The scope of this policy includes both online and offline data use and collection.
This policy covers Warrah as well as any subsidiaries.
Warrah oversees and manages the privacy of personal information and adopts a ‘good privacy practice’ approach to information collection, use and disclosure, security of personal information, and upholding individuals’ right to access and correct their information.
Warrah complies with the Privacy Act 1988 (Cth) (the Privacy Act), the associated 13 Australian Privacy Principles (APPs), and various Commonwealth and State legislations.
Warrah takes your individual right to privacy seriously; any personal information collected by Warrah is treated as confidential.
We are committed to handling the information you provide responsibly. We will take every reasonable and practical precaution to safeguard the security, integrity and privacy of this information; including periodically reviewing and updating our security measures in light of current technologies and legislation. Please note that this privacy information will be updated as appropriate.
We know we have legal and ethical responsibilities relating to the management of personal, health and sensitive information generated during our usual business processes, fundraising or during any of our services delivered.
We are bound by the Australian Privacy Principles in the Privacy Act 1988 (Cth), and by relevant State and Territory privacy laws, and remain ready and committed to complying with these requirements at all times.
This Policy statement explains how we collect, use, and protect your information. It is our current policy for dealing with the control, processing, and use of personal information.
How do we collect information?
We collect information in a number of ways, including:
- directly from you or (when relevant) your carers, for example when you provide information by phone, in contact forms or any other agreements,
- directly from you when you submit your personal and contact details through our website
- from our own records when you use our services
- directly from you when you submit your personal and contact details for the purpose of employment, volunteering or contracting.
What information do we collect?
Depending on how you are interacting with us, this information may include your contact details, your health history, occupation, or other information relevant to your situation.
We also collect information on your communication preferences, such as whether you wish to receive information and publications about Warrah, Warrah services, or events and fundraising activities.
How do we use personal information?
Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory information or any other information we require in order for us to provide our services to you, we may be unable to provide our services to you in an effective manner, or at all.
If you receive a service or services from Warrah, we will collect and hold your personal information to gain an understanding of your needs so that we can:
- conduct appropriate assessments and provide effective plans
- provide appropriate advice and information
- provide a range of services and work to improve the quality of our service
- administer billing services and comply with legal or regulatory requirements and funding agreements.
If you requested communications, participate in a fundraising event, or have previously donated to Warrah, we collect and hold your personal information so that we can:
- engage with you in an appropriate way to optimise communications and fundraising to benefit people living with disabilities
- provide relevant information in line with your wishes
- administer fundraising financial services
How we hold personal information
The security of personal information is important to us and we take all reasonable steps to protect it from misuse, loss, unauthorised access, modification or disclosure.
Once we collect Personal Information, we will either hold it securely and store it on infrastructure owned or controlled by us or with a third-party service provider who has taken reasonable steps to ensure they comply with the Privacy Act .
All personal and health information is stored securely in paper and/or electronic form. This includes:
- requiring our Warrah team members to maintain confidentiality
- document storage security measures including password protection, locked cabinets, key security
- computer access security measures including password protection
- providing discrete environments for confidential discussions
- only allowing access to health records when the individual seeking access to their own information has satisfied our identification requirements
All financial information pertaining to donors or customers of Warrah is stored securely in line with the Payment Card Industry Data Security Standards (PCI DSS), with no complete bank details retained. Wherever possible Warrah uses Westpac merchant facilities for donations, Warrah uses a professional financial gateway and expert fundraising digital platforms (in line with PCI DSS).
All information is retained for the period of time determined by law and disposed of in a secure manner.
We take all reasonable steps to ensure that the personal, health information we collect, use, and disclose is accurate, complete, and up-to-date.
We recommend that you let us know if there are errors or changes to your information (such as name, address, or any changes in your communication preferences).
Disclosing personal information?
In order for Warrah to provide a comprehensive and effective service it may be required to share your information with other service providers (such as doctors or allied health professionals), or organisations that have the authority to hold your information (such as NDIS, ATO etc.).
In this situation, prior to taking any action, we will consult the consent information held and/or ask you to give consent for us to disclose any information from your record to the other party.
We will only provide personal and health information to a third party with your consent, however, there are occasions where we must provide information (without individual consent) if bound by legislation or regulatory compliance to do so.
Copies of all paperwork related to the release of the information will be placed in your file (paper and electronic version). If you are unable to give consent about the release of your information due to age, physical or cognitive limitations, a decision will be sought from your authorised representative.
There is a process to enable you to withdraw your consent to release information at any stage. We are most unlikely to disclose personal information that we hold on you to any overseas recipients. However, in the unlikely event that we do, this policy will be updated to clearly indicate those countries in which such recipients are likely to be located.
Access to and correction of Personal Information
You are entitled to have access to any Personal Information relating to you that we hold, except in some exceptional circumstances provided by law (including the Privacy Act).
You are also entitled to edit and correct such information if the information is inaccurate, out of date, incomplete, irrelevant or misleading.
If you or your authorised representative would like to access or correct any records of personal information we have about you, you can make a written request to the Warrah Quality Manager.
Resolving Privacy Complaints
We have put in place an effective mechanism and procedure to resolve privacy complaints. We will ensure that all complaints are dealt with in a reasonably appropriate timeframe so that any decision (if any decision is required to be made) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision. To lodge a complaint please contact us via the details listed at the bottom of the document.
In order to resolve a complaint, we:
- will liaise with you to identify and define the nature and cause of the complaint;
- may request that you provide the details of the complaint in writing;
- will keep you informed of the likely time within which we will respond to your complaint; and
- will inform you of the legislative basis (if any) of our decision in resolving such complaint.
We will keep a record of the complaint and any action taken in a Register of Complaints.
PO Box 357 Round Corner NSW 2158
P: 02 9651 2411