PRIVACY POLICY
Vitality Club is committed to safeguarding the confidentiality of personal or sensitive information collected regarding our service users and their carers, families, advocates, donors, staff, and volunteers. This policy explains how Vitality Club complies with its obligations under the Commonwealth Privacy Act 1988 including the Australian Privacy Principles (APPs) to ensure we meet our legal and ethical obligations.
This policy regulates how we manage personal information, collect, use, disclose, and secure & store personal information. It also details how individuals may access that information and have it corrected if it is wrong.
Legislative Context Legislation that relates to Privacy is:
Commonwealth Privacy Act 1988
National Security Legislation Amendment Act (No. 1) 2014
Privacy Amendment (Private Sector) Act 2000
National Privacy Principles (2001)
Privacy and Personal Information Protection Act, 1988
Other Legislation: There are other laws which impact on particular aspects of privacy, such as:
Workplace Surveillance Act 2005 (NSW)
Surveillance Devices Act 2007 (NSW) Internal Document | GE-PO- Privacy Policy Version 1.3 (01/2015) Page 2 of 6 Policy Number Objective Policy Description
Vitality Club will ensure all aspects of our operations comply with the Australian Privacy Principles, the Aged Care Act 1997 (Cth), and the Disability Service Standards (Commonwealth & NSW). The Aged Care Act and Disability Service Standards apply to the people we support and their families. The National Privacy Principles apply to all people that the organisation holds personal information about. This includes people we support, families, advocates, staff, volunteers, and donors.
All employees, contractors, and volunteers of Vitality Club have a responsibility to ensure that personal information is handled following this policy and that any personal and/ or sensitive information accessed in the course of their duties is bound by their commitment to confidentiality.
Personal information:
Personal and/ or sensitive information about Vitality Club service users will only be collected when it is directly relevant and needed to provide support services to that person, or where we are required to collect the information.
Upon request, Vitality Club will enable service users and staff the ability to access information kept about them or to update or amend their held information. Vitality Club will only use personal information for the purposes for which it was given to us, or for purposes that are directly related to one of our functions or operations.
The types of personal and/or sensitive information that we collect may include your name, address, other contact details, information about your racial or ethnic origin, religious beliefs or affiliations, sexual orientation or practices, criminal record, health information and other such information that is relevant for us to provide our products and services to you in the manner that you have requested, or to comply with the Law.
Information is primarily collected directly from you or your authorised representative. It might also be collected on occasion by our contractors or from service providers, and it could be in writing, by telephone, and by other electronic communication channels.
We may also need to obtain your personal information from others, with your express consent, either written or verbal, to ensure that we are fully informed for the provision of appropriate services or as part of a referral scheme.
Vitality Club will not disclose identifying information without written consent. Unless we are required to provide your personal information to others by law, by court order or to administer or investigate an incident or a claim, your information may be disclosed to:
Comply with applicable laws.
Our staff, employees or our related bodies corporate;
Our authorised third-party service providers and contractors;
Your authorised representative (including next of kin or family members);
Your doctor or medical health provider;
Government agencies, including the National Disability Insurance Agency and My Aged Care; and
Any other persons as authorised by you.
Information disclosed to program funding bodies for reporting is de-identified. Information disclosed to third-party service providers and contractors for referral only occurs with prior consent.
Feedback and complaints:
Vitality Club seeks ongoing continuous improvement through the use of feedback calls and surveys, comments, suggestions and ideas. Any request for feedback is optional and service users can decline without any disruption to services.
Vitality Club will seek expressed written consent to post any comments or images of clients and staff on our site or other written communications (for example, for a FAQ resource or a photo for publicity purposes). In this instance, you will not be identified personally, though we may request permission to use your first name or initials. The use of any written pieces or images is entirely voluntary and at the individual's discretion and risk. Individuals can change their minds about their preferences in respect to direct marketing and make choices at any time by contacting our office on 02 8103 2037.
Data protection and retention:
Our information systems and files are kept secure from unauthorised access and our staff and contracted agents and service providers have been informed of the importance we place on protecting your privacy and their role in helping us to do so. Information will be stored and disposed of in a secure environment, which may only be accessed by authorised personnel.
Vitality Club takes steps to protect the personal information it holds against loss, unauthorised access, use, modification or disclosure and against other misuses. These steps include secure handling procedures, access restrictions, ensuring documents are stored in locked cabinets when not in use, password protection, and restricted access to all electronic files. Each Business Service will ensure its secure procedures relevant to its service and processes.
When no longer required, Vitality Club will dispose of the health information securely and follow any requirements for retention and disposal, as per Health Privacy Principle (HPP) 5. Vitality Club will keep a record noting the:
Name of the individual whose health information has been deleted
Period covered
Date the health information was deleted or disposed of.
Data Breach:
A data breach is an unauthorised access to or an unauthorised disclosure of personal information, or a loss of personal information, that Vitality Club holds.
These are the steps that we follow once a data breach is suspected or known:
Contain a suspected or known breach where possible. This means taking immediate steps to limit any further access or distribution of the affected personal information, or the possible compromise of other information.
Assess – Vitality Club will need to consider whether the data breach is likely to result in serious harm to any of the individuals whose information was involved. If Vitality Club has reasonable grounds to believe that this is the case, then we are required to notify the Office of the Australian Information Commissioner (Privacy Commissioner). If we have grounds to suspect that this is the case, then we will conduct an assessment process.
The assessment will include a 3-step process:
Initiate: the assigned personnel will plan an assessment. When an assessment is initiated, Service providers who are associated with the management of Client care will be contacted in writing notifying them of the details of the data breach, next steps, as well as mitigation strategies and remedies.
Investigate: the assigned personnel will gather relevant information about the incident to determine what has occurred.
Evaluate: the assigned personnel will make an evidence-based decision about whether serious harm is likely to occur.
If serious harm is likely to happen, Vitality Club will prepare a statement for the Commissioner. Vitality Club will also notify the affected individuals and inform them of the contents of the statement.
If serious harm is unlikely to happen, Vitality Club will review the incident and act to prevent future breaches.
Changes to the Privacy Policy:
We may update our Privacy Policy from time to time. Any changes will be communicated through our website or other appropriate channels.
Contact Information:
Where an employee or client has any questions, concerns, or complaints about our Privacy Policy or our practices regarding your personal information, please contact our office on 02 8103 2037.
By accessing our services, you agree to the terms of this Privacy Policy. We encourage you to review this policy periodically for any updates or changes.
Our site contains links to other sites. Please note that when you click on one of these links, you are entering another site for which Vitality Club has no responsibility. We encourage you to read the privacy statements on all such sites as their policies may be different than ours.
Last updated Feb 2024