|
The National Stroke Foundation is committed to protecting the privacy and confidentiality of our clients and supporters.
The National Stroke Foundation supports and is bound by the Privacy Amendment (Private Sector) Act 2000 and the National Privacy Principles. A copy of the National Privacy Principles can be found at http://www.privacy.gov.au/publications/npps01.html
The National Stroke Foundation has always had a policy of protecting the personal information of our supporters and clients.
We only collect personal information that is necessary for our work.
We never disclose the personal information of our clients or supporters to third parties, unless they are working directly on our behalf or we are required to do so by law. Nor do we publish personal information in publications or on our web-site, without explicit/express consent, unless required by law.
Supporters may choose not to receive some or all of our supporter communications.
The National Stroke Fondation also actively seeks to ensure that all personal information we collect is protected from misuse, unauthorised access, modification or disclosure. We have internal data protection and electronic data transmission procedures and all donations and communications made on-line via our web-site are secure.
Our web-site does not use cookies.
Individuals may request copies of the personal information the National Stroke Foundation holds and request correction of any inaccuracies. 1. Introduction
National Stroke Foundation respects the privacy rights of all individuals in the workplace and is committed to ensuring that the Chief Executive Officer, all Supervisors and others involved in the management of National Stroke Foundation comply at all times with their obligations under the Privacy Act 1988.
2. National Privacy Principles
The National Privacy Principles (NPP) established by the Privacy Act 1988 apply to all businesses. National Stroke Foundation therefore adheres to the principles as set out in the NPP in the way it collects, manages and uses information provided to the company from employees, customers and other parties associated with National Stroke Foundation.
3. Collection of Information
National Stroke Foundation collects personal information from a number of sources for varying reasons. Personal information is only collected by lawful means where it is necessary for National Stroke Foundation to collect and use this information.
When personal information is collected directly from the individual, the individual will also be informed as to the purpose for the collection of the information and that they are able to access any information provided to National Stroke Foundation.
4. Data Security
National Stroke Foundation undertakes to adequately protect the personal information held by the company from misuse, loss and unauthorised access, modification or disclosure.
All employees are required to respect private information held by the company and to ensure all company procedures in relation to the security of information are adhered to.
Unauthorised access, misuse, modification or disclosure of this personal information held by the company by any of its employees will be considered a serious breach of company policy and will lead to appropriate disciplinary action.
Employees will be regularly trained in the company procedures for management and security of personal information. If an employee is unsure of any of these procedures or are unsure in a particular situation then they must initially consult their line Supervisor for guidance.
5. Use and Disclosure
National Stroke Foundation will only use personal information it collects for its original purpose which is disclosed at the time of collection. However, the company may disclose personal information it holds where there is a legal duty to do so, including circumstances where a lawful duty of care to disclose information exists.
Personal information collected may be disclosed to other branches/departments/ divisions within the company provided it is used in a manner which is in line with its original purpose of collection and use.
Where the information provided is used to communicate with a client the client will be provided with the opportunity to decline receiving communication from the company.
The company does not disclose any information to any other party external to the organisation, for reasons other than its original purpose.
5.1 Type of Personal Information Held
Personal and/or sensitive information that is collected and held by National Stroke Foundation usually falls into the following categories:
Stakeholders
01. Client contact and client details
02. Information regarding products and services the client offers/provides
03. Information regarding how the client interacts with National Stroke Foundation
04. Previous dealings with the client, which may include meeting notes and information obtained through the provision of products and services
05. Contact names of individual staff of the client obtained through dealings
Potential / Existing Employees
- Candidate information submitted and obtained from the Candidate and other sources in connection with applications for employment;
- Employment performance information;
- Employee information eg home address and contact details, sex, date of birth
- Information about incidents in the workplace;
- Information obtained to assist in managing client and business relationships;
- Information documenting the work history of these workplace participants (such as their letter of appointment and bank account details as well as records of any salary adjustments).
5.2 Purposes for Which Personal Information is Held
There is a variety of reasons why National Stroke Foundation is required to hold personal information. Primarily these reasons include:
06. For contact purposes
07. To comply with legislation and government requirements
08. For research purposes
09. To provide information to Government, researchers and other bodies
10. To identify clients when they request information or change their details
11. To answer client queries
12. To ensure the continual improvement of the National Stroke Foundation business, its employees and the services offered
13. To customise advertising and marketing content
14 To conduct research and collect statistics
When clients make contact with the National Stroke Foundation, they consent to their personal details being used on our database unless they specifically indicate otherwise.
6. Access
Subject to some exceptions that are set out in the National Privacy Principles, all persons may gain access to their personal information that is held by National Stroke Foundation. Access may be refused if it would interfere with the privacy rights of other persons or if it breached any confidentiality that attaches to that information.
Access to another person’s personal information will not be provided in any circumstances except:
02. An agent that a client/employee has provided consent to requests such information
03. Where we are required to by law
04. If we believe it is necessary to protect National Stroke Foundation property or rights, another National Stroke Foundation customer or a member of the public
05. To another party if we sell our company or part its business to that other party
06. To another party involved in activities relating to the original purpose.
Employees will be regularly trained by their line Supervisor in company procedure in how to respond to requests for access to personal information.
In certain circumstances National Stroke Foundation may charge an administration fee to cover the cost of accessing such personal information.
7. Data quality
On a regular basis National Stroke Foundation will make a request directly to individuals for them to check and up date records of their personal information.
8. Information Destruction Policy
National Stroke Foundation hold all required personnel information for a period of 7 years.
All non-current information or information deemed no longer to be required by National Stroke Foundation shall be destroyed 6 months after the information has been collected. Items shall be destroyed in a secure manner.
Prior to destruction notations from the information may be made for later reference.
9. Complaints
Anyone who feels that there has been an unwarranted invasion of their privacy should contact the Chief Executive Officer.
Legislation
Privacy Act 2000
|
