Privacy policy
1. Objectives
The objective of this Policy is to:
- Demonstrate compliance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act) and other applicable laws.
- Communicate how MSWA treats Personal and Sensitive Information that is collected, used and disclosed.
2. Scope
This Policy applies to all MSWA Staff and Volunteers, and all individuals using or accessing MSWA services. This Policy does not apply to Employee Records for current and previous employees, where the information relates to the individual’s employment, however the Policy does apply to third party service providers that handle Employee Records, as well as to information supplied by unsuccessful job applicants.
3. Policy Statement
3.1 Collecting Information
As part of MSWA’s fundraising (which includes running raffles and lotteries), health and disability services, and research activities, the organisation may collect information when it is reasonably necessary for any functions or activities. The types of Personal and Sensitive Information that is collected and held will vary depending on an individual’s dealing with the organisation and may change from time to time. MSWA collects Personal and Sensitive Information where it is necessary to operate as a fundraising body and to assist Clients with health and disability services and research. The information that MSWA obtains may include:
- Information provided by Clients when they register, to enable access to health and or disability services.
- Information provided by individuals when they complete an online form or request a specific service from the organisation, including name, address and other contact details.
- Information provided by individuals when they participate in an event, purchase a raffle or lottery ticket or in any other way donate time and/or money to MSWA; this will include name, address and other contact details.
- Electronic addresses and contact details.
- Information obtained in communications between MSWA and individuals.
- Information in an application for funding or anything of a similar nature that is submitted to the organisation.
- Information collected via the website (see 3.8 below).
- Other personal information required to use MSWA services.
- Transaction details relating to use of services, benefits or fundraising.
- Any information submitted by individuals in relation to fundraising enquiries.
- Sensitive information that is directly related to the provision of both health and disability services or for research purposes where individuals have agreed that MSWA may obtain such sensitive information.
MSWA may collect Sensitive Information from individuals, but only if that individual has agreed to provide it. If an individual agrees to provide Sensitive Information, the organisation will only use it in accordance with the Privacy Act. There is no obligation on any individual to provide Sensitive Information.
On occasions, individuals may provide and MSWA may collect, Personal Information of a third party. Where an individual provides the Personal Information of a third party, it is that person’s responsibility to ensure those persons are aware of MSWAs Privacy Policy, understands it, and agrees to accept it.
If appropriate, MSWA will tell you why information is being collected, how it is planned to be used, or these things will be obvious when we collect the information.
In certain circumstances, MSWA may collect information or health and disability information about an individual. MSWA will only collect this information if it is provided voluntarily, if the individual consents to us collecting it, or if the organisation is otherwise authorised or required by law to do so.
If an individual does not provide MSWA with Personal or Sensitive Information, or if consent to using Personal or Sensitive Information is not provided as outlined in this Policy, the organisation may not be able to provide the services an individual requires, or otherwise fulfil the purpose for which the information was requested.
Under the APPs, in certain circumstances, an individual has the right to not identify themselves or to use a pseudonym when providing information. If an individual would like to use a pseudonym or to remain anonymous, MSWA will initiate steps to record information anonymously or under a pseudonym.
3.2 How MSWA Collects Information
Generally, MSWA only collects information directly from an individual, such as:
- When information is submitted through an MSWA website.
- In person.
- In the course of MSWA providing a requested service or benefit.
- When an individual has other dealings with the organisation.
- As part of MSWA fundraising activities, including through the sale of raffle/lottery tickets.
- For research purposes as identified on the MSWA corporate website.
MSWA may also collect information through:
- Related societies in each State. Privacy Policy Page 2 of 9 Once PRINTED, this is an UNCONTROLLED DOCUMENT.
- Third parties who supply services.
- Information required to be obtained pursuant to legal or other exempt requirements.
MSWA uses first party cookies to collect information about how the MSWA website is used:
- For example, time of visit, duration of visit, methods used to access the website, and pages viewed.
