PRIVACY & CONFIDENTIALITY

PRIVACY INFORMATION

The Epilepsy Centre – Privacy Statement

Epilepsy Association of South Australia and the Northern Territory Inc (EASANT) will only collect and release personal or health information with consent, except in specified circumstances including emergencies or as required or permitted by law.

EASANT collects information regarding the personal details and health history of clients to ensure the highest quality of service provision. Information regarding staff members is collected for administrative and workplace health and safety purposes.

All Employees, Volunteers and Contractors of EASANT have a responsibility to ensure that personal information is handled in a way that complies with this policy.

Whose personal information does EASANT collect?
EASANT collects personal information from people who are connected to its operations and activities – including:

  • employees,
  • volunteers,
  • donors,
  • supporters,
  • customers,
  • clients,
  • recipients of support services,
  • suppliers and service providers.

This includes information such as:

  • name, including the name of an authorised parent, guardian, carer or other representative who you have nominated as your representative,
  • date of birth and gender,
  • the name, address and contact details of your organisation or business (if applicable),
  • contact information (such as a home address, email address and phone number),
  • credit/debit card and bank account information,
  • signatures,
  • employment details,
  • details of products or services purchased or received from EASANT (such as products from the organisation website, counselling and support services, events, training programs, fundraising activities & education),
  • details of the products or services purchased, received or in which individuals have participated (such as the name and date of the fundraising activity or professional
    development/training program),
  • health information and other sensitive information, and
  • other information about your history with, or relationship to epilepsy.

How does EASANT collect your personal information?

Where possible, EASANT will collect your personal information directly from you. This maybe:

  • in person (for example attending an event),
  • on the telephone (for example contacting the organisation by phone),
  • by mail (for example, if you complete research study documentation or a survey, if we mail a donor appeal) or
  • online (for example, if you sign up for an event online).

Where it is unreasonable or impracticable to collect personal information about you directly from you, we may also collect your personal information from third parties such as:

  • contractors (including fundraising service providers),
  • list vendors,
  • parent/carer
  • health professionals, and
  • social and community workers.

What happens if you don’t provide all this information?

You are free to provide (or not provide) any information you choose. However, if you do not provide some or all of the personal information requested, we may not be able to offer you services or products, allow you to participate in the Organisation events or fundraisers, or provide you with information about our cause, events, programs and projects.

Website usage information and cookies

When you access our website, we may use software embedded in our website (such as Javascript) and we may place small data files (or cookies) on your computer or other device to collect information about which pages you view and how you reach them, what you do when you visit a page, the length of time you remain on the page, and how we perform in providing content to you.


A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance. If you disable the use of cookies on your browser or remove or reject specific cookies from our website or linked sites then you may not be able to gain access to all of the content and facilities in those websites.


We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.

How we handle email and “Contact us” forms and messages

EASANT may preserve the content of any email, completed “Contact us” form or other electronic message or form that we receive. Any personal information contained in those messages will only be used or disclosed in accordance with this EASANT Privacy Statement. The message content may be monitored by our service providers or EASANT employees for purposes including trouble shooting, compliance, auditing and maintenance, or where email abuse is suspected, which means that your personal information may be disclosed to third party service providers.


Opting out of direct marketing communications

From time to time, the EASANT may send you information, including promotional material, about us, our products and services, fundraising activities and events. You consent to us using your Personal Information for sending you such information, now and in the future. You also consent to us sending you such information by means of direct mail, phone or email.


If you do not wish to receive or if you wish to modify how you receive or how much direct marketing communication you receive from us, please contact us

Phone: 1300 850 081
Email: enquiries@epilepsycentre.org.au
Address: 274 Grange Road, Flinders Park SA 5025


To whom does Epilepsy Association of South Australia and Northern Territory disclose your personal information?

We may need to disclose your personal information to others in order to carry out our activities, including in connection with the purposes described in this Privacy Statement. Depending on the nature of your engagement with us, EASANT may disclose your personal information to: External support services: to health care professionals, lawyers, other
professionals, counsellors, funders, financiers, co-ordinators, service providers, agencies and not-for-profits that provide support services;

  • Third parties for marketing purposes: we may provide your contact details to other like-minded organisations to contact you with information that may be of interest to you, where you have consented to us doing so.
  • Contractors and service providers: who perform services on our behalf, such as mailing houses, printers, information technology services providers (including offshore cloud computing service providers), database contractors and telemarketing agencies;

Where is your personal information stored?

Your personal information will be stored on a password protected electronic database, which may be an EASANT database, a database maintained by a cloud hosting service provider or other third party database storage or server provider. We will notify the Office of the Australian Information Commissioner about any possible data breaches as part of requirements in the Notifiable Data Breaches scheme. In the case of data breaches, we will also adhere to our Incident Management and reporting policy and procedure.


Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. Any personal information not actively being used is archived, usually for 7 years, after which time it is securely destroyed.


Your personal information will stay on the database indefinitely until you advise you would like it removed, unless we de-identify it or destroy it earlier in accordance with privacy law requirements.


We comply with the Payment Card Industry standards when handling payment card transactions. This means that we handle payment card information extremely securely while transactions are made, and do not retain payment card details afterwards.


Your direct debit or credit cards; or bank account details

We use Secure Socket Layer (SSL) certificates which is the industry standard for encrypting your credit card and debit card numbers, bank account details, your name and address so that it cannot be viewed by any third party over the internet. Your financial information is encrypted on our servers and access to this information is restricted to authorised EASANT staff.


Access to your personal information

EASANT will, upon your request, and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, we request that you identify, as clearly as possible, the type/s of information requested. We will endeavour to deal with your request to provide access to your personal information within 30 days. If we refuse your request to access your personal information, we will provide you with reasons for the refusal where required by law.


Your rights to access personal information are not absolute and in certain circumstances, privacy laws dictate that we are not required to grant access such as:
  • access would pose a serious threat to the life, safety or health of any individual or to public health or public safety
  • access would have an unreasonable impact on the privacy of other individuals
  • the request is frivolous or vexatious
  • denying access is required or authorised by a law or a court or tribunal order
  • access would be unlawful, or
  • access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct

Updating your personal information

You may ask us to update or delete the personal information we hold about you at any time. We will take reasonable steps to verify your identity before granting access or making any corrections to or deletion of your information. We also have obligations to take reasonable steps to correct personal information we hold when we are satisfied that it is inaccurate,
out-of-date, incomplete, irrelevant or misleading for the purpose for which it is held. To assist us in this, you need to provide true, accurate, current and complete information about yourself as requested, and promptly update the information provided to us to keep it true, accurate, current and complete.


If you require access to, or wish to update your personal information, please contact us. We will use all reasonable efforts to correct the information. You may be required to authenticate your identity by providing your personal information or the personal information of others, such as your authorised representative or the person for whom you are an authorised representative.

Confidentiality Standards

The following standards will be adhered to, to ensure information about all EASANT clients and/or their families/carers are kept in confidence and that only information about clients which is necessary for effective and safe service provision will be requested from clients or shared within the service. Information about clients and their families/carers will not be shared outside the service without their consent.


EASANT will:

  • seek the written consent of the client or family/carer prior to obtaining
    information from any other source
  • seek the written consent of the client or family prior to releasing information to any other source
  • ensure that staff do not speak about clients and or their family/carers to others inappropriately
  • employees are to ensure that appropriate and relevant service user issues are discussed in the context of professional supervision, debriefing or established communication systems and not:
    • with employees other than those who need to know
    • in front of the service user if they are not included in the discussion
    • in public or where discussions may be overheard.
  • ensure that personal information is stored securely and is not left on view to unauthorised staff or the general public.
  • treat the personal and sensitive information collected and stored in strict confidence and not divulge the information to any person who is not entitled to that information:
    • however, EASANT may provide other service providers, contractors, medical and allied health practitioners, regulatory agencies or others, as required by law, with service user’s personal and sensitive information as deemed necessary to fulfil our primary responsibility to the service user
    • permission to release service user personal or sensitive information to third parties is only given where there is a legitimate need for the information and is limited to the actual information required.
  • not disclose personal or sensitive information it has collected about service users to a third party for research purposes unless the information is necessary for research or statistical analysis relevant to public health, public safety or the management, funding or monitoring of disability sector services
  • where the identity of the service user is not necessary for research purposes, EASANT will permanently de-identify the information provided
  • promptly investigate, remedy and document any client grievance regarding confidentiality.

Responsibilities

   The Organisation is to ensure:

  • all employees and volunteers are familiar with this Policy and it is easily accessible
  • all clients and their families have been provided access to a copy of Privacy & Confidentiality Policy and given a copy if requested
  • clients and families have been informed of the reasons information sought is required by EASANT
  • authority to release Information forms have been completed by clients or families prior to information being collected from or shared with other sources.
  • client files are stored in lockable filing cabinets, and also on-line on a secure site, in a non-public place in the office and files are returned to their proper location as soon as they are no longer required
  • any complaints made in relation to confidentiality is investigated and resolved in accordance with the Complaints & Feedback Procedure

Related Documents

  • Freedom of Information Act 1982 (Cth)
  • Privacy Act 1988 (Cth)
  • NDIS Practice Standards and Quality Indicators
  • Code of Ethics
  • Code of Business Conduct
  • Privacy & Confidentiality Policy
  • Complaints and Feedback Procedure

Review
This Policy will be reviewed within two years of its date of ratification, or earlier should an incident occur relating to the content of the document.