Thrive Spectrum Community Support recognises and respects every person’s right to privacy, dignity and confidentiality.
The purpose of this policy is to set how we will protect right to privacy. As an organisation and for the services that we deliver under contract with the Queensland government, we are required to comply with the privacy principles set out in the Information Privacy Act 2009 (QLD) and the Privacy Act 1988 (CTH).
Why do we collect personal information?
The purposes of the personal information that we collect from our clients is to: (a) Enable us to provide support services to the client and anyone who is responsible for the client (b) To meet requirements of government funding (c) To monitor and evaluate existing services and plan for future services (d) To comply with legal obligations (e) Enable us to assess our capability to support the clients need.
The purposes of the personal information that we collect from our employees and contractors is to: (a) Process an application to become an employee or contractor (b) Provide our services (c) To comply with legal obligations (d) To assist with services while employed or engaged (e) To assess suitability for working with children and vulnerable adults.
We will not collect personal information unless it is necessary for one of our functions or activities.
What personal information do we collect and hold?
We may collect a client’s name, address, date of birth, information about illnesses, symptoms, disabilities, family background and other information required to provide the client with a health service.
For employees or contractors, we may collect contact details, personal details, details of previous employment or experience, qualifications, information and opinions from referees and relevant criminal history screening where required.
How do we collect personal information?
We usually collect personal information directly from clients when they use our services. Examples of the way we may collect the personal information is by way of forms completed by clients (or the person responsible for clients), during face-to-face meetings and interviews, or by email communication or telephone discussions.
In some circumstances we may collect health information about clients indirectly. This includes where: (a) It is necessary to provide a health service to the client and the client would reasonably expect us to collect the health information for that purpose (for example, we may collect personal information about a client from the person responsible for the client, a medical professional, government agency or information from another disability support provider) (b) We are authorised or required by the law (c) Collection is necessary to prevent or lessen a serious threat to the life, health, safety or welfare of a person and the relevant person is unable to consent (d) Collection is necessary for relevant research, statistics, and management, funding or monitoring of a health service. This information can only be collected under certain circumstances.
If personal information is obtained from a third party we will usually take reasonable steps to make sure you know who we have obtained the personal information from, why we have obtained it, what the consequences are if the personal information is not collected and who we may disclose the personal information to.
We usually collect personal information from employees and contractors directly through application forms, contracts, verbally and by email.
Clients can choose to deal with us anonymously (or by providing a pseudonym). If this is possible and lawful we will take reasonable steps to comply with the request. However, this may result in a reduced capacity for us to provide services to clients.
What about sensitive information?
Sensitive information includes details about race, ethnicity, politics, religious or philosophical beliefs, sexual preferences, health, genetics or criminal record. Generally, we will only collect sensitive information with consent unless collection is required by law or to prevent or lessen a serious or imminent threat to life or health of the person subject to the information. Sometimes we may collect sensitive information from someone close to a client who provides family or medical history or other relevant information for the purpose of providing someone with a health service.
What uses and disclosures of personal information may occur?
We will usually only use or disclose personal information with your consent. However we may disclose personal information if its disclosure is consistent with the purpose the personal information was collected. For example, if a client provides personal information for the purpose of a referral to another organisation the disclosure would be consistent with the purpose the personal information was collected.
We may also disclose personal information for a related purpose if it would be reasonably expected for us to do so and it is related to the purpose of collection. For example, disclosure of your medication records to paramedics in the event of an emergency.
There may be other situations where we may disclose personal information without your consent. These include: (a) Where we reasonably believe that use or disclosure is necessary to reduce or prevent a threat to a person’s life, health or safety or a serious threat to public health or safety (b) Where we are investigating or reporting on suspected unlawful activity (c) Where the use or disclosure is required by law (d) Where we reasonably believe that the use is necessary for law enforcement related activities (e) For research or statistics purposes under certain circumstances.
We may disclose health information about a client to a person responsible for the client if the client is incapable of giving consent to disclosure and we are satisfied that the disclosure is necessary to provide appropriate care to the client.
When we disclose personal information to third parties, we will make all reasonable efforts to ensure we disclose only relevant information and that it is accurate, complete and up to date.
How do we protect your personal information?
We have systems and procedures in place to protect your personal information from misuse and loss, and from unauthorised access, modification or disclosure.
We also have processes in place to ensure that our records of your information remains relevant, accurate, complete and up to date including undertaking regular file audits.
We conduct a review of the personal information we have retained from time to time. We may destroy or permanently de-identify personal information if we have assessed that personal information as no longer being needed.
Can you access your personal information?
Usually, when asked, we will give you access to your personal information, unless there is a reason why we determine not to do so. If we refuse to provide that access, we will explain why so that you can understand our decision.
We may amend your personal information if you request us to do so. If we do not amend your personal information we will advise you why and if you ask us to, take reasonable steps to attach to the relevant document and statement by you of the amendment that you requested.
Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites and any linked websites are not subject to our privacy policies and procedures. How can a complaint be made?
If you wish to make a complaint about our collection, use or disclosure of any personal information, or about any potential breach of privacy principles, you may contact the CEO by using the contact details at the end of this document.
Will personal information be disclosed overseas?
We are not likely to disclose personal information overseas. However in cases where personal information is required to be disclosed overseas to fulfill our functions or activities we take reasonable steps to ensure that the third party user uses personal information in accordance with privacy legislation.
Where can you get further information?