Privacy

Interaction Disability Services Ltd Privacy Policy

Version 4, September 2023

1. Introduction

Interaction Disability Services (“we” or “us”) value your privacy. We take reasonable steps to protect your personal information. We abide by the requirements of the Australian Privacy Principles detailed within the Privacy Act 1988 (Cth) (“Act”) in relation to the collection, use and disclosure of your personal information and comply with other applicable laws protecting privacy including State and Territory health information legislation. This Policy applies to personal information regarding participants, their families and carers, guardians and staff.

By accessing our website, engaging our services or providing personal information to us, you
consent to our collection, use and disclosure of that information on the terms of this privacy
policy (Privacy Policy) and any other contractual or other arrangements (if any) that may
apply between us.

2. Scope of this Privacy Policy

This Privacy Policy describes how your privacy is respected and protected in accordance with the Australian Privacy Principles. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au. It applies to all information we collect about you through the use of our services. This includes personal information collected in person, in forms completed by you or on your behalf, by telephone, through our website, via other service providers and by other electronic communication channels (e.g. desktop, laptop, mobile phone or other consumer electronic device) to access our services.

3. Agreeing to these terms (use constitutes acceptance)

Your continued use of our website and/or our service indicates that you accept the conditions of this Privacy Policy, consent to the collection and use by us of any personal information you provide while using our services or our website.

4. What is personal information?

Personal information is any information that can be used to identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

5. Why do we collect personal information?

We collect personal information that is necessary for us to undertake and provide our services and activities. Due to the nature of our services, this may include sensitive information, including health information.

We also collect personal information so that we can improve and perform our business activities and functions, to provide you with any products or services you may request, or to respond to any query or complaint that you may have.

6. When do we collect personal information?

Examples of personal information we may collect, and when we may collect it, include (but is not limited to) the following:

  • Providing services to participants – we collect our participants’ and their family members’ personal information, such as names, addresses and other contact details. Information which we may collect from participants includes date of birth, other information about our participants’ needs and circumstances (such as living arrangements), records of communication and as otherwise required in order to provide our services. This information may include health information about them. The specific information will depend on the type of service provided and will be collected from the participant before and during the provision of services.
  • Distributing publications and direct marketing – if we have met you or provided services to you we may collect and store your personal information on our publication or direct marketing list (which may include name, address, email address, and mobile phone number) in order to distribute newsletters and other communications in print and electronic form from time to time. We will only use sensitive information (such as health information) for direct marketing purposes with your expressed prior consent. You may opt-out of receiving direct marketing by contacting our Marketing and Communications Manager (contact details below), or opting out by the mechanism provided.
  • Assisting with your queries – you may choose to provide us with your name or other contact details when you call us by phone or write to us so that we can respond to your requests for information about our services or operations. If you choose to remain anonymous we may not be able to provide the full range, or any, services or responses to you.
  • Conducting our general business activities – we collect personal information about individuals for our general business operations. From time to time, we may collect, use and disclose your personal information for quality assurance, risk management, billing and administrative purposes.
  • Sensitive Information: we may collect sensitive information if it is relevant to the provision of our services. That information will be treated in accordance with requirements of the Privacy Act and any state and territory health information legislation.

7. How do we collect your personal information?

It is our usual practice to collect personal information directly from you or your authorised representative such as a carer, guardian or other responsible person. We collect information from an authorised representative if you have consented for us to collect the information in this way, or where it is not reasonable or practical for us to collect this information directly from you (the participant) (such as in an emergency, because you are not able to provide the information required or where collection in this way is a lawful, reasonable and efficient way to collect the information without inconvenience to you). If you choose not to provide certain personal information to us, we may not be able to provide you with the services you require or communicate with you.

In addition to the means of collection set out above, we may also collect personal information:

  • When you provide information through our website;
  • When you interact with us through our social media channels;
  • When you visit one of our sites, such as Interaction’s office;
  • From third parties such as from credit reporting bodies;
  • From publicly available sources of information;
  • From third parties, where it is reasonably necessary or normal business practice, so that we can continue to provide you with our services.

