TSH Privacy Policy

1. PURPOSE

The purpose of this Privacy Policy is to clearly communicate Telethon Speech & Hearing’s personal information handling practices – that is, how we collect, use, store and disclosure personal, sensitive and health information.

2. POLICY STATEMENT

Maintaining the confidentiality of personal information is extremely important to TSH. We respect individuals’ privacy and are committed to protecting individuals’ personal information.
When dealing with personal, health and/or sensitive information, TSH observes its obligations under the Privacy Act 1988 (Cth) (Privacy Act), and it complies with the Australian Privacy Principles, as well other relevant State Territory legislation.

TSH may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to TSH’s operations and practices and to make sure it remains appropriate to the changing environment.

3. SCOPE AND APPLICATION

This policy applies to all Board members, staff, contractors and volunteers of TSH. This policy will be reviewed and amended as required. TSH has the right withdraw this Privacy Policy at any time.

4. RELATED DOCUMENTS

Privacy Act 1988 (Cth)
Privacy Regulations 2013
Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)
Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth)
School Education Act 1999
Online Service Delivery Guidelines
Code of Conduct
External Complaints Policy
My HR Security and Access Policy
Online Sharing Applications Policy
Photography, Filming and Audio Policy
Research Activities Policy
Social Media Policy
Working from Home Policy

5. COLLECTION OF PERSONAL INFORMATION

5.1. Personal Information you provide
TSH will generally collect personal information held about an individual by way of forms filled out by parents, students, clients, prospective employees, volunteers or contractors, face-to-face meetings and interviews, emails and telephone calls. On occasion, people other than those listed above may provide personal information.

5.2. Personal Information provided by other people:
In some circumstances TSH may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another organisation.
TSH may also electronically collect your personal, health and/or sensitive information from third parties in the following ways:
(a) From service providers, when they assist TSH with the provision of services, for example, bank information from your financial institution;
(b) Families, carers or advocacy groups;
(c) Health providers; and
(d) Government and non-government entities (such as the National Disability Insurance Agency; Australian Hearing, My Health Record and others)
TSH’s notice of collection of information from third parties as contained in this clause 5.2 of this privacy policy is a standard one, and TSH will not separately inform you each time your information is collected from a third party.

5.3. Exception in relation to employee records
Under the Privacy Act, the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to TSH’s treatment of an employee record, where the treatment is directly related to a current or former employment relationship between TSH and employee.

6. THE TYPES OF INFORMATION TSH COLLECTS

The type of information TSH collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:
• clients, students and parents and/or guardians (‘parents’) before, during and after the course of a student’s and client’s enrolment at TSH;
• job applicants, staff members, volunteers and contractors and,
• other people who come into contact with TSH.

6.1. Definitions
What is Personal Information?
Personal information is information or an opinion about an individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, or is recorded in a material form or not. It includes your name, age, gender, contact details, credit card, debit card and/or bank account details (including other personal financial information which is also sensitive information), health and race (health and race are also sensitive information). In this Privacy Policy, a reference to personal information includes sensitive and health information.

What types of personal information does TSH collect?
The types of personal information we collect are largely dependent upon whose information we are collecting and why we are collecting it, however in general terms TSH may collect:
• Personal Information about an identified individual including names, addresses and other contact details; dates of birth; next of kin details; financial information, photographic images and attendance records.
• Sensitive Information (particularly in relation to student and parent records) including religious beliefs, government identifiers, nationality, country of birth, citizenship, languages spoken at home, professional or union memberships, family court orders and criminal records.
• Health Information is also sensitive information and means information about the health or a disability (at any time) of an individual or an individual’s expressed wishes about the future provision of health services (particularly in relation to student and parent records) including medical records, medication, family medical history, immunisation details, individual health care plans, psychological reports, nutrition and dietary requirements.

7. WHY TSH COLLECTS PERSONAL INFORMATION

7.1 Overview
We collect, use and hold your personal information as part of the enrolment process and to provide you with information regarding TSH’s products and services. We also collect, use and hold your personal information to manage our ongoing relationship with you and perform functions and activities relating to our business.

7.2 Clients, students and parents
In relation to personal information of clients, students and parents, TSH’s primary purpose of collection is to enable TSH to provide its range of products and services. This includes satisfying the needs of parents, the needs of the clients and students and the needs of TSH throughout the whole period that students and clients are active at TSH. The purposes for which TSH uses personal information of clients, students and parents include:
• satisfying our legal obligations including our duty of care and child protection obligations
• to keep parents and clients informed about matters related to them, through correspondence, newsletters and magazines;
• day-to-day administration of TSH;
• looking after client’s and students educational, social and medical wellbeing;
• to facilitate TSH research;
• development of new programs and services:
• marketing, promotional and fundraising activities; and
• to satisfy TSH’s legal obligations and allow TSH to discharge its duty of care.
In some cases where TSH requests personal information about a client, student or parent, if the information requested is not provided, TSH may not be able to treat/enrol or continue the treatment/enrolment of the client/student or permit the client/student to take part in a particular activity.

