Torrens Health and its entities understand that privacy is important and are committed to safeguarding all personal information about individuals that we handle. This Policy Directive is intended to provide:
Torrens Health and its related bodies corporate (we, us or our) are organisations and “APP Entities” for the purposes of the Act, and are bound by and complaint with the Australian Privacy Principles.
Other policies may override this Policy Directive in certain circumstances. For example, when we collect personal information, we may advise a specific purpose for collecting that personal information, in which case we will handle the personal information in accordance with that purpose.
This Policy Directive is intended to cover most personal information handled by us, but is not exhaustive. If there are any queries about our handling of personal information, please the relevant Operations Manager for further information.
No general exemptions under the Act apply to us, or to any of our acts or practices.
“Personal information” is essentially information or an opinion about an identified or reasonably identifiable individual.
We may collect personal information in the course of providing our products and services to individuals or to an organisation. We will collect personal information directly from individuals unless it is unreasonable or impracticable to do so. We will limit the personal information we collect to that which is reasonably necessary to complete the functions or activities we are engaged in for any individual. The personal information we may collect and hold includes but is not limited to:
If the individual is a team member, we may also collect additional information that includes:
There will not usually be Australian laws or court/tribunal orders which require or authorise us to collect personal information. Will we also advise if there are laws, court or tribunal orders which require or authorise us to collect information, and the main consequences for the individual if they fail to provide it to us.
If an individual fails to provide personal information requested by us, there may be a range of consequences, for example we may be unable to process or respond to requests.
We will take reasonable steps to protect all personal information from misuse, interference and loss as well as unauthorised access, modification or disclosure. For example, information stored on our computer network is protected by security features and procedures. We undertake regular monitoring of our practices and systems to ensure the effectiveness of our security policies and identify and implement improvements where appropriate. We will endeavour to destroy or de-identify personal information in line with our professional standards and accreditation requirements.
We will generally only use personal information for the purpose for which we collected it, and for related purposes we consider would be within your reasonable expectations. We generally use personal information for the following purposes (as applicable in the circumstances):
Individuals may request not to receive marketing communications by contacting us, or by using the opt out function provided for in those communications. If individuals do not opt out in either of these ways then the individual will be taken to have consented to receiving such communications from us.
There are no consequences of opting out of receiving our marketing and promotional communications except that individuals will no longer receive them. Individuals may elect to re-join our marketing list at a later stage if they wish. We will only use personal information for the purposes outlined, reasonably expected or with an individuals permission, unless we are required or permitted by law to do so without consent.
Individuals may contact us to request access to or correction of the personal information about them that we hold. We may refuse to allow access or to amend personal information if we are legally required or entitled to do so. If we are unable to complete a request, where possible we will advise the individual in writing of the reasons. We will also provide information on how they can progress the matter if they are unhappy with our response.
We may require payment of certain costs in order to access personal information held by us. If applicable we will advise the amount payable once we have assessed the application. We will not charge a fee for lodging a request for access to, or correction of an individual’s personal information.
If a request is lodged for access to personal information, we may fulfil that request in any of a range of ways at our discretion. We may supply a copy of the personal information or with the opportunity to inspect our records. We may require the individual to comply with certain procedures before we allow access to or amendment of personal information to ensure the integrity and security of information that we hold. Depending on the nature of the request, this may include completing a personal information request form or otherwise verifying identity to our satisfaction.
We will take reasonable steps to ensure that the personal information that we collect or disclose is accurate, current, complete and relevant. If we are satisfied that any personal information, we hold about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will amend our records accordingly.
Torrens Health prides itself on the high calibre of customer service we provide, especially in the area of confidentiality, and right to privacy, dignity and respect. All Torrens Health staff are to be mindful of and respect the right to confidentiality and privacy. We will only disclose personal information for the purpose for which we collected it, and for purposes we consider would be within your reasonable expectations. We may disclose personal information to the following third parties under appropriate circumstances and with the individual’s consent:
We are not generally likely to disclose personal information to overseas recipients.
This Policy Directive sets out the way we handle personal information in respect of online services provided by us. This includes any services provided by us via the Internet, such as our website, and includes email communications between us. We collect personal information about individuals if they send us an email or complete any online forms or applications.
Our servers automatically collect various details when an individual use our website, including:
We do not attempt to identify individuals using this information, and only use it for statistical analysis, system administration, and similar related purposes. This information is not disclosed to any other party.
We use “cookies”, which identify an individual’s computer to our servers when they visit our website. Our website may store cookies on those individuals’ computer in order to improve and customise their future visits to the website. By using cookies, our site can provide customised content. If individuals do not want information collected using cookies, they may be able to configure their Internet browser to disable cookies. We do not attempt to specifically identify or track individuals using cookies.
We may collect personal information from an individual if they send us email or if they submit information to us. This information may include an individual’s name and email address, and any other personal information they volunteer. We will use this to contact the individual to respond to their message, send them information, or for other functions we believe they would reasonably expect. We will not use or disclose any such information for any other purpose without the individual’s consent.
Unless we indicate encryption is being used prior to sending information, any information we exchange electronically cannot be guaranteed to be private and secure. If we receive personal information, we will take reasonable steps to store it securely to prevent unauthorised access, modification, disclosure, misuse or loss.
We are not responsible for the privacy practices of any other organisation. We are not responsible for external services even if we linked to them in any of our services or communications. By providing such links we do not endorse or approve the other services or assume responsibility for their privacy, confidentiality or legal responsibilities.
If a data breach or suspected data breach occurs, we will undertake a prompt investigation, which will include an assessment of whether the incident is likely to result in serious harm to any individuals. In such a situation we will comply with the requirements of the Act which may require notification to the Office of the Australian Information Commissioner (OAIC) and affected individuals. If any employee of Torrens Health and its Entities has reason to believe or suspect that a data breach may have occurred, they must contact their relevant Operations Manager so that we can investigate and undertake appropriate actions if required.
We reserve the right to amend this Policy Directive at any time. We publish our current Policy Directive on our website. A copy of this Policy Directive is available from our website.
If any individual believe that a breach of their privacy has occurred, we encourage them to contact us to discuss their concerns. Any complaint will be considered and dealt with by our nominated representative. A complaint may be escalated internally within our organisation if the matter is serious, or if needed to resolve it. If the complainant is not satisfied with our resolution, they may make a complaint to the Office of the Australian Information Commissioner, whose contact details can be found at: http://www.oaic.gov.au/.
Further information about the ways we manage personal information can be made via the relevant Operations Manager. Internal staff see also Section Error! Reference source not found. Error! Reference source not found. and Section Error! Reference source not found. Error! Reference source not found., and Section 13 Security Management System.
|Authorised by: Joel Hepburn-Brown
|Date Created: 1 June 2012
|Last Review: 2023
|Review Period: Annually