- Third-party Google cookies are used to enable remarketing and reporting for impression assisted visits, website conversions, user demographics, and user interests. Users can opt out of interest- based ads by Google through ads settings: www.google.com/settings/ads; or
- Website visitors can opt out of the Google Analytics Advertising Features by downloading a browser add-on: https://tools.google.com/dlpage/gaoptout/.
3.3 Information Given to MSWA by Other People
If an individual provides MSWA with Personal or Sensitive Information about someone else (for example a relative), that person must ensure that they are entitled to do so and that MSWA may collect, use and disclose that information in the manner set out in this policy without further action by the organisation. In particular, the individual providing the information must agree to inform that person who we are, that we will use and disclose their Personal or Sensitive Information as outlined in this policy from time to time, that they may gain access to that information as outlined in this policy and the consequences if the information is not provided (such as our inability to provide services to you or them).
3.4 Why MSWA Collects Uses and Discloses Information
MSWA will use the Personal Information collected for the purpose disclosed at the time of collection, or otherwise as set out in this Privacy Policy. The organisation will not use Personal Information for any other purpose without first seeking consent, or where authorised or required by law.
MSWA may collect Personal or Sensitive Information for the following purposes:
- To establish and maintain a relationship.
- To provide services that have been requested.
- To answer any enquiries.
- For identified research purposes.
- To assist in fundraising.
- To collect payments from third parties, such as Government Agencies or private health insurers.
- To comply with legal and regulatory obligations.
We may also disclose Personal or Sensitive Information to third parties who work with us in our business to provide, promote or improve the services requested, such as:
- Service providers that are engaged by MSWA.
- Marketing consultants and promotion companies associated with MSWA.
- Third parties involved with MSWA research.
MSWA receives government and other funding from the Department of Health, the Department of Communities – Disability Services, Lotterywest, NDIS and other funding institutions. As part of the organisation’s funding agreements, MSWA are required to provide some Personal and Sensitive Information to those funding institutions about the people that use our services, including age, sex, disability level and assistance received. The information is used for reporting and statistical purposes only and will not be used to affect entitlements or access to services. The information is forwarded to the funding institution and to the Australian Institute of Health and Welfare to enable statistics about disability services and their Clients to be compiled. Client’s may request that MSWA does not disclose this information; however not disclosing that information may affect the organisation’s ability to provide requested services.
Generally, MSWA will not disclose information outside of Australia. In the event information is sent overseas MSWA will take all reasonable precautions to ensure that the recipient complies with the Privacy Act and the APP.
MSWA may use information to provide and market services to individuals (including by direct marketing) and to enhance and develop relationships. The organisation may also use information to keep individuals informed of services, events, developments in our research areas and other matters including by email or other electronic means. If an individual does not wish to be contacted for these purposes, that may contact the organisation and request to be removed from such contacts.
3.5 How MSWA Stores and Protects Information
MSWA stores Personal and Sensitive Information in a combination of computer storage facilities, paper-based files and other records. In so doing, the organisation has taken numerous steps to protect information from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes ensuring employees and third parties are provided only with personal data on a needto-know basis and only the minimum amount they require to complete their specific job.
MSWA on occasion may transfer and process information offshore in the course of performing our business operations. In such circumstances we will take reasonable measures to ensure that the information is deidentified, securely stored and protected.
The Internet is not a secure method of transmitting information. Accordingly, other than where we use secure socket layer technology (SSL) to ensure information is securely transmitted and processed, MSWA cannot and do not accept responsibility for the security of information individuals send or receive over the Internet, nor will MSWA be held accountable for any unauthorised access or use of that information where that information has been sent over the Internet.
Irrespective of whether information is stored electronically or in a hard copy form, MSWA will take reasonable steps to protect the Personal and Sensitive Information held from misuse, interference, loss and from unauthorised access, modification, or disclosure.
3.6 Reporting Privacy Breaches
A reportable data breach occurs when the following criteria are met:
- There is unauthorised access to or disclosure of personal information held by MSWA.
