3.049 HARS Privacy Policy.pdf | |
File Size: | 172 kb |
File Type: |
Part A – About Hunter Accommodation and Respite Services (HARS)
Hunter Accommodation and Respite Services contribute to the enrichment of people's lives, whether it be through a forever home, or something temporary.
At Hunter Accommodation and Respite Services, we strive to provide quality care while catering for specific needs of our clients and their families. Our experienced and caring staff ensure sustainable services for people in need of care, while treating all our clients with respect.
We provide comprehensive, flexible and individually tailored programs, with a focus on individual strengths and needs, skill development, achievement of goals, and where appropriate, work readiness skills.
What are our privacy obligations?
We are committed to respect and protect the privacy of all people connected with HARS, including participants, providers, employees, contractors and community partners. This Privacy Policy tells you the kinds of personal information we, and others for us, collect and hold, how and why we collect and hold that information and how we use it. It also tells you how you can access and amend your personal information and how you can make a complaint if you think that we have breached our privacy obligations.
Personal information is information or an opinion about an individual whose identity is reasonably identifiable. Examples of personal information include a person’s name, address, date of birth and details about their health or disabilities.
Privacy laws do not apply to the information of corporate entities, such as providers or community partners. However, the personal information of individuals connected with those entities (such as employees) will be protected by privacy laws.
In dealing with personal information, we abide by the obligations imposed on us under federal law, including the Privacy Act 1988 (Cth) Privacy Act and the National Disability Insurance Scheme Act 2013 (Cth) (NDIS Act).
The Privacy Act authorises our collection of personal information where this is required to facilitate access to our services and for us to perform our other functions.
We are also bound by confidentiality and secrecy provisions in the National Disability Insurance Scheme Act 2013 (Cth) (NDIS Act). These provisions limit how we collect and use personal information and when and to whom information can be disclosed.
Part B – Our personal information handling practices
What kinds of personal information does HARS collect and hold?
We collect and hold information which is reasonably necessary for us to carry out our role. The kinds of information we collect and hold includes (but is not limited to) personal information about participants and other users of our services, and about our employees, contractors and providers.
Examples of personal information that we may collect includes:
We may also collect some ‘health information’ as defined under the Privacy Act, such as information about your health or disability, doctors you have seen or health services you have received.
Information about an individual that is or was held by HARS is considered ‘protected information’ for the purposes of the NDIS Act.
How will HARS collect and hold personal information?
We often collect personal information from people directly or from people who are authorised to represent them. While you do not have to provide us with all information requested, not providing this information to us may mean that we may not be able to provide services you may request.
We sometimes collect personal information from a third party if you have consented, been told of this practice, or would reasonably expect us to collect the information in this way. An example of this is collecting information from your Support Coordinator or specialist health provider.
Your personal information may also be collected if and when you communicate with us electronically as described in Part C, through the mail or in person. In some cases, we may record your telephone interactions with us.
If you are ever unsure about whether a person calling you is from HARS, before you give them any information, you should ask the person to verify your NDIS reference number. Alternatively, you should take their name and number and call HARS back. If you think you may have been contacted by someone wrongly claiming to be from HARS, please contact us by emailing [email protected] or calling 1300 556 931.
Employees
We collect personal information about employees and prospective employees in order to conduct employment and employment-related activities such as payroll services, recruitment and selection, performance management, reporting and work health and safety. Our collection, use and disclosure of personal information about employees and prospective employees is in accordance with legislation.
How do we use and disclose personal information?
We collect, hold, use and disclose personal information for the purpose of providing services, conducting our operations, communicating with participants and health service providers, and complying with our legal obligations.
When we need to use personal information for our business purposes, we will limit this use to only those HARS personnel, board members or community partners who need to know that information. Where business use requires us to email personal information internally to HARS personnel, board members or community partners, we will use HARS email addresses to send that information.
If we need to disclose personal information outside HARS, we will de-identify the information prior to disclosure, wherever it is practicable to do so. We will not normally disclose a person’s personal information to anyone outside HARS except where we refer participants to external providers of in-kind supports under an approved NDIS plan; where that person consents; or where the disclosure is authorised or required under law. In such circumstances, we will use a HARS email address to disclose any personal information if it is sent by email.
