Privacy

Privacy Policy

1. Purpose:

This policy outlines what kinds of personal information Activ collects, how it is held, used and disclosed. This policy applies to all staff, contractors, volunteers, students and customer personal information.

2. Scope:

This policy applies to all staff, contractors, volunteers, students and customers that capture, handle and manage personal information.

3. The Privacy Act 1988:

Activ uses this policy to comply with the Privacy Act 1988 and the 13 Australian Privacy Principles APP:
https://www.oaic.gov.au/agencies-and-organisations/app-guidelines/The Privacy Act 1988 (Privacy Act) regulates how personal information is handled. The Privacy Act defines personal information as:
“….information or an opinion, whether true or not, and whether recorded in material form or not, about an identified individual, or an individual who is reasonably identifiable.’

Thirteen Australian Privacy Principles or APP entities that provide guidelines on how to handle, use and manage personal information are included in the Privacy Act.

The Privacy Act is the legislative reason why Activ collects, holds, uses and discloses staff, contractors, volunteers, students and customer’s personal information, in the manner outlined in this policy.

For more information about the Privacy Act or your rights, please visit the website of the Office of the Australian Information Commissioner; https://www.oaic.gov.au/

4. Activ and Privacy:

(APP 1 – Open and transparent management of personal information)
Activ is committed to proactively engaging in managing personal information.The Privacy policy is used as one of the tools created to support the Activ Privacy Management Framework.

5. Remaining Anonymous or using a Pseudonym

(APP 2 – Anonymity and pseudonymity):

  • Activ provides individuals with the option of dealing anonymously or by pseudonym.
  • An APP entity is not required to provide those options where:
          - The entity is required or authorised by law or a court or tribunal order to deal with identified individuals, or
          - It is impractical for the entity to deal with individuals who have not identified themselves
  • Anonymity means that an individual dealing with an APP entity cannot be identified and the entity does not collect personal information or identifiers
  • A pseudonym is a name, term or descriptor that is different to an individual’s actual name. Where applicable, an APP entity must ensure that individuals are made aware of their opportunity to deal anonymously or by pseudonym with the entity.

6. Activ personal information handling practices:

Activ promotes secure and mindful handling of all electronic and hardcopy personal information, which is outlined in the Information Handling and Classification Policy, which may be found in the Privacy Management Manual.

7. Kinds of personal information collected and held

(APP 3 – Collection of solicited personal information, APP 9 – Adoption, use or disclosure of government related identifiers):
Staff, contractors, volunteers, students and customers will have personal information collected to assist Activ perform functions and activity’s.
Activ adheres with, by only collecting personal information where it is reasonably necessary for, or directly related to, Activs functions or activities.
The personal information captured will vary depending on the context of the collection.

  • Names, address and contact details (e.g. phone, email and fax)
  • Photographs, video recordings and audio recordings
  • Information about personal circumstances (e.g. marital status, age, gender, occupation, accommodation and relevant      information about your partner, children, guardian)
  • Information about financial affairs (e.g. payment details, bank account details and information about business and financial interests)
  • Information about identity (e.g. date of birth, country of birth, nationality, passport details, visa details, drivers licence, birth certificates)
  • Information about your employment (e.g. work history, referee comments, remuneration
  • Information about your background (e.g education qualification, the language you speak)
  • Government identifiers (e.g. Centrelink Reference Number, Tax File Number, please note that Activ adheres to restricting the use of government identifiers unless required to assist individuals)
  • Information about assistance provided to you under government funding arrangements

    On occasions, a range of sensitive information may be collected or held about you, including information about:
  • Your health (including information about your medical history and any disability or injury you may have).

8. Dealing with unsolicited personal information

(APP 4 – Dealing with unsolicited personal information):
Unsolicited personal information is personal information received by Activ that has not been requested by Activ (e.g.: unsolicited resumes or c.v’s).
Activ will destroy or de-identify the information in accordance with the Activ Retention and Disposal R+D Schedule guidelines.

9. How Activ collects and holds personal information:

Activ collects personal information through a variety of methods:

• Paper based forms
• Electronic forms (including online forms)
• Face to face meetings
• Telephone communications
• Email communications
• Communications by fax
• CCTV footage
• Activ website
• Activ social media accounts

Activ holds personal information in a range of different formats, both paper-based and electronic records.

