Privacy Policy
1. Policy Statement
Woodville Alliance (WA) understands and respects that privacy is a fundamental human right underpinned by freedom of association, thoughts, and expression. With the confidential nature of privacy, WA is committed to ensure the privacy of all service users, carers, volunteers, contractors, employees and potential employees and service users is protected. This is achieved by complying with the principles of the Privacy Act 1988 (the Act), including, but not limited to, collecting, maintaining and disclosing personal, medical or any sensitive information.
2. Intent and Objectives
Our Privacy Policy relates to the handling of personal and sensitive information, surveillance in the workplace, tracking devices on work vehicles, data breaches, accessing personal information and correcting personal information. This is an overarching policy that governs all privacy related issues across WA, with sector specific requirements addressed in separate procedures.
When service users, carers, volunteers, contractors, employees or potential employees and service users engage us to provide any goods or services, communicates with us through email, by telephone, in writing, participates in any of our promotional activities, or uses any of our other services, including our website, they agree to the use and disclosure of their personal information in the manner described in this policy.
We may from time-to-time review and update this policy. All personal information collected and held by us will be governed by this Policy.
3. Scope
This policy applies to all service users, carers, employees, contractors, volunteers and potential employees and service users, regarding the collection, use, disclosure and storage of personal, including sensitive, information.
This policy does not address specific privacy obligations associated with State or Territory Legislation or contracted funding obligations. Such specific obligations are additional to this policy.
4. Definitions
APPs – Australian Privacy Principles
CEO – Chief Executive Officer
Data Breach – personal information held by the organisation being lost, accessed, changed or disclosed by an individual, without due authority.
Health Information – any personal information about health or disability, including:
- Physical and mental health
- Notes on symptoms or diagnosis
- Specialist reports and test results
- Prescriptions and other pharmaceutical purchases
- Genetic and biometric information
- Health preferences
Notifiable Data Breaches Scheme – any organisation or agency the Privacy Act 1988 covers must notify affected individuals and the OAIC when a data breach is likely to result in serious harm to an individual whose personal information is involved.
OAIC – Office of the Australian Information Commissioner
Personal Information – information or an opinion about an identified individual, or an individual who is reasonably identifiable, including:
- Whether the information or opinion is true or not.
- Whether the information or opinion is recorded in a material form or not.
- Sensitive information and health information
- Credit information
- Employee records
- Tax file number
Sensitive Information – information or an opinion about an individual, including:
- Racial or ethnic origin
- Political opinions
- Membership of a political association
- Religious beliefs or affiliation
- Philosophical beliefs
- Membership of a professional or trade association
- Membership of a trade union
- Sexual preferences or practices
- Criminal records and spent convictions (old, minor criminal convictions)
Unsolicited Information – personal, sensitive or health information received but has taken no active steps to collect.
5. Principles
5.1. Collection of information
5.1.1. Types of personal information we collect
In general, the types of personal information collected will be based on the type or association or interaction an individual has with WA.
Personal information we may collect from you includes, but is not limited to:
- Identity particulars, such as your name, address, date of birth, occupation, telephone numbers and email address.
- Personal information you provide to us when you participate in a promotion, competition, survey, market research.
- Your records of communication with us.
- If you visit our website, your website usage information such as your IP address.
5.1.2. Potential service users
- Personal information may be collected in paper-based documents and converted digitally for storage.
5.1.3. Service users
- With the consent and agreement of service users, medical history, racial/ethnic origin, lifestyle choices, health care preferences, wishes and various other sensitive information could be collected.
- Third party information from government agencies, medical practitioners and healthcare professionals may be collected.
5.1.4. Employees, volunteers, contractors and prospective employees.
- WA may collect personal and referees’ information that was supplied when canvassing recruitment of staff or volunteers.
- With consent, WA will collect applicants’ police check and health check information.
- At the late stage of the recruitment process, WA may collect additional personal information, such as date of birth, tax file number, emergency contact details, ABN (if relevant), bank account, superannuation, visa, passport and relevant license details (if relevant).
5.1.5. Supporters of Woodville Alliance
- When a donation is made, or when supporters make inquiries and register for an event, WA may collect personal information including donation history, areas of interest and payment information, including credit card details.
- This information could be used as recipients for surveys, newsletters, appeal letters, research, promotions, educations and fundraising events. Supporters can elect notification preferences or opt out anytime by contacting WA.
5.2. How your personal information is stored and secured
- WA implements reasonable security safeguards, takes reasonable steps and sufficient training to protect personal information from losses, unauthorised access, modification, disclosure, or misuse.
- Personal information may be collected in paper-based documents and converted digitally for storage.
- WA data sites are stored and backup to cloud servers based in Australia.
- Personal data is stored in various client relationship management systems.
- WA keep personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law.
5.3. The purpose for collecting your personal information
We will generally only collect and use personal information for the primary purposes of:
- Our general business operations.
- Effectively providing services.
- The health, safety and welfare of service users and employees.
- Maintaining appropriate workers’ compensation insurance.
- To fulfill sector specific requirements and licensing agreements.
- Communicating with service users, carers, volunteers, contractors, employees and potential employees and service users.
- Responding to inquiries or complaints.
- Meeting our legal and regulatory obligations.