- The unauthorised access or disclosure is likely to result in serious harm to any of the individuals to whom the information relates.
- MSWA has been unable to prevent the likely risk of serious harm.
Should a reportable data breach occur, MSWA must promptly notify:
1. Affected individuals to inform them about the breach and the potential risks.
2. The Office of the Australian Information Commissioner (OAIC) to report the breach; this notification should include:
- MSWA’s contact details.
- A description of the data breach.
- The kinds of information involved.
- The recommendations actions that impacted individuals should take in response to the breach.
3.7 How Long MSWA Stores Your Data
MSWA will only retain personal data for the duration necessary to fulfill the purposes for which it was collected (in line with the relevant legislation). Personal data may also be retained for longer periods if it is solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes. When defining the appropriate retention length, MSWA adhere to relevant acts, including (but not limited to) the Corporations Act 2001, the Public Health Act (WA) 2016 and the Gaming and Wagering Commission Act (WA) 1987. Should there be any contradiction in the legislation with respect to the retention period, MSWA will apply the longest retention period.
3.8 Accessing Personal or Sensitive Information
In most cases individuals can gain access to the Personal or Sensitive Information that MSWA holds about that individual, upon request. An individual should contact the Privacy Officer (see below for contact details) to request access to information.
MSWA will deal with all requests for access to information in accordance with the APPs and as quickly and reasonably as possible. Requests for a large amount of information or information which is not currently in use may require further time before access can be granted. MSWA reserves the right to charge a reasonable fee for giving an individual access to their Personal Information, in which case, the organisation will advise the individual of the fee and obtain agreement before providing the information or charging any fee. In some cases, MSWA may refuse to give access to Personal Information held where the organisation is entitled to do so under the APPs of the Privacy Act. In such situations, MSWA will advise an individual as to why access has been denied.
MSWA will consider requests from individuals for the removal of their own Personal or Sensitive Information; wherever practical this will be allowed, however should that Personal or Sensitive Information form part or all of a record MSWA is obliged to keep for a fixed period of time under legislative conditions (the retention period), the request will not be acted upon until the retention period has expired.
3.9 Accuracy
MSWA will take reasonable steps to ensure that the Personal and Sensitive Information collected, used, or disclosed is accurate, up to date, complete and relevant to the purpose for which it is held and not misleading. An individual may request for the organisation to correct any information held by contacting the Privacy Officer. In such situations, MSWA will endeavour to update information.
3.10 Website
As a website operator, MSWA need to obtain and retain information about those who are using its websites and this policy applies to Personal and Sensitive Information collected from website users. The use of the facilities and services available through our websites will determine the amount and type of information collected about an individual. Some of this information collected will not be Personal and Sensitive Information (within the meaning of the APPs) because individuals will not be reasonably identifiable from the information provided.
MSWA collects Personal and Sensitive Information from individuals when they use MSWA websites.
MSWA websites may use cookies and other related technology (including cookie-less technologies) to track user traffic patterns and to better serve consumers when they revisit the website. A cookie is a small data file stored on a computer’s hard drive that a website may track when visited. A cookie file can contain information such as a user id which the website uses to track the pages an individual may have visited. Individuals can refuse all cookies by turning them off in the computer browser. However, full functionality of MSWA websites may require the use of cookies.
Information is also generated whenever a page is accessed on MSWA websites and that records information such as the time, date, and specific page access. MSWA collects such information for statistical and maintenance purposes which enables the organisation to continually evaluate website performance. Such information will only be used for statistical and maintenance purposes.
3.11 Making a Complaint
Any individual wishing to make a complaint, or wishing to ask any questions regarding this policy, should direct enquiries to MSWA’s Privacy Officer. The Privacy Officer will respond to any complaint or enquiry as soon as reasonably possible. MSWA’s aim is to resolve any complaint or enquiry quickly. The organisation also encourages anyone who is not happy with the response received to contact the Office of the Australian Information Commissioner (OAIC) who may investigate the complaint or enquiry further.
