Bendigo Autistic Advocacy and Support Service
Your privacy is of absolute importance to us.
This statement outlines the Bendigo Autistic Advocacy and Support Service (BAASS) Policy on how BAASS uses and manages personal information provided to or collected by BAASS.
BAASS is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act and is compliant with the Privacy Amendment (Enhancing Privacy Protection) Act 2012. In relation to health records, BAASS is also bound by the Victorian Health Privacy Principles which are contained in the Health Records Act 2001.
What kind of personal information does BAASS collect and how does BAASS collect it?
We recognise that information provided to us can be sensitive and we take privacy and confidentially very seriously.
If you do not provide us with the information we must have to deliver the service, we may not be able to deliver the service you need or provide you with a coordinated service.
The type of information BAASS collects and holds includes (but is not limited to) personal information, including sensitive information, about:
- Name, date of birth, address, phone number, email
- Disability, health and support needs
- Information required to advocate with and for clients
Personal Information you provide:
BAASS will generally collect personal information held about an individual by way of, but not limited to, Intake and Registration Forms, other forms, email, meetings, phone calls.
You do have the right to seek to deal with us anonymously or using a pseudonym, but in some circumstance it will not be practicable for us to work with you or provide any services to you except for the most general responses to general enquiries, unless you identify yourself.
Personal Information provided by other people:
In some circumstances BAASS may be provided with personal information about an individual from a third party, for example your interpreter, legal/ representative/authorised representative, parent/carer, health professional, educational facility.
In relation to employee records:
How will BAASS use the personal information you provide?
BAASS will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented. We will make every effort possible to ensure transparency and that you provide informed consent before any information is utilised in circumstances provision of your information to secondary sources is essential to the primary purpose of collection.
For example, our forms outline potential secondary contacts that may be relevant for us to contact or liaise with in advocating for you- to ensure you are aware of and consent to these possibilities. We will also seek consent before sharing your details with any other party for reasons directly related to initial purpose of collection.
In relation to direct marketing, BAASS will use unidentifiable information and images where you have consented for direct marketing where you have provided that information, and you are likely to expect direct marketing. Please also see BAASS Images/Footage Consent Information Form. All clients have the option of withdrawing consent in writing at any time. We will not use sensitive information for any marketing purposes.
Job applicants, staff members and contractors:
In relation to personal information of job applicants, staff members and contractors, BAASS’ primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be.
The purposes for which BAASS uses personal information of job applicants, staff members and contractors include:
· for insurance purposes;
· in provision of relevant inclusive, accessible environment and opportunities
· to satisfy BAASS’ funding obligations,
· to satisfy BAASS’ Governance Rules
· to satisfy BAASS legal obligations,
Where BAASS receives unsolicited job applications these will usually be dealt with in accordance with information requirements of the Privacy Act.
BAASS also obtains personal information about volunteers who assist BAASS in its functions or conduct associated activities, such as to enable BAASS and the volunteers to work together.
You can read more about BAASS Volunteers and related Policies here.
Marketing and fundraising:
BAASS treats marketing and seeking donations for the future growth and development of BAASS as important.
Personal information held by BAASS may be disclosed to an organisation that assists in BAASS’ fundraising, for example, Carer Support Services (Bendigo Health) organisation- only when essential and with your written consent.
Who might BAASS disclose personal information to?
BAASS may disclose personal information, including sensitive information, held about an individual to:
· government departments per legislation;
· people working directly with BAASS
· anyone you authorise BAASS to disclose information to.
How does BAASS treat sensitive information?
In referring to ‘sensitive information’, BAASS means:
“information relating to a person’s racial ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record, that is also personal information; and health information about an individual”.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Management and security of personal information
BAASS staff are required to respect the confidentiality of personal information and the privacy of individuals.
BAASS has in place steps to protect the personal information BAASS holds from misuse, loss, unauthorised access, modification, interference or disclosure by use of various methods including locked storage of paper records and passworded access rights to computerised records.
Updating personal information
BAASS endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by BAASS by contacting BAASS at any time.
The Australian Privacy Principles and the Health Privacy Principles require BAASS not to store personal information longer than necessary. In particular, the Health Privacy Principles impose certain obligations about the length of time health records must be stored.
You have the right to check what personal information BAASS holds about you.
Under the Commonwealth Privacy Act and the Health Records Act, an individual has the right to obtain access to any personal information which BAASS holds about them and to advise BAASS of any perceived inaccuracy. There are some exceptions to this right set out in the applicable legislation. To make a request to access any information BAASS holds about you, please contact BAASS in writing.
BAASS may require you to verify your identity and specify what information you require. Although no fee will be charged for accessing your personal information or making a correction, BAASS may charge a fee to retrieve and copy any material. If the information sought is extensive, BAASS will advise the likely cost in advance.
How long will BAASS keep my information?
Under our destruction and de-identification policies, your personal information that is no longer required will be de-identified or destroyed. In many circumstances, however unidentifiable content will be kept for marketing purposes, as you will have consented to that in writing with us.
Enquiries and privacy complaints
If you would like further information about the way BAASS manages the personal information it holds, please contact us. If you have any concerns, complaints or you think there has been a breach of privacy, then also please contact BAASS who will first deal with you usually via email. If we then have not dealt satisfactorily with your concerns we will meet with you to discuss further. If you are not satisfied with our response to your complaint within 30 days from this meeting then you can refer your complaint to the Office of the Australian Information Commissioner via:
Privacy. Youth Central, read it here.
Privacy Factsheet. Commissioner for Privacy and Data Collection, read it here.
Privacy Act 1988, read it here.