Some examples of when we may disclose personal information include:in delivering our services (for example, quality assurance purposes, training and purposes related to improving our services);
We make a record of some phone calls to help us in ensuring that the service we provide meets the highest standards.
We may use your information to seek feedback from you regarding your level of satisfaction with our services.
Users of HARS computer system may at times be able to see a person’s name (if the person is a participant, provider of supports, nominee or other person known to HARS) when performing duties either as a HARS employee or on behalf of HARS, but are only permitted to record, use or disclose that information if it is directly related to performing those duties.
We will not sell or rent your information to anyone.
We always liaise with a participant directly, unless they have a nominee appointed, or they request us to liaise with an authorised representative.
In the case of child participants, we liaise with their child representatives (who are usually their parents, or legal guardians), rather than with them directly.
How does HARS protect personal information?
We take steps to ensure that no-one outside HARS can access information we hold about someone without that person’s consent, unless that access is authorised or required under law.
We have systems and procedures in place to protect personal information from misuse and loss, as well as from unauthorised access, modification or disclosure. These steps include:
When no longer required, personal information is destroyed in a secure manner, or archives or deleted in accordance with legal obligations.
Part C – Our website and social media channels
This part of our Privacy Policy explains the kinds of information that we collect in managing and operating our website and social media channels, how such information is used and under what circumstances and to whom it may be disclosed.
HARS uses the tools provided by Facebook, LinkedIn, Instagram, Twitter, YouTube, and Google to tailor the information we deliver on social media on our website to the preferences of our audience. See each social media platforms privacy policy for more details on how they collect your information.
What are HARS’s web-based services?
Our web-based services are included on our website.
We collect information through our website when visitors submit forms via our website. To the best of our ability we aim to ensure the security of information collected via our website, however users are advised that there are inherent risks in transmitting information across the internet, including the risk that information sent to or from a website may be intercepted, corrupted or modified by third parties. You can communicate with us, or provide documents to us, by a range of means, including in person or by post, as well as electronically (via email or through our website).
What is Clickstream data? What data does HARS collect through Clickstream Data?
Clickstream data is the process of collecting, analysing and reporting aggregate data about which pages a website visitor visits - and in what order.
When you visit a HARS managed website, our servers may record clickstream data when navigating our website.
The clickstream data we may collect includes:
HARS examines this information to determine the traffic through the server and to specific pages or applications. No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect server logs. The statistics and log files may be preserved indefinitely and used at any time and in any way necessary to prevent security breaches and to ensure the integrity of the information supplied by the website.
How do we use and disclose information collected from our website?
We will only use personal information submitted through our website for the purposes for which the information was provided.
Email addresses provided through website queries will only be used for the purpose of responding to those queries and will not be added to any mailing lists (unless that person has elected to subscribe to our mailing list). We will not use or disclose an email address for any other purpose without the relevant person’s consent, unless it is otherwise in accordance with the Privacy Act or the NDIS Act.
We may collect information about you to secure our network and to mitigate ICT security threats where necessary.
Does HARS use cookies?
A "cookie" is a small file supplied by HARS and stored by the web browser software on a person’s computer when they access our website.
We use a session cookie for maintaining contact with a user throughout a web browsing session. At the end of the session, the user may choose to manually logoff and the cookie is immediately deleted. If a person does not logoff at the end of the session, we will automatically log that person off after about 20 minutes. This will ensure that no other person has access to this information.
In order to use certain features which personalise our website, users must use a browser which is enabled to accept cookies.
We analyse non-identifiable website traffic data (including through the use of third party service providers) to improve our services and for statistical purposes. No attempt will be made to identify anonymous users or their browsing activities.
Google Ads
We may use Google Ads for marketing and analytical purposes. Google Ads uses cookies when a user visits our website (harservices.com.au). The user may then be served an advertisement relating to us when using websites that show ads using Google AdSense.
These cookies collect anonymous, non-identifiable data, including browsing data. They will be deleted after 90 days or when a user clears their cache. A user may also use a browser which does not accept cookies, but as noted above this may affect usability of our website.
