Zest Care Privacy Policy

Policy Statement

Our service is committed to privacy protection and compliance with all applicable privacy laws and standards. Zest Care (Zest) will manage personal information in an open and transparent way.

We will fulfil our obligations under the Privacy Act of 1988, including the Amendment (Enhancing Privacy Protection) Act 2012, by complying with the Australian Privacy Principles (APPs).

Definitions:

Australian Privacy Principles:

Thirteen principles which detail how organisations should collect, update, use, keep secure, or where necessary, disclose and give access to personal information, as well as how complaints should be handled and how, in some circumstances, anonymity can be maintained.

Individual:

For the purposes of this policy the term individual can apply, as appropriate to:

  • an individual in our services or their family, carers or support persons
    a member of staff.
Confidential information:

Includes any documentation or information marked as confidential and any information received or developed during the course of employment, which is not publicly available, and relates to the participants or family with whom Zest interacts, or the processes, and business information used by Zest in the course of business including all business, financial and marketing plans and material, manuals of any kind, business projections, market or sales forecasts, pricing and product information, gross profit and cost information, business connections plans, models, methods of operation, and the nature and content of contracts and documents.

Sensitive information:

As defined under the Privacy Act 1988, sensitive information covers a range of information including:

  • racial or ethnic origin
  • political opinions
  • membership of a political association
  • religious beliefs or affiliations
  • philosophical beliefs
  • membership of a professional or trade association/union
  • sexual preference
  • criminal record
  • health information.
Personal information:

As defined under the Privacy Act 1988 information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not
  • whether the information or opinion is recorded in a material form or not.
Permitted general situation:

As described in 16B of the Privacy Act 1988, relates to the collection use and disclose of personal information in cases such as serious threat to life, health, suspected unlawful activity, location of a missing person, exercise of defence.

Permitted health situation:

As described in 16B of the Privacy Act 1988, relates to the collection use and disclose of personal information necessary to provide a public health service, public health safety.

Scope

This policy applies to all staff, contractors, volunteers and Advisory Board members in relation to all individuals and their families or support networks.

Related documents

  • Complaints policy
  • Records management policy
  • Code of Conduct

Procedures

Information we collect and hold could include name, current and previous address, telephone number(s), driver’s licence number, bank account details, Tax File Number, date of birth, diversity status, and relevant sensitive (e.g. health) information. Where reasonable and practicable to do so, we will collect personal information directly from the individual.

In some circumstances, individuals may provide some information anonymously unless:

  • we are required or authorised by or under an Australian law, or a court/tribunal
    order, to deal with individuals who have identified themselves or
  • it is impracticable for us to deal with individuals who have not identified
    themselves.

Personal health or business information will not be collected, updated, used, stored or disclosed to another party without written consent.

We only collect personal information that is directly related to individuals and necessary for that purpose.

We will only collect information by lawful and fair means, without unwarranted coercion.

When, or as soon as practicable after, collecting personal information from an individual, we will take reasonable steps to ensure that they and/or their families are aware of:

  • our identity and contact details
  • how to access the information and update the information (reference our Records
    Management Policy)
  • the purpose for which the information is collected
  • the types of entities to which we usually disclose information of that kind, and, where relevant, the countries in which overseas recipients are likely to be located
  • any law that requires the particular information to be collected
  • the main consequences (if any) for the individual if all or part of the information is not provided
  • how to complain about a breach of the Australian Privacy Principles (reference our Complaints Policy).

If we collect personal information about individuals from another source, we will take reasonable steps to ensure that the individual is made aware of the matters listed above, except to the extent that doing so would pose a serious threat to the life or health of
any individual.

We inform all managers and staff, through this policy, training and other communication that no personal information or business details are to be given to another party without their consent/and or guidance of the General Manager.

We will inform the individual of the reason for collecting, using, storing or disclosing such information and of the main consequences (if any) if all or part of the information is not provided.

Collection source:

We collect information:

  • Directly from individuals
  • From third parties and case managers in relation to case management plans and specialist requirements
  • Directly from staff when they apply to us for employment as part of our recruitment of employees process, or training services, on an application form
  • From third parties, such as previous employers or organisations staff have dealt with in the past and volunteered as a reference for the purposes of employment or credit checks prior to the opening of an  account with us.
Unsolicited information:

If we receive unsolicited personal information, we will, within a reasonable period after receiving the information, determine whether or not the information could have been collected by lawful and fair means.

If we determine that we could not have collected the personal information by lawful means, and the information is not contained in a Commonwealth record, we will, as soon as practicable, but only if it is lawful and reasonable to do so, destroy the information or ensure the information is de-identified.

If we determine the information could have been collected by lawful and fair means, we will apply the Australian Privacy Principles in relation to the information as if we had collected the information under the Australian Privacy Principles.

Use of the information we collect:

We use the information we collect to provide the service individuals have requested. This may be

  • To provide home support services
  • To manage those services in order to provide the optimum level of service for an individual’s needs
  • To evaluate our effectiveness and make improvements to our services
  • To deal with complaints in line with our complaints procedures
  • To conduct appropriate police and/or “Working with Children” checks, and preemployment
    checks e.g. reference checking or pre-employment medical advice
  • To advise of other services that we provide, that may be of interest to the individual or their families.
Disclosure:

Zest will not disclose an individual’s personal information to a person, body or agency unless:

  • The individual is reasonably likely to have been aware that information of that kind
    is usually passed to that person, body or agency
  • The individual has consented to the disclosure
  • Zest believes on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of the student or of another person
  • the disclosure is required or authorised by or under law
  • the disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue.

