Sunrise Supported Living Privacy Policy
1.Introduction
Sunrise Supported Living (“we” or “us”)provide aged care and retirement services dedicated to supporting your lifestyle. We appreciate that privacy is important to you and we are committed to handling your personal information (including health and other sensitive information), in accordance with the Privacy Act 1988 (Cth) (“Act”) in relation to the collection, use and disclosure of your personal information and comply with other applicable laws protecting privacy.
By accessing our website, engaging our services or providing personal information to us, you consent to our collection, use and disclosure of that information on the terms of this privacy policy (PrivacyPolicy) and any other contractual or other arrangements (if any) that may apply between us.
2. Scope of this Privacy Policy
This Privacy Policy describes how your privacy is respected and protected in accordance with the Australian Privacy Principles. It applies to all information we collect about youthrough the use of our services. This includes personal information collected in person, in forms completed by you or on your behalf, by telephone, through our website, via other service providers and by other electronic communication channels.
3. Agreeing to these terms (use constitutes acceptance)
Your continued use of our website and/or our service indicates that you accept the conditions of this Privacy Policy, consent to the collection and use by us of any personal information you provide while using our services or our website site.
4. What is personal information and what personal information do we hold?
Personal information is any information that can be used to identify you. This may include name, address, date of birth, telephone number, email address and emergency contacts. If theinformation we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
If you receive aged care services it may also include “sensitive information” such as your care records, medical history, treatment and advice you have been given by healthcare professionals, and other information relevant to your care or the services we provide.
In addition, to the general information noted above, we may collect and hold:
- sensitive information relating to your health and care needs, your lifestyle choices, your health care preferences and wishes, your racial or ethnic origin;
- information about you that was provided to the Aged Care Assessment Team, the Department of Health, the Department of Social Services, Department of Human Services, Medicare Australia, Centrelink or the Department of Veterans’ Affairs;
- information about your financial status and your social security status;
- information regarding details of your appointed attorney, guardian or other alternative decision makers;
- contact details for your family members;
- information that we are required to collect or hold under the legislation which includes sensitive information relating to your health and care needs;
- records relating to your enquiries about entry into one of our services; and
- any other information required by law or our duty of care.
5. Why do we collect personal information?
We collect personal information that is necessary for us to
- to provide you with appropriate ongoing accommodation or care services, including by developing care and services plans and communicating with your nominated healthcare professionals;
- provide you with any other services you may request;
- improve the delivery of these services including in responding to any queries or complaints you may have;
- to comply with the requirements of any relevant and applicable legislation;
- to determine your eligibility to entitlements under any legislation relating to the services you may receive;
- to determine your eligibility to reside in a retirement village;
- to liaise with your authorised representative and to contact nominated individuals (such as family members) if requested or needed;
- to comply with our obligations to give financial and asset information to the government to determine our funding entitlements and to determine the fees you pay us;
- to enter into contract arrangements for the services or accommodation we may provide;
- to communicate with you about services, research, education, fundraising events and other activities;
- to comply with the requirements of the laws that regulate our provision of community care or retirement living services; and
- to meet any other regulatory, legislative or care requirement.
6. When do we collect personal information?
Examples of personal information we may collect, and when we may collect it, include (but is not limited to) the following:
- Providing our services – we collectinformation about you including names, addresses and other contact details. Information which we may collect from you include your date of birth, other information aboutyour needs and circumstances, records of communication and as otherwise required in order to provide our services. The specific information will depend on the type of service provided and will be collected from you or your authorised representative before and during the provision of services.
- Distributing publicationsanddirect marketing – if we have met you or provided services toyouwe may collect and store your personal information on our publication or direct marketing list (which may include name, address, email address, and mobile phone number) in order to distribute surveys, newsletters, information about events and activities and other communications in print and electronic form from time to time. You may opt-out of receiving direct marketing by contacting our Privacy Officer (contact details below), or opting out by the mechanism provided.
- Assisting with your queries – you may choose to provide us with your name or other contact details when you call us by phone or write to us so that we can respond to your requests for information about our services or operations. If you choose to remain anonymous we may not be able to provide the full range, or any, services to you.
- Conducting our general business activities – we collect personal information about individuals for our general business operations. From time to time, we may collect, use and disclose your personal information for quality assurance, risk management, billing and administrative purposes.
- Prospective employees, volunteers and contractors – generally we will collect personal information as part of the process of assessing applications when recruiting staff or volunteers. We will collect information about you from third parties, such as your referees, as part of your assessment of your suitability for a position. In providing contact details for your referees, you are considered to have given your consent to our collecting personal information from your referees that may assist us with assessing your application. Similarly, we may confirm details about your past positions with previous employers. We may also collect health information directly related to your ability to perform the inherent requirements of the position, with your consent.If we are considering offering you a position, we may collect additional personal information about you such as your date of birth, tax file number, emergency contact details, ABN (if relevant), bank account and superannuation information, visa, passport and licence details (if relevant) and police check details. With your consent, we may retain your details on file to enable us to contact you if you have been previously unsuccessful and an appropriate position becomes available.
