Privacy

Your privacy is important to us.

CatholicCare Wollongong complies with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) in the Privacy Act. We respect and value the personal information that you are willing to entrust to us, and this policy explains how we collect, hold, use, disclose and otherwise manage that personal information.

CatholicCare ensures that clients who access services and CatholicCare personnel, are always treated with dignity and respect. CatholicCare demonstrates this regard by respecting the individual’s right to privacy and by safe-guarding personal information. The individual’s privacy rights are held paramount unless there are serious legal requirements to the contrary e.g. release is required by a court-issued subpoena.

We may from time to time review and update this policy to comply with our legal obligations, to reflect changes in technology and to our operations and practices, and to ensure it remains relevant to our environment. These changes and updates will be published on our website.

You can find out more about these principles by calling the Office of the Privacy Commissioner on 1300 36 39 92 or through their website at www.oaic.gov.au

As legally required, CatholicCare follows detailed privacy procedures to be compliant with contractual obligations to a range of stakeholders and government departments.

Any eligible data breach is reported to the Office of the Australian Information Commissioner. Individuals who have been affected are notified and provided with recommendations about any action they can take to minimise the impact of the breach.

What kind of personal information do we collect and how do we collect it?

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, regardless of whether the information or opinion is true or not, or whether it is recorded in a material form or not.

Sensitive information is a subset of personal information, which is given a higher level of protection under the Privacy Act. It includes, amongst other things, health information about you, your criminal record and your religious beliefs or affiliations.

We collect and hold personal information, which may include sensitive information about:

• Candidate information (eg resume) submitted and obtained from the candidate and other sources in connection with applications for employment.
• Work performance information (eg evaluations, reviews)
• Information pertaining to incidents in the workplace
• Staff information (eg statement of employment, banking details, tax file number)
• Information submitted and obtained in relation to absences from work due to leave, illness or other causes
• Reference Checks (work and personal)
• Medical results
• Test results (eg Psychological evaluations)
• Education transcripts and certificates
• Complaints and Praise
• Working Visa information
• Information you give in relation to next of kin
• Other
  
  Unless allowed by legislation (e.g., Working with Children Checks must be verified for all applicants for child related work) sensitive information is only collected if the individual consents to its collection, it is reasonably necessary for CatholicCare to carry out its activities with that person and it is in the best interests of the individual to do so. This information may include details about health, disability, racial or ethnic origin, criminal convictions, and tax file numbers. Sensitive information is generally afforded a higher level of protection. 

  All clients and CatholicCare personnel are offered a statement of their Privacy Rights and access to this full CS 7 Privacy Policy and procedures. This document is publicly available by request. 

  Further information for clients regarding management of personal information is contained in CS Policy 8 Client Records Management which is publicly available.

  Information for employees is contained in WS Policy 2.7 Employee Records to which all employees have electronic or paper access.

Personal information you provide.

We will generally collect your personal information by way of forms filled out either by the individual or their guardian/responsible person, face-to-face meetings, interviews and telephone calls.

Personal information provided by other people.

In some circumstances, a third party may provide us with your personal information, e.g., a reference about an applicant for a position.

You may also choose to deal with us on an anonymous basis or using a pseudonym. However, we will need to identify you in many circumstances, for example, to process a job or volunteer application.

How will we use the personal information you provide?

Personal information is collected verbally (e.g., face-to-face, telephone), in writing (e.g., letters, forms) or electronically (e.g. emails, website). Clients and personnel provide personal information in a range of circumstances including:

• provision of information about services
• assessment of eligibility for services
• service provision
• participation in surveys and other research
• handling of complaints
• applying for a job with CatholicCare and assessment of eligibility for employment
• the meeting of legal employment obligations and management of employee records
• placement of someone on a mailing list and sending out newsletters

CatholicCare only collects personal information directly from the person concerned unless:

• that person has given consent for collection from someone else or
• it is unreasonable to do so.

Other people or organisations from which CatholicCare may collect personal information may include:

• a person's representative
• a person's employer
• referring agencies
• non-government organisations
• government agencies
• law enforcement agencies

To whom might we disclose personal information?

CatholicCare only discloses personal information to another party if:

• consent is given by the individual or
• disclosure is authorised by an Australian law or court order or
• disclosure is reasonably believed to be necessary to lessen or prevent a serious & imminent threat to the life, health, or safety of the individual or another person or a serious threat to public health or public safety.

Wherever possible consent is obtained in writing. If only verbal consent is possible the fact that this has been given is recorded in the individual's file.

When it is not possible for someone to exercise a valid consent in regard to the collection or possible disclosure of their personal information CatholicCare follows the guidelines of the Office of the Australian Information Commissioner. 

