Purpose and scope
This policy governs how members of the Bolton Clarke Group, being RSL Care RDNS Limited ABN 90 010 488 454, Royal District Nursing Service Limited ABN 49 052 188 717 and RDNS HomeCare Limited ABN 13 152 438 152 (we, us, our) collect, store, use, disclose and manage personal information. This policy also outlines and explains the types of personal information we collect, the purposes for which it is collected, how you can request access to and correct personal information that we hold about you and how you can make a privacy complaint or contact us with your enquiries or concerns.
We take your privacy seriously and are committed to open and transparent management of personal information. When dealing with personal information, we comply with the Privacy Act 1988 (Cth) (Act), the Australian Privacy Principles in the Act, and all other applicable legislation, including State and Territory health records legislation.
Our consultants and contractors are required to enter into written contracts ensuring their strict compliance with privacy laws.
This policy does not apply to personal information that is exempt under the Act, including the personal information of our employees relating to their former or current employment with us.
What is personal information?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a) whether the information or opinion is true or not; and
b) whether the information or opinion is recorded in a material form or not.
Sensitive information is a subset of personal information and includes:
a) health information about an individual;
b) genetic information (that is not otherwise health information); and
c) information or opinion (that is also personal information) about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, sexual preferences or practices or criminal record.
What constitutes personal information will vary, depending on whether any individual can be identified or is reasonably identifiable in the particular circumstances.
What kinds of personal information do we collect and why?
The personal information that we collect and hold will depend on your relationship with us, the nature of the product or service we are providing or activity you are involved in and the legal obligations we may have.
However, we generally collect and hold both personal and sensitive information, including:
a) For customers:
(i) contact details of customers including name, occupation, address, postcode, telephone and facsimile numbers and email addresses;
(ii) demographic information including age, date of birth and gender;
(iii) health information including medical and family history, medications, diagnostic imaging and reports, pathology results, diagnoses (including mental health or disability), observations and reported symptoms;
(iv) government related identifiers, including Medicare, Centrelink and the Department of
Veterans’ Affairs numbers;
(v) financial details and billing information including to comply with our legal obligations; and
(vi) treating clinicians’ contact details.
b) For prospective employees:
(i) contact details including name, address, postcode, telephone and facsimile numbers and email addresses;
(ii) demographic information including age, date of birth and gender;
(iii) qualifications and experience;
(iv) information contained in references obtained from third parties; and
(v) police certificates.
c) For contractors and consultants:
(i) contact details including address, postcode, telephone and facsimile numbers and email addresses;
(ii) financial details and billing information including to comply with our legal obligations;
(iii) qualifications, licences and insurance details;
(iv) information contained in references or referrals obtained from third parties; and
(v) police certificates.
If lawful and reasonable to do so, we will destroy and de-identify all unsolicited personal information we receive if we would not normally collect this information to perform one of our functions or activities or if the information is sensitive and no consent has been given.
When do we collect personal information?
We will not collect personal information unless it is reasonably necessary for one of our functions or activities. We will usually only collect sensitive information with your consent. All personal information will only be collected through lawful and fair means.
Where do we collect personal information from?
The sources from which we collect personal information will depend on the circumstances of the collection and may include the following:
5.1 From you or with your consent
We will try to collect your personal information directly from you, or alternatively, with your consent. We will collect personal information from you:
a) if you provide us with information about yourself and, if necessary, your medical condition;
b) if you complete relevant agreements, forms, surveys, competitions, questionnaires or you communicate with us by taking part in a discussion forum, email, telephone, in writing or in person;
c) if you are providing services to us or our customers;
d) if you are a supplier, contractor or consultant of ours; or
e) if you apply for employment with us.
5.2 From other people
Where it is unreasonable or impracticable to collect information directly from you, we may obtain personal information about you from a third party. For example, we may collect personal information about you:
a) from your general practitioner or another healthcare provider who has information about you to assist us in providing services to you;
b) from a member of your family, a carer, a close friend or your authorised or responsible person, next of kin, your nominated emergency contact person or the police;
c) from any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;
d) from your health insurer, Medicare or the Department of Veterans’ Affairs to assist us in providing services or processing billing for services provided to you;
e) from relevant government departments;
f) from third parties who you have asked to provide your personal information to us; or
g) from a reference identified in your application for employment with us.
5.3 From our website
When you visit our website, our web server may download a cookie to your computer. A cookie is a small piece of information sent by our server to your browser. Cookies do not contain personal information about you but can identify a user’s browser. We use cookies to capture information about a user’s browser. If you do not wish to receive cookies, you may set your browser to refuse them.
Can I choose to remain anonymous?
If you are receiving aged care or health services from us, it is not practical for you to remain anonymous because we need to keep a record of the care and services provided to you.
We automatically gather anonymous information to monitor use. For example, the numbers and frequency of visitors to our website. This collective data helps us determine how our audiences use parts of our website, so we can improve our services. We may publish or provide this aggregate data to other people or organisations.
We may be able to accommodate you using a pseudonym. However, if you choose not to provide your real identity this may impact the quality of the services provided to you and relevant billing and claiming.