Personal information is only collected by lawful and fair means and where practicable, only directly from service users, carers, volunteers, contractors, employees and potential employees and service users, or from a person acting or authorised to act on their behalf.
We will take reasonable steps to ensure service users, carers, volunteers, contractors, employees and potential employees and service users are aware of:
- The likely use of the information.
- The right of access to the information.
- The identity and contact details of our employee/representative collecting personal information.
- Any law requiring collection of the information.
5.4. Disclosure and utilisation of personal information
5.4.1. We may use personal information for:
- The purpose that has been mutually agreed on, at the time of collection.
- Administering and responding to enquiries or feedback about our services.
5.4.2. WA may disclose personal information we collected:
- For the purpose that has been mutually agreed on, at the time of collection to our related companies, suppliers, consultants, contractors or agents for the primary purposes for which it was collected or for other purposes directly related to the purpose for which the personal information is collected.
- To relevant Federal, State, Territory medical, health and safety authorities where the law requires or authorises us to do so.
5.4.3. Consent to having photograph or video published
- At times, WA will require photographs or videos of service users or employees to be used as marketing tools, or as information to be provided to outside stakeholders. If you are the subject of such photographs or videos WA will obtain your consent before publication.
- Individuals have the right to refuse their photograph or videos published.
5.5. Accessing and correcting personal information
Service users, carers, volunteers, contractors, employees and potential employees and service users have a general right of access to information concerning them, and to have incorrect information corrected and to withdraw or amend prior consent.
Personal information we hold can be accessed by contacting our Privacy Officer.
We may ask for identity verification and to put the request in writing for security reasons. We will reply to requests for access within 30 days of notification.
5.6. Accurate and up-to-date information
We take reasonable steps to ensure personal information is accurate, up-to-date and not misleading by updating records whenever true and correct changes to the data come to our attention.
If service users, carers, volunteers, contractors, employees and potential employees and service users believe information is incorrect, incomplete or not current, they can request we update this information by contacting our Privacy Officer.
We will correct the information we hold if we discover, or are shown to a reasonable standard, the information is incorrect.
5.7. Using our website and cookies
When visiting our website or using an application on our website, we may record anonymous information such as IP address, time, date, referring URL, pages accessed, and documents downloaded type of browser and operating system.
We also use “cookies”. A cookie is a small file that stays on the user’s computer until, depending on whether it is a sessional or persistent cookie, the computer is turned off or it expires. Cookies may collect and store personal information. Internet browsers can be adjusted to disable cookies. If cookies are disabled our website can still be used, but may be limited in the use of some of the features.
Our website may also contain links to or from other websites. We are not responsible for the privacy practices of other websites. This policy applies only to the information we collect on our website.
5.8. Data breaches, including Notifiable Data Breaches
Each suspected data breach reported to us will be assessed to determine whether it is likely to result in serious harm, and as a result require notification.
- A notifiable data breach occurs when:
- Unauthorised access to or disclosure of personal information occurs, or information is lost in circumstances where unauthorised access or disclosure is likely to occur.
- Is likely to result in serious harm to any of the individuals to whom the information relates.
- WA or related agency has been unable to prevent the likely risk of serious harm with remedial action.
- WA will determine the risk when personal information has been acquired, used, disclosed, or accessed without permission, in a manner which compromises the security of any personal information.
- In the event of a notifiable data breach, WA will respond following the requirements of the OAIC four key steps: contain, assess, notify and review.
- The OAIC and all affected parties, including the individuals to whom the data pertains will be notified as required.
5.9. Complaints and contact details
If service users, carers, volunteers, contractors, employees and potential employees and service users have reason to believe we have not complied with our obligations relating to personal information under this Policy or under the Act, please refer any compliant or queries to our Privacy Officer.
Complaints will be handled in an appropriate and reasonable manner. Where necessary we may consult with our related entities and partners in order to deal with the complaint. A written notice of our decision regarding the complaint will be provided to the complainant. If not satisfied with the outcome, they may contact the Office of the Australian Privacy Commissioner:
- Website: www.oaic.gov.au
- Phone: 1300 363 992
5.10. Contact for further information
Please refer any queries or complaints about our Privacy Policy or privacy issues to our Privacy Officer.
The Woodvale CEO is the Privacy Officer and is the first point of contact for advice on privacy matters. Our Privacy Officer will consider questions or complaints and respond in a reasonable timeframe.
Service Managers are responsible for the implementation of this policy.
6. Responsibilities and Delegations
6.1 Employees
All employees and other workers must:
- Comply with this policy.
- Demonstrate high levels of personal conduct consistent with this policy and their responsibilities under the WA Code of Conduct.
- Seek assistance when unsure about how to implement this policy.
6.2 Supervisors/ Managers/ Leaders
In addition to their responsibilities as employees, those with management and leadership responsibilities must also:
- Communicate and promote this policy to those they work with.
6.3 Service Users
- Provide accurate information needed to provide the services required.
- Update WA when information changes.
7. Related Documents
| Title | Scope |
| 2.02 Code of Ethics Policy | All Service Areas |
| 4.04 Performance Review Policy | All Service Areas |
| 4.07 WA Code of Conduct | All Service Areas |