MSWA’s Privacy Officer can be contacted at the following address:
The Privacy Officer
154 Abernethy Road
Belmont, WA, 6104
[email protected]
www.mswa.org.au
4. Breaches of the Policy
In the event of a staff or volunteer member breaching this Policy, an investigation will be undertaken by the applicable Senior Manager or their delegate, in consultation with Human Resources. The range of consequences will be dependent on the nature and seriousness of the breach and any investigation findings. Outcomes may include but are not limited to:
- Re-training or additional supervision
- Review of roles.
- Suspension or dismissal.
5. Responsibilities
MSWA Board Directors/CEO
- Maintain responsibility or governance for this Policy.
Executive Team
- Monitor performance and compliance against this Policy.
- Facilitate access to this Policy and support resourcing for training to enable staff to understand and adhere to requirements as outlined.
- Ensure operational decision making is informed by this Policy.
Department Managers/Supervisors/Event Coordinators
- Support competence and compliance with this Policy and ensure volunteers and applicable staff receive training as required.
- Ensure operational decision making is informed by this Policy.
Privacy Officer / Quality Team
- Supports individuals to access information as outlined in this Policy
Staff and Volunteers
- Follow all requirements as outlined in this Policy, within the scope of their individual roles.
- To seek clarification and support from their supervisor if any aspects of this Policy are unclear.
- Participate in meetings and training sessions as required to ensure that services provided complies with this Policy and
6. Definitions
APPs:
- Australian Privacy Principles - a set of rules of conduct, outlined in the Privacy Act (1988), which establish standards for the collection and handling of ‘personal information’ (as defined by the Act).
Client:
- Any person who is accessing MSWA programs or services.
Employee Records:
A record of personal information relating to the employment of an employee (or former employee). Examples include:
- Health information about an employee
- Information relating to the engagement, training, disciplining, resignation or termination of employment of an employee.
- The terms and conditions of employment of an employee
- The employee’s personal and emergency contact details, performance or conduct, hours of employment or salary or wages
- An employee’s annual, personal long service, parental or other leave
- Taxation, banking and superannuation details.
OAIC:
- Office of the Australian Information Commissioner.
Personal Information:
- Is information or an opinion, including information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Pseudonym:
- A fictious name that allows an individual to remain anonymous.
Sensitive Information:
- A subset of personal information, which relates to those areas where prejudices can prevail e.g., sexual preferences, political or religious beliefs, criminal records.
Staff:
- An individual undertaking work including MSWA employees, contractors and sub-contractors. Tertiary or work-experience students are also included in this category, although not paid.
Volunteers:
- An individual who has been authorised to provide a service without payment for MSWA. This includes those who provide support for services or events or in a governance capacity, such as the Board Directors.
7. Related MSWA Documents
- ICT Hardware and Software Policy POL 8-037
- IT Incident Response Plan TET-PROC-267
- Code of Conduct Policy POL 8-024
- Complaint Management Policy POL 7-001
- Student and Volunteers – Computer Use Procedure ORG-1.020
- Internet Use by Members or Clients at MSWA Facilities Procedure ORG-1.021
- Staff - Use of IT & Portable Devices Procedure ORG-1.063
- Maintenance of IT and Communication Systems Procedure ORG-2.007
8. Related Legislation, Standards and References
Aged Care Act 1997 and Aged Care Principles 1997
Aged Care Quality Standards 2019
Charitable Collections Act 1946 (WA)
Disability Services Act 1993
National Standards for Disability Services 2013
NDIS Code of Conduct
NDIS Practice Standards
Privacy Act 1988
Privacy Amendment (Notifiable Data Breaches) Act 2017
The Association Incorporation Act 2015
The Australian Charities and Not for Profits Act 2012
9. Approvals and Review Details
Policy last updated 28th March 2024.