Introduction

The Board of Eczema Support Australia is committed to protecting the privacy of personal information which the organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person.

Purpose

The purpose of this document is to provide a framework for Eczema Support Australia in dealing with privacy considerations.

Policy

Eczema Support Australia collects and administers a range of personal information for the purposes of providing support, care and connection to those individuals, families or children affected by severe skin conditions such as Eczema. The organisation is committed to protecting the privacy of personal information it collects, holds and administers.

Eczema Support Australia recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand, and made accessible to them on the other. These privacy values are reflected in and supported by our core values and philosophies and are also reflected in our Privacy Policy, which is compliant with the Privacy Act 1988 (Cth).

Eczema Support Australia is bound by laws which impose specific obligations when it comes to handling information. The organisation has adopted the following principles contained as minimum standards in relation to handling personal information.
Eczema Support Australia will

  • Only collect information which the organisation requires for its primary function;
  • Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
  • Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent;
  • Store personal information securely, protecting it from unauthorised access; and
  • Provide stakeholders with access to their own information, and the right to seek its correction.

Responsibilities

Privacy Procedures

Eczema Support Australia’s Board is responsible for developing, adopting and reviewing this policy.
Eczema Support Australia’s Managing Director is responsible for the implementation of this policy, for monitoring changes in Privacy legislation, and for advising on the need to review or revise this policy as and when the need arises.

Processes

Collection

Eczema Support Australia will:

  • Only collect information that is necessary for the performance and primary function of Eczema Support Australia.
  • Notify stakeholders about why we collect the information and how it is administered.
  • Notify stakeholders that this information is accessible to them.
  • Collect personal information from the person themselves wherever possible.
  • If collecting personal information from a third party, be able to advise the person whom the information concerns, from whom their personal information has been collected.
  • Collect Sensitive information only with the person’s consent. (Sensitive information includes health information and information about religious beliefs, race, gender and others).
  • Determine, where unsolicited information is received, whether the personal information could have collected it in the usual way, and then if it could have, it will be treated normally. (If it could not have been, it must be destroyed, and the person whose personal information has been destroyed will be notified about the receipt and destruction of their personal information).

Use and Disclosure

Eczema Support Australia will:

  • Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
  • For other uses Eczema Support Australia will obtain consent from the affected person. In relation to a secondary purpose, use or disclose the personal information only where:
    • a secondary purpose is related to the primary purpose and the individual would reasonably have expected us to use it for purposes; or
    • the person has consented; or
      certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health or safety.
  • In relation to personal information which has been collected from a person, use the personal information for direct marketing, where that person would reasonably expect it to be used for this purpose, and Eczema Support Australia has provided an opt out and the opt out has not been taken up.
  • In relation to personal information which has been collected other than from the person themselves, only use the personal information for direct marketing if the person whose personal information has been collected has consented (and they have not taken up the opt-out).
  • State in Eczema Support Australia’s’ privacy policy whether the information is sent overseas and further will ensure that any overseas providers of services are as compliant with privacy as Eczema Support Australia is required to be.
  • Provide all individuals access to personal information except where it is a threat to life or health or it is authorized by law to refuse and, if a person is able to establish that the personal information is not accurate, then Eczema Support Australia must take steps to correct it. Eczema Support Australia’s may allow a person to attach a statement to their information if Eczema Support Australia’s disagrees it is inaccurate.
  • Where for a legal or other reason we are not required to provide a person with access to the information, consider whether a mutually agreed intermediary would allow sufficient access to meet the needs of both parties.
  • Make no charge for making a request for personal information, correcting the information or associating a statement regarding accuracy with the personal information.

Storage

Eczema Support Australia will:

  • Implement and maintain steps to ensure that personal information is protected from misuse and loss, unauthorized access, interference, unauthorized modification or disclosure.
  • Before disclosing any personal information including a provider of IT services such as servers or cloud services, establish that they are privacy compliant. Eczema Support Australia will have systems which provide sufficient security.
  • Ensure that Eczema Support Australia data is up to date, accurate and complete.

Destruction and de-identification

Eczema Support Australia will:

  • Destroy personal information once it is not required to be kept for the purpose for which it was collected, including from decommissioned laptops and mobile phones.
  • Change information to a pseudonym or treat it anonymously if required by the person whose information Eczema Support Australia holds and will not use any government related identifiers unless they are reasonably necessary for our functions.

Data Quality

Eczema Support Australia will:

  • Take reasonable steps to ensure the information Eczema Support Australia collects is accurate, complete, up to date, and relevant to the functions we perform.

Data Security and Retention

Eczema Support Australia will:

  • Only destroy records in accordance with the organisation’s Records Management Policy.

Openness

Eczema Support Australia will:

  • Ensure stakeholders are aware of Eczema Support Australia’s Privacy Policy and its purposes.
  • Make this information freely available in relevant publications and on the organisation’s website.

Access and Correction

Eczema Support Australia will:

  • Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up to date.

Anonymity

  • Allow people from whom the personal information is being collected to not identify themselves or use a pseudonym unless it is impracticable to deal with them on this basis.

Making information available to other organisations

Eczema Support Australia can:

  • Release information to third parties where it is requested by the person concerned.

 

Related Documents

  • Records Management Policy
  • Confidentiality Policy
  • Employment References Policy

 

Your privacy is important

This statement outlines Eczema Support Australia’s policy on how Eczema Support Australia uses and manages personal information provided to or collected by it.
Eczema Support Australia is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act and is compliant with the Privacy Amendment (Enhancing Privacy Protection) Act 2012. [OPTION: In relation to health records, Eczema Support Australia is also bound by the Victorian Health Privacy Principles which are contained in the Health Records Act 2001].

Eczema Support Australia may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to Eczema Support Australia operations and practices and to make sure it remains appropriate to the changing legal environment.

 

What kind of personal information does Eczema Support Australia collect and how does Eczema Support Australia collect it?

The type of information Eczema Support Australia collects and holds includes (but is not limited to) personal information, including sensitive information, about:

  • Members children
  • Members conditions and symptoms
  • Members mental health issues and concerns.

 

Personal Information you provide:

Eczema Support Australia will generally collect personal information held about an individual by way of Membership form details, individual phone calls, event registration forms, meetings etc. You do have the right to seek to deal with us anonymously or using a pseudonym, but in almost every circumstance it will not be practicable for us to deal with you or provide any services to you except for the most general responses to general enquiries, unless you identify yourself.

 

Personal Information provided by other people:

 

In some circumstances Eczema Support Australia may be provided with personal information about an individual from a third party, for example a Psychology clinic. The type of information available to Eczema Support Australia is governed by their own privacy policy and will not include any personal/medical information.

 

In relation to employee records:

Under the Privacy Act the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to the Eczema Support Australia treatment of an employee record, where the treatment is directly related to a current or former employment relationship between Eczema Support Australia and their employee/s. However, Eczema Support Australia must provide access and ensure compliance with the Health Privacy Principles under the Victorian Health Records Act 2001.

 

How will the Eczema Support Australia use the personal information you provide?

Eczema Support Australia will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented.
In relation to direct marketing, Eczema Support Australia will use your personal information for direct marketing where you have provided that information, and you are likely to expect direct marketing: only then you will be sent direct marketing containing an opt out. If we use your personal information obtained from elsewhere we will still send you direct marketing information where you have consented and which will also contain an opt out. We will always obtain your consent to use sensitive information as the basis for any of our direct marketing.

 

Volunteers:

Eczema Support Australia also obtains personal information about volunteers who assist Eczema Support Australia in its functions or conduct associated activities, such as to enable Eczema Support Australia and the volunteers to work together.

Marketing and fundraising:

Eczema Support Australia treats marketing and seeking donations for the future growth and development of Eczema Support Australia as important. Personal information held by Eczema Support Australia may be disclosed to an organisation that assists in Eczema Support Australia’s fundraising.

 

Who might Eczema Support Australia disclose personal information to?

Eczema Support Australia may disclose personal information, held about an individual to:

  • government departments,
  • people providing services to Eczema Support Australia,
  • funding agencies,
  • anyone you authorise Eczema Support Australia to disclose information to.

 

Sending information overseas:

Eczema Support Australia will not send personal information about an individual outside Australia without:

  • obtaining the consent of the individual (in some cases this consent will be implied); or
  • otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.

Eczema Support Australia does not use overseas providers of IT services including servers and cloud services.

 

How does Eczema Support Australia treat sensitive information?

In referring to ‘sensitive information’, the Eczema Support Australia means:
“information relating to a person’s racial ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record, that is also personal information; and health information about an individual”.

Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.

 

Management and security of personal information

Eczema Support Australia staff and volunteers are required to respect the confidentiality of personal information and the privacy of individuals.
Eczema Support Australia has in place steps to protect the personal information Eczema Support Australia holds from misuse, loss, unauthorised access, modification, interference or disclosure by use of various methods including locked storage of paper records and passworded access rights to computerised records.

 

Updating personal information

Eczema Support Australia endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by Eczema Support Australia by contacting the Administrator or Managing Director of Eczema Support Australia at any time.

The Australian Privacy Principles and the Health Privacy Principles require Eczema Support Australia not to store personal information longer than necessary. In particular, the Health Privacy Principles impose certain obligations about the length of time health records must be stored. You have the right to check what personal information Eczema Support Australia holds about you.

Under the Commonwealth Privacy Act and the Health Records Act, an individual has the right to obtain access to any personal information which Eczema Support Australia holds about them and to advise Eczema Support Australia of any perceived inaccuracy. There are some exceptions to this right set out in the applicable legislation. To make a request to access any information Eczema Support Australia holds about you, please contact the Administrator or Managing Director in writing.

Eczema Support Australia may require you to verify your identity and specify what information you require.

 

How long Eczema Support Australia keep my information?

Under our destruction and de-identification policies, your personal information that is no longer required will be de-identified or destroyed. In many circumstances, however it will be kept for marketing purposes, as you will have consented to that in writing with us.

 

Enquiries and privacy complaints

If you would like further information about the way Eczema Support Australia manages the personal information it holds, please contact the Administrator or Managing Director. If you have any concerns, complaints or you think there has been a breach of privacy, then also please contact the Managing Director who will first deal with you usually over the phone. If we then have not dealt satisfactorily with your concerns we will meet with you to discuss further. If you are not satisfied with our response to your complaint within 30 days from this meeting then you can refer your complaint to the Office of the Australian Information Commissioner via:

  • email:
  • tel: 1300 363 992
  • fax: +61 2 9284 9666