PRIVACY POLICY

Purpose

The purpose of this policy is to demonstrate The Change Room’s commitment to upholding an individual’s right to privacy and to provide a clear standard for the collection, storage and use of all forms of personal information in our business. 

​

Scope​

This policy is designed to educate and inform stakeholders and program participants about their rights and obligations under privacy legislation and the Australian Privacy Principles and to describe clear procedures governing the use of personal information in a business context.

The procedure is applicable to all Change Room employees and contractors but does not apply to employees’ personal information, which is subject to different legal obligations.

​​

Policy​

The key objective of this procedure is to ensure that all information collected, stored and used by The Change Room is collected by lawful and fair means; is kept accurate and up to date; and is managed in a safe and confidential environment in compliance with Australian Privacy Principles and current privacy legislation.

​​

Procedure​

The Change Room and its stakeholders will conduct business in accordance with the Change Room Privacy Statement.

​

This new statement will be made available to all current employees and stakeholders and promoted as part of our organisational culture.  The Senior Management Team will be responsible for promoting the principle of responsibility and accountability for individual privacy.  Appropriate training will be conducted, as required, in relation to privacy laws and subsequent rights and obligations.

​​

Audit​

The Operations Manager will conduct a detailed annual review of this Policy and Procedure.

​​

The Change Room’s Privacy Statement:

  1. Our Commitment

The Change Room is committed to upholding the fundamental right to privacy of all employees, stakeholders and program participants. The Change Room is dedicated to operating in compliance with current privacy legislation and the Australian Privacy Principles.

​

  2. Collection of Information

We collect and store personal information directly related to the safe, efficient and effective management of our business, regular performance of business functions and to comply with legislative requirements. This includes but may not be limited to names, contact details, injury type, injury date, capacity to work, insurer contact details. This may also include sensitive information such as file notes and health information to effectively provide our services in supporting participants’ physical, emotional and mental wellbeing.

​

Personal information is collected by lawful and fair means and, where possible, is generally obtained directly from the client with consent from the individual. We also obtain information from the Change Room Community App relating to App usage and Wellbeing Survey data.

​

Consent is gained from the individual where it is necessary to collect and use sensitive information.

  3. Use and Disclosure of information

Personal information collected by The Change Room is used solely for business-related functions and activities.  This may include:

• participants records kept as part of our services

• staff and mentors for the purposes of safe operation at the Change Room Programs

• internal operational and ancillary business practices to provide our services, such as billing, financial auditing, planning or complying with legal requirements, or

• approval for consent to share non-identifiable information to The Australian Catholic University for independent wellbeing studies.

We may disclose personal information to third parties, if required by law, to government and regulatory authorities.

We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information.

We do not disclose personal information to third parties overseas.

  4. Storage and Security of information

The Change Room has in place reasonable safeguards to protect personal information from unauthorised access, use, modification or disclosure, whether that information is stored in physical or electronic form.  Physical measures, computer and network security and personnel security are all used to ensure the protection of information kept on site and on our electronic systems.   

Personal information is only stored for as long as it is required by the business (including as long as required by law to keep records relating to you).  Relevance is gauged at regular audits where all information is reviewed for currency and updated if necessary.  Personal information that is no longer required is destroyed or de-identified in a secure manner. 

  5. Access

You may request access to the personal information we hold about you by following our Access and Review Procedure and contacting us on the details below.  In most cases, we will provide that information. If we do not, we will provide you with reasons.

  6. Accuracy and Correction

We take reasonable steps to ensure personal information about individuals is complete, accurate and up to date and conduct annual audits for that purpose.  However, if your information is incorrect, incomplete or not current, you can request that we update this information by contacting us on the details below.

  7. Questions or Complaints

If you have any questions, concerns or complaints about this Privacy Policy or our use of your personal information, please contact us on the details below.  You can also contact us on these details if you believe that the privacy of your personal information has been compromised or is not adequately protected.

Once a complaint has been lodged, we will review it and respond to you as soon as possible to determine what further actions, such as an investigation or any remedial action, is necessary.

  8. Contact Details

Any privacy-related queries or concerns should be directed to:

The Operations Manager

The Change Room

Po Box 295

Cherrybrook NSW 2126

Phone: 02 9055 5074

Alternatively, information about The Change Room’s privacy policy can be viewed on the Internet at www.thechangeroom.info/privacy

​

​

​

​

APPENDIX 1

​

CONSENT FOR THE USE OF SENSITIVE INFORMATION

I ___________________________, have read The Change Room’s Privacy Policy and consent to the use of all sensitive information I have provided The Change Room. I understand and accept that this information is to be used solely for business-related functions and activities.  I also understand and accept that where necessary this information may be disclosed to third-party organisations for relevant business purposes. 

Signed: __________________________________

Dated: ___________________________________

​

​

​

​

APPENDIX 2

Access and Review Procedure

According to privacy legislation, an individual has the right of access to information held about them by an organization. To comply with this legislation we have established the following procedure, which is to be followed for any requests for the access or review of personal information held by The Change Room.

1. Contact The Operations Manager at least 24 hours before you wish to view any information, to make an appointment.

2. Provide your name and workers compensation case number for security purposes and establish what type of information you would like to review.

3. Arrange for a mutually acceptable time and location to view the information.

In relation to requests to correct personal information, the individual must make the necessary amendments in writing, which will be passed on to the Operations Manager for investigation and action.

​

The Change Room Outline of Privacy Policy

​

The Change Room believes that the privacy of individuals is a fundamental community right.

To that end, we are committed to:

• Ensuring that information about individuals will be collected by lawful and fair means and with the consent of the person concerned.

• Only holding information relevant to our business.

• Keeping information about individuals complete, accurate and up to date.

• Only disclosing or using personal information with the consent of the individual for the purposes permitted by law or as is consistent with the Australian Privacy Principles.

• Being open about how we manage personal information.

• Allowing individuals to find out and correct if necessary the information that is held about them.

• Complying with the relevant privacy legislation.

To achieve this, we will:

• Have a systematic approach to the recording and storage of personal information.

• Promote the principle of line management responsibility and accountability for individual privacy.

• Provide resources and training necessary to meet our commitments.

• Specify beforehand the purpose for which information is to be collected and where necessary obtain consent for the use and disclosure of that information.

• Take steps to comply with the Australian Privacy Principles

• Implement a formal privacy procedure that reflects the requirements of the law and the needs of our business.