1 AIM AND OBJECTIVE
2 POLICY STATEMENT
Privacy is a top priority for TSH.
When dealing with personal and/or sensitive information, TSH observes its obligations under the Privacy Act 1988 (Cth) (Privacy Act), and it complies with the Australian Privacy Principles, as well other relevant State Territory legislation
This policy sets out how TSH will collect, use, store, disclose and de-identify personal and/or sensitive information.
3 SCOPE AND APPLICATION
Privacy Act 1988 (Cth)
Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)
Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth)
4 THE TYPES OF INFORMATION TSH COLLECTS
The type of information TSH collects and holds includes (but is not limited to) personal information, including health and other sensitive information, about:
- clients, students and parents and/or guardians (‘Parents’) before, during and after the course of a student’s and client’s enrolment at TSH;
- job applicants, staff members, volunteers and contractors and,
- other people who come into contact with TSH.
What is Personal Information?
5 HOW TSH COLLECTS PERSONAL INFORMATION
5.1 Personal Information you provide
TSH will generally collect personal information held about an individual by way of forms filled out by Parents, students or clients, face-to-face meetings and interviews, emails and telephone calls. On occasion people other than Parents, students or clients provide personal information.
5.2 Personal Information provided by other people:
In some circumstances TSH may be provided with personal information about an individual from a third party, for example a report provided by a medical professional or a reference from another organisation.
TSH may also electronically collect your personal and/or sensitive information from third parties in the following ways:
(a) From service providers, when they assist TSH with the provision of services, for example, bank information from your financial institution;
(b) Families, carers or advocacy groups;
(c) Health providers; and
(d) Government and non-government entities (such as the National Disability Insurance Agency; Australian Hearing and others)
5.3 Exception in relation to employee records
6 WHY TSH COLLECTS PERSONAL INFORMATION
We collect, use and hold your personal information as part of the employment process and to provide you with TSH’s products and services. We also collect, use and hold your personal information to manage our ongoing relationship with you and perform functions and activities relating to our business.
6.2 Clients, students and parents
In relation to personal information of clients, students and parents, TSH’s primary purpose of collection is to enable TSH to provide its range of products and services. This includes satisfying the needs of Parents, the needs of the clients and students and the needs of TSH throughout the whole period that students and clients are active at TSH. The purposes for which TSH uses personal information of clients, students and Parents include:
- to keep Parents and clients informed about matters related to them, through correspondence, newsletters and magazines;
- day-to-day administration of TSH;
- looking after client’s and students educational, social and medical wellbeing;
- to facilitate TSH research;
- seeking donations and marketing for TSH; and
- to satisfy TSH’s legal obligations and allow TSH to discharge its duty of care.
In some cases where TSH requests personal information about a client, student or Parent, if the information requested is not provided, TSH may not be able to treat/enroll or continue the treatment/enrolment of the client/student or permit the client/student to take part in a particular activity.
6.3 Job applicants, staff members and contractors
In relation to personal information of job applicants, staff members and contractors, TSH’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be. The purposes for which TSH uses personal information of job applicants, staff members and contractors include:
- in administering the individual’s employment or contract, as the case may be;
- for insurance purposes;
- seeking donations and marketing for TSH; and
- to satisfy TSH’s legal obligations, for example, in relation to child protection legislation.
TSH also obtains personal information about volunteers who assist TSH in its functions or conduct associated activities, such as alumni associations, to enable TSH and the volunteers to work together.
6.5 Marketing and fundraising
TSH treats marketing and seeking donations for the future growth and development of TSH as an important part of ensuring that TSH continues to provide a quality treatment and learning environment in which clients, students and staff thrive. Personal information held by TSH may be disclosed to organisations that assist in TSH’s fundraising, for example, TSH may engage a fundraising company for a specific purpose. Parents, staff, contractors and other members of the wider TSH community may from time to time receive fundraising information. TSH publications, like newsletters and magazines, which include personal information, may be used for marketing purposes.
6.6 Service Providers
We use service providers to help us provide our services (such as IT suppliers, advisors and other professional or health service providers). We may provide your personal and/or sensitive information to these service providers in order to allow them to help us provide our services to you.
6.7 Use of Video Cameras
TSH may utilise video cameras for surveillance in key locations throughout its premises, such as reception areas and corridors. The use of such video cameras will be signposted to inform people accessing TSH buildings.
6.8 Other Uses
We might also collect your information for the following purposes:
(a) for the immediate reason for which you have provided it to us (for example, to enable us to process a request, donation, payment, registration, membership subscription, etc);
(b) to maintain contact with you about our work, to report to you about our work, or to encourage you to learn about what we do;
(c) any other purpose directly related to our work and for which you have provided consent (where it is reasonably required by law); and
(d) any purpose which is reasonably related to or necessary for our purposes.
7 HOW WILL TSH USE THE PERSONAL INFORMATION YOU PROVIDE?
We only use your information for:
(a) the reason we collect it as set out above; or
(b) in the case of personal information, for any purpose which is reasonably related to or necessary for the purpose for which it was collected; or
(c) in the case of sensitive information, for any purpose which is directly related to and/or necessary for the purpose for which it was collected; or
(d) as otherwise permitted by law.
8 WHO MIGHT TSH DISCLOSE PERSONAL INFORMATION TO?
TSH may disclose personal information, including sensitive information, held about an individual to:
- another school;
- government departments;
- medical practitioners;
- people providing services to the TSH, including specialist visiting teachers, counselors and sports coaches, and specialists;
- recipients of TSH publications, such as newsletters and magazines;
- anyone you authorise TSH to disclose information to; and
- anyone to whom we are required to disclose the information to by law.
If you do not want your personal and/or sensitive information disclosed to another organisation, then please let us know, either at the time we collect the information, or any later time, and we will ensure that the disclosure either ceases or does not occur.
