Privacy Policy

Updated February 2016

Purpose

Scope Group is committed to operating ethically at all times, in accordance with relevant legislation and regulation, in accordance with internal policies, protocols and procedures.

We understand that your privacy is important.

This document sets out how we protect your privacy and manage your personal information. It applies to all people who deal with us, including our staff and employees.

We may change or update our Privacy Policy from time to time. If we do, we will post the amended or updated version on our website. We encourage you to visit our website regularly so that you are familiar with the most recent version. Any updates or changes will apply from the time they are posted on our website.

Application

This policy applies to all staff, volunteers, contractors, students, customers and their families.

Responsibility:
Is responsible for: a) ensuring the effective implementation of this Policy; and b) ensuring it remains current and accurate in line with business, contractual, legal or regulatory requirements in alignment with the Policy Governance Framework.
Are responsible for ensuring that this Policy is being adhered to.
Are responsible for adhering to this Policy and ensuring the requirements within the Policy are applied within their daily work.

Policy

1. Collection of your personal information

1.1 What kind of personal information do we collect and hold?

a. The amount and type of personal information we collect from you and hold about you will vary depending on how you deal with us.

b. If you are a member or supporter of Scope Group,the personal information that we hold about you may include:

  • your name, address, telephone and email contact details;
  • your gender and date of birth; and
  • records relating to your membership including renewal and billing information.
c. If you are a person we support or are connected to a person we support (eg family member, carer, advocate or nominated representative), the personal information that we hold about you may include:
  • your name, address, telephone and email contact details;
  • your gender, date of birth and marital status;
  • information about your disability and support needs (see Section 1.2 below);
  • health and medical information (see Section 1.2 below);
  • things that are important to you, e.g., your likes and dislikes;
  • your living arrangements and accommodation needs;
  • your learning and educational needs;
  • details concerning your daily life and routine;
  • details concerning your employment goals and other life goals;
  • details concerning your social and community activities;
  • your visual image, via photograph or otherwise;
  • any other information obtained from you when you use the National Disability Insurance Scheme Planning Tool (NDIS Planning Tool) which will enable us to provide you with a report of your needs and provide you with our disability support services;
  • your Medicare number and other identifiers used by Government agencies or other organisations to identify you;
  • financial information;
  • records of our interactions with you such as system notes and records of conversations you have had with our employees;
  • information about the services you are funded to receive, whether under the National Disability Insurance Scheme or otherwise and the current supports you are using;
  • information about the services we provide to you including details of the outcomes or goals we are working with you to achieve, and other plans relating to the services you have asked for and the way in which we will deliver those to you; and
  • your billing details.

d. If you are an employee, job applicant or volunteer, the personal information we hold about you may include:

  • your name, address, telephone and email contact details;
  • your gender and date of birth;
  • your tax file number and other identifiers used by Government agencies or other organisations to identify you;
  • information about your qualifications, training and work history;
  • information from police checks, working with children checks (or similar), and information about your right to work in Australia; and
  • records relating to your volunteer work with us.

e. If you are a donor, or a corporate partner, or are connected with us through our fundraising, marketing or community access activities, the personal information we hold about you may include:

  • your name, address, telephone and email contact details;
  • details of the donations, bequests and contributions you have made to us;
  • events and activities you have participated in;
  • publications and services you have received from us; and
  • your billing details.

f. If you use our websites, the personal information we hold about you may include:

  • your name, address, telephone and email contact details;
  • any details you provide to us through your use of the website – for example, if you register to be on our mailing list or use the website to send us messages or comments; and
  • any details you provide to us as part of a payment or donation process via the website.

g. If you do not fall into one of these categories, we generally do not hold your personal information.

1.2 Do we collect sensitive information?

a. We understand that protecting your privacy in relation to sensitive information is particularly important.

b. To provide our services or to respond to inquiries about our services, we may be required to collect and hold your sensitive information including health and medical information and information relating to your disability and support requirements where you have consented to provide such information.

c. You can ask us to withdraw or amend your prior consent at any time. Simply contact us (our contact details are listed below in Section 5.1) to make your request.

d. We will limit the collection of sensitive information to the minimum amount required in the circumstances to provide you with, or a person with whom you are connected with, our services.

