To ensure the right to privacy and respect maintained for each person whose personal and sensitive information is collected and retained by Wesley Mission and to establish principles of transparency and fairness for the management of this information.
This policy applies to all Wesley Mission employees, volunteers, clients, donors, partners and online users.
Wesley Mission delivers a diverse range of services for the most vulnerable members of our society.
In delivering these services Wesley Mission collects, manages, stores and sometimes disclose personal and sensitive information.
In delivering our services we comply with the relevant state or national privacy principles and any additional privacy obligations under the contract.
Our obligations under the Privacy Act
Wesley Mission is bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) which regulate how organisations may collect, use, disclose and store personal and sensitive information and how individuals can access and correct personal and sensitive information held about them.
Collection of personal and sensitive Information is transparent and fair
Wesley Mission will only collect personal and sensitive information that is reasonably necessary for one or more of our functions and activities.
Kind of information collected
The nature and extent of personal and sensitive information collected varies depending on the particular interaction with Wesley Mission. The kind of information collected will include contact and personal details, family background, health information, medical history, donation history and any other information required for delivery of a specific service. The information we collect will be relevant to the service delivered.
How we collect information
Where possible, Wesley Mission collects personal and sensitive information directly from the individual. We collect information through various means, including telephone and in-person interviews, appointments, forms and questionnaires. If the individual feels that the information we are requesting is not the information they wish to provide, they should raise this with us.
If we collect information from a third party source, we will take reasonable steps to contact the individual and ensure they are aware of the purposes for which we are collecting their personal and sensitive information and the organisations to which we may disclose their information subject to any exceptions under the Act.
As part of administering Wesley Mission services, Wesley Mission may collect health information. For example, Wesley Mission collects health information (such as medical history) from some clients participating in Wesley Mission programs. If health information is collected from a third party (such as a doctor) Wesley Mission will inform the individual that this information has been collected and will explain how this information will be used and disclosed. If Wesley Mission uses health information for research or statistical purposes it will be de-identified if practicable to do so.
Use and disclosure of personal and sensitive information is respectful and maintains the dignity of the person
Individuals who would like to access any Wesley Mission services on an anonymous basis or using a pseudonym should inform us of this. If it is possible and lawful we will take all reasonable steps to comply with the request. However, we will not be able to provide the services in question if we are not provided with the personal information requested.
Where required or requested by the individual, Wesley Mission maintains the confidentiality of personal and sensitive information. Wesley Mission will use personal and sensitive information for purposes which are related, or in the case of sensitive information directly related, to the reason an individual provided the information and where the individual would reasonably expect Wesley Mission to use the information. We will not use or disclose personal or sensitive information for any other purpose unless the individual has consented or one of the following applies:
- it is otherwise required or authorised by law
- it will prevent or lessen a serious threat to somebody’s life, health or safety or to public health or safety
- it is reasonably necessary for us to take appropriate action in relation to suspected unlawful activity or misconduct of a serious nature that relates to our functions or activities
- it is reasonably necessary to assist in locating a missing person
- it is reasonably necessary to establish, exercise or defend a claim at law
- it is reasonably necessary for a confidential dispute resolution process
- it is necessary to provide a health service
- it is necessary for the management or monitoring of our health service
- it is reasonably necessary for the enforcement of a law
- it is necessary for research analysis of statistics relevant to public health or public safety
Disclosing information to an overseas recipient
If we are required to send information overseas for IT/electronic data storage we will take reasonable measures to protect individuals’ personal and sensitive information, either by ensuring that the country of destination has similar protections in relation to privacy or that we enter into contractual arrangements with the recipient of the information that safeguards privacy.
Security of personal and sensitive information
Wesley Mission takes reasonable steps to protect the personal and sensitive information we hold against misuse, interference, loss, unauthorised access, modification and disclosure.
These steps include password protection for accessing our electronic IT system. When the personal information is no longer required it will be destroyed in a secure manner.
Please note, the Wesley Mission website may contain links to third party websites. We are not responsible for the collection and handling of information by holders of third party websites. We recommend that individuals review the privacy policies of those third party websites.
Access to and correction of personal information
If an individual requests access to the personal information we hold about them or requests that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act or other relevant law to withhold the information or not make the changes.
Requests for access and/or correction should be made to our Privacy Officer. For security reasons, individuals will be required to put their request in writing and provide proof of identity to ensure protection of information.
We will take reasonable steps to provide access or the information requested within 14 days of the request or within 30 days where more complex information is required. If an individual is able to establish that personal information Wesley Mission holds about them is not accurate, complete or up to date, Wesley Mission will take reasonable steps to correct our records.
In some circumstances defined under the Privacy Act we may deny access to information for reasons outlined in the Privacy Act.
If we deny access to information we will set out reasons for denying access in writing. Where there is a dispute about right of access to information or forms of access, this will be dealt with in accordance with the Wesley Mission Complaints policy.
We maintain and update personal information in our contacts lists when we are advised by individuals that their personal information has changed. We also regularly audit contact lists to check the currency of the information. We will remove contact information of individuals who advise us that they no longer wish to be contacted.
If a person has provided us with personal and sensitive information, or we have collected and hold their personal and sensitive information, they have a right to make a complaint and have it investigated and dealt with under the Wesley Mission Complaints policy.
If a person has a complaint about Wesley Mission privacy practices or our handling of personal and sensitive information, they should contact our Privacy Officer.
Wesley Mission shall comply with the Children and Young Persons (Care and Protection) Act 1998 relating to the sharing and retaining of confidential information
Factsheets, guidance, checklists, and form letters to request and provide information are available on the Interagency Guidelines of the Keep Them Safe website.
Wesley Mission will regularly review, amend and/or update this policy from time to time as required to comply with current or changed privacy regulations or contracts. The updated policy will be made available on our website.
How to contact us
The Privacy Officer
PO Box A5555
Sydney South NSW 1235
Phone: (02) 9263 5421
Note: Calls can be made for a local call cost from fixed residential landlines anywhere in Australia, but calls from mobile and pay phones may incur higher charges. Check with the service provider for costings from mobile and pay phones.
Responsibility and policy owner
The policy owner is General Counsel, Wesley Legal & Risk.
The Privacy Officer shall:
- be aware of and disseminate information about any changes to the current privacy law.
- arrange for appropriate communication to be provided on any change.
- provide advice on the requirements under the Privacy Act.
- receive and deal with any complaint that Wesley Mission has not complied with this policy or the Australian Privacy Principles.
- report notifiable data breaches that employees are or may be involved in.
- take specific action in response to a notifiable data breach including containing the breach and undertaking a preliminary assessment of the causes.
Staff, carers and volunteers shall:
- ensure they comply with this policy at all times.
All Managers/Supervisors shall:
- ensure all personal and sensitive information is collected, managed and stored with security, appropriately archived, de-identified or disposed of securely.
- ensure they comply with this policy at all times.
Manager Governance Support Services shall:
- ensure procedures are developed to define the process of collection, management and storage of personal and sensitive information
Quality Manager, Wesley Legal & Risk shall:
- ensure internal controls are in place through periodic auditing and verifications for the implementation of this policy.
Consultation and approval
This policy has been developed in consultation with representatives from all Wesley Mission departments, Quality Manager, Wesley Legal & Risk and Legal Counsel (Privacy Officer).
General Manager Corporate approved this policy.