BASScare is a not-for-profit charitable organisation that provides residential aged care, Commonwealth Home Support program services and retirement living accommodation to those within the community. We routinely collect personal and sensitive information from individuals to enable us to carry out these services.
This Policy applies to all people who deal with BASScare including:
- Clients, family members, power of attorneys
- Board Directors,
- All employees (whether full time, part time, casual, permanent or temporary), and
- Volunteers, contractors and consultants.
“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- a) whether the information or opinion is true or not; and
- b) whether the information or opinion is recorded in a material form or not.
Personal information may include sensitive information and health information.
“Sensitive information” is a type of personal information. Sensitive information includes information or an opinion about an individual’s racial or ethnic origin, political opinions, religious beliefs or affiliations, sexual orientation or practices, criminal record, and health information about an individual.
“Health information” has the meaning provided in the Privacy Act 1988 (Cth) and includes:
- information or an opinion about the health or a disability of an individual;
- an individual’s expressed wishes about the future provision of health services to him or her;
- a health service provided, or to be provided, to an individual; and
- other personal information collected to provide, or in providing a health service.
Your privacy is important to us. As a provider of residential and community care services for the aged, maintaining the privacy of our clients, their families and our staff is a fundamental priority. BASScare will only collect, use, disclose, and store your personal information in accordance with the relevant legislative acts.
What personal information do we collect?
The type of information that we collect and hold will depend on the nature of your involvement with us. However, you can be rest assured that all the information collected by us is directly applicable to our functions and activities.
Depending on the reason for collecting the personal information, the personal information that we collect may include (but is not limited to) name, age, residential address, date of birth, phone number, email address, bank account details, and next of kin and power of attorney details.
We also collect more sensitive types of information including health information, sexual orientation and ethnic origin to ensure that we can provide the best possible care and support to our clients.
Whilst you are not required to provide the personal information and/or sensitive information that we ask for, if you choose not to provide information as requested, it may not be practicable for us to service your needs. For instance it will not be possible for us to process your admission to our residential services if you want to remain anonymous or use a pseudonym.
We don’t usually receive unsolicited personal information but in circumstances where we do receive unsolicited personal information we will destroy or de-identify the information as soon as practicable if it is lawful and reasonable to do so unless the unsolicited personal information is reasonably necessary for, or directly related to, our functions or activities.
How do we collect personal information?
Whilst all our staff receive regular training in relation to privacy and confidentiality, personal information is usually collected by our nursing staff, admission officers, service managers and human resources staff when you fill in a form, make an enquiry online, attend a face-to-face meeting, send us an email, or phone us.
Generally, we only collect your personal information from you directly and with your consent unless it is not reasonable or practical for us to do so, or you consent that the information may be collected from someone else (e.g. a next of kin).
How will we use your personal information?
BASScare may collect, hold, use or disclose your personal information for the following general purposes:
- to identify you;
- for the purpose for which the personal information was originally collected;
- for a purpose for which you have consented;
- for any other purpose authorised or required by an Australian law; and
- for any other purpose authorised or required by a court or tribunal.
More specifically, in relation to the personal information of our clients, our primary purpose of collecting their personal information is to enable BASScare to provide residential and community care services and fulfill its duty of care obligations.
At times we provide information to government agencies for the purposes of obtaining funding or in accordance with our legislative obligations.
We also use personal information for the purposes of sending direct marketing material. If you do not want to receive direct marketing, you easily can “opt out” by contacting our Privacy Officer using the details below or, if the information is received via email, press the “unsubscribe” button. Once we receive a request to “opt out” from receiving marketing information, we will cease sending such information within a reasonable period of time.
How do we store personal information?
BASScare takes all reasonable steps to protect personal information under its control from misuse, interference and loss and from unauthorised access, modification or disclosure.
We protect personal information in a number of ways including securely storing paper records, using professional software systems, password restricted access, destroying personal information when it is no longer needed, and complying with data security policies as part of our day to day operations. In the unlikely event that a data breach occurs, BASScare has procedures in place to ensure that the breach is quickly contained and relevant people are notified.
We are committed to storing accurate and up-to-date personal information. If you would like us to update the personal information that we hold about you, you can contact our Privacy Officer by calling BASScare on 8809 0009 or by emailing firstname.lastname@example.org.
How you can access your personal information?
If you wish to access your personal information you may do so by contacting our Privacy Officer in writing to PO Box 304 Canterbury Victoria 3126 or by emailing email@example.com. We will seek to handle all requests for access to personal information as quickly as possible.
We may refuse access to personal information in a number of circumstances including where giving access to the information would pose a serious threat to the life, health or safety of a person, giving access would have an unreasonable impact on the privacy of a person, the information relates to existing or anticipated legal proceedings and would not be available under the discovery process, or denying access is required or authorised by an Australian law or court order.
If BASScare has, reasonable grounds to suspect that there may have been an “eligible data breach” (in essence, a data breach that is likely to result in serious harm), BASScare must, as soon as practicable after becoming aware of the suspected breach:
- Carry out a reasonable and expeditious assessment of the circumstances of the suspected data breach; and
- If a breach has occurred and after BASScare is aware there are reasonable grounds to believe that there has been an eligible data breach (unless an exception applies), complete the Office of the Australian Information Commissioner Notifiable Data Breach Statement as soon as practicable. The statement must include specific information prescribed under the legislation, including recommendations about the steps individuals should take in response to the breach.Exceptions to notification requirements:There are a few exceptions to the notification requirements and the following will be most relevant to Faversham House.
- The notification requirements will not apply where BASScare has taken action before the breach results in serious harm to the individual to whom that data relates, and because of the action taken by BASScare, the breach is not likely to result in serious harm; and
- BASScare will not be required to disclose again under the Privacy Act if BASScare is already required to make notification of the information breach under section 75 of the My Health Records Act 2012.How you can make a complaint or enquiry?
If you have any concerns regarding the manner in which BASScare has handled any of your personal information, please contact our Privacy Officer in writing, via email at firstname.lastname@example.org or post to PO Box 304 Canterbury Victoria 3126. All concerns are taken seriously and we will endeavour to deal with them promptly and response within 30 days.
If you are not satisfied with the response you can refer the complaint to the Office of the Australian Information Commissioner.
Director of Privacy Case Management
Office of the Australian Information Commissioner GPO Box 5218
Sydney NSW 2001
+61 2 9284 9666
Key Legislation, Acts & Standards
- Privacy Act 1988
- Privacy Amendment Act 2000
- Australian Privacy Principles 2014
- Information Privacy Act 2000
- Health Records Act 2001 (Vic)
- My Health Records Act 2012
- Privacy Amendments (Notifiable Data Breaches) Bill 2016 Privacy and Data Protection Act 2014 (Vic)
- Aged Care Quality Standards
- Charter of Aged Care Rights