If you wish to use a pseudonym that is linked confidentially to your real identity, please let us know and we will discuss with you any arrangements that can be made.
How do we use and disclose personal information?
We may use and disclose personal information for the particular purpose for which it was collected (Primary Purpose).
For customers, this will include the use and disclosure necessary to provide retirement and aged care services including accommodation, and where relevant, health care or wellness services. We may use or disclose your personal information:
a) to your usual external healthcare provider such as your general practitioner;
b) to staff or other service providers involved in providing services to you or your care (including healthcare providers, nurses, physiotherapists, occupational therapists) or administrative staff (involved in preparation of documentation, billing and other administrative and management duties);
c) in assessing whether you are eligible to be admitted to one of our retirement living, home care or residential aged care services;
d) to Medicare, the Department of Veterans’ Affairs or your private health insurer for the purposes of billing;
e) to government authorities for the purposes of providing aged care or health services;
f) to funding bodies and government agencies;
g) to a member of your family, a carer, a close friend or your authorised or responsible person, next of kin, your nominated emergency contact person or the police; or
h) any third party that you request or authorise us to.
For prospective employees, this may be for assessing and processing employment applications.
We will only generally use or disclose personal information collected for a Primary Purpose. However, it may be necessary in some cases to disclose personal information for a secondary purpose, including:
a) if we have your consent;
b) if required for the management of our services. For example:
(i) billing or debt-recovery, service-monitoring, funding, complaint-handling, incident reporting, developing and planning services, evaluation and improvement, quality assurance or audit activities, and accreditation activities;
(ii) education and training of our staff (who may not be our employees), where de- identified information is not sufficient for this purpose; and
(iii) disclosure to our consultants and contractors who provide services to us, for example IT and database management service providers.
c) for research, compilation or analysis of statistics;
d) if use or disclosure is necessary to lessen or prevent a serious or imminent threat to someone’s life, health or safety or a serious threat to public health and safety; or
e) if we are required or authorised by or under an Australian law or a court or tribunal order.
Data quality
We will take reasonable steps to ensure that the personal information we collect is accurate, complete, up to date and relevant to the purpose for which it is to be used, both at the time of collection and use.
How do we hold personal information and keep it secure?
All personal information collected is securely stored on our electronic databases. In some instances, it may also be held in hard copy files in secure and locked facilities in Australia.
We will take reasonable steps to ensure that the personal information we hold is protected from misuse, loss, interference, unauthorised access, modification or disclosure.
Openness
If requested, we will let you know what kind of personal information of yours we hold, for what purpose, and how we handle that information. We will also make this policy available to anyone who requests a copy of it.
How can I access or correct my personal information?
You can request access to your personal information held by us, upon written request to our Privacy Officer. We will endeavour to acknowledge the request within 14 days of its receipt and to provide you with access to the information requested within 30 days of receipt of the request. To obtain access to your personal information, you must provide us with proof of identity. This is necessary to ensure that your personal information is provided only to the correct individuals and that the privacy of others is protected.
If, upon receiving access to your personal information or at any other time, you believe your personal information is inaccurate, incomplete or out of date, you can notify our Privacy Officer to correct your personal information. We will endeavour to acknowledge the request for correction within 14 days of its receipt and to correct the information within 30 days of receipt of the request. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.
We may decline a request for personal information in circumstances prescribed in the Act. If so, we will give you a written notice setting out the reasons for refusal and the complaint mechanisms available to you.
Do we disclose personal information overseas?
Generally, we do not disclose personal information to entities outside of Australia. However, if we need to disclose your personal information to an overseas recipient, we will take all steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles, unless you have provided express consent to the disclosure or we reasonably believe the disclosure is necessary or authorised by Australian law.
Do we use your personal information for direct marketing and can you opt out?
There may be occasions where personal information is used for direct marketing purposes including direct contact, telephone enquiries, email, SMS, letters, internet and web interactions, surveys and other forms of communication. Any such use will be limited to circumstances where you would reasonably expect us to use or disclose your personal information for that purpose and it has been collected from you, or if you have otherwise consented or requested this information.
You have the right:
a) to contact us to ‘opt-out’ of receiving direct marketing communications; or
b) to request that we provide the source of your personal information where reasonable and practicable.
If you have consented to us providing direct marketing to you and you wish to stop receiving such marketing, please contact us on the details set out in this policy or provided in the marketing communication.
How can I complain about the handling of my personal information?
If you believe we have at any time breached this policy, you may lodge a written complaint with our Privacy Officer on the contact details in this policy.
We will endeavour to acknowledge your complaint within 14 days of its receipt, and to make a determination on the complaint within 30 days of its receipt.
Contact details and further information
Privacy Officer
Level 3, 44 Musk Avenue Kelvin Grove QLD 4059 Phone: (07) 3251 6200
Email: privacy@boltonclarke.com.au
Further information about the Australian Privacy Principles and the application of the Act to us can be found at the website of the Office of the Australian Information Commissioner at http://www.oaic.gov.au.