Hearth Support Services Pty. Ltd. (ABN 21 618 155 810) understands the importance of protecting the privacy of an individual’s personal information (including health information). We are required to comply with the Privacy Act 1988 (Cth) (Privacy Act), and we will handle your personal information that we collect and hold in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act. We will also handle health information that we collect and hold in compliance with applicable State and Territory based health records laws.
This Policy may be updated, and we suggest you refer to our website for any updates. If you require a hard copy of this Privacy Statement or a copy in another format, please contact your relationship manager or the Hearth Office and we will arrange for a suitable copy to be provided to you.
WHAT IS PERSONAL/SENSITIVE INFORMATION
Personal information is any information that identifies an individual or any information from which an individual’s identity could reasonably be ascertained.
Sensitive information is a type of personal information that is afforded a higher level of protection by privacy laws. It includes information on health, genetic and biometric information, race or ethnic origin, political opinions, membership of political, professional or trade associations or trade unions, religious beliefs, sexual orientation or practices and criminal record. References in this policy to personal information include sensitive information.
PERSONAL INFORMATION WE MAY COLLECT
During the provision of our services we generally collect and hold four kinds of information:
Furthermore, the information we collect and hold will depend on who the individual is, such as a participant in receipt of our services or a next of kin, a guardian or other responsible person, an emergency contact or person responsible for paying an account. Examples of personal information we may hold and collect include an individual’s:
HOW DO WE COLLECT PERSONAL INFORMATION?
Personal information (including health information) will be collected directly from the individual, or the individual’s family member or advocate where it is reasonably practicable to do so. This may take place when the individual completes documents such as a service request, registration or other form, provides information over the telephone or applies for a job with us. On occasion, we may require access to information from another provider, government agency or another third party so that we may provide the best services we can. We collect sensitive information about an individual, either directly or from a third party, with the individual’s consent (which may be implied or express, depending on the circumstances).
Depending on who the individual is, we may collect their personal information from third parties such as:
WHY DO WE NEED YOUR PERSONAL INFORMATION?
We collect your personal information for the purposes of providing you with our support and services.
It also enables us to confirm the level of government funding in relation to your support, to lawfully liaise with a nominated representative and to contact family if requested or needed, to identify and inform you of any other services that may interest you, or for other purposes permitted or referred to under any terms and conditions you enter into or otherwise agree to with respect to our services.
Hearth may use the personal information that we collect and hold to:
We may also use personal information in circumstances where we are required or authorised by Australian law to do so or where we otherwise have consent of the individual or their representative.
WHO DO WE DISCLOSE YOUR PERSONAL INFORMATION TO?
We may disclose an individual’s personal information to the following third parties for the above purposes to:
We may not use or disclose personal information for a purpose other than the primary purpose of collection, unless:
We may engage service providers to securely store and manage our business information, including your personal information.
DISCLOSURE TO A PERSON RESPONSIBLE
We may disclose Personal Information about an individual to a person who is responsible for the individual if:
MANAGING PRIVACY PREFERENCES AND CAPACITY
Whether an individual has the capacity to make their own privacy decisions is assessed by Heath staff on a case-by-case basis having regard to matters such as their age and circumstances. Generally, an individual aged 15 years and over will have the capacity to make their own privacy decisions.
For children under 15 years or for individuals who lack capacity to make privacy decisions for themselves, we will refer or deal with requests for access, consents and notices in relation to personal information by reference to the parent and/or guardian or other responsible persons authorised by applicable laws and will treat consent given by them as consent given on behalf of a child or the individual who lacks capacity.
We will at or before the time or as soon as practicable after we collect personal information from you take all reasonable steps to ensure that you are notified or made aware of the purpose for which we are collecting personal information as well as the identity of other entities or persons to whom we usually disclose personal information.
STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
We store personal and Health information in both paper and electronic formats. The security of personal and health information is very important to us and we take reasonable steps to ensure that the personal and health information we hold is protected against misuse, loss, unauthorised access, modification or disclosure. This Information is held in both hard copy and electronic forms in secure databases on secure premises that have access requirements. However, we cannot guarantee the security of any personal information transmitted to us via the Internet.
Some of the ways we do this include:
Personal and health information is retained for the period of time determined by applicable Australian laws after which it is de-identified or disposed of in a secure manner.
KEEPING PERSONAL INFORMATION ACCURATE AND UP-TO-DATE
We take all reasonable steps to ensure that the personal information we collect is accurate, complete and up-to-date, and also when we use or disclose it, that it is relevant.
We will also take reasonable steps to correct the personal information we hold if we are satisfied that it is inaccurate, incomplete and out of date, irrelevant or misleading, or if an individual asks us to correct their personal information for these reasons. A request to correct personal information can be made at any time by contacting your Relationship Manager or the Hearth Office.
However, the accuracy of that information depends largely on the quality of the information provided to us. We therefore suggest that individuals:
There may be circumstances in which we may have to refuse a request for correction. If this happens, we will notify the individual in writing of our reasons for the refusal and explain how they can complain if they are not satisfied.
OPTING OUT OF DIRECT MARKETING
We will only use personal information for direct marketing and promotional activities with the individual’s express consent. All direct marketing communications will include the option for an individual to opt out of receiving direct marketing communication. Individuals can opt out at any time.
ACCESSING YOUR PERSONAL INFORMATION
Under the Privacy Act, you have a right to access your personal information that is collected and held by us. An individual can access their personal information by contacting their Relationship Manager, the General Manager of the relevant Hearth office or the Privacy Officer at Hearth.
If individuals request access to their personal information, we will need to verify their identity and may ask them to complete a request for information form. We will then grant the request within a reasonable period. However, we may refuse a request for information to certain individuals to some or all of the personal information in certain circumstances allowed by the Privacy Act or other applicable laws or if consented is not granted by the individual. If Hearth refuses a request for information, we will give written notice of our decision, including our reasons and how to complain if the individual is not satisfied with the decision.
We will endeavour to give access to an individual’s personal information in the form they request. However, if that is not possible, we will provide alternative means of access or discuss how access can be given through a mutually agreed intermediary.
We will disclose the personal information we give access to, to the individual’s authorised representative or legal adviser where we have been given written authority to do so.
DEALING WITH HEARTH SUPPORT SERVICES ANONYMOUSLY
Where it is lawful and practicable to do so, individuals may deal with us anonymously or use a pseudonym. However, in many instances we need to identify you when you deal with us, including to provide our services and to respond to complaints. If we do not receive all of the personal information we request, we may not be able to do these things effectively. You may also address any feedback to us anonymously by sending a letter to:
Hearth Support Services
Suite 1, 431 Burke Road
Individuals who have any questions about privacy, this policy or the way we manage personal information or who believe that we have breached their privacy rights should contact their relationship manager or the Hearth Privacy Officer. Hearth will endeavour to acknowledge receipt of a written complaint within 7 days and provide a written response to the complaint within a reasonable timeframe. It may be necessary to request further information from the complainant before the matter can be resolved. Any such request will be made in writing.
If the individual is not satisfied that Hearth has resolved their complaint, they have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC). If they wish to make a complaint or to find out any more information about their privacy rights the OAIC can be contacted as follows:
Telephone number: 1300 363 992
In writing: Office of the Australian Information Commissioner GPO Box 5218, Sydney NSW 2001
Individuals may also make a complaint regarding the handling of their health information to the NDIS or statutory health complaints authority in their State or Territory.
For questions or complaints about privacy, individuals should first contact their Relationship Manager or the General Manager of the relevant office either by direct phone or in writing or by phoning 1800 894 013.
Individuals can also contact the Hearth Privacy Officer:
The Privacy Officer