This policy is to ensure that Wesley Community Services Limited (Wesley Mission) has a clear framework when collecting, handling and managing personal information collected during the course of operations in order to comply with the ethical and legal obligations prescribed by the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) as amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Act) and other relevant legislation such as the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth).
Personal information is information or opinion that identifies a person or from which a person can reasonably be identified. It includes information such as your name, address, date of birth, contact details and emergency contacts. If you receive other more specialised services such as aged care services, it may also include sensitive information such as your care records, medical history, treatment, reports and advice you have been given by healthcare professionals, and other information relevant to your care or the services we provide.
What personal information does Wesley Mission collect and hold and why?
We collect personal information reasonably necessary for one or more of our functions or activities including as a provider of aged care and disability programs, services for vulnerable families, children and young people or for fundraising and marketing events. The types of information we generally collect includes your name, date of birth, address and other contact details such as your telephone numbers and email address. Depending on the purpose of our interaction with you, we may also collect additional personal information and financial information if you are a donor to one of our fundraising programs.
Providing us with accurate and complete information is important for the safety, quality and effectiveness of the services we provide. If you do not provide accurate and complete information, or you withhold information, it may affect the safety, quality and effectiveness of the services we provide and the funding available to you or us for those services. In certain circumstances, this may mean that we are not able to provide you with services.
More detail about the personal information (including sensitive information) we collect and why is set out below. If you have any concerns about the personal information we have asked you to provide, please raise those concerns with us.
Prospective clients of Wesley Mission services
In addition to the general information noted above, we may collect and hold:
- sensitive information relating to your health and care needs, your racial and ethnic origin, your lifestyle choices and your health care preferences and wishes
- information that was provided to a Commonwealth, State or Territory government agency
- information about your financial status and your social security status
- information regarding details of your appointed attorney, guardian or other alternative decision makers
- contact details for your family members
- information that we are required to collect or hold under the legislation which includes sensitive information relating to your health and care needs
- records relating to your enquiries about entry into one of our services
- any other information required by law or Wesley Mission’s duty of care.
We generally collect information directly from you. We may also collect personal information about you from third parties, for example:
- from a Commonwealth, State or Territory government agency as well as independent agencies including the Aged Care Standards and Accreditation Agency or the Office of the Aged Care and Safety Commissioner
- from your medical practitioner or other healthcare professional
- from other commercially contracted organisations that have provided you with care and/or accommodation services
- from your authorised representative, guardian or family members
- publicly available sources such as third-party organisations like white pages
- other commercially contracted organisations for example fundraising and telemarketing organisations to assist Wesley Mission in logistically contacting supporters for donor and program related reasons.
We may collect your personal information for the following purposes:
- to provide you with appropriate ongoing accommodation or care services, including by developing care and services plans and communicating with your nominated healthcare professionals
- to comply with the requirements of the laws that regulate our provision of residential aged care, community care or retirement living services
- including to comply with the requirements of the Children and Young Persons (Care and Protection) Act 1998 (NSW), NSW Child Safe Standards for Permanent Care, Interagency Guidelines and the Social Security (Administration) Act 1999 (Cth)
- to determine your eligibility to entitlements under the Aged Care Act 1997 (Cth) or other legislation relating to the services you may receive
- to determine your eligibility to reside in a retirement village
- to liaise with your authorised representative and to contact nominated individuals, such as family members, if requested or needed
- to comply with our obligations to disclose financial and asset information to the Australian Government to determine our funding entitlements and to determine the fees you pay us
- to enter into contract and grant funding arrangements for the services or accommodation we may provide
- to meet any other regulatory, legislative or care requirements.
Supporters of Wesley Mission
When you donate, register for an event, take part in one of supporter surveys, appeals or make inquiries about our activities, we will collect your personal information including your donation history, areas of interest to you and payment information including your credit card or banking details, which is encrypted at all times.