- GPs, referring doctors and other healthcare professionals -we may also collect personal information about health professionals who interact with us and who are involved in the care of our residents. This will typically include information such as the health professional’s name, contact details, other professional details and information regarding their interactions and transactions with us.
- Suppliers, contractors and other individuals–we may collect personal information about individuals who we deal with on a commercial basis such as suppliers, contractors and individuals in organisations to which we provide or acquire goods and services or from which we acquire goods and services. We may collect personal information about these individuals including name, position, contact details, licence or registration number, ABN, banks details. We generally collect this information to enable us to contact and deal with such individuals and to enable us to fulfil any obligation in relation to the delivery of our services.
7.How do we collect your personal information?
It is our usual practice to collect personal information directly from you, or yourauthorised representative.
If you choose not to provide certain personal information to us, we may not be able to provide you with the services you require or communicate with you.
In addition to the means of collection set out above, we may also collect personal information:
- when you provide information through our website;
- from publicly available sources of information;
- from third parties, where it is reasonably necessary or normal business practice, so that we can continue to provide you with our services.
We may also collect personal information about you from third parties (including but not limited to):
- from a government agency including those listed above as well as independent agencies such as the Aged Care Standards and Accreditation Agency, the Office of the Aged Care Commissioner, and Australian Children’s Education and Care Quality Authority;
- from your medical practitioner or other healthcare professional;
- from other organisations that have provided you with care and/or accommodation services;
- from your family members.
We also collect limited information about all visitors to our online resources which is used only to identify generic behavioural patterns.We may use cookies, Google Analytics or other technology to track visits to our website to monitor its effectiveness, maintain our server and improve our services. Types of data collected include:
- server address;
- top level domain name (for example .com, .gov, .au, etc.);
- the date and time of your visit to the site;
- the pages you accessed and documents downloaded during your visit;
- the previous site you visited;
- if you’ve visited our site before; and
- the type of browser used.
These statistics will not identify you as an individual. However, if visitors take steps to provide personal information to us, for example, in submitting an enquiry, information collected through our website will be held, used and disclosed in accordance with this Privacy Policy.
8.How do we useyour personal information?
We use and disclose personal information we collect:
- to provide and improve our services;
· to verify youridentity;
· to raise awareness about our services;
- to undertake our general business activities, including interacting with contractors and service providers, billing and administration;
- to administer and manage our services including charging and billing you for those;
- to conduct appropriate checks for fraud;
- to update our records and keep your contact details up to date;
- maintain and develop our business systems and infrastructure, including testing and upgrading of these systems;
- in order to liaise with other health professionals and health services that may be involved in managing or treating you, such as general practitioners and dentists;
- when services we are required to provide are provided by healthcare professionals who are not employed by us. These healthcare professionals include but are not limited to physiotherapists, podiatrists and pharmacists;
- in order to comply with the statutory requirements which may require information be shared with government agencies;
- to maintain records required under our policies and by law; and
- for related purposes in managing and administering our services, including managing billing and debt recovery, training of staff and contractors and managing their work performance and career progression, quality assurance and evaluation, maintenance and testing of information technology systems, obtaining advice from consultants and professional advisers and investigating or managing complaints, concerns or claims (including liaising with legal representatives and insurers); and
- for other purposes with your consent or as permitted by law.
9. How do we store personal information?
We hold personal information in paper-based and electronic records and systems. Personal information may be collected in paper-based documents and converted to electronic form for storage (with the original paper-based documents either archived or securely destroyed).
Information held in paper-based form is generally securely stored at our village from which you receive services or in the case of archived records, at an external storage facility in Australia. We use physical security and other measures to protect personal information from misuse, interference and loss; and from unauthorised access, modification and disclosure.
Information held in electronic form is generally held on servers controlled by us. We use physical security, password protection and other measures to protect personal information from misuse, interference and loss; and from unauthorised access, modification and disclosure.
10. When will we disclose your personal information?
We will not share any of your personal information with third parties without your consent except in accordance with this Privacy Policy and:
- if we are required by law or we believe in good faith that such action is necessary in order to comply with law, cooperate with law enforcement or other government agencies, or comply with a legal process served on the company (including other service providers or insurers) or court order;
- if the disclosure of the information will prevent or lessen a serious and imminent threat to somebody’s life or health;
- to our contractors, service providers and volunteers only to the extent necessary for them to perform their duties to us;
- to our related companies;
- to our professional advisers, including our accountants, auditors and lawyers;
- as otherwise permitted by law.
If we retain any sensitive information, that information will not be used, shared or disclosed without yourexpress that is current, voluntarily given and obtained in accordance with the Privacy Principles. If you are unable to give consent then we may use and disclose your personal and sensitive information with the consent of a responsible person (as defined under the Privacy Act).