HARS may receive aggregated, non-identifiable data from Google Ads for analytical purposes.
External links to third party websites
Our website contains external links and applications operated by certain third parties, such as Facebook, YouTube, Instagram, Twitter, Linkedin and Google. These external third parties may not be subject to the Privacy Act. We are not responsible for the privacy practices of these third parties, or the accuracy, content or security of their websites. You should examine each website's privacy policies and use your own discretion regarding use of their site.
Will HARS know my personal details including my name, address, phone number or personal information?
No. We respect and protect the privacy of our users. HARS does not collect personal information about the users of its website. When visiting the website, HARS will be able to see certain data regarding your use of the website, including pages accessed, dates and times visited and type of platform used to access website; for the purpose of delivering improved information tailored for our clients, prospective clients, potential employees and other service providers.
Can I turn off data tracking?
Yes. Facebook and Google recommend “Aboutads”. AboutAds is a free software that blocks clickstream data collection from any website that is visited. This free software will ensure that any website (including the HARS website) is unable to collect data from your browsing habits.
Newsletters
To provide our news we will collect the following information about you:
We will only use this information to:
To deliver our news to you we may use a third party electronic service provider (ESP) such as Mailchimp or similar, which provides online tools to create, send and manage emails.
The ESP does not use your information for its own purposes, for example its own marketing.
You can opt out of our mailing list by clicking the ‘unsubscribe’ button in the emails you receive from us, or by contacting us.
Part D– Queries, concerns and further information
How can I access or update the information HARS holds about me?
We aim to ensure that the information we hold about you is accurate, up to date, complete and relevant before acting on it. If you learn that personal information we hold about you is inaccurate, outdated, incomplete, irrelevant or misleading, please contact us so that your information can be updated.
If you request us to correct personal information we hold about you, we will action this request promptly. You can also request that we notify that change to any other agencies or organisations that we have previously disclosed the personal information to.
If we do not agree to correct our records as requested, we will give written notice of the decision, setting out our reasons for refusing the request and how you can lodge a complaint about our decision.
Sometimes it may not be possible to give you a copy of all information we hold about you, especially if it contains details about other people, or if providing the information may lead to harm being done to another person. Where your own information can be provided to you, we will provide this information as soon as possible (and by no later than 30 days after receiving the request).
If we do not agree to a request for access to personal information, we will take reasonable steps to give you access to the information in an alternative form. We will also provide you with a written notice setting out the reasons for refusal, and how you can lodge a complaint about the decision.
What if I have a complaint?
If you would like to leave feedback or complain about the service you have received from us, or if you think we have breached your privacy obligations, please contact us by emailing [email protected] or call us on 1300 556 931.
We will promptly investigate and resolve your complaint and respond to you as soon as possible. Sometimes this may mean we have to speak to other HARS staff members who are handling your matter. In all cases, we will inform you of the progress of your complaint.
If after receiving our response, you are unsatisfied with the resolution of the matter, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). See the OAIC website for information regarding how to make a complaint.
The OAIC is independent of HARS and has the power to investigate complaints about possible interferences with a person’s privacy. It is usually best to contact us first about any privacy concerns. This is because the OAIC will generally ask us to investigate the matter first and provide it with our findings concerning the matter.
We comply with the Privacy Act in handling privacy breaches and will notify affected individuals and the OAIC of serious data breaches where appropriate.
How can you contact us regarding privacy matters?
Send an email to [email protected] or call us on 1300 556 931.
Hunter Accommodation and Respite Services contribute to the enrichment of people's lives, whether it be through a forever home, or something temporary.
At Hunter Accommodation and Respite Services, we strive to provide quality care while catering for specific needs of our clients and their families. Our experienced and caring staff ensure sustainable services for people in need of care, while treating all our clients with respect.
We provide comprehensive, flexible and individually tailored programs, with a focus on individual strengths and needs, skill development, achievement of goals, and where appropriate, work readiness skills.
What are our privacy obligations?
