Correlate Connections is committed to providing quality services and respecting your rights. Your right to privacy and confidentiality will be recognised, respected, and protected in all aspects of your contact with us. This statement outlines our ongoing obligations to you in respect to how we manage your Personal Information.
Correlate Connections complies with the requirements of the Privacy Act 1988 (Cth) as well as:
Health Information – personal information or an opinion about:
- the health, including an illness, disability or injury, (at any time) of an individual;
- an individual’s expressed wishes about the future provision of health services to the individual; or
- a health service provided, or to be provided, to an individual;
That is also:
- Personal Information;
- Other Personal Information collected to provide, or in providing, a health service to an individual;
- Other Personal Information collected in connection with the donation, or intended donation, by an individual of his or her body parts, organs or body substances; or
- genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
Personal Information – information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Sensitive Information – personal information or an opinion about an individual’s:
- racial or ethnic origin;
- political opinions;
- membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of a professional or trade association;
- membership of a trade union;
- sexual orientation or practices;
- criminal record;
That is also:
- Personal Information;
- Health Information about an individual;
- genetic information about an individual that is not otherwise health information;
- biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
- biometric templates.
National Disability Insurance Scheme Act 2013 (Cth) – regulates how personal information about NDIS participants is handled by the National Disability Insurance Agency. This limits how the Agency collects and uses personal information and when and to whom information can be disclosed. The Agency must also comply with the Privacy Act 1988 (Cth).
Protected Information – information:
- about a person that is or was held in the records of the Agency; or
- to the effect that there is no information about a person held in the records of the Agency.
New South Wales
Personal Information – information or an opinion (including information or an opinion forming part of a database and whether or not recorded in a material form) about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. It includes such things as an individual’s fingerprints, retina prints, body samples or genetic characteristics. It does not include any of the following:
- information about an individual who has been dead for more than 30 years;
- information about an individual that is contained in a publicly available publication;
- information about a witness who is included in a witness protection program under the Witness Protection Act 1995 or who is subject to other witness protection arrangements made under an Act;
- information about an individual arising out of a warrant issued under the Telecommunications (Interception) Act 1979 of the Commonwealth;
- information about an individual that is contained in a public interest disclosure within the meaning of the Public Interest Disclosures Act 1994, or that has been collected in the course of an investigation arising out of a public interest disclosure;
- information about an individual arising out of, or in connection with, an authorised operation within the meaning of the Law Enforcement (Controlled Operations) Act 1997;
- information about an individual arising out of a Royal Commission or Special Commission of Inquiry;
- information about an individual arising out of a complaint made under Part 8A of the Police Act 1990;
- information about an individual that is contained in Cabinet information or Executive Council information under the Government Information (Public Access) Act 2009;
- information or an opinion about an individual’s suitability for appointment or employment as a public sector official;
- information about an individual that is obtained about an individual under Chapter 8 (Adoption information) of the Adoption Act 2000;
- information about an individual that is of a class, or is contained in a document of a class, prescribed by the regulations.
Health Records and Information Privacy Act 2002 (NSW) – regulates how health information is handled by NSW public sector agencies, public sector health organisations, private sector organisations, health service providers and businesses with a turnover of more than $3 million which hold health information.
Health information –
- personal information that is information or an opinion about:
- the physical or mental health or a disability (at any time) of an individual;
- an individual’s express wishes about the future provision of health services to him or her;
- a health service provided, or to be provided, to an individual; or
- other personal information collected to provide, or in providing, a health service;
- other personal information about an individual collected in connection with the donation, or intended donation, of an individual’s body parts, organs or body substances;
- other personal information that is genetic information about an individual arising from a health service provided to the individual in a form that is or could be predictive of the health (at any time) of the individual or of a genetic relative of the individual; or
- healthcare identifiers.
Private sector service providers in NSW must comply with the Privacy Act 1988 (Cth) and Health Records and Information Privacy Act 2002 (NSW) when handling health information.
The NSW Information and Privacy Commission administers the HRIP Act and accepts complaints about health information.
What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Personal Information includes Health Information, which is information about the physical or mental health or disability of an individual.
Examples of Personal Information we collect includes: names, addresses, DOB, email addresses and phone numbers.
We collect your Personal Information in many ways including interviews, correspondence, by telephone, by email, via our website, from other publicly available sources and from third parties.
Correlate Connections will only request and retain Personal Information that is necessary to:
- assess your eligibility for support;
- provide safe and responsive support;
- monitor the supports provided; and
- fulfil contractual and other requirements to provide non-identifying data and statistical information to government agencies.
When we collect Personal Information, we will explain to you why we are collecting the information and how we plan to use it.
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties (such as other disability services). In such cases we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Disclosure of Personal Information
Your Personal Information will only be disclosed:
- to prevent or lessen a serious and imminent threat to the life or health of you or another person;
- to outside agencies with your or your representative’s permission;
- with written consent from a person with lawful authority; or
- when required by law, or to fulfil legislative obligations such as mandatory reporting.
Security and Destruction of Personal Information
Your Personal and Health Information will be stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal and Health Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify it.
We will retain and dispose of your Personal and Health Information in accordance with our Privacy and Confidentiality Policy and Procedure.
Access to your Personal Information
You may access the Personal or Health Information we hold about you, including to update or correct it, subject to certain exceptions. If you wish to access your Personal or Health Information, please speak to a staff member.
In order to protect your Personal or Health Information we may require identification from you before releasing the requested information.
You have the right to:
- request access to personal information we hold about you;
- access this information; and
- make corrections if you consider the information is not accurate, complete or up to date.
However, access may be denied in part or in total where:
- the request is frivolous or vexatious;
- providing access would have an unreasonable impact on the privacy of other individuals;
- providing access would be likely to prejudice an investigation of possible unlawful activity;
- providing access would pose a serious and imminent threat to the life or health of any individual; and
- denying access is required or authorised by or under law.
We aim to address all requests to access or correct information within 2 working days. We will not charge any fee for your access request but may charge an administrative fee for providing a copy of your information.
Maintaining the Quality of your Personal Information
It is an important to us that your information is up to date. We will take all reasonable steps to make sure that your Personal Information is accurate and complete. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Complaints and Enquiries
If you have any queries or complaints about this Privacy Statement, please lodge them:
- directly with a staff member, either verbally or by providing a completed Feedback, Compliments and Complaints Form;
- by email to: firstname.lastname@example.org;
- by phone on: 0406 616 906;
- in writing to: PO Box N155, Campbelltown North NSW 2560;
Documents relevant to this policy:
- Participant Rights and Responsibilities Policy and Procedure
- Records and Information Management Policy and Procedure
- Privacy and Confidentiality Policy and Procedure
- Feedback and Complaints Policy and Procedure
monitoring and review
This Privacy Statement, along with Correlate Connections’s Privacy and Confidentiality and Records and Information Management policies and procedures will be formally reviewed at least annually. Formal reviews will include participant, staff and other stakeholder feedback.