Please note that the Information Management industry standards define a record in International Standard ISO 15489 as:
“Information created, received and maintained as evidence and as an asset by an organisation or person, in pursuit of legal obligations or in the transaction of business.”

10. Providing consent

(APP 5 - Notification of the Collection of personal information):
Activ requires that consent forms are signed by customers, staff, volunteers and student placements:

  • Please note that all Activ customers are required to sign the Aqua 1990 Consent form, which outlines all situations in which customer information may be disclosed.
  • Please note that PageUp is used to gain consent from staff, volunteers and student placements for Activ to collect and use personal information when on-boarding.
  • Aqua 1996 Confidentiality Statement, is used to capture further consent from volunteers and students for Activ to collect and use personal information.

11.Purposes for which personal information is collected, held, used and disclosed

(APP 6 – Use or disclosure of personal information, APP 7 – Direct marketing):
Activ will collect personal information to assist in carrying out business activities:

• Performing its employment and personnel functions in relation to Activ staff, contractors and employed customers
• For the provision of service delivery for all customers
• Performing administrative and legislative functions
• Government funding agreement requirements
• Complaints handling

Authorised third party or external parties that may be supplied with your personal information will vary depending on the nature of your relationship with Activ (staff member, customer, volunteer, student placement, and contractor):

  • Personal information, as/if required to other service providers (e.g. Doctors, Silver Chain and to ambulance officers if medical care is needed in an emergency); please note that in the event that you are receiving services from multiple disability agencies, you need to advise Activ staff as to when the service starts and ceases, your consent will be required to exchange information between the external party and Activ.
  • Personal information, as/if required to Government Agencies (e.g. Disability Services Commission, Department of Social Services DSS, NDIS, Centrelink, Australian Tax Office ATO, WorkCover WA Police etc.) where it is required by law or required so that services can be accessed; and
  • Personal information to others in cases an individual may be at risk of serious harm.

Activ uses and discloses personal information for the primary purposes for which it is collected.

Activ will only use personal information for secondary purposes where it is able to do so in accordance with the Privacy Act.

Confidential agreement templates have been created to ensure confidentiality for these situations:
Aqua 2760 Confidentiality Agreement – Disclosure to Third Party
Aqua 2761 Confidentiality Agreement – Mutual Disclosure

  • These templates are intended for use as agreements for when Activ shares information with third parties for such things as service agreements, engagements, legal projects and commercial arrangements.
  • Please note that not all releases of personal information will require a confidential agreement. There are legal instances where Activ is required to release the personal information.
  • The Governance and Risk Manager may be contacted for consultation regarding the use of the confidential agreement templates.
  • The Executive Managers are classified as Authorised Officers and are in a position to sign on behalf of Activ.
  • The information to be released is to be provided to the Privacy officer to be reviewed. The Privacy Officer is given the opportunity to review the information and signed off on it as being reviewed (via email) before the information is sent out of Activ. This is to mitigate the risk of a data breach.
  • Confirmation is required and to be provided in writing (via email) when the destruction of the personal information has been officially carried out by the external party.
  • Not all Authorised Disclosure releases of information require a Confidential Agreement, a signed consent form from the individual authorising a third party to collect personal information is sufficient for the release.
  • A record of all authorised personal information that is released is to be kept. Please note that originals (unless under Court Order) are held by Activ, copies are provided to external parties.
  • A summary of why the personal information has been authorised to be disclosed is also required.

Direct marketing;

Activ ensures personal information will not be used to communicate directly with an individual to promote goods and services, unless permission has been provided.
Activ allows individuals to request not to receive direct marketing communications ‘opting out’ and will comply with that request.

12. Personal information is to be kept accurate, up-to-date and complete

(APP 10 – Quality of personal information):
Activ provides staff with access to policies and procedures to assist them to capture and maintain personal information accurately and completely.

