Privacy Policy – General

Banyule Community Health is committed to respecting and protecting your privacy in accordance with applicable Australian privacy laws.

Banyule Community Health is required to comply with the Australian Privacy Principles in the Privacy Act 1988 (Cth) and depending on the circumstances, it is also required to comply with other applicable privacy laws such as the Privacy and Data Protection Act 2014 (Vic) and the Health Records Act 2001 (Vic).

If you access our health services, please refer to our Health Services Privacy Policy for information on how your personal information (including health information) is managed by us.

If you are a client of West Heidelberg Community Legal Service (WHCLS), a service offered by Banyule Community Health, please refer to the West Heidelberg Community Legal Service Privacy Policy for information on how your personal information is managed by WHCLS.

For all other instances, this policy explains how we deal with your personal information.

What personal information do we collect?

Personal information is any information (including images), whether true or not, that identifies or could identify you.

The kind of personal information we collect about you depends on our interaction with you. If you:
send us an enquiry or give us feedback, we collect your name, contact details and details of your query/feedback;
make a complaint, we collect your name, contact details, the details of your complaint and any investigation and resolution of the complaint;
apply for a role at Banyule Community Health or WHCLS (voluntary or otherwise), we collect the information you include in your application including your cover letter, resume, contact details and referee reports;
donate to us, we collect your name, organisation, contact details, the amount and frequency of your donation and payment details;
attend one of our events or group sessions, we may collect your name, organisation, contact details, payment details (if applicable) and any dietary and accessibility requirements (if applicable);
participate in a survey, we may collect your name, organisation, contact details and your survey response;
visit one of our sites, your image may be captured on our closed circuit television (CCTV) and we may also collect your name, organisation, date and time of visit and who you visited at Banyule Community Health or WHCLS;
request to be on our mailing list, we collect your name, address and contact details;
supply goods or services to us, we collect your name, address, contact details and financial details for payment purposes;
access our website, we may collect your server address, dates and times of your visit, pages viewed, documents downloaded and previous sites visited. We use cookies or analytical services (such as Google Analytics) to assist us with the collection of such information and prepare reports on our website’s activities. You may be able to adjust your browser’s setting to accept or reject such cookies.

Sensitive information
Sensitive information is a subset of personal information and includes, information about a person’s racial/ethnic origin, criminal record, religious beliefs and health. We collect sensitive information if it is required for us to perform our functions or activities and:
• you have consented to such collection; or
• we are required or authorised by law to do so.

Employee records
We are generally exempt from the Privacy Act 1988 (Cth) when we collect and handle employee records and this Privacy Policy does not apply to those records. However, we are still required to protect the privacy of employee health information under Victorian privacy legislation and this Privacy Policy will apply in those instances.

How do we collect personal information?
We collect personal information in several ways:
• from you (eg. in person, by telephone);
• through documents we receive (eg referee reports);
• through your use of our website;
• from third parties (eg regulatory authorities);
• from public registers (eg searches of the ASIC databases).

Why do we collect personal information?
We collect, hold and use your personal information to:
• send you information or invite you to events if you are on one of our mailing lists;
• obtain goods and services;
• process your donation;
• recruit staff, contractors and volunteers;
• protect the security of our staff, sites and property;
• manage your attendance/participation at our events/group sessions;
• perform research and statistical analysis, including for client satisfaction and service improvement purposes;
• deal with any feedback, complaints or queries.

We may also collect, hold and use personal information for other purposes:
• for which you have provided consent;
• required or authorised by law;
• explained at time of collection.

When do we disclose personal information?
We generally only disclose personal information, to other people or organisations, to the extent needed, to:
• resolve a complaint;
• check references provided to us by job/volunteer applicants;
• enable us to deliver our services and carry out our activities (eg external service providers for data storage/archives, etc).

We might also make disclosures:
• with your consent;
• as required or authorised by law.

We will not share your personal information with anyone outside Australia (unless under circumstances permitted or authorised by law) without your consent.

How do we store your personal information?
We store your personal information in various forms including electronic records, visual records (eg video recording, photos) and paper records held in cabinets or stored offsite.

We take reasonable steps to ensure the personal information we hold is accurate, complete and current. We ask people to tell us when their personal information changes so we can update our records.

How do we keep personal information safe?
We take reasonable steps to protect personal information from loss, misuse, unauthorised access, modification and disclosure. To do this we use procedural, physical and technology safeguards.

We limit access to our workspaces and systems. We only use external data storage providers when they will also take reasonable steps to protect personal information. We require our staff to handle personal information with care, and access only what they need to do their job. We support this with usage policies and access controls.

We will take reasonable steps to destroy or de-identify information when it is no longer needed for any purpose and we are not required by law to keep it.

Website security
Our website is linked to the internet which is inherently insecure. This means we cannot guarantee the security of any information that is sent to us online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, please call us.

Our services are limited if you choose to remain anonymous
People can choose not to identify themselves when contacting us, but it may limit the level and range of services we can provide to them.

How you can access and correct your personal information
Please contact us if you would like to access or correct the personal information that we hold about you. We will provide/assist you with the form to make the request. To protect your personal information, we may ask you to verify your identity before we process your request to access or correct your personal information.

We aim to respond to access and correction requests within 30 to 45 days dependent on the nature of the request.

Access
If we have personal information about you that you have a right to access, we will contact you to arrange access. If we have personal information about you that we can’t give you access, we will explain why in writing.

Correction
You can ask us to correct personal information that we hold about you if you think they are inaccurate, out-of-date, incomplete, irrelevant or misleading.

If we agree that your personal information needs to be corrected, we will take reasonable steps to do so. If we don’t agree that your personal information needs to be corrected, we will notify you in writing of our decision, and the possible actions that you can take if you disagree with our decision.

Privacy Complaints
We take complaints and concerns regarding privacy seriously.

Please contact our Privacy Officer if you have a complaint about how we have collected or handled your personal information. We may, depending on the complexity of the issue, ask you to lodge your complaint in writing.

We aim to resolve complaints quickly and fairly. In most instances, we aim to respond to your complaint within 30 days.

If you are not happy with our response or we have not responded to your complaint within a reasonable timeframe, you may lodge a privacy complaint with the Office of the Australian Information Commissioner or the Victorian Health Complaints Commissioner (as applicable).

Contact us
All requests, complaints and queries can be directed to:
Privacy Officer – Banyule Community Health
Mail: 21 Alamein Road, West Heidelberg 3081
Email: banyule@bchs.org.au
Phone: (03) 9450 2000
Fax: (03) 9459 5808

Changes to this Policy
We may amend this Privacy Policy from time to time. A current version will be posted on our website.

Acknowledgement: Funded by the Australian Government Department of Health and Aged Care. Visit the Department of Health and Aged Care website (www.health.gov.au) for more information.

Disclaimer: Although funding for these Allied Health services has been provided by the Australian Government, the material contained herein does not necessarily represent the views or policies of the Australian Government.