SPDL Privacy Policy

Principle

The SPDL Committee of Management is committed to protecting the privacy of personal information which the organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person.

SPDL recognises that the nature of its service means that much of the information handled is of a sensitive nature. It is recognised that it is the essential right of individuals to have their personal information handled in ways they would reasonably expect. All personal information discussed or collected from clients, volunteers and staff should be maintained in accordance with the Australian Privacy Principles [1] (APPs) and should be treated in a confidential manner.

Policy

SPDL will abide by the provisions of the Privacy Act 1988 (Cth), the Health Records Act 2001 (Vic), and any other laws that impose specific obligations in regard to handling personal information. Personal information regarding an individual will only be used to facilitate SPDL services, activities and/or functions, and will otherwise be kept confidential, except where SPDL has the permission of the individual to use their personal information for an alternate purpose, or where SPDL is authorised under Australian law or a Court or Tribunal order to do so.

SPDL takes personal information to mean information, whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable. Examples of personal information include an individual’s name, signature, address, telephone number, date of birth, medical records, and bank account details.

Procedure

SPDL will:

  • Provide a copy of the Privacy Statement to all staff, volunteers and clients where requested;

  • Only collect personal information that is reasonably necessary for one or more of our functions;

  • Only collect sensitive information about an individual with that individual’s consent;

  • Only collect personal information about an individual through lawful and fair means;

  • Only collect personal information through the individual it relates to, not by asking others, unless it is not practicable or reasonable to do so;

  • Any information about an individual that was not collected through lawful and fair means, and is not contained in a Commonwealth record, will either destroy any information or ensure that it is de-identified as soon as possible in a lawful and reasonable way [2]

  • When collecting personal information about an individual, tell that individual:

    • That we have collected the information;

    • The identity and contact details of SPDL;

    • How the information was collected;

    • The purposes for which it was collected;

    • The main consequences for the individual if all/some of the personal information is not collected by SPDL;

    • Who this information may be disclosed to;

    • How the individual can access this information and seek its correction;

    • How the individual can complain about a breach in the APPs/a registered APP code that binds SPDL, and how SPDL will deal with such a complaint;

  • Use and disclose an individual’s personal information only for the purposes for which it was collected, unless:

    •  We have the individual’s consent to otherwise use/disclose their personal information;

    • We use/disclose an individual’s personal information for a directly related purpose, and we would be reasonably expected to do so;

    • We are required or authorised under Australian law or a Court or Tribunal Order to otherwise use/disclose the information;

    • There is a general situation in which we are permitted to use/disclose the information;

    • There is a health situation in which we are permitted to use/disclose the information;

    • We reasonably believe that it is necessary to use/disclose the information for an enforcement related activity conducted by or for an enforcement body;

  • Provide a written note of any use/disclosure of personal information that was not for the purposes for which it was collected;

  • Take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete, and relevant both when it is collected and when it is disclosed [3]

  • Take reasonable steps to protect personal information from misuse, interference and loss, as well as unauthorised access, modification and disclosure. This will include taking reasonable steps to destroy or de-identify personal information we hold once the personal information is no longer needed for a specified function of SPDL, unless:

    • The information is contained in a Commonwealth record; or

    • SPDL is required by Australian law or under a Court or Tribunal Order to retain the personal information;

  • Ensure that if personal or health information is transferred, privacy protection travels with it (information should only be transferred between agencies if the recipient protects privacy under similar laws and standards);

  • If requested, allow an individual to access the personal information we hold about them, unless one of the grounds listed in s12.34 of the APPs applies;

  • If access to personal information is requested, respond to such a request within 30 days from the day after we receive the request;

  • If access to personal information is requested, give access in the manner requested by the individual where possible;

  • If access to personal information is refused, provide the individual with a written note setting out the reasons for the refusal as well as any complaint mechanisms available to the individual;

  • If an individual seeks to correct the personal information that SPDL holds about them, respond to such a request within 30 days from the day after we receive the request.

SPDL will not:

  • Use or disclose an individual’s personal information for the purpose of direct marketing;

  • Adopt, use or disclose a government related identifiers collected by SPDL in registering client’s to use its services.

