’s personal information to overseas recipients, and if so, the countries in which those recipients are located.
Any personal and sensitive information collected will only be used by us for the primary reason it was collected, unless:
- It could be reasonably expected that Diabetes Victoria would use the information for a purpose directly related to the primary purpose for which it was collected; or
- The person has agreed to the use of their information for a purpose other than the primary purpose for which it was collected.
We do not lend or give away information collected from any of our activities, except:
- To lessen or prevent a serious and imminent threat to an individual’s health and/or safety and it is unreasonable or impracticable to obtain the individual’s consent;
- When required by law or a court/tribunal order;
- In preparation for, or conduct of legal proceedings in a court or tribunal;
- In the public interest, eg: to lessen or prevent a serious threat to public health and/or safety and it is unreasonable or impracticable to obtain the individual’s consent.
- Deidentified data may be used for research purposes.
- Like many organisations, we track usage patterns on our websites, specifically, we record:
- Internet providers;
- Date and time of website visitors;
- Web pages accessed and documents downloaded;
- Search items entered.
Sometimes we need to store temporary information, which can personalise a website visit, using ‘cookies’. Cookies are simply an alternative for storing information used by webpage scripts in a computer’s browser rather than on a computer server. Cookies cannot gather any more information about an individual than what is already publicly available when the web is surfed or what an individual offers in a web form.
Diabetes Victoria’s website contains links to other websites. We do not control, and are not
responsible for, the content or privacy practices of those websites.
The internet is inherently insecure and accordingly, we cannot provide any definite assurance regarding security or personal information. Diabetes Victoria will not be liable in any way in relation to any breach of security or any unintended loss or disclosure of that information.
If an individual requests access to personal information we hold about them, we must allow the individual access to their information, unless one of the exceptions under the Privacy Act applies, for example:
- Where providing access would pose a serious threat to the life, health or safety of an individual or to public health or safety;
- Where giving access would be unlawful; or
- Where denying access is required under law or a court/tribunal order.
If an individual requests that we correct personal information we hold about them, unless there is a sound reason under the Privacy Act or other relevant law to not make the correction, we must take reasonable steps to make the correction to the information requested, to ensure that the information is accurate, up-to-date, complete, relevant and not misleading. Where requested to do so by the individual, we must also notify third parties that have previously been disclosed the individual’s personal information of the correction.
If an individual requests access to, or correction of, personal information we hold about them, we must respond to their request within a reasonable time (usually within 30 days). If we refuse an individual’s request for access and correction, we must provide them with written notice setting out the reasons for the refusal, and how the individual may complain about the decision.
If the individual does not wish to raise a complaint with Diabetes Victoria directly, they should be directed to contact the Office of the Australian Information Commissioner.