CONFIDENTIALITY OF INFORMATION – PRIVACY POLICY
NurseSA Privacy Policy Directive

NurseSA understands that privacy is important and is committed to safeguarding all personal information about individuals that we handle. This Policy Directive is intended to provide:

  • a general overview of our compliance with the relevant legislative and regulatory requirements for Privacy and provide guidance in respect to the handling of personal information.

  • a description of how we manage this personal information and protect privacy, including how we comply with the Privacy Act (Act) and the Australian Privacy Principles contained in the Act.

Privacy Act Compliance

NurseSA and its related bodies corporate (we, us or our) are organisations and “APP Entities” for the purposes of the Act, and are bound by and compliant with the Australian Privacy Principles.

NurseSA’s Approach to Privacy Act Compliance

Other policies may override this Policy Directive in certain circumstances. For example, when we collect personal information, we may advise a specific purpose for collecting that personal information, in which case we will handle the personal information in accordance with that purpose.

This Policy Directive is intended to cover most personal information handled by us, but is not exhaustive. If there are any queries about our handling of personal information, please contact the relevant Operations Manager for further information.

Exemptions

No general exemptions under the Act apply to us, or to any of our acts or practices.

Personal Information

“Personal information” is essentially information or an opinion about an identified or reasonably identifiable individual.

How We Collect, Hold and Use Personal Information

3.1.1 Collection of Personal Information

We may collect personal information in the course of providing our products and services to individuals or to an organisation. We will collect personal information directly from individuals unless it is unreasonable or impracticable to do so. We will limit the personal information we collect to that which is reasonably necessary to complete the functions or activities we are engaged in for any individual. The personal information we may collect and hold includes but is not limited to:

  • The name, date of birth, address, email address and contact telephone number of an individual;

  • Developmental history, previous assessments and medical history, where relevant;

  • Assessment results and observations from services provided where relevant;

  • Information about homelife, support networks and activities of daily living where relevant; and

  • Photos, audio and video recordings (with permission) where relevant;

If the individual is a team member, we may also collect additional information that includes:

  • The individual’s qualifications and certifications for the role;

  • The individual’s current employment details;

  • Information in the CV or resume, and details of referees; and

  • Other personal information provided voluntarily, for example information in an application.

We may collect information where (as applicable):

  • Contact is made with us or submission of an enquiry (such as through our website or by telephone);

  • An individual applies for employment with us or joins us as a team member; or

  • We deal with individuals as suppliers, service providers or other businesses and we collect personal information incidentally to those dealings.

When collecting personal information, we will take reasonable steps to make those affected aware of the purposes for which we are collecting it. We would usually advise the types of organisations to which we would usually disclose information if we were likely to do so. We are unlikely to disclose it to overseas recipients. This Privacy Policy provides these details as they typically apply in most cases, however different details may apply depending on our specific interaction with individuals. If we do not notify persons affected of such other details, the information in this Privacy Policy applies.

There will not usually be Australian laws or court/tribunal orders which require or authorise us to collect personal information. We will also advise if there are laws, court or tribunal orders which require or authorise us to collect information, and the main consequences for the individual if they fail to provide it to us.

Where an individual provides us with personal information of another individual, for example, a referee, we request that they inform them that their personal information will be disclosed to us and the purpose for doing so. They may review our Privacy Policy at www.nursesa.com for further information.

If an individual fails to provide personal information requested by us, there may be a range of consequences, for example we may be unable to process or respond to requests.

3.1.2 Holding / Storage of Personal Information

We will take reasonable steps to protect all personal information from misuse, interference and loss as well as unauthorised access, modification or disclosure. For example, information stored on our computer network is protected by security features and procedures. We undertake regular monitoring of our practices and systems to ensure the effectiveness of our security policies and identify and implement improvements where appropriate. We will endeavour to destroy or de-identify personal information in line with our professional standards and accreditation requirements.

3.1.3 Use of Personal Information

We will generally only use personal information for the purpose for which we collected it, and for related purposes we consider would be within your reasonable expectations. We generally use personal information for the following purposes (as applicable in the circumstances):

  • To create and maintain an individual’s records;

  • To provide services for individuals;

  • To provide referrals to other professionals as needed;

  • To provide services or information that is requested;

  • To provide clients with information that we consider is likely to be of interest to them relating to our products or services;

  • To seek feedback from clients and perform market research; or

  • To engage in other activities where required or permitted by law.

Individuals may request not to receive marketing communications by contacting us, or by using the opt-out function provided in those communications. If individuals do not opt out in either of these ways, then the individual will be taken to have consented to receiving such communications from us.

There are no consequences of opting out of receiving our marketing and promotional communications except that individuals will no longer receive them. Individuals may elect to re-join our marketing list at a later stage if they wish. We will only use personal information for the purposes outlined, reasonably expected or with an individual’s permission, unless we are required or permitted by law to do so without consent.

Access to and Correction of Personal Information

Individuals may contact us to request access to or correction of the personal information about them that we hold. We may refuse to allow access or to amend personal information if we are legally required or entitled to do so. If we are unable to complete a request, where possible we will advise the individual in writing of the reasons. We will also provide information on how they can progress the matter if they are unhappy with our response.

We may require payment of certain costs in order to access personal information held by us. If applicable we will advise the amount payable once we have assessed the application. We will not charge a fee for lodging a request for access to, or correction of an individual’s personal information.

If a request is lodged for access to personal information, we may fulfil that request in any of a range of ways at our discretion. We may supply a copy of the personal information or allow the opportunity to inspect our records. We may require the individual to comply with certain procedures before we allow access to or amendment of personal information to ensure the integrity and security of information that we hold. Depending on the nature of the request, this may include completing a personal information request form or otherwise verifying identity to our satisfaction.

We will take reasonable steps to ensure that the personal information that we collect or disclose is accurate, current, complete and relevant. If we are satisfied that any personal information we hold about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will amend our records accordingly.

Disclosure of Personal Information to Other Organisations and Overseas

NurseSA prides itself on the high calibre of customer service we provide, especially in the area of confidentiality, and right to privacy, dignity and respect. All NurseSA staff are to be mindful of and respect the right to confidentiality and privacy. We will only disclose personal information for the purpose for which we collected it, and for purposes we consider would be within your reasonable expectations. We may disclose personal information to the following third parties under appropriate circumstances and with the individual’s consent:

  • Health care providers the individual has, or wishes to work with;

  • Educational settings;

  • Funding providers such as NDIA and other government agencies;

  • Clients who book a staff member’s service, if they are a team member;

  • References named in an application for employment; and

  • Members of our corporate group where appropriate.

Online Privacy

This Policy Directive sets out the way we handle personal information in respect of online services provided by us. This includes any services provided by us via the Internet, such as our website, and includes email communications between us. We collect personal information about individuals if they send us an email or complete any online forms or applications.

3.4.1 Automatic Server Logs

Our servers automatically collect various details when an individual uses our website, including:

  • The individual’s IP (Internet Protocol) address;

  • The operating system and Internet browser software the individual is using; and

  • The data an individual accesses, such as web pages, social media, documents or files, and the time accessed.

We do not attempt to identify individuals using this information, and only use it for statistical analysis, system administration, and similar related purposes. This information is not disclosed to any other party.

3.4.2 Cookies

We use “cookies”, which identify an individual’s computer to our servers when they visit our website. Our website may store cookies on those individuals’ computers to improve and customise their future visits. By using cookies, our site can provide customised content. If individuals do not want information collected using cookies, they may configure their browser to disable them. We do not attempt to specifically identify or track individuals using cookies.

3.4.3 Email and Messages

We may collect personal information from an individual if they send us an email or submit information to us. This may include an individual’s name and email address, and any other personal information they volunteer. We will use this to contact them, respond to their message, send them information, or for other functions we believe they would reasonably expect. We will not use or disclose any such information without their consent.

Storage and Transmission of Personal Information Online

Unless we indicate encryption is being used, any information we exchange electronically cannot be guaranteed to be private and secure. If we receive personal information, we will take reasonable steps to store it securely to prevent unauthorised access, modification, disclosure, misuse or loss.

Other Online Services

We are not responsible for the privacy practices of any other organisation, even if we link to them. By providing such links we do not endorse or assume responsibility for their practices.

Data Breach

If a data breach or suspected breach occurs, we will promptly investigate and assess whether it is likely to result in serious harm. If required, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals. If any NurseSA employee suspects a data breach, they must contact their Operations Manager immediately.

Changes

We reserve the right to amend this Policy Directive at any time. We publish our current Policy Directive on our website.

Complaints

If an individual believes a breach of their privacy has occurred, we encourage them to contact us. Any complaint will be considered by our nominated representative. If the matter is serious or unresolved, it may be escalated. If unsatisfied, the complainant may contact the Office of the Australian Information Commissioner: http://www.oaic.gov.au

Further Information and Contact Details

Further information about the ways we manage personal information can be obtained via the relevant Operations Manager.

Authorisation
Authorised by: Sam R.
Document Title: NurseSA Confidentiality of Information Privacy Policy
Date Created: 1 January 2023
Version: 6.1.1
Last Review: 2024
Review Period: Annually