7.3 Job applicants, staff members and contractors
In relation to personal information of job applicants, staff members and contractors, TSH’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor. The purposes for which TSH uses personal information of job applicants, staff members and contractors include:

• in administering the individual’s employment or contract, as the case may be;
• for insurance purposes;
• seeking donations and marketing for TSH; and
• to satisfy TSH’s legal obligations, for example, in relation to child protection legislation.

7.4 Volunteers
TSH also obtains personal information about volunteers who assist TSH in its functions or conduct associated activities, such as alumni associations, to enable TSH and the volunteers to work together.

7.5 Marketing and fundraising
TSH treats marketing and seeking donations for the future growth and development of TSH as an important part of ensuring that TSH continues to provide a quality treatment and learning environment in which clients, students and staff thrive. Personal information held by TSH may be disclosed to organisations that assist in TSH’s fundraising. For example, TSH may engage a fundraising company for a specific purpose. Parents, staff, contractors and other members of the wider TSH community may from time to time receive fundraising information. TSH publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.

7.6 Service Providers
We use service providers to help us provide our services (such as IT suppliers, advisors and other professional or health service providers). We may provide your personal and/or sensitive information to these service providers in order to allow them to help us provide our services to you.

7.7 Use of Video Cameras
TSH may utilise video cameras for surveillance in key locations throughout its premises, such as reception areas and corridors. The use of such video cameras will be signposted to inform people accessing TSH buildings.

7.8 Other Uses
We might also collect your information for the following purposes:
(a) for the immediate reason for which you have provided it to us (for example, to enable us to process a request, donation, payment, registration, membership subscription, etc);
(b) to maintain contact with you about our work, to report to you about our work, or to encourage you to learn about what we do;
(c) any other purpose directly related to our work and for which you have provided consent (where it is reasonably required by law); and
(d) any purpose which is reasonably related to or necessary for our purposes.

8. HOW WILL TSH USE THE PERSONAL INFORMATION YOU PROVIDE?

We only use your information for:
(a) the reason we collect it as set out above; or
(b) in the case of personal information, for any purpose which is reasonably related to or necessary for the purpose for which it was collected; or
(c) in the case of sensitive information, for any purpose which is directly related to and/or necessary for the purpose for which it was collected; or
(d) as otherwise permitted by law.

9. WHO MIGHT TSH DISCLOSE PERSONAL INFORMATION TO?

9.1 Disclosure
TSH may disclose personal information, including sensitive information, held about an individual to:
• another school;
• government departments;
• medical practitioners;
• people providing services to TSH, including specialist visiting teachers, counselors and sports coaches, and specialists;
• recipients of TSH publications, such as newsletters and magazines;
• parents;
• anyone you authorise TSH to disclose information to; and
• anyone to whom we are required to disclose the information to by law.
If you do not want your personal and/or sensitive information disclosed to another organisation, then please let us know, either at the time we collect the information, or any later time, and we will ensure that the disclosure either ceases or does not occur.

We take reasonable steps to ensure that all third-party recipients of the information which you provide to us are bound by confidentiality and privacy obligations when handling your personal and/or sensitive information.

9.2 Sending information overseas
TSH may disclose personal information about an individual to overseas recipients, for instance, when storing personal information with cloud service providers which are situated outside Australia or to facilitate a TSH exchange. TSH will take all reasonable steps not to disclose an individual’s personal information to overseas recipients unless:
• We have the individual’s consent (which may be implied); or
• We have satisfied ourselves that the overseas recipient is compliant with the Australian Privacy Principles, or a similar privacy regime; or
• We form the option that the disclosure will lessen or prevent a serious threat to life, health or safety of an individual or to public safety; or
We are taking appropriate action in relation to suspended unlawful activity or serious misconduct.

10. HOW DOES TSH TREAT SENSETIVE INFORMATION?

In referring to ‘sensitive information’, TSH means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.

11. PROTECTING PERSONAL INFORMATION

We take the protection of your personal information seriously and take all reasonable steps to ensure the information that we collect, use and disclose is accurate, secure and protected from misuse and loss and from unauthorised access, modification or disclosure.
TSH’s staff are required to respect the confidentiality of client’s, students and parents’ personal information and the privacy of individuals. Only authorised individuals are permitted to access the personal, health and sensitive information that TSH holds about you.