We are committed to respect and protect the privacy of all people connected with HARS, including participants, providers, employees, contractors and community partners. This Privacy Policy tells you the kinds of personal information we, and others for us, collect and hold, how and why we collect and hold that information and how we use it. It also tells you how you can access and amend your personal information and how you can make a complaint if you think that we have breached our privacy obligations.
Personal information is information or an opinion about an individual whose identity is reasonably identifiable. Examples of personal information include a person’s name, address, date of birth and details about their health or disabilities.
Privacy laws do not apply to the information of corporate entities, such as providers or community partners. However, the personal information of individuals connected with those entities (such as employees) will be protected by privacy laws.
In dealing with personal information, we abide by the obligations imposed on us under federal law, including the Privacy Act 1988 (Cth) Privacy Act and the National Disability Insurance Scheme Act 2013 (Cth) (NDIS Act).
The Privacy Act authorises our collection of personal information where this is required to facilitate access to our services and for us to perform our other functions.
We are also bound by confidentiality and secrecy provisions in the National Disability Insurance Scheme Act 2013 (Cth) (NDIS Act). These provisions limit how we collect and use personal information and when and to whom information can be disclosed.
Part B – Our personal information handling practices
What kinds of personal information does HARS collect and hold?
We collect and hold information which is reasonably necessary for us to carry out our role. The kinds of information we collect and hold includes (but is not limited to) personal information about participants and other users of our services, and about our employees, contractors and providers.
Examples of personal information that we may collect includes:
- name, contact details, date of birth and age
- gender, details about participants’ physical or mental health, including disabilities
- information about participants’ support requirements
- details of guardians and nominees, including names, addresses and contact details
- Centrelink Customer Reference Number (CRN)
- details of feedback or complaints about services provided by us
- bank account details
- employee records.
We may also collect some ‘health information’ as defined under the Privacy Act, such as information about your health or disability, doctors you have seen or health services you have received.
Information about an individual that is or was held by HARS is considered ‘protected information’ for the purposes of the NDIS Act.
How will HARS collect and hold personal information?
We often collect personal information from people directly or from people who are authorised to represent them. While you do not have to provide us with all information requested, not providing this information to us may mean that we may not be able to provide services you may request.
We sometimes collect personal information from a third party if you have consented, been told of this practice, or would reasonably expect us to collect the information in this way. An example of this is collecting information from your Support Coordinator or specialist health provider.
Your personal information may also be collected if and when you communicate with us electronically as described in Part C, through the mail or in person. In some cases, we may record your telephone interactions with us.
If you are ever unsure about whether a person calling you is from HARS, before you give them any information, you should ask the person to verify your NDIS reference number. Alternatively, you should take their name and number and call HARS back. If you think you may have been contacted by someone wrongly claiming to be from HARS, please contact us by emailing [email protected] or calling 1300 556 931.
Employees
We collect personal information about employees and prospective employees in order to conduct employment and employment-related activities such as payroll services, recruitment and selection, performance management, reporting and work health and safety. Our collection, use and disclosure of personal information about employees and prospective employees is in accordance with legislation.
How do we use and disclose personal information?
We collect, hold, use and disclose personal information for the purpose of providing services, conducting our operations, communicating with participants and health service providers, and complying with our legal obligations.
When we need to use personal information for our business purposes, we will limit this use to only those HARS personnel, board members or community partners who need to know that information. Where business use requires us to email personal information internally to HARS personnel, board members or community partners, we will use HARS email addresses to send that information.
If we need to disclose personal information outside HARS, we will de-identify the information prior to disclosure, wherever it is practicable to do so. We will not normally disclose a person’s personal information to anyone outside HARS except where we refer participants to external providers of in-kind supports under an approved NDIS plan; where that person consents; or where the disclosure is authorised or required under law. In such circumstances, we will use a HARS email address to disclose any personal information if it is sent by email.
Some examples of when we may disclose personal information include:in delivering our services (for example, quality assurance purposes, training and purposes related to improving our services);
- referrals to external providers of supports for NDIS participants, or sharing information with support coordinators where this is required for services included in an approved NDIS plan;
- when this is required or authorised by law, including under the NDIS Act;
- when it will prevent or lessen a serious and imminent threat to someone's life or health or a threat to public health or safety;
- where it is a necessary part of an internal investigation following a complaint.