Where personal information is disclosed for the purposes of enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the purpose of the protection of the public revenue, we will include in the record containing that information a note of the disclosure.

A person, body or agency to whom personal information is disclosed will not use or
disclose the information for a purpose other than the purpose for which the information
was given to the person.

Directions to staff:
Staff will:
  • comply with laws which require privacy and laws which require disclosure
  • treat all information received in a professional manner to protect the privacy and confidentiality of families and individuals
  • maintain the secrecy of Confidential Information and prevent its unauthorised disclosure to, or use by, another person
  • The staff member will immediately notify the service of any unauthorised disclosure or use of the Confidential Information of which they become aware,
  • The staff member will treat information as confidential if they are uncertain, until they are otherwise notified in writing
  • The staff member will continue to be obligated by confidentiality, even after finishing employment with the service
Staff will not:
  • remove any Confidential Information from the Office unless authorised in writing
  • copy, memorise, translate, extract, summarise, reproduce or reverse engineer any of the Confidential Information
  • discuss participants, participant’s children with anyone except permanent staff employed
  • reveal ANY information regarding the children, family, or family home, or In-Home Educator, on any social media (Facebook, Twitter, etc.), or by any other means (even if the information is anonymous)
Data quality and correction:

We will take reasonable steps (if any) to ensure that the personal information we collect, use and where appropriate, disclose to others, is accurate, complete and up to date. If an individual request Zest correct information, we will take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.

When correcting personal information about an individual (that we previously disclosed to another organisation also respondent to the Australian Privacy Principles), and if an individual requests us to do so, we will take reasonable steps to give that notification unless it is impracticable/unlawful to do so

We will give an individual a written notice if we refuse to correct the personal information, as requested, setting out:

  • the reasons for the refusal (except to the extent that it would be unreasonable
    to do so)
  • the mechanisms available to complain about the refusal, and
  • any other matter prescribed by the regulations.

If we disagree with an individual about whether the information is inaccurate, incomplete, out of date, irrelevant or misleading, and an individual asks us to associate with the information a statement that the information is inaccurate, incomplete, out of date, irrelevant or misleading, we will take reasonable steps to associate the statement in such a way that will make the statement apparent to users of the information.

Data security:

We will take reasonable steps to ensure the information we hold is protected from misuse, interference and loss as well as from unauthorised access, modification or disclosure. Limited access will be given to authorised personnel only, and only where we believe they reasonably need to come into contact with that information to provide products or services to an individual or in order to do their jobs

We will have physical, electronic, and procedural safeguards in place that comply with federal regulations to protect personal and business information about an individual. We store information securely electronically or in paper files secured in locked cabinets.

We will take reasonable steps to destroy or permanently de-identify personal information if it is no longer required, is not contained in a Commonwealth record, and we are not required by or under an Australian law, or a court/tribunal order, to retain the information.

Openness:

This Privacy Policy sets out our policy on management of personal information and is available to anyone who asks for it. It can also be accessed via our website
Rights to access personal information:
An individual has the right to access any information we hold about them, subject to some restrictions listed in Federal Government legislation. For example:

  • if providing access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
  • if providing access would have an unreasonable impact upon the privacy of other individuals
  • the request for access is frivolous or vexatious
  • the information relates to existing or anticipated legal proceedings between an individual and us, and would not be accessible by the process of discovery in those proceedings
  • providing access would reveal our intentions in relation to negotiations with an individual in such a way as to prejudice those negotiations
  • providing access would be unlawful
  • denying access is required or authorised by or under an Australian law or a court/tribunal order
  • We have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being, or may be engaged in and
  • providing access would be likely to prejudice the taking of appropriate action in the matter
  • providing access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body
  • providing access would reveal evaluative information generated within Empower College in connection with a commercially sensitive decision-making process. In this case we may give an individual an explanation for the commercially sensitive decision rather than direct access to the information.

If we are not required to provide access to the information because of one or more of above stated reasons, we will, where reasonable in the circumstances, give access in a way that meets the needs of both parties, including through the use of a mutually agreed intermediary

If an individual considers their personal information to be incorrect, incomplete, out of date or misleading, an individual can request that the information be amended. Where a record is found to be inaccurate, a correction will be made.

An individual is able to access their own records by requesting in this in writing to the General Manager at Zest. There is no charge to access personal information that we hold about an individual; however, we may charge a fee to make a copy.

Anonymity:

Wherever it is lawful and practicable, we will ensure the individual has the option of not
identifying themselves, or of using a pseudonym, except:

  • when we are required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves or
  • it is impracticable for us to deal with individuals who have not identified themselves or who have used a pseudonym.
Responsibilities
Staff:

Ensuring privacy rights are respected and applied in their daily work.
Attend and participate in training and development in the area of safeguarding privacy rights.

Managers:

Monitoring and ensuring that privacy principles are implemented within their area of responsibility.
Ensuring staff attend and participate in training and development in the area of safeguarding privacy rights.

Advisory Board:

Oversee of the embedding of safeguarding rights across the organisation.
Approval of this policy and relevant materials including the Zest Code of Practice.

Considerations

Legislation and References:

Please refer to Master List of Regulations and Legislation.