  • Staff have access to Askhr and may update their own personal details
  • Please note that the internal Privacy survey requires supervisors to remind staff to update their personal information in Askhr.
  • Customers may update their personal details by supplying changes in writing to either their Team Leader/Employee Coordinator, or by annually completing the AQuA 2750 Customer Profile and AQuA 1990 Consent Form. Please note that the internal Privacy Survey requests staff to commit to auditing customer files to check that the Consent form and Customer Profile are up to date.

13.How to seek access to and correction of personal information:

(APP 12 – Access to personal information, APP 13 – Correction of personal information):

  • When Activ holds personal information about an individual, Activ will give the individual access to that information on request.
  • Activ supplies individuals the opportunity to access or seek correction of personal information, please email the Activ privacy email address Privacy@activ.asn.au for assistance if required.
  • Staff that have access to Askhr may update their own personal details
  • Customers may update their personal details by supplying changes in writing to either their Team Leader/Employee Coordinator, or by completing the annual AQuA 2750 Customer Profile.

14. Data Breaches - Accidental or unauthorised disclosure of personal information:

Accidental or unauthorised disclosure of personal information is prohibited.
Activ takes any potential Data Breach seriously, there are existing mechanisms in place to manage any potential Data Breach.

The potential breach will be investigated and measured against the Office of the Australia Information Commissioner OAIC criteria that identifies what does and what does not constitute an Eligible Data Breach:

The OAIC Eligible Data Breach criteria may be found via this link:
https://www.oaic.gov.au/agencies-and-organisations/guides/data-breach-preparation-and-response#identifying-eligible-data-breaches

Eligible data breach:

An eligible data breach arises when the following three criteria are satisfied:

  1. there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds
    (see What is a ‘data breach’? via this link:
    https://www.oaic.gov.au/agencies-and-organisations/guides/data-breach-preparation-and-response#what-is-a-data-breach
  2. this is likely to result in serious harm to one or more individuals (see Is serious harm likely? via this link:
    https://www.oaic.gov.au/agencies-and-organisations/guides/data-breach-preparation-and-response#is-serious-harm-likely), and
  3. the entity has not been able to prevent the likely risk of serious harm with remedial action (see Preventing serious harm with remedial action via this link
    https://www.oaic.gov.au/agencies-and-organisations/guides/data-breach-preparation-and-response#preventing-serious-harm-with-remedial-action ).

    For details of the Activ Data Breach Plan, please refer to section 14. Data Breach Response Plan, of the Privacy Management Manual.

15. Security of personal information:

(APP 11 – Security of personal information):
Activ promotes secure and mindful handling of all electronic and hardcopy personal information.
This is outlined in the Information Handling and Classification Policy, which may be found in the Privacy Management Manual.
ICT policy and procedures underpin the confidential and secure management of business applications and systems. All staff are required to be aware of Data security, manage hardcopy and electronic personal information in a confidential, secure manner.

16. Personal information held overseas:

(APP 8 – Cross border disclosure of personal information):
Activ may engage in the services of cloud based overseas providers, agreements are in place with providers to securely manage personal information.

17. How to make a complaint:

There are dedicated Consumer Liaison staff to manage feedback regarding services, from both staff, customers, guardians and members of the public. There is Feedback form available via the Activ website, internally there is an email address Feedback@activ.asn.au, the phone number 9387 0555 may be used to contact Consumer Liaison Officer.

18. Privacy Policy updates:

The Privacy officer is required to regularly review the privacy Policy and the rest of the Privacy Management Manual. Mechanisms are in place for the Privacy Management Manual to be reviewed annually.

19. How to Contact a Privacy officer:

If you have any privacy query’s please contact the Activ Privacy officer by phone 9387 0555 or via email privacy@activ.asn.au

20. Availability of the Privacy Policy:

The Privacy Policy is section 3 in the Privacy Management Manual and is available via the Activ intranet site, the Activ website and PageUp (recruitment portal). Please contact the Records Department regarding any issues that prevent you accessing the a current version of the Privacy Policy, by phone 9387 0555 or via email records@activ.asn.au.

Need to Find Out More?

Simply fill out the form below and an Activ staff member will be in contact with you soon.

contact us

Phone: (08) 9387 0555

Email:  privacy@activ.asn.au

you may also be interested in