We make a record of some phone calls to help us in ensuring that the service we provide meets the highest standards.
We may use your information to seek feedback from you regarding your level of satisfaction with our services.
Users of HARS computer system may at times be able to see a person’s name (if the person is a participant, provider of supports, nominee or other person known to HARS) when performing duties either as a HARS employee or on behalf of HARS, but are only permitted to record, use or disclose that information if it is directly related to performing those duties.
We will not sell or rent your information to anyone.
We always liaise with a participant directly, unless they have a nominee appointed, or they request us to liaise with an authorised representative.
In the case of child participants, we liaise with their child representatives (who are usually their parents, or legal guardians), rather than with them directly.
How does HARS protect personal information?
We take steps to ensure that no-one outside HARS can access information we hold about someone without that person’s consent, unless that access is authorised or required under law.
We have systems and procedures in place to protect personal information from misuse and loss, as well as from unauthorised access, modification or disclosure. These steps include:
- paper records are held securely;
- access to personal information is on a need-to-know basis, by authorised personnel;
- our premises have secure access; and
- storage and data systems and protections are regularly updated and audited.
When no longer required, personal information is destroyed in a secure manner, or archives or deleted in accordance with legal obligations.
Part C – Our website and social media channels
This part of our Privacy Policy explains the kinds of information that we collect in managing and operating our website and social media channels, how such information is used and under what circumstances and to whom it may be disclosed.
HARS uses the tools provided by Facebook, LinkedIn, Instagram, Twitter, YouTube, and Google to tailor the information we deliver on social media on our website to the preferences of our audience. See each social media platforms privacy policy for more details on how they collect your information.
What are HARS’s web-based services?
Our web-based services are included on our website.
We collect information through our website when visitors submit forms via our website. To the best of our ability we aim to ensure the security of information collected via our website, however users are advised that there are inherent risks in transmitting information across the internet, including the risk that information sent to or from a website may be intercepted, corrupted or modified by third parties. You can communicate with us, or provide documents to us, by a range of means, including in person or by post, as well as electronically (via email or through our website).
What is Clickstream data? What data does HARS collect through Clickstream Data?
Clickstream data is the process of collecting, analysing and reporting aggregate data about which pages a website visitor visits - and in what order.
When you visit a HARS managed website, our servers may record clickstream data when navigating our website.
The clickstream data we may collect includes:
- the user's server (IP) address and machine name
- the location details such as longitude, latitude, city, region and country
- the date and time of visit to the site
- the top level domain name
- the pages accessed and documents downloaded
- the number of bytes transmitted and received for each request
- the previous site or page visited
- search terms used
- the type of browser and device used.
HARS examines this information to determine the traffic through the server and to specific pages or applications. No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect server logs. The statistics and log files may be preserved indefinitely and used at any time and in any way necessary to prevent security breaches and to ensure the integrity of the information supplied by the website.
How do we use and disclose information collected from our website?
We will only use personal information submitted through our website for the purposes for which the information was provided.
Email addresses provided through website queries will only be used for the purpose of responding to those queries and will not be added to any mailing lists (unless that person has elected to subscribe to our mailing list). We will not use or disclose an email address for any other purpose without the relevant person’s consent, unless it is otherwise in accordance with the Privacy Act or the NDIS Act.
We may collect information about you to secure our network and to mitigate ICT security threats where necessary.
Does HARS use cookies?
A "cookie" is a small file supplied by HARS and stored by the web browser software on a person’s computer when they access our website.
We use a session cookie for maintaining contact with a user throughout a web browsing session. At the end of the session, the user may choose to manually logoff and the cookie is immediately deleted. If a person does not logoff at the end of the session, we will automatically log that person off after about 20 minutes. This will ensure that no other person has access to this information.
In order to use certain features which personalise our website, users must use a browser which is enabled to accept cookies.
We analyse non-identifiable website traffic data (including through the use of third party service providers) to improve our services and for statistical purposes. No attempt will be made to identify anonymous users or their browsing activities.