Furthermore, if lawful, practicable or feasible, individuals should have the option of not identifying themselves when entering into transactions.

All information collected by SPDL in accordance with HACC Minimum Data Set must have a unique identifier attached to it. This is done automatically by the database.

Staff and volunteers will:

  • Respect the privacy of clients;

  • Not discuss clients, other staff, and/or volunteers unless pertinent to the execution of service delivery or the functioning of the organisation;

  • Respect the values and attitudes of clients, their right to make their own decisions and work out their own problems; and

  • Be given training on privacy and confidentiality requirements.

Client Record Management Policy

Principle

To ensure that all electronic and hard copy records are maintained in a way that is consistent with SPDL Inc. obligations under the Health Records Act 2001 (Vic) and the Victorian Public Records General Disposal Schedule.

Policy

All client intake and assessment records will be documented on the Department of Health and Human Services mandated Service Coordination templates.  Both the paper and electronic record of the assessment will be kept for a period of seven (7) years after the service to the client is discontinued.

Records of service delivery must also be kept for a period of two (2) years after the service to the client is discontinued, but where there is an accurate electronic record, the paper record may be destroyed.  Examples of records of service delivery include volunteer rosters, including DayLinks Community Transport Run Sheets.

Procedure

Storage of Records

  • Electronic records are stored on computers are accessible only to staff.

  • Computers are turned off at the end of business day and offices locked overnight.

  • Records are removed from computers before disposal of computers.

  • Paper Records are stored in respective filing cabinets which are locked at the end of business day.

  • Files in current use are returned to filing cabinet overnight.

Archiving

  • Electronic records can be archived as part of the software programs currently being used.

  • Paper records that need to be kept are archived and stored in a locked facility. Records that don’t need to be kept are shredded.

Privacy Statement and Frequently Asked Questions

SPDL values and protects the personal information it collects in the course of undertaking its responsibilities and continues to demonstrate a strong culture of protecting the confidentiality of staff, clients and volunteers.

Who are we?

South Port Day Links Inc. is a not-for-profit organisation which provides services to aged people, people with a disability, their carers, and people who are transport disadvantaged.

Why do we collect information about you?

The information we collect helps us provide the best service possible to our clients. We use this information to help us plan and manage our services.

We rely on the information you give us to help provide our service to you. We only ask for information that is necessary to provide our services.

What information do we need to collect?

We keep your name and contact details, as well as your date of birth and other information that is needed to provide a quality service. This is the information given to us when you first register with SPDL.

Who else sees this information?

Your information is only seen by the people who work or volunteer for this organisation, who are directly involved in organising or delivering services. We only release information about you to a third party if we have your agreement or if we are required by law to do so.

How is your information protected?

The privacy of your information is protected by law and we are required to store your information securely and treat it with the strictest confidence. You are able to access your own information by making an appointment with SPDL.

Privacy Policy

SPDL has a Privacy Policy. Please contact the office if you wish to obtain a copy.

Other Information

SPDL has guidelines and policies about:

  • Client Rights and responsibilities

  • Complaints and grievances

  • Duty of Care

  • Equal Opportunity

  • Cultural Diversity

  • Transport Policy

Please contact the office on 9646 6362 if you wish to obtain copies of any of these.

How to contact us or make a complaint

If you would like to find out more about our Privacy Policy or the personal information we have collected about you, or if you would like to make a complaint, please contact us by:

Email info@spdl.org.au
Phone 9646 6362
Address
Attn: General Manager SPDL
PO Box 199
Port Melbourne VIC 3207

We will respond to your request usually within 48 hours and, at a maximum, within 30 days of receiving it, and treat seriously any claims of privacy breaches.

[1] Privacy Act 1988 (Cth)

[2] Personal information is destroyed when it can no longer be retrieved. For example, if the information is in hard copy it must be shredded before it is disposed of through the garbage or recycling.

[3] If personal information about an individual is collected from the individual themselves, this is considered a reliable source. For this reason, in most cases it will not be necessary to ensure that the information is accurate, up-to-date, complete and relevant.