We take reasonable steps to ensure that all third party recipients of the information which you provide to us are bound by confidentiality and privacy obligations when handling your personal and/or sensitive information.
8.2 Sending information overseas
TSH may disclose personal information about an individual to overseas recipients, for instance, when storing personal information with ‘cloud’ service providers which are situated outside Australia or to facilitate a TSH exchange. However, TSH will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied);
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
9 HOW DOES TSH TREAT SENSITIVE INFORMATION?
In referring to ‘sensitive information’, TSH means: information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
10 MANAGEMENT AND SECURITY OF PERSONAL INFORMATION
TSH’s staff are required to respect the confidentiality of client’s, students and Parents’ personal information and the privacy of individuals. TSH has in place steps to protect the personal information TSH holds from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.
TSH’s IT systems are password protected and comply with applicable security standards.
Only authorised individuals are permitted to access the personal and sensitive information that TSH holds about you.
It is your right to be dealt with anonymously, provided that it is lawful and practicable.
TSH will try to accommodate a request for anonymity wherever possible. However, we note that in some circumstances, this may prevent TSH from practically and effectively communicating with you, as well as providing our services to you. If this is the case, we will notify you.
When you visit the TSH website at https://www.tsh.org.au/, a record of your visit may be logged. The following data may be supplied by your browser:
(a) Your IP address and/or domain name;
(b) Your operating system (type of browser and platform);
(c) The date, time and length of your visit to the website; and
(d) The resources you accessed and the documents you downloaded.
This information may be used to compile statistical information about the use of the TSH website. It is not used for any other purpose. If you do not want ‘cookies’ to be used, then please adjust your browser settings to disable them.
Although we may collect information through our website, and through ‘cookies’, generally you can visit the TSH website without revealing your name and without providing us with any information about yourself.
10.3 Links to other websites
The TSH website may contain links to third party websites, and third party websites may also have links to the TSH website.
The operators of other websites may collect your personal and/or sensitive information.
We encourage you to read the privacy policies of any website you link to from the TSH website.
11 ACCESS AND CORRECTION OF PERSONAL INFORMATION
Under the Commonwealth Privacy Act, an individual has the right to obtain access to any personal information which TSH holds about them and to advise TSH of any perceived inaccuracy. Clients and students will generally be able to access and update their personal information through their Parents, but older students and adults may seek access and correction themselves. There are some exceptions to these rights set out in the applicable legislation.
To make a request to access or update any personal information TSH holds about you or your child, please contact the CEO or Principal in writing. TSH may require you to verify your identity and specify what information you require. TSH may charge a fee to cover the cost of verifying your application and locating, retrieving, reviewing and copying any material requested. If the information sought is extensive, TSH will advise the likely cost in advance. If we cannot provide you with access to that information, we will provide you with written notice explaining the reasons for refusal.
12 CONSENT AND RIGHTS OF ACCESS TO THE PERSONAL INFORMATION OF CLIENTS and STUDENTS
TSH respects every Parent’s right to make decisions concerning their child’s treatment/education. Generally, TSH will refer any requests for consent and notices in relation to the personal information of aclient or student to the student’s Parents (if the child is not an adult). TSH will treat consent given by Parents as consent given on behalf of the client/student, and notice to Parents will act as notice given to the client/student.
As mentioned above, parents may seek access to personal information held by TSH about them or their child by contacting the CEO or Principal. However, there will be occasions when access is denied. Such occasions would include where release of the information would have an unreasonable impact on the privacy of others, or where the release may result in a breach of TSH’s duty of care to the client/student.
TSH may, at its discretion, on the request of a client/student grant that client/student access to information held by TSH about them, or allow a client/student to give or withhold consent to the use of their personal information, independently of their Parents. This would normally be done only when the maturity of the client/student and/or the student’s personal circumstances so warranted.
13 MANDATORY NOTIFICATION OF ELIGIBLE DATA BREACH
The Privacy Act sets out obligations for notifying affected individuals, and the Office of the Australian Information Commissioner (OAIC), in the event of an eligible data breach which is likely to result in serious harm.
An eligible data breach occurs where:
(a) There is unauthorised access to, or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds;
(b) This is likely to result in serious harm to one or more individuals; and
(c) The entity has not been able to prevent the likely risk of serious harm with remedial action.
If an eligible data breach is confirmed or TSH is otherwise directed to do so by the Commissioner, each affected individual will be provided with a statement including:
(a) details of the breach; and
(b) recommendations of the steps individuals should take.
A copy of the statement will also be provided to the OAIC.
14 ENQUIRIES AND COMPLAINTS
If you would like further information about the way TSH manages the personal information it holds, or wish to complain that you believe that TSH has breached the Australian Privacy Principles please contact the CEO. TSH will investigate any complaint and will notify you of the making of a decision in relation to your complaint as soon as is practicable after it has been made.
Telethon Speech & Hearing Online Payment Gateway
Telethon Speech & Hearing uses the eWAY Payment Gateway for its online credit card transactions. eWAY processes online credit card transactions for thousands of Australian merchants, providing a safe and secure means of collecting payments via the Internet. All online credit card transactions performed on this site using eWAY gateway are secured payments.
- Payments are fully automated with an immediate response.
- Your complete credit card number cannot be viewed by Telethon Speech & Hearing or any outside party.
- All transactions are performed under 128 Bit SSL Certficate.
- All transaction data is encrypted for storage within eWAY’s bank-grade data centre, further protecting your credit card data.
- eWAY is an authorised third party processor for all the major Australian banks.
- eWAY at no time touches your funds; all monies are directly transfered from your credit card to the merchant account held by Telethon Speech & Hearing.
For more information about eWAY and online credit card payments, please visit www.eWAY.com.au