We collect this information to send you receipts as well as surveys, newsletters and information about research, education and fundraising events and activities. We may use your personal information to contact you to seek financial support for other activities we undertake in promoting the work we do or may do. Typically, Wesley Mission or its contracted agency may send you appeal letters throughout the year as well. Your informed consent is required from your first contact with Wesley Mission and you can always choose what you receive at any time. If you do not wish for us to use personal information to send you this information, please contact us by using our contact details below and in all contacts you will always be given the opportunity to opt out of any future contact.
Prospective employees, volunteers and contractors
We may collect personal information when recruiting staff or volunteers which allows us to process your information for the purpose of assessing your application. We will collect information about you from third parties, such as your referees, as part of your assessment of your suitability for a position. In providing contact details for your referees, you are considered to have given your consent to our collecting personal information from your referees that may assist us with assessing your application. Similarly, we may confirm details about your past positions with previous employers (e.g. to confirm your duration of employment). We may also collect health information directly related to your ability to perform the inherent requirements of the position, with your consent.
If we are considering offering you a position, Wesley Mission may collect additional personal information about you such as your date of birth, tax file number, emergency contact details, ABN (if relevant), bank account and superannuation information, visa, passport and licence details (if relevant) and details relating to your police check or Working With Children Check.
With your consent, we may retain your details on file to enable us to contact you if you have been previously unsuccessful and an appropriate position later becomes available.
Wesley Mission may collect personal information about individual healthcare professionals who interact with us and who are involved in the care of our residents and clients. This information is typically information such as an individual health professional's name, contact details, professional details and information regarding interactions and transactions with Wesley Mission.
Wesley Mission may collect personal information about individuals who we deal with on a commercial basis such as suppliers, contractors and individuals in organisations to which we provide goods and services or from which we acquire goods and services. We may collect personal information about you including your name, position, contact details, licence or registration number, ABN, bank detail and other information relevant to the capacity in which you are dealing with Wesley Mission. We generally collect this information to enable us to contact and deal with you and to enable us to fulfil any obligation or undertaking relevant to your relationship with Wesley Mission and receive the benefit of good and services you provide.
We use social networking services such as Twitter, Facebook, LinkedIn, Instagram and YouTube to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Twitter, Facebook, LinkedIn, Instagram and YouTube on their websites.
Google Analytics and Cookies
The Wesley Mission web servers automatically log information such as server address, date and time of visit and web pages accessed. No personal information is recorded. These logs are used for website management and improvement.
Visitors to our website
If you provide us with personal information through our website, we may log your usage to assist us to make our website more accessible and valuable to our clients and future website visitors.
The internet is not always a secure method of transmitting information. Whilst Wesley Mission takes reasonable steps to ensure that information it receives is maintained securely, it cannot ensure that communications conducted via the internet will be secure.
Can you interact with Wesley Mission anonymously?
You have the option of not identifying yourself, or using a pseudonym, when interacting with Wesley Mission in certain circumstances, for example, when making a general enquiry about our services. However, it is generally not practicable or lawful for Wesley Mission to interact with you anonymously or pseudonymously on an ongoing basis, for example, if you wish to make a more detailed enquiry about our services or become a client. If we do not collect personal information about you, we may be unable to provide you with the information or services you have asked us to provide.
How does Wesley Mission use and disclose your personal information?
Generally, most of the information we handle relates to the services we provide, in which case we use and disclose personal information:
- in order to liaise with other health professionals and health services that may be involved in managing or treating you, such as general practitioners and dentists
- when services we are required to provide under the Aged Care Act 1997 (Cth) are provided by healthcare professionals who are not employed by us (these healthcare professionals include but are not limited to physiotherapists, podiatrists and pharmacists)
- when services we are required to provide including the Children and Young Persons (Care and Protection) Act 1998 (NSW), NSW Child Safe Standards for Permanent Care, Interagency Guidelines, Social Security (Administration) Act 1999 (Cth) and Community Welfare Act 1987 (NSW)
- in order to comply with the statutory requirements which may require information be shared with Commonwealth, State and Territory government agencies
- to maintain records required under our policies and by law
- for related purposes in managing and administering Wesley Mission's services, including managing billing and debt recovery, training of staff and contractors and managing their work performance and career progression, quality assurance and evaluation, maintenance and testing of information technology systems, obtaining advice from consultants and professional advisers and investigating or managing complaints, concerns or claims (including liaising with legal representatives and insurers) and for ongoing fundraising campaigns.
