Drysdale Toy Library, an initiative of Springdale Neighbourhood Centre
SpringDale Neighbourhood Centre respects and protects the privacy and personal information of all individuals with which we deal. This policy applies to the Committee, employees, volunteers, tutors, students and all participants at the Centre.
Information that we collect and hold about individuals is kept in accordance with current State and Federal information privacy laws including the Information Privacy Principles, the Health Records Act (Victoria) 2001 and the Information Privacy Act (Victoria) 2000.
SpringDale Neighbourhood Centre will:
• Only collect personal information from you with your prior knowledge and consent
• Only use personal information provided by you for the purposes for which it was collected
• Not disclose your personal information to a third party unless your prior consent is obtained
• Ensure that your personal information will not be disclosed to other state institutions or authorities except if required by law or other regulation
• Manage your personal information in a secure environment
• Remove personal information from our system when it is no longer required
This policy and the Information Privacy Principles will be;
• made available on request to anyone who asks for it
• provided to all Committee members, employees, volunteers and anyone who handles personal information at SpringDale Neighbourhood Centre
Type of personal and health information to be collected
SpringDale will only collect the information we need, and for which we have a purpose that is legitimate and related to one of our functions and/ or obligations.
The type of information we collect and hold includes (but is not limited to) personal information, including health information, regarding:
• Students and participants in our education and activity program. (This information is collected in order to comply with the requirements of funding and service agreements. It is also used for program development and planning.)
• Children and parents/guardians before and during the child’s attendance at any occasional child care service (this information is collected in order to provide and/or administer our services to children and parents/guardians).
• Job applicants, employees, members, volunteers and tutors (the information is collected in order to manage the relationship and fulfil our legal obligations).
• Contact details of other parties with which the service deals.
We will endeavour to ensure that the personal information we hold is accurate, complete, up to date and relevant to our functions or activities.
Personal hard copy and electronic data and information no longer required by SpringDale to meet its legal and other obligations will be reviewed annually and destroyed in an appropriate manner to ensure confidentiality and privacy is maintained at all times.
We may collect information on the following identifiers:
• Tax File Number for all employees related to the deduction and forwarding of tax to the Australian Tax Office. Failure to provide this would result in maximum tax being deducted.
• Health Care Card to assess students or participants eligibility for concessions and for planning purposes.
• Medicare card number to facilitate the provision of medical care if required.
• Centre Link Reference Number to confirm student/participant eligibility for certain programs.
• Personal information provided by individuals either in relation to themselves or their children using the service. We will generally collect personal information about an individual by way of forms filled out by members, volunteers, students, participants, parents/guardians or job applicants, face to face interviews and telephone calls.
• When collecting personal information we will provide individuals from whom we collect information, with a copy of our Information Collection Statement.
Notification of individuals or the parents/guardians of personal or health information collected
• Should the Centre receive personal information from a source other than the individual or the parent/guardian, the person receiving the information will refer this information to the coordinator. The coordinator shall notify the individual or the parent/guardian of the child to whom the information relates, of the receipt of this information. As part of the notification, the individual concerned will be advised that they have a right to request access to the information.
• Access will be granted in accordance with the relevant legislation. The legislation allows us to deny access, in accordance with the limited reasons for denial that are contained in the legislation.
When Information may be used
Personal information may be collected in relation to students/participants, Committee members, volunteers, employees, tutors, students on placement, job applicants and children and parents/guardians. The information collected may be used as follows:
Personal information and health information collected in relation to: Primary purpose of collection Examples of how the Centre will use personal information, including sensitive and health information include
Students/Participants To manage and administer the Centre’s adult education program To comply with requirements of funding and service agreements. For program planning and development purposes
Committee members For the management of the Centre by the Committee of
Management. For communication with and between Committee members, employees and members of the Centre; To satisfy the Centre’s legal obligations.
Job applicants, employees, tutors, volunteers and students on placement To assess, engage or administer contracts of employees, volunteers, tutors or students. Administering the individual’s employment, contract, or placement; Occupational Health and Safety;
Insurance purposes; Satisfying the
Centre’s legal obligations
We may be required to disclose some personal information held about an individual to: • Government departments or agencies as part of our legal and funding obligations;
• Local Government for planning purposes;
• Organisations providing services related to staff entitlements and employment;
• Insurance providers in relation to specific claims;
• Law enforcement agencies;
• Health organisations and/or family in circumstances where the person requires urgent medical assistance and is incