Purpose
The purpose of this policy is to demonstrate The Change Room’s commitment to upholding an individual’s right to privacy and to provide a clear standard for the collection, storage and use of all forms of personal information in our business.
Scope
This policy is designed to educate and inform stakeholders and program participants about their rights and obligations under privacy legislation and the Australian Privacy Principles and to describe clear procedures governing the use of personal information in a business context.
The procedure is applicable to all Change Room employees and contractors but does not apply to employees’ personal information, which is subject to different legal obligations.
Policy
The key objective of this procedure is to ensure that all information collected, stored and used by The Change Room is collected by lawful and fair means; is kept accurate and up to date; and is managed in a safe and confidential environment in compliance with Australian Privacy Principles and current privacy legislation.
Procedure
The Change Room and its stakeholders will conduct business in accordance with the Change Room Privacy Statement.
This new statement will be made available to all current employees and stakeholders and promoted as part of our organisational culture. The Senior Management Team will be responsible for promoting the principle of responsibility and accountability for individual privacy. Appropriate training will be conducted, as required, in relation to privacy laws and subsequent rights and obligations.
Audit
The Operations Manager will conduct a detailed annual review of this Policy and Procedure.
The Change Room’s Privacy Statement:
- Our Commitment – The Change Room is committed to upholding the fundamental right to privacy of all employees, stakeholders and program participants. The Change Room is dedicated to operating in compliance with current privacy legislation and the Australian Privacy Principles.
- Collection of Information – We collect and store personal information directly related to the safe, efficient and effective management of our business, regular performance of business functions and to comply with legislative requirements. This includes but may not be limited to names, contact details, injury type, injury date, capacity to work, insurer contact details. This may also include sensitive information such as file notes and health information to effectively provide our services in supporting participants’ physical, emotional and mental wellbeing.
Personal information is collected by lawful and fair means and, where possible, is generally obtained directly from the client with consent from the individual. We also obtain information from the Change Room Community App relating to App usage and Wellbeing Survey data.
Consent is gained from the individual where it is necessary to collect and use sensitive information.
- Use and Disclosure of information – Personal information collected by The Change Room is used solely for business-related functions and activities. This may include:
- participants records kept as part of our services
- staff and mentors for the purposes of safe operation at the Change Room Programs
- internal operational and ancillary business practices to provide our services, such as billing, financial auditing, planning or complying with legal requirements, or
- approval for consent to share non-identifiable information to The Australian Catholic University for independent wellbeing studies.
We may disclose personal information to third parties, if required by law, to government and regulatory authorities.
We will take reasonable steps to ensure that these organisations are bound by sufficient confidentiality and privacy obligations with respect to the protection of your personal information.
We do not disclose personal information to third parties overseas.
- Storage and Security of information – The Change Room has in place advanced safeguards to protect personal information from unauthorised access, use, modification or disclosure, whether that information is stored in physical or electronic form. Physical measures, computer and network security and personnel security are all used to ensure the protection of information kept on site and on our electronic systems.Personal information is only stored for as long as it is required by the business (including as long as required by law to keep records relating to you). Relevance is gauged at regular audits where all information is reviewed for currency and updated if necessary. Personal information that is no longer required is destroyed or de-identified in a secure manner.
- Access – You may request access to the personal information we hold about you by following our Access and Review Procedure and contacting us on the details below. In most cases, we will provide that information. If we do not, we will provide you with reasons.
- Accuracy and Correction – We take reasonable steps to ensure personal information about individuals is complete, accurate and up to date and conduct annual audits for that purpose. However, if your information is incorrect, incomplete or not current, you can request that we update this information by contacting us on the details below.
- Questions or Complaints – If you have any questions, concerns or complaints about this Privacy Policy or our use of your personal information, please contact us on the details below. You can also contact us on these details if you believe that the privacy of your personal information has been compromised or is not adequately protected.Once a complaint has been lodged, we will review it and respond to you as soon as possible to determine what further actions, such as an investigation or any remedial action, is necessary.
- Contact Details and privacy-related queries or concerns should be directed to:The Operations Manager
The Change Room
Po Box 295
Cherrybrook NSW 2126
Phone: 02 9055 5074Alternatively, information about The Change Room’s privacy policy can be viewed on the Internet at www.thechangeroom.info/privacy