We also collect limited information about all visitors to our online resources which is used only to identify generic behavioural patterns. We may use cookies, Google Analytics or other technology to track visits to our website to monitor its effectiveness, maintain our server and improve our services. Types of data collected include:

  • Server address;
  • Top level domain name (for example .com, .gov, .au, etc.);
  • The date and time of your visit to the site;
  • The pages you accessed and documents downloaded during your visit;
  • The previous site you visited;
  • If you’ve visited our site before; and
  • The type of browser used.

These statistics will not identify you as an individual.

8. How do we use your personal information?

We use and disclose personal information we collect:

  • To provide and improve our services to our participants and their family members,
    including to:

    • Identify and provide services required including those offered by third parties;
    • Allow exchange of information between service providers with whom we interact
      with on behalf of participants; and
    • Assess the adequacy of, and our participants’ and their family members’ level
      of satisfaction with, our services.
  • To verify your identity;
  • To communicate with our participants and their family members including distributing
    our publications, conducting events and raising awareness about our services;
  • To undertake our general business activities, including interacting with contractors and
    service providers, billing and administration;
  •  To administer and manage our services including charging and billing you for those
    products (as applicable);
  • To conduct appropriate checks for fraud;
  • To update our records and keep your contact details up to date;
  • Maintain and develop our business systems and infrastructure, including testing and
    upgrading of these systems; and/or
  • For other purposes with your consent or as permitted by law.

9. When will we disclose your personal information?

We will not share any of your personal information with third parties without your consent
except:

  • If we are required by law or we believe in good faith that such action is necessary in order to comply with law, cooperate with law enforcement or other government agencies, or comply with a legal process served on the company (including other service providers or insurers) or court order;
  • If the disclosure of the information will prevent or lessen a serious and imminent threat to somebody’s life or health;
  • To our contractors, such as agency staff, other service providers and volunteers only to the extent necessary for them to perform their duties to us; or
  • To our professional advisors, including our accountants, auditors and lawyers;
  • To any government agency who requests it and where we are legislated to provide it (including but not limited to the National Disability Insurance Agency and NDIS Quality and Safeguards Commission);
  • If you are a participant, to your family members or your health or other service providers if required for us, or other service providers, to provide services to you;
  • If you are not able to provide us with consent, we may use and disclose your personal information with the consent of a responsible person (as defined under the Privacy Act); or
  • As otherwise permitted by law.

If we retain any sensitive information, that information will not be used, shared or disclosed without your express or implied consent that is current, voluntarily given and obtained in accordance with the Australian Privacy Principles. If you are unable to give consent then we may use and disclose your personal and sensitive information with the consent of a responsible person (as defined under the Privacy Act)

10. Security of your personal information

We regard the security of your personal information as a priority and implement a number of reasonable physical and electronic measures to protect it. Staff and volunteers who may have access to your information are required to abide by Interaction’s confidentiality policies and if contract service providers are used, they will be bound by our Privacy Policy. Your personal information may be stored at our offices and in other facilities that we own, lease or license from third parties, like data centres. We implement generally accepted standards of technology and operational security to protect personal information from loss, misuse, or
unauthorised alteration or destruction. We will notify you as required by data protection legislation in the event of any breach of your personal data which might expose you to serious risk.

We remind you, however, that the internet is not a secure environment and although all care is taken, we cannot guarantee the security of information you provide to us via electronic means.

11. Data quality

We take all reasonable steps to ensure that the personal information we collect is accurate, up to date and complete. This includes maintaining, correcting and updating personal information when we are advised it has changed and at other times as necessary.

12. Cross border data transfer

We operate only within Australia and will not provide your information to parties in any other country without your consent. We do from time to time, however, use web-based programs for particular activities such as email broadcast which may be hosted offshore, or cloud service providers. Where this is the case, we will seek assurance from the supplier of their adherence to Australia’s privacy laws.