1.3 Your health information

a. The privacy and security of your health information is a key priority for us.

b. When we collect and store your health information, we will ensure:

  • that you are aware that we have this information, the full scope of the information we have, and the purpose for which we hold it
  • that you are aware that you can access the information and correct errors in it at any time
  • that you have the opportunity to require us to provide this information to another health provider upon your instruction to do so.

1.4 How do we collect personal information?

a. We may collect personal information from you in a range of ways including:

  • when you inquire about services or supports;
  • when you apply to receive services or supports from us;
  • when you apply for or are successful in obtaining employment or a volunteer role with us;
  • when you apply to become a member or supporter of Scope Group;
  • when you contact us in person, by phone, via mail, email or online (or when we contact you through any means);
  • when you use the NDIS Planning Tool via our website;
  • when you receive services and supports from us (this may include images of you, such as those taken on a mobile phone camera);
  • when you donate to us or participate in any of our fundraising activities;
  • through our direct marketing activities; and
  • through our contracted service providers.

b. Where possible, we will collect your personal information directly from you or your nominated representatives. However, there may be circumstances in which we need to collect your information from other people or organisations.

  • For example, if you have asked us to manage and co-ordinate the supports you receive from Scope Group and other organisations, we may collect information about you from your other service providers. If you are receiving funding for your Scope Group supports, we may also collect information about you from the funding agency.

c. If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, we will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we have collected your personal information.

d. If you have provided us with information about another person, then you need to tell that other person that you have done so, that they have a right to access their information and that they can refer to the Privacy Policy for information on how Scope Group will handle their personal information.

1.5 Unsolicited personal information

a. Sometimes we may receive personal information that we did not request. This is known as unsolicited personal information.

b. If the information is such that we could have lawfully collected it for an allowed purpose (see Section 2 below), then we will deal with the information in the same way as solicited information.

c. If the information is such that we could not have lawfully collected it, we will destroy or de- identify it as soon as practicable if it is lawful and reasonable to do so.

d. Personal information provided to us that is additional to the information that we requested will be treated as unsolicited personal information. For example, if an individual completes an application form but attaches financial records that we did not ask for, these are treated as unsolicited personal information.

1.6 If you do not provide us with your personal information.

a. If you do not provide us with the personal information we reasonably request, we may be unable to provide you with the information, services or supports that you are requesting.

2. Use of your personal information

2.1 Why does Scope Group need your personal information?

a. The purposes for which we collect, hold, use, or disclose your personal information depends on how you deal with our organisation.

b. If you are a member or supporter of Scope Group, we may collect, hold, use, and disclose your personal information to:

  • process your membership application and manage your membership;
  • comply with laws and regulations and to meet Scope Group’s corporate governance requirements;
  • send you information about our organisation, services and supports;
  • send you information about our events, community activities, research, fundraising appeals and donor activities;
  • conduct surveys, research and analysis;
  • invite you to participate in research projects and activities; and
  • encourage further involvement with Scope Group, to seek and process donations, and for direct marketing and telemarketing.

c. If you are a person we support or are connected to a person we support (eg, family member, advocate or nominated representative), we may collect, hold, use, or disclose your personal information to:

  • provide you with information about our services and supports;
  • provide you with a consolidated report of your (or the person you provide support to) personal information for the purposes of the NDIS Planning Tool;
  • administer our services and supports;
  • process payments;
  • answer your inquiries and deliver customer service to you;
  • conduct quality assurance activities;
  • carry out internal functions including administration, training, accounting, audit and information technology;
  • resolve complaints;
  • comply with laws and regulations and to report to funding and government agencies;
  • send you information about our organisation, services and supports;
  • send you information about our events, community activities, research, fundraising appeals and donor activities;
  • conduct surveys, research and analysis;
  • enable third parties, such as the National Disability Insurance Agency, to conduct audits;
  • invite you to participate in research projects and activities; and
  • encourage further involvement with Scope Group, to seek and process donations, and for direct marketing and telemarketing.