How does Wesley Mission hold personal information?
Wesley Mission holds personal information in paper-based and electronic records systems. Personal information may be collected in paper-based documents and converted to electronic form for storage (with the original paper-based documents either archived or securely destroyed).
Information held in paper-based form is generally securely stored at the Wesley Mission office from which you receive our services or our head office in Sydney or in the case of archived records, at a local external storage facility under a commercial contract with best practice security, retention, destruction and data protection provisions. Wesley Mission uses physical security and other measures to protect personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.
Information held in electronic form is generally held on servers located in Australia either under our direct control or under the control of contracted cloud service providers adhering to best practice data security standards. Wesley Mission uses physical security, password protection and other measures to protect personal information from misuse, interference and loss; and from unauthorised access, modification and disclosure.
Will your information be disclosed to overseas recipients?
Wesley Mission does not typically or routinely disclose personal information to overseas recipients. Unless we have your consent, or an exception under the Australian Privacy Principles applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to your personal information and ensure that any recipient is under contract to Wesley Mission.
Web traffic information collected via Google Analytics (see above for more information) may be stored overseas and some locally based cloud service providers may store back up information in overseas data centres. If our cloud provider stores data offshore, we will ensure that the provider adheres to the Privacy Act and has comparable security controls in place to house the data offshore.
How can you access, correct and update your personal information?
You (or your legally authorised representative) are generally entitled to access the personal information we hold about you under the Australian Privacy Principles 12 and 13, except where access can or must be denied or limited by the Privacy Act.
To request access to your personal information, please contact Wesley Mission's Privacy Officer in writing using the contact details below. We will not charge a fee for lodging a request for access or for compiling information in response to your request. Proof of identification may be requested by Wesley Mission.
Requests for access must be in writing and should include:
- if the person requesting information is an authorised representative, proof that the person requesting access is lawfully authorised to do so (such as a copy of the Power of Attorney appointing the person as well as a copy of the person's drivers’ licence or passport)
- specific details of the information sought so that we can identify what personal information is being requested
- the form in which the information is requested (for example, a copy of the information or a request to view the information contained in our records).
We will generally provide access to personal information in the form requested unless this is unreasonable or impractical, in which case we may provide the information in another way and will do so within 30 days. For example, if providing information may have an unreasonable impact on the privacy of other individuals we may provide only some of the information.
If you believe the personal information we hold is inaccurate, incomplete, not up to date or misleading, you may request that the information be amended and we must take reasonable steps to correct the information.
If we decide not to grant access to personal information or we refuse to correct personal information we will provide you with written reasons for our decision, the mechanisms available to complain and any other matters that we may be legally required to tell you under the Privacy Act.
Notifiable Data Breaches
If Wesley Mission determines that personal information has been accessed without permission, acquired, used or disclosed in a manner which compromises the security of the personal information, Wesley Mission will assess the risk to affected parties in accordance with the Privacy Act.
If Wesley Mission determines that a breach would be likely to result in serious harm to an individual, Wesley Mission will notify all affected individuals and the Office of the Australian Information Commissioner (OAIC) in compliance with our Data Breach Response Plan. The notification will provide recommendations about the steps individuals should take in response to the breach.
If you are not satisfied with our handling of your personal information or you believe we have breached our privacy obligations, you can complain in writing to the Privacy Officer listed below. We will respond to you within 30 days.
- Contacting Wesley Mission