This policy outlines Anglicare Tasmania’s commitment to ensuring and respecting the privacy and confidentiality of our clients and our personnel (employees, volunteers, and students) in accordance with Commonwealth legislative requirements.
All Anglicare personnel are required to observe the policy, principles and processes which have been formally approved and endorsed by Anglicare’s CEO.
All personnel of Anglicare Tasmania will be required to sign a ‘New Personnel Declaration’ upon appointment to confirm that they have read and understood this policy.
Anglicare Tasmania Inc. respects the privacy rights of all individuals and is required to comply with the principles contained within the following privacy legislation:
We must also comply with the:
Anglicare Tasmania is committed to the protection of personal privacy. Here we identify how your personal information will be collected, stored, used, disclosed and disposed of. We also explain how you can access and amend your personal information and what you can do if you think your privacy has been interfered with.
Throughout this document we are referred to as Anglicare, us and we. We refer to an individual as you.
Personal information: refers to information or an opinion in any recorded format about an individual whose identity is apparent or is reasonably ascertainable from the information or opinion. In the PIP Act only, unlike the Privacy Act, it is not limited to personal information of an individual who is alive. It also applies to personal information of an individual who has not been dead for more than 25 years.
Sensitive personal information: includes ethnic or racial origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; health; sexual preferences, practices or activities; and criminal record, as well as Health Information.
Health information: means information or an opinion about an individual’s physical, mental or psychological health, a disability, an individual’s future wishes relating to the provision of health services, other information collected to provide or in providing a health service and genetic information.
Information and data collection (some of which is personal information) is a requirement of many Anglicare funding contracts with Government. Anglicare also collects personal information that is reasonably necessary to enable us to perform our functions and activities, which may include:
We collect personal information by lawful and fair means.
The type of personal information we collect includes, but is not limited to:
Personal information will only be collected directly from you, from a third party if you consent, or from your legally recognised or appointed representative. In some circumstances, consent is not required for the collection of personal information by us. This includes where the collection, use or disclosure of the personal information is required by law. Examples include where disclosure is necessary to lessen or prevent a serious threat to life, health, safety or welfare of an individual.
If a child is under 16 years of age and it is not reasonable or practicable to collect the information directly from them, the information may be collected from a parent or guardian without the child’s consent.
When we collect personal information from you, we do this:
In most cases we will require you to acknowledge your consent to any collection, use or disclosure of your personal information by us. Your acknowledgement may be required in writing or by specific acts such as when you click an acknowledgement on our website or when verbal acknowledgement is sought from you.
Your consent or acknowledgement may also be implied through conduct such as when:
We will not collect your Sensitive Information including Health Information unless:
Anglicare, where it is lawful and practical, give individuals the option of not identifying themselves when entering into transactions with Anglicare. However, in most situations, it is not possible for Anglicare to provide services or progress any transaction with you if you use a pseudonym or remain anonymous.
We will ensure you are aware when we collect your personal information and the primary purpose of its collection. When you interact with Anglicare you will receive a privacy statement or personal information collection notice from us. That notice provides information about how we manage personal information generally and may be delivered to you in a number of ways, including verbally, by hard copy paper, electronically or via a link to our website. If you access supports through Anglicare’s services, you will be provided a Service Agreement that will provide summaries and links to our website.
If Anglicare does not obtain the personal information requested, we may not be able to perform or provide you with requested services.
Where necessary for our activities and reporting, your personal information may be disclosed to Government funding bodies, at Federal & State level, Anglicare sub-contractors (for the purposes of any project work that Anglicare requires an external party to conduct in the areas of service delivery), other service providers or professional advisors based in Tasmania and/or based in other states (for example to IT service providers, accountants, auditors, lawyers or insurers), Anglicare organisations based in other states and other service providers at the time of client discharge/exits/transfer to another organisation (summary notes and any other relevant information considered necessary to include in summary notes to another service provider based in Tasmania and/or other states). Where relevant and possible, Anglicare will de-identify your personal information and data before sharing with external parties.
We will take reasonable steps to ensure the personal information we disclose to others is accurate, up-to-date, complete and relevant, having regard to the reasons why it is being disclosed.
Circumstances for disclosure
Under the following circumstances your personal information may be shared when the following are identified:
Anglicare have implemented technology and security standards, policies and procedures to protect personal information we have under our control from accidental loss, unauthorised access, improper use, unsanctioned modification and unlawful or accidental destruction. Personal information will not be made available by Anglicare to any unauthorised person. Anglicare uses a cloud based system held within Australia to store your personal information.
You may request access to the personal information we hold about you using our contact details below. If you request access to your personal information, it will be provided by way of copies or allowing you to inspect the requested personal information, without unreasonable expense or delay, unless:
Usually we will need to verify your identity before providing access to your personal information.
We will provide you with access to your personal information or reasons for our refusal with 20 working days of receipt of your written request.
Where your file contains personal information that relates to a third party, this information may be redacted before you can access your file.
Anglicare will take reasonable steps to make sure the personal information it collects, uses and/or discloses is accurate, complete and up-to-date.
If your personal information changes or you believe our records are not up-to-date, complete and accurate please contact us to update the personal information you have provided to Anglicare by using the details below.
If we agree the information needs correcting, we will take reasonable steps to correct that statement. If we do not agree that the information needs correcting, you can ask us to put a statement with the personal information explaining why it needs to be corrected.
We will respond to your request to update or correct inaccurate information within 20 working days of receiving your request.
Anglicare may transfer personal information interstate or overseas where it is necessary for the purpose it was collected. Anglicare will comply with the requirements in the PIPP Act and/or Privacy Act (as applicable) to ensure recipient(s) of the personal information interstate or overseas are subject to similar privacy laws.
Anglicare will securely destroy or de-identify personal information when it is no longer required, except where it is required to be kept in compliance with the Archives Act 1983 (Tas) or another Australian law.
If you have a concern about the way your personal information has been handled, we ask that you try to resolve your privacy complaint directly with us first. You can do this by contacting:
If you are unhappy with Anglicare’s response, you can contact:
The Tasmanian Ombudsman has complaint handling responsibilities under the Ombudsman Act 1978 (Tas) and the PIP Act including private agencies, like Anglicare, which provides contracted services to the community on behalf of the Tasmanian government.
Complaints can be lodged with the Tasmanian Ombudsman:
A: Level 6, NAB House, 86 Collins Street, Hobart
M: GPO Box 960, Hobart 7001
Office of the Australian Privacy Commissioner
The Office of the Australian Information Commissioner (OAIC) has complaint handling responsibilities under the Privacy Act. You can complain to the OAIC if you believe that your privacy has been interfered with by an Australian government agency or a private sector organisation, like Anglicare, covered by the Privacy Act.
Privacy complaints can be lodged via:
P: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001