d. Also, information collected about you that does not identify you may be used for research, evaluation of services, quality assurance activities, and education. If you do not wish for your de-identified data to be used this way, please contact us. Our contact details are at the end of this Privacy Policy.

e. If you are an employee, job applicant or volunteer, we may collect, hold, use, or disclose your information to:

  • process your recruitment application and manage your recruitment as an employee.
  • comply with laws and regulations and to meet Scope Group’s corporate governance requirements;
  • send you information about our organisation, services and supports;
  • send you information about our events, community activities, research, fundraising appeals and donor activities;
  • conduct surveys, research and analysis;
  • invite you to participate in research projects and activities; and
  • encourage further involvement with Scope Group, to seek and process donations, and for direct marketing and telemarketing.

f. If you are a donor, or a corporate partner, or are connected with us through our fundraising, marketing or community access activities we may collect, hold, use, or disclose your information to:

  • process donations and payments;
  • manage our relationship with you including (if applicable) to provide services to you;
  • answer your inquiries;
  • conduct quality assurance activities;
  • carry out internal functions including administration, training, accounting, audit and information technology;
  • resolve complaints;
  • comply with laws and regulations and to report to applicable government agencies;
  • send you information about our organisation, services and supports;
  • send you information about our events, community activities, research, fundraising appeals and donor activities;
  • conduct surveys, research and analysis;
  • invite you to participate in research projects and activities; and
  • encourage further involvement with Scope, to seek and process donations, and for direct marketing and telemarketing.

g. Also, information collected about you that does not identify you may be used for research, evaluation of services, quality assurance activities, and education. If you do not wish for your de-identified data to be used this way, please contact us. Our contact details are set out in Section 5.1 of this Privacy Policy.

h. If you use our websites, we may collect, hold, use, or disclose your information to:

  • personalise your website visit or to enable remarketing website functionality;
  • enable you to use the NDIS Planning Tool;
  • answer your inquiries;
  • process donations and payments;
  • provide you with the goods and services you have asked us for;
  • resolve complaints; and
  • conduct research, market research and analysis.

i. We may use your personal information for the purposes we collect it for. We may also use it for purposes related to (or in the case of health or sensitive information, directly related to) the purpose of collection where you would reasonably expect us to. For example, if we have collected your personal information in connection with one fundraising appeal, we may use that information to contact you about future appeals.

2.2 Direct marketing, support communications, and invitations to participate in research

a. Where we use your personal information that we have collected directly from you to send you marketing material, supporter communications, and invitations to participate in research by post, email or telephone, we will provide you with an opportunity to opt-out of receiving such information.

b. By electing not to opt-out, we will assume we have your consent to receive similar information and communications in the future. We will always ensure that our opt-out notices are clear, conspicuous and easy to activate.

c. If you do not wish to receive direct marketing communications or research invitations from us, please contact us. Our contact details are in Section 5.1 of this Privacy Policy.

2.3 Who does Scope Group disclose your information to?

a. In order to operate an efficient and sustainable organisation and to enable us to carry out our activities and provide our services and supports, we may be required to disclose your personal information to third parties. This may include disclosure to:

  • related and affiliated companies and organisations including joint venture partners and industry affiliate organisations;
  • people engaged by us or acting on our behalf in relation to our business, such as our service providers/suppliers, including web developers, web hosting partners, and marketing and communications consultants. Suppliers are required to handle your personal information in accordance with this Privacy Policy;
  • Government and regulatory bodies, including the National Disability Insurance Agency, Medicare, the Department of Social Services, the Department of Health & Human Services, the Commonwealth Department of Human Services, and the Australian Taxation Office;
  • people acting on your behalf including your nominated representatives, legal guardians, executors, trustees and legal representatives;
  • lawyers, auditors, banks and other advisors appointed by us or acting on our behalf; and
  • where disclosure is required by law, including where required to the police, or to the Disability Services Commissioner, or to comply with compulsory notices from courts of law, tribunals or government agencies.

b. In the event of unauthorised access, unauthorised disclosure or loss of your personal information, we will investigate and may notify you and the Office of the Australian Information Commissioner in accordance with the Privacy Act.

c. We take reasonable steps to make sure that external organisations will protect the privacy of your personal information, in accordance with this Privacy Policy.

d. We will not sell your personal information.

2.4 Will your personal information be transferred offshore?

a. Our technology infrastructure primarily uses cloud infrastructure or servers located within Australia, but we may on occasion use a platform or service located offshore. Apart from this, we do not typically transfer personal information offshore. By providing your personal information to us or using our services and supports, you are taken to have consented to this transfer.

b. You can ask us to withdraw or amend your prior consent at any time. Simply contact us (our contact details are listed below in Section 5.1) to make your request.

c. If we transfer information offshore for other purposes, we will only do so with your consent or otherwise in accordance with Australian law.

d. Overseas recipients may have different privacy and data protection standards. However, before disclosing any personal information to an overseas recipient, we will take steps reasonable in the circumstances to ensure the overseas recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme unless you consent to the overseas disclosure or it is otherwise required or permitted by law.

e. If you have any queries or objections to such disclosures, please contact us via the details set out in Section 5.1.

2.5 How do we store personal information and for how long?

a. We take all reasonable steps to ensure that your personal information is securely stored and protected. These steps include password protection for accessing our electronic IT systems, securing paper files in locked cabinets and physical access restrictions to buildings where information is held. In addition, access to your personal information is restricted to those properly authorised to have access.

b. Unfortunately, there are inherent risks in the management of personal information, and we cannot and do not guarantee that unauthorised access to your personal information will not occur.

c. We keep your personal information for as long as it is needed for the purposes for which it was collected and to comply with legal requirements.

d. There may be instances where some personal information about you is collected on a mobile device that is not owned by Scope Group (eg. photographs taken on a staff member’s personal mobile phone while out doing an activity). In such instances, Scope will reinforce to all staff the importance of removing the information or images from the personal device as soon as the content has been transferred into Scope’s systems for appropriate management.

e. When personal information we hold is no longer needed for any purpose, including legal purposes, and subject to our legal obligations, our information management policy and data retention schedule, we will take reasonable steps to destroy or alter that information so that it no longer identifies you.

f. In relation to health information, we take reasonable steps to destroy or permanently de-identify health information if it is no longer needed for the purpose for which it was collected or any other purpose authorised by the Health Records Act, the regulations made under the Health Records Act, or any other law.

3. Accessing and Correcting Your Personal Information

3.1 How can we keep your personal information up to date?

a. We take steps as are reasonable in the circumstances to correct personal information we hold. If any changes to your personal information are required, please let us know by contacting us using the details set out below in Section 5.1.

3.2 Can you access your personal information?

a. You can ask us for access to the personal information that we hold about you at any time. Simply contact us (our contact details are listed below in Section 5.1) to make your request. For security reasons we may ask you to put your request in writing.

b. We will not typically charge you for access to your personal information.

c. Generally (but subject to Australian law), we will provide you with access to your personal information within a reasonable time and in the manner requested by you. However, there may be some circumstances when this is not possible, including where:

  • we no longer hold or use the information;
  • providing access would have an unreasonable impact on the privacy of others;
  • the request is frivolous or vexatious;
  • providing access would be unlawful; or
  • for any other permitted reason set out in the Privacy Act 1988 (Cth).

d. If we do not provide you with access to all of your personal information, we will tell you the reason why we have not done so.

4. Your Privacy Online

4.1 Online data collection and use

a. When you access a Scope Group website, anonymous technical information may be collected about user activities on the website, including via Google Analytics. This may include information such as the type of browser used to access the website, the pages visited, and geographical location.

b. This information is used by Scope Group to make decisions about maintaining and improving our websites and online services. This information remains anonymous and is not linked in any way to personal identification details.

4.2 Cookies

a. Like many websites, Scope Group’s websites may use cookies for various reasons, including to recognise a computer which has previously visited our websites and customise our websites according to previous preferences and site behaviour.

b. You can choose if and how a cookie will be accepted by configuring your preferences and options in your web browser. For example, you can set your browser to notify you when you receive a cookie or to reject cookies. However, if you decide not to accept cookies, then you may not be able to gain access to all the content and functionality of Scope Group’s websites.

4.3 How we handle email and ‘contact us’ messages

a. We may keep the content of any email, or “Contact us” or other electronic message or form, that we receive. The message content may be monitored by our service providers or staff for purposes including trouble shooting, compliance, auditing and maintenance, or where email abuse is suspected. Personal information will be handled in accordance with this Privacy Policy.

5. Contact Us

5.1 Contact details

a. If you have any questions in relation to privacy, please contact Scope Group’s Privacy Officer at privacy@scopeaust.org.au.

b. You can also seek further information and advice from the Office of the Australian Information Commissioner by calling 1300 363 992.

6. Privacy Complaints

a. Please direct all privacy complaints to Scope Group using the contact details set out above at Section 5.1.

b. At all times, privacy complaints:

  • will be treated seriously;
  • will be dealt with promptly;
  • will be dealt with in a confidential manner; and
  • will not affect your existing obligations or affect the commercial arrangements between you and Scope Group.

c. Scope Group will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.

Related policy, instructions and advice

Supporting information

Legislative and Regulatory Compliance

This Procedure supports Scope Group’s compliance with the following legislation and/or Standards: Privacy Act 1988 (Cth); National Disability Insurance Scheme Act 2013 (Cth); Health Records Act 2001 (Vic)

Parent Document (Policy and Protocol)

Nil

Supporting Documents

Scope Group Privacy and Data Breach Response Plan; Scope Group Information Request and Release Procedure; Scope Group Information Management Protocol; Scope Group Information Management Policy

Related Documents

NDIS Practice Standards

Definitions and acronyms

Consent

Means your permission. Your consent can be express or implied. Express consent can be written (eg, when you sign a form) or verbal (eg, when you give us your permission over the phone or in a face to face conversation). Your consent will be implied where we can reasonably form a conclusion that you have given consent by taking action or deciding not to take action. For example, if you have received information about a fundraising appeal from us in the past and have not opted-out of receiving such communications, we have your implied consent to send you information about future fundraising campaigns.

Health information

Information or an opinion about: the physical, mental or psychological health (at any time) of an individual; or a disability (at any time) of an individual; or an individual’s expressed wishes about the future provision of health services to him or her; or a health service provided, or to be provided, to an individual that is also personal information; or other personal information collected to provide, or in providing, a health service, or other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or other personal information that is genetic information about an individual in a form which is or could be predictive of the health (at any time) of the individual or of any of his or her descendants.

Person we support

Means a person who is currently receiving or has previously received services from us or has made inquiries to us about receiving services from us.

Personal Information

Means information about you, where your identity is clear or identifiable from the information (for example, your name, address, phone number, date of birth). It does not include de-identified information (for example, information about the number of people using a service that you use, where your identity is not disclosed or otherwise identifiable).

Sensitive Information

Is a category of personal information and includes your health or medical information.

Scope Group, we or us

Means Scope (Aust) Ltd, Home@Scope Pty Ltd, Disability Services Australia Ltd and any other subsidiaries of Scope (Aust) Ltd.

Unsolicited personal information

Unsolicited personal information is personal information that we receive but have taken no active steps to collect. Examples include: misdirected mail; unsolicited correspondence; a petition that contains names and addresses; an employment application on an individual’s own initiative and not in response to an advertised vacancy a promotional flyer containing personal information, sent by an individual promoting the individual’s business or services.

Cookie

A cookie is a small text file placed on your computer by a web server when you access a website. Cookies in themselves do not identify the individual user, just the computer used.