13. What if there is a data breach?

We take all reasonable steps to prevent data breaches. However, if we suspect that a data breach has occurred, we will undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected. If so, we will enact our Data Breach Response Plan, including:

  • Taking all reasonable steps to contain the breach;
  • Where possible, taking action to remediate any risk of harm;
  • Notify individuals and the Office of the Australian Information Commissioner (OAIC) where an individual is likely to suffer serious harm (or if otherwise required by law); and
  • Review the incident and consider what actions can be taken to prevent future breaches.

14. Accessing and correcting your information

You are entitled to view the information we hold about you and reasonable requests for access and correction will be responded to as quickly as possible. Access to a large amount of information or information from various sources within the organisation may take time before we can respond. If you wish to view the information we hold about you, please contact Interaction’s CEO or People and Culture team (for staffing queries) using the contact details below. If we refuse to give you access to your personal information or to correct your personal information, we will give a reason for this decision and provide mechanisms in which you may lodge a complaint. Generally, if requested, we will amend any personal information which you demonstrate is inaccurate, incomplete or not current, and will remove any information that is not relevant. If we disagree with your view on these matters we will keep a note on the relevant file, outlining your view of the information held.

15. Online transactions

Our website may be enabled for online transactions using a certified secure payment gateway. However, despite the security on the site, you should be aware that there are inherent risks in transferring information across the internet and we cannot accept liability for any breaches. When a payment is made over the internet, your credit card number is used only to make a debit and not retained by us.

16. Security measures for online payments (if relevant)

Payments made online on our website are processed in real time using a secure payment gateway. Payments are processed in Australia (and for all other countries) in Australian Dollars. Our website has security measures designed to protect against the loss, misuse and/or alteration to your personal information under our control.

17. Links to other websites

Our websites may contain links to third party websites, and third party websites may also have links to our websites. We do not endorse any of those websites or links. This Privacy Policy does not apply to external links or other websites who may also collect your personal information. We encourage you to read the privacy policies of any website you link to from our website.

18. Effective date and updates

This is our current Privacy Policy. We may at any time vary this Privacy Policy by publishing an updated version on our website. You accept that by using the website or continuing to use our services, provided you with sufficient notice of the variation.

19. Changes to this Privacy Policy

We reserve the right, as it may be necessary, to review, revise or make changes to our Privacy Policy and will notify you of those changes by posting those changes on our website.

20. Complaints

If you wish to make a complaint about a possible breach of privacy, please provide details of your complaint in writing or contact us via our office phone number (see contact details (see contact details below).

If your complaint relates to our failure to provide access to or to correct any personal information that we hold about you, you may lodge a complaint directly with the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au).

If your complaint does not relate to these matters, please provide details of your complaint in writing or contact us via our office phone number so that we can investigate. We will treat your complaint confidentially, investigate your complaint, ensure that we keep you up to date regarding our findings and inform you of any further actions we may take. We will also ensure your complaint is resolved within a reasonable time or where a resolution cannot be achieved the outcome of any investigation is communicated to you.

Individuals enquiring about their rights and remedies for breaches of privacy, can access detailed information at the Office of the Australian Information Commissioner www.oaic.gov.au.

21. More Information

If you would like more information about our Privacy Policy or the way we manage your personal information, you can contact the following Interaction personnel:

CEO
Brett Thompson
bthompson@interactionservices.org
Ph: 1300 668 123

People and Culture Team
hr@interactionservices.org
Ph: 1300 668 123

Marketing and Communications Manager
Emily Griffith
egriffith@interactionservices.org
Ph: 1300 668 123

General Enquiries
info@interactionservices.org
Ph: 1300 668 123

References:
Australian Privacy Principles
Privacy Act (Cth) Act 1988
Privacy Amendment (Notifiable Data Breaches) Act 2017