11. Security of your personal information
We regard the security of your personal information as a priority and implement a number of reasonable physical and electronic measures to protect it. Staffwho may have access to your information may be required to sign a confidentiality agreement and if contract service providers are used, they will be bound by our Privacy Policy.
We remind you, however, that the internet is not a secure environment and although all care is taken, we cannot guarantee the security of information you provide to us via electronic means.
12. Anonymity
You have the option of not identifying yourself, or using a pseudonym, when dealing with us in certain circumstances, for example, when making a general enquiry about our services. However, it is generally not practicable or lawful for us to deal with you anonymously or pseudonymously on an ongoing basis, for example, if you wish to make a more detailed enquiry about our services or become a resident. If we do not collect personal information about you, we may be unable to provide you with the information or services you have asked us to provide.
If you wish to remain anonymous, please contact us using the details below.
13. Data quality
We take all reasonable steps to ensure that the personal information we collect is accurate, up to date and complete. This includes maintaining and updating personal information when we are advised it has changed and at other times as necessary.
14. Cross border data transfer
We operate only within Australia and will not provide your information to parties in any other country. We do from time to time, however, use web-based programs for particular activities such as email broadcast which may be hosted offshore, or cloud service providers but only when the supplier agrees with us to be bound by privacy laws or where the jurisdiction in which the data is located has laws that are equal to or better than Australian privacy laws.
15. What if there is a data breach?
We take all reasonable steps to prevent data breaches. However, if we suspect that a data breach has occurred, we will undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected. If so, we will:
- take all reasonable steps to contain the breach;
- where possible, taking action to remediate any risk of harm;
- notify individuals and the Commissioner where an individual is likely to suffer serious harm (or if otherwise required by law); and
- review the incident and consider what actions can be taken to prevent future breaches.
16. Accessing and correcting your information
You, or your authorised representative, are entitled to view the information we hold about you and reasonable requests for access and correction will be responded to as quickly as possible.
Access to a large amount of information or information from various sources within the organisation may take time before we can respond.
If you wish to view the information we hold about you, please contact the Privacy Officer using the contact details set out below.
Requests for access should include:
- if the person requesting information is an authorised representative, proof that the person requesting access is lawfully authorised to do so (such as a copy of the Enduring Power of Attorney appointing the person as well as a copy of the person’s drivers licence or passport);
- specific details of the information sought so that we can identify what personal information is being requested; and
- the form in which the information is requested (for example, a copy of the information or a request to view the information contained in our records).
If we refuse to give you access to your personal information or to correct your personal information, we will give a reason for this decision.
Generally, if requested, we will amend any personal information which you demonstrate is inaccurate, incomplete or not current, and will remove any information that is not relevant. If we disagree with your view on these matters we will keep a note on the file setting out your view of the information held.
17. On-line transactions
Our website may be enabled for online transactions using a certified secure payment gateway. However, despite the security on the site, you should be aware that there are inherent risks in transferring information across the internet and we cannot accept liability for any breaches.When an internet payment is made, your credit card number is used only to make a debit and not retained by us.
18. Security measures for online payments (if relevant)
Payments made online on our website are processed in real time using a secure payment gateway. Payments are processed in Australia (and for all other countries) in Australian Dollars. Our website has security measures designed to protect against the loss, misuse and/or alteration to your personal information under our control.
19. Links to other websites
Our websites may contain links to third party websites, and third party websites may also have links to our websites. We do not endorse any of those Websites or links. This Privacy Policy does not apply to external links or other websites who may also collect your personal information. We encourage you to read the privacy policies of any website you link to from our website.
20. Effective date and updates
This is our current Privacy Policy. We may at any time vary this Privacy Policy by publishing an updated version on our website. You accept that by using the website or continuing to use our services, provided you with sufficient notice of the variation.
21. Changes to this Privacy Policy
We reserve the right, as it may be necessary, to review, revise or make changes to our Privacy Policy and will notify you of those changes by posting those changes on our web site.
22. Complaints
If you wish to make a complaint about a possible breach of privacy, please provide full details of your complaint in writing, and send it to the Privacy Officer (see contact details above).
If your complaint relates to our failure to provide access to or to correct any personal information that we hold about you, you may lodge a complaint directly with the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au).
If your complaint does not relate to these matters, you must first lodge a complaint with us in writing and provide us with details of the incident so that we can investigate. We will treat your complaint confidentially, investigate your complaint and aim to ensure that we contact you and your complaint is resolved within a reasonable time (and in any event within the time required by the relevant privacy legislation, if applicable).
Individuals enquiring about their rights and remedies for breaches of privacy, can access detailed information at the Office of the Australian Information Commissioner www.oaic.gov.au
23. More Information
If you would like more information about our Privacy Policy or the way we manage your personal information, you can contact the Privacy Officer by:
Email: contact@sunrisesupportedliving.com.au
Mail: 11A Chapmans Road, Tuncurry NSW 2428
Phone: 02 5528 5996
Alternatively, additional information on the Australian Privacy Principles can be obtained from http://www.oaic.gov.au/