Google Ads
We may use Google Ads for marketing and analytical purposes. Google Ads uses cookies when a user visits our website (harservices.com.au). The user may then be served an advertisement relating to us when using websites that show ads using Google AdSense.
These cookies collect anonymous, non-identifiable data, including browsing data. They will be deleted after 90 days or when a user clears their cache. A user may also use a browser which does not accept cookies, but as noted above this may affect usability of our website.
HARS may receive aggregated, non-identifiable data from Google Ads for analytical purposes.
External links to third party websites
Our website contains external links and applications operated by certain third parties, such as Facebook, YouTube, Instagram, Twitter, Linkedin and Google. These external third parties may not be subject to the Privacy Act. We are not responsible for the privacy practices of these third parties, or the accuracy, content or security of their websites. You should examine each website's privacy policies and use your own discretion regarding use of their site.
Will HARS know my personal details including my name, address, phone number or personal information?
No. We respect and protect the privacy of our users. HARS does not collect personal information about the users of its website. When visiting the website, HARS will be able to see certain data regarding your use of the website, including pages accessed, dates and times visited and type of platform used to access website; for the purpose of delivering improved information tailored for our clients, prospective clients, potential employees and other service providers.
Can I turn off data tracking?
Yes. Facebook and Google recommend “Aboutads”. AboutAds is a free software that blocks clickstream data collection from any website that is visited. This free software will ensure that any website (including the HARS website) is unable to collect data from your browsing habits.
Newsletters
To provide our news we will collect the following information about you:
- your name
- your email address, and
- what news you would like to receive from us.
We will only use this information to:
- create, send and manage emails relating to the work of HARS
- measure email campaign performance
- improve the features for our clients
To deliver our news to you we may use a third party electronic service provider (ESP) such as Mailchimp or similar, which provides online tools to create, send and manage emails.
The ESP does not use your information for its own purposes, for example its own marketing.
You can opt out of our mailing list by clicking the ‘unsubscribe’ button in the emails you receive from us, or by contacting us.
Part D– Queries, concerns and further information
How can I access or update the information HARS holds about me?
We aim to ensure that the information we hold about you is accurate, up to date, complete and relevant before acting on it. If you learn that personal information we hold about you is inaccurate, outdated, incomplete, irrelevant or misleading, please contact us so that your information can be updated.
If you request us to correct personal information we hold about you, we will action this request promptly. You can also request that we notify that change to any other agencies or organisations that we have previously disclosed the personal information to.
If we do not agree to correct our records as requested, we will give written notice of the decision, setting out our reasons for refusing the request and how you can lodge a complaint about our decision.
Sometimes it may not be possible to give you a copy of all information we hold about you, especially if it contains details about other people, or if providing the information may lead to harm being done to another person. Where your own information can be provided to you, we will provide this information as soon as possible (and by no later than 30 days after receiving the request).
If we do not agree to a request for access to personal information, we will take reasonable steps to give you access to the information in an alternative form. We will also provide you with a written notice setting out the reasons for refusal, and how you can lodge a complaint about the decision.
What if I have a complaint?
If you would like to leave feedback or complain about the service you have received from us, or if you think we have breached your privacy obligations, please contact us by emailing [email protected] or call us on 1300 556 931.
We will promptly investigate and resolve your complaint and respond to you as soon as possible. Sometimes this may mean we have to speak to other HARS staff members who are handling your matter. In all cases, we will inform you of the progress of your complaint.
If after receiving our response, you are unsatisfied with the resolution of the matter, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC). See the OAIC website for information regarding how to make a complaint.
The OAIC is independent of HARS and has the power to investigate complaints about possible interferences with a person’s privacy. It is usually best to contact us first about any privacy concerns. This is because the OAIC will generally ask us to investigate the matter first and provide it with our findings concerning the matter.
We comply with the Privacy Act in handling privacy breaches and will notify affected individuals and the OAIC of serious data breaches where appropriate.
How can you contact us regarding privacy matters?
Send an email to [email protected] or call us on 1300 556 931.