Although it is not absolute, CatholicCare respects the rights of children to have a reasonable level of control over their personal information. In matters that affect children, much will depend on the child's age, maturity, ability to comprehend and the particular circumstances of the case. Appropriate communication is critical in these situations.

Direct marketing

CatholicCare only uses personal information for direct marketing purposes if the information has been provided by the individual with the expectation that it would be used for this purpose.  A simple request, either verbal or written, is all that is required for a person to discontinue receipt of direct marketing communications.

At any time, an individual may ‘opt-out’ of receiving Direct Marketing communications by:

• using the Unsubscribe link / facility provided, or by
• contacting CatholicCare on (02) 4227 1122 or via enquiries@catholiccare.dow.org.au

Management and security of personal information

Our workers are required to respect the confidentiality of the information and privacy of individuals. We have in place steps to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification, or disclosure by use of various methods including locked storage of paper records and password restricted access rights to computerised records.

Where we no longer require personal information for a purpose for which we can use or disclose it under the Privacy Act, we will take reasonable steps to destroy or de-identify that information, unless it would be unlawful for us to do so.

Correction and updating personal information.

We endeavor to ensure that the personal information we hold is accurate, complete, and up to date, and where using or disclosing it, relevant for the purpose of the use or disclosure.

A person may seek to update the personal information we hold about them by contacting us at any time on the details below. If we are unable to correct your information, we will give you notice of this in writing and explain why and how you can take the matter further. You can also request that we associate a statement with the information that you believe is inaccurate, out-of- date, incomplete, irrelevant, or misleading.

Access to personal information we hold about you.

Generally, clients and personnel have the right to access their personal information held by CatholicCare, subject to some exceptions permitted by law.

Requests should be made in writing and specify, as far as possible, the information sought. Approval for access is given by Managers on the recommendation of a staff member familiar with the client records. Wherever reasonable and practicable, the information is provided in the manner requested by the person concerned. If CatholicCare refuses a request reason for the refusal are given.  CatholicCare endeavours to respond to requests within 30 days.

Where appropriate a CatholicCare staff member assists and supports the client (or former client) when accessing a file.

Children aged from 13yrs to 18yrs are assisted in understanding that they have the right to ask for any information that is kept about them by CatholicCare, to read their files and to add information to their files.  For younger children an assessment is made of the information to be provided and the most appropriate and supportive way in which to do this. This decision is made by the Manager on the recommendation of the child's Caseworker.

Complaints.

Formal complaints about breaches of the Australian Privacy Principles, the Health
Privacy Principles or CatholicCare's Privacy Policy must be made in writing and include specific details of the person's concerns and how they would like to matter to be resolved. The CEO delegates an appropriate manager to investigate the complaint and make recommendations for decision by the Director.           

CatholicCare endeavours to resolve complaints within 30 days.
Complaints may also be made to the Privacy Commissioner.

Mandatory Data Breach Notification to the Office of the Australian Information Commissioner (OAIC)

CatholicCare takes reasonable steps to protect the personal information of individuals from unauthorised disclosure, misuse, interference and loss (see Section 7.10 Security of Personal Information).        

If an employee becomes aware that there are reasonable grounds to believe that there has been any form of data breach in relation to personal information, this is reported to the relevant Executive Manager and the Executive Manager, Quality and People & Culture immediately.   

These Executive Managers take the following action as soon as practicable:

• Ensure that appropriate remedial action is taken, both to contain the breach & to minimize the likelihood and seriousness of harm to those to whom the information relates. This is done in consultation with Manager, Information and Communication Technology if relevant.
• Using the Notifiable Data Breach Scheme: Resources for agencies and organisations (OAIC) assess whether the breach meets the criteria for an eligible data breach i.e. there is a likelihood of serious harm (see Section 6 Definitions).
• If so, determine which individuals have been affected and ensure that they are notified and provided with recommendations about any action they can take to minimise the impact of the breach.
• Oversee the identification and implementation of system or process changes to prevent a future recurrence

Within 30 days the Executive Manager, Quality and People & Culture prepares a Notifiable Data Breach Statement (form) for signature of the CEO and notifies the Office of the Australian Information Commissioner. Depending on the circumstances of the breach the Executive Managers also consider if any disciplinary action is warranted (see WS 4.2 Managing Conduct and Performance).

Cookies

This website uses Google Analytics to help analyse how people use our site. The tool uses "cookies" to collect standard internet log and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to compile statistical reports on website activity for CatholicCare.

We will never use the statistical analytics tool to track or to collect any Personally Identifiable Information (PII) of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source unless you explicitly submit that information via a fill-in form on our website.

Enquiries and complaints

If you would like further information about the way we manage personal information, please contact us on the details below.

CatholicCare- Executive Manager, Quality and Risk.
25-27 Auburn Street, Wollongong NSW 2500
Phone:  02 4227 1122
Email: enquiries@catholiccare.dow.org.au