11.1 Accuracy
TSH will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and current. To assist, please ensure that the information you provide to us is accurate, up-to-date and complete, and let us know when your personal information changes.

11.2 Security
TSH will take all reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes including, but not limited to, access controls, network firewalls, encryption and physical security measures, in order to protect your privacy.

11.3 Retention
TSH will destroy or permanently de-identify any of your personal information that is no longer needed for the purposes described in the Policy, provided we are not required, under relevant accreditation standards or an Australian law, to retain the information

11.4 Anonymity
It is your right to be dealt with anonymously, provided that it is lawful and practicable.

TSH will try to accommodate a request for anonymity wherever possible. However, we note that in some circumstances, this may prevent TSH from practically and effectively communicating with you, as well as providing our services to you. If this is the case, we will notify you.

12. WEBSITE

12.1. Cookies
When you visit the TSH website at https://www.tsh.org.au, a record of your visit may be logged. The following data may be supplied by your browser:
(a) Your IP address and/or domain name;
(b) Your operating system (type of browser and platform);
(c) The date, time and length of your visit to the website; and
(d) The resources you accessed and the documents you downloaded.
This information may be used to compile statistical information about the use of the TSH website. It is not used for any other purpose. If you do not want ‘cookies’ to be used, then please adjust your browser settings to disable them.
Although we may collect information through our website, and through ‘cookies’, generally you can visit the TSH website without revealing your name and without providing us with any information about yourself.

12.2. Links to other websites
The TSH website may contain links to third party websites, and third-party websites may also have links to the TSH website.
The TSH privacy policy does not apply to external links or other websites.
The operators of other websites may collect your personal and/or sensitive information.
We encourage you to read the privacy policies of any website you link to from the TSH website.

13. ACCESS AND CORRECTION OF PERSONAL INFORMATION

Under the Commonwealth Privacy Act, an individual has the right to obtain access to any personal information which TSH holds about them and to advise TSH of any perceived inaccuracy. Clients and students will generally be able to access and update their personal information through their Parents, but older students and adults may seek access and correction themselves. There are some exceptions to these rights set out in the applicable legislation.

To make a request to access or update any personal information TSH holds about you or your child, please contact the CEO or Principal in writing. TSH may require you to verify your identity and specify what information you require. TSH may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, TSH will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal.

14. CONSENT AND RIGHTS OF ASSCESS TO THE PERSONAL INFORMATION OF CLIENTS and STUDENTS

TSH respects every parent’s right to make decisions concerning their child’s treatment/education. Generally, TSH will refer any requests for consent and notices in relation to the personal information of a client or student to the student’s parents (if the child is not an adult). TSH will treat consent given by parents as consent given on behalf of the client/student and notice to parents will act as notice given to the client/student.
As mentioned above, parents may seek access to personal information held by TSH about them or their child by contacting the CEO or Principal. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of TSH’s duty of care to the client/student.

TSH may, at its discretion, on the request of a client/student grant that client/student access to information held by TSH about them or allow a client/student to give or withhold consent to the use of their personal information, independently of their parents. This would normally be done only when the maturity of the client/student and/or the student’s personal circumstances so warranted.

15. MANDATORY NOTIFICATION OF DATA BREACH

The Privacy Act sets out obligations for notifying affected individuals, and the Office of the Australian Information Commissioner (OAIC), in the event of an eligible data breach which is likely to result in serious harm.
An eligible data breach occurs where:
(a) There is unauthorised access to, or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds;
(b) This is likely to result in serious harm to one or more individuals; and
(c) The entity has not been able to prevent the likely risk of serious harm with remedial action.

If an eligible data breach is confirmed or TSH is otherwise directed to do so by the Commissioner, each affected individual will be provided with a statement including:
(a) details of the breach; and
(b) recommendations of the steps individuals should take.
A copy of the statement will also be provided to the OAIC.

16. ENQUIRIES AND COMPLAINTS

If you would like further information about the way TSH manages the personal information it holds or wish to complain that you believe that TSH has breached the Australian Privacy Principles please contact the CEO. TSH will investigate any complaint and will notify you of the making of a decision in relation to your complaint as soon as is practicable after it has been made.

17. POLICY UPDATES

This policy may be updated or revised from time to time. TSH will notify all staff members each time the policy has been updated. If you are unsure whether you are reading the most current version, you should contact the CEO or the People and Culture Business Partner.

Originated Version 1 May 2014
Updated Version 2 May 2017
Updated Version 3 November 2018
Updated Version 4 October 2022