Information management and privacy policy

1. Policy Overview

MEND Australia Pty Ltd (trading as Better Health Company) recognises the importance of protecting the privacy of personal information. This policy explains Better Health Company’s process for managing information and privacy across all services. The Better Health Company is committed to keeping data and information safe and meeting legal requirements.

1.1 Policy Scope

This policy applies to all Better Health Company services and will be reviewed every 3 years in line with Policy Review Processes.

1.2 Definitions

Intellectual Property

Intellectual property includes: copyright in all electronic and hard copy written materials, artistic works, logos, computer software, music, videos, databases, surveys, assessment tools, forms and any other works or subject matter where copyright exists and may in the future. Intellectual property may or may not be registered or registrable as patents or designs, and includes developments or improvements of equipment, products, technology, processes, methods or techniques trade and service marks.

Records

Records are pieces of information that document business activities and transactions. To be regarded as evidence a record must be complete. Complete records include contextual and structural data as well as content data.

Privacy Law

Any reference to privacy law in this policy means the privacy laws in the jurisdiction where the program or service is being delivered and any other privacy laws or regulations that apply to the services provided by Better Health Company, from time to time.

2. Information Management

Information management refers to the systems for creating, accessing, using and storing information. Better Health Company manages personal information in line with Australian law and relevant state laws.

2.1 Personal information

The Better Health Company is required to comply with privacy laws which regulate the collection, security, use and disclosure of “personal information”.

This policy explains how and why we collect personal information about you, how you can access your information and how your information may be used by the Better Health Company or disclosed to other parties.

Information considered to be personal may vary depending on whether or not you can be identified. Personal information includes:

  • A name or address
  • Photos and videos
  • Personal opinions and feedback
  • Any recording (for example a phone call)

Better Health Company will only collect personal information that relates directly to the relevant to the service being delivered. If you participating in a health program, Better Health Company may collect information such as:

  • Participant health status
  • Housing details
  • Medical history
  • Social demographic information (i.e. your doctor, school or referring health professional).

Better Health Company engages third party providers for the handling and distribution of resources and correspondence, and other service delivery related activities. Where information is shared with third-parties Better Health Company ensure that third-party providers privacy and data management practices ensure that they do not use the information provided for purposes other than that for which it was originally provided. Examples of information that may be shared with third-parties includes:

  • Names, addresses and contact numbers are shared with freight providers engaged to deliver resource packs.
  • Personal and health information contained within letters and reports sent to health professionals may be transferred via email, fax and post platforms.
  • Names, phone numbers and emails are stored within phone, SMS and email communication platforms used by Better Health Company.

Better Health Company treats this information confidentially and ensures that participants know:

  • The type of information being recorded
  • Better Health Company does not hold a full patient health record. However, where consent has been given by a participant or relevant guardian, Better Health Company may have access to limited information, such as referral information.

Participant information will only be used for the reasons that it was collected, unless it has been de- identified (removing all personal information), or the participant has provided consent to use the information for something else.

2.3 Unsolicited Information

Unsolicited personal information is information that is provided without it being requested. Unsolicited personal information that Better Health Company collects through its normal processes is de-identified or destroyed where lawful and reasonable to do so.

2.4 Information collection, security and storage

Better Health Company and our partner agencies always try to collect information directly from you, unless it is unreasonable or not practical to do so. In addition, Better Health Company and our partner agencies may collect personal information through other people or organisations who are contracted to help with these tasks (such as contracted service providers), who may have talked to you directly about our programs.

Our partner agencies and contracted service providers also manage your personal information lawfully.

Better Health Company may collect information using electronic or hard copy forms, in verbal conversations such as phone calls, interviews and conversations in person or in written communications such as letters, emails, text messages.

Better Health Company ‘holds’ personal information in a variety of ways. Your information may be held as a paper record or electronically as part of a secure web based database. All personal information held by Better Health Company will be stored in a safe and secure way and will not be kept for longer than is legally required. The Better Health Company follows strict rules about storing personal information securely.

Personal information received in paper form will be stored in a secure, lockable place. Personal information received in electronic form, will be stored in which is password and firewall protected. Information is only able to be accessed by approved staff.

Better Health Company assign participants a unique participant number each. You may choose not to identify yourself when you are talking to or receiving services from Better Health Company, where it is practical.

If you do not wish for Better Health Company to collect, use or disclose certain information about you, you need to inform us when we speak to you and we will let you know if there are any consequences for participation in Better Health Company services and programs.

2.5 Personal information held by third parties

Better Health Company takes appropriate measures to make sure that any partner agencies or third parties that we work with hold personal information as required by the privacy laws. Privacy clauses in all legal documents ensure that third parties organisations treat your personal information as lawfully required.

2.6 Use and disclosure of personal information and limits to confidentiality

Better Health Company will only use and share personal information for the reasons that it was collected and for which you have provided informed consent, or as lawfully required.

Personal information helps Better Health Company and their partner agencies run programs and, where consent is provided, may be used in relation to:

  • advisory groups
  • recruitment and HR
  • maintaining stakeholder relationships
  • managing funding agreements and contracts
  • programs and projects
  • evaluations and audits
  • financial transactions
  • research
  • complaint management

Occcasionally, your personal health information may be disclosed to:

  • State and Commonwealth government agencies for reporting and or complaint resolution
  • researchers if approved by a Human Research Ethics Committee
  • health services or law enforcement agencies, if you provide us with information relating to a serious crime, including assault, domestic violence, child abuse etc
  • agencies where the information relates to the safety and wellbeing of a child or young person
  • comply with a subpoena or search warrant if your information is required as evidence in court

Better Health Company will not give your personal information to anyone unless we are legally required to do so. If Better Health Company needs to use or share your personal information for a reason other than the reason it was collected, this will only be done where it is required by law or with your consent. We will not include personal information about an individual in a health records linkage system unless it is legal to do so.

2.7 Access, accuracy and changes to personal information

You can request access to your personal information held by Better Health Company in writing and with appropriate identification. You may be charged a fee if you request copies of your information or health record. Requests for access to information will be responded to as soon as possible. Access to your information may be refused if giving access would put you or another person at risk of harm.Requests for access to your information should be addressed to:

Better Health Company 20-24 Bond St Abbotsford VIC 3067 Ph: 03 9429 4789

Better Health Company aims to ensure information collected is accurate and complete. Please contact Better Health Company if you wish to correct any errors in information provided or if you need further information or have a complaint.

2.8 Overseas disclosure of information

Better Health Company does not share information with overseas persons or organisations however our data management system is supported by web developers outside Australia. This service provider operates to Australian privacy laws and access to your information is secure and restricted.

3. Informed consent

Informed consent means that the client:

  • understands the need to share personal information about them
  • knows what personal information will be shared
  • knows who or what agency the information will be shared with
  • acknowledges that participation in the program requires information sharing

Better Health Company only shares personal information with the participants’ informed consent. Consent must be recorded in a service specific Consent Form, and a record of this is kept by Better Health Company.

If a participant can’t provide consent because of their age, mental state or a disability, a parent, guardian or authorised representative may provide consent. If the participant or their guardian will not give consent, privacy obligations will be balanced against any lawful requirement to release the information.

4. Privacy breaches

A privacy breach is where personal information is misused, inappropriately accessed or lost. Where appropriate, any breaches of your privacy will be notified to you, as required by Commonwealth privacy law. All complaints and reported breaches of privacy will be investigated, and the person who makes the complaint will be told what the outcome is.

Better Health Company will investigate:

any complaints and/or allegations about a privacy breach, and
all privacy-related matters referred from state-based or Commonwealth Privacy Commissioners.

5. Knowledge management

Knowledge management includes a range of different strategies that help to find, create and share knowledge. Managing information well helps with knowledge management because it saves information that is important and helps to share it within the organisation.

Better Health Company looks after intellectual property (see definitions at section 1.2) In a way that helps the organisation to adhere to best practice, but also makes sure that there are no legal, reputational or financial risks (or that these are low).

If Better Health Company have agreed in a contract that they will share information and intellectual property the information and intellectual property must state that Better Health Company owns the information and has copyright to the information.

6. Website privacy and security

6.1 Website privacy

Personal information is only collected via Better Health Company owned and managed websites when visitors choose to provide details. We will only collect the information that we need, and this will only be used for the reasons that it was given.

The Better Health Company may also use and disclose information to the relevant authorities in circumstances where there have been:

  • Unauthorised attempts to access files
  • Unauthorised attempts to index the Better Health Company site by other sites
  • Attempts to access messages of other users of the Better Health Company site
  • Communications which are defamatory, abusive, that vilify individuals or groups or suggest that anoffence is being committed
  • Attempts to compromise the security of the webserver, breach the laws of the State or theCommonwealth of Australia, or interfere with the enjoyment of the Better Health Company site by other users.

6.2 Website security

Better Health Company regularly review and update the security measures and policies, for all Better Health Company owned and managed websites, however unfortunately no data on the internet can be guaranteed to be totally secure. Better Health Company take all reasonable steps to protect personal information.

We provide links to other websites. These external sites are not under our control, and we cannot accept responsibility for the way that they conduct themselves. Before providing your personal information on any other website, we recommend that you read the terms and conditions and the privacy statement of that website.

If we find out about any issues or problems with our websites we will take these issues seriously and work to fix the problem. If you have any questions, a problem or a complaint, please contact us (see contact details below).

6.3 Collecting information from users

Our web servers collect information on your IP address and website interactions, including the time of your visit(s) and pages access to help with the fixing problems and managing the site. We also use cookies to provide you with a better experience. These cookies allow us to increase your security by storing your session ID and are a way of monitoring single user access.

This combined, non-personal information is collated and provided to us to help with analysing the usage information for the site and improving the website.

7. References & relevant legislation

  • Privacy Act 1988 (Cth) (including the Australian Privacy Principles 2014 contained at Schedule 1)
  • Copyright Act 1968 (Cth)
  • Copyright Amendment (Digital Agenda) Act 2000 (Cth)
  • Designs Act 2003 (Cth)
  • Patents Act 1990 (Cth)
  • Trade Marks Act 1995 (Cth)
  • Australian Charities and Not-for-profits Commission Act 2012 (Cth)

8. Additional information

For more information about privacy issues in Australia and protecting your privacy, visit the Australian Information Commissioner’s web site; http://www.oaic.gov.au/or contact the Australian Information Commissioner using the details below:Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Post: Australian Information Commissioner
Office of the Australian Information Commissioner GPO Box 5218
Sydney NSW 2001Or, in NSW visit The Information & Privacy Commission NSW at https://www.ipc.nsw.gov.au/

  • Telephone: 1800 472 679 
  • Email: ipcinfo@ipc.nsw.gov.au
  • In person: Level 17, 201 Elizabeth Street Sydney 2000 office hours are 9am to 5pm, Monday to Friday (excluding public holidays).
  • Post: GPO Box 7011, Sydney NSW 2001

Please contact us using the details below if you require any further information regarding our Privacy Policy.

Better Health Company 20-24 Bond St Abbotsford VIC 3067 info@betterhealthcompany.org or Phone: 03 9429 4789