The practice and principles that govern and guide privacy and confidentiality as applied to the services and business practices of Golden City Support Service. This policy sets forward a guide to these principles.
1. Open and Transparent Management of Personal Information.
2. Anonymity and Pseudonymity
GCSS will only collect information which is personally identified information where the identity is required to provide and maintain service delivery and associated activities including those provisions required by funding agencies.Where data is collected for any other purpose, such as
research or surveys, the default position will be to maintain anonymity or use other non-identifying descriptors (pseudonyms).
3. Collection of Solicited Personal Information
GCSS only collects information where it is reasonably necessary for, or directly related to the organisation’s functions or activities. GCSS understands that this also applies to sensitive information such as information about an individual’s race, ethnicity, political opinions, membership of political, professional and trade associations, trade unions and religious affiliations and beliefs, sexual orientation, or practices, criminal record health, genetic and biometric information. Personal information will be collected froman individual by lawful and fair means and unless this is unreasonable or impractical the information will be collected from the individual concerned.
4. Dealing with Unsolicited Personal Information
GCSS will destroy or at least de-identify unsolicited personal information as soon as practicable if it is lawful to do so. If GCSS could have solicited to collect the same information and the information is a Commonwealth Record; as defined under the Archives Act (Cth) 1983, that information will be dealt with in accordance with the Act.
5. Notification of the Collection of Personal Information
GCSS will take reasonable steps before and at the time personal information is collected to ensure that an individual is aware of the identity and contact details of GCSS, the purpose, facts and circumstances regarding collections of information, including if it is required or authorised under law and any usual disclosure of that information that GCSS may make. GCSS will also take reasonable steps to ensure that information about this policy is available. GCSS will also make clear if personal information is likely to be disclosed to overseas recipients and if practical, information about in which country(s) the information is located.
6. Use or Disclosure or Personal Information
GCSS will only use or disclose personal information for the purpose it was collected except where an individual has consented or would have reasonably expected GCSS to use or disclose the information for another purpose. Where GCSS is required to by law, a court or tribunal, or believes it is reasonably necessary; personal information may be provided in accordance with this provision. In the conduct of providing services, GCSS may deem it reasonably necessary to use or disclose personal information for a secondary purpose. All times where this is deemed necessary, the personal information will be used or disclosed in strict accordance with the relevant sections of the Privacy Act that deal with Permitted Health Situations.
7. Direct Marketing
If GCSS uses or discloses personal information for the purpose of direct marketing, GCSS will always allow the individual to request to not receive direct marketing communications (opt out) and GCSS will always comply with the request from the individual to “opt out”.
8. Cross-border Disclosure of Personal Information
Before GCSS discloses personal information to an overseas recipient GCSS will take reasonable steps (and is accountable to ensure) that the overseas recipient does not breach the Australian Privacy Principles, except where GCSS reasonably believes the overseas recipient is subject to substantially similar privacy legislation or other binding schemes or where an individual has been informed and consents to disclosure or where GCSS is required or authorised by law (including certain enforcement related activities) or Australia has an international agreement to provide information to an overseas recipient or where information is permitted to be disclosed under any of the seven “Permitted General Situations” as defined in the Privacy Act.
9. Adoption, Use or Disclosure of Government Related Identifiers
GCSS will not adopt or use a Government Related Identifier for GCSS’s own purpose of identification. This includes Medicare, Centrelink, driver’s license, tax file or Australian Passport numbers, unless an exemption applies under the Privacy Act. GCSS may collect Government Related Identifiers for other purposes but will ensure that information is only used and disclosed as defined by the Australian Privacy Principles. GCSS will not use or disclose a Government Related Identifier unless an exemption applies under the Privacy Act.
10. Quality of Personal Information
GCSS will take reasonable steps to ensure that personal information it collects is accurate, up-to-date and complete and the steps GCSS takes to ensure this, will have regard to the purpose of the use or disclosure of the personal information.
11. Security of Personal Information
GCSS will take reasonable steps to protect personal information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure. Where GCSS no longer needs the personal information for any purpose for which the information may be used or disclosed, GCSS will take reasonable steps to destroy or de-identify the information. Exemptions will apply where the information is part of a Commonwealth Record or where GCSS is required by law or court/tribunal order to retain the personal information.
12. Access to Personal Information
If GCSS receives a request for personal information it holds about an individual by the individual or another person who is authorised to make a request on their behalf (such as legal guardian or authorised agent) GCSS will provide the information in a reasonable period after the request was made( within 30 calendar days generally being seen as reasonable). The personal information requested will be provided in the manner requested by the individual if it is reasonable and practical to do so (the manner of another person who is authorised to make a request on their behalf access may for example be by email, phone, in person ,hard copy or electronic record). Before personal information is provided GCSS must be satisfied that the request for personal information is made by the individual concerned or another person who is authorised to make a request on their behalf (in short that the request complies with the Australian Privacy Principle regarding the Use of Disclosure of Personal Information.) GCSS may consider there are grounds for refusing to give access to personal information and the grounds of refusal will be communicated with the person making the request. Grounds for refusing will be communicated with the person making the request. Grounds for refusing a request would be where GCSS reasonably believes giving access would pose a serious threat to life, health or safety: giving access would have an unreasonable impact on the privacy of other individuals: the request for access is frivolous or vexatious: the information related to existing or anticipated legal proceedings between GCSS and the individual and would not be accessible by the process of discovery in those proceedings; giving access would reveal intentions of GCSS in relation to negotiations with the individual;in such a way as to prejudicethose negotiations; giving access would be unlawful under an Australian law; GCSS would have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to GCSS functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter; giving access would be likely to prejudice enforcement related activities conducted by, or on behalf of an enforcement body; or giving access would reveal evaluative information within GCSS in connection with a commercially sensitive decision-making process.
If GCSS refuses to give access in the manner requested by the individual, GCSS will give the individual written notice setting out the reason, the complaint mechanism available to the individual and any other matters prescribed by regulations under the Privacy Act. GCSS will not impose a charge on making a request to access personal information but may impose a charge for giving access to requested personal information. If a charge is to be applied, it will not be excessive but look to recover costs of providing the personal information requested.
13. Correction of Personal Information
Where GCSS is satisfied that personal information is inaccurate, out of date, incomplete, irrelevant or misleading; having regard to the purpose or where an individual requests GCSS correct personal information, GCSS will take reasonable steps to correct the information. If another person has requested a correction, then GCSS will give notice to the person requesting a correction, as to why a correction is refused; if that is the case (and associate a statement with the information if the correction is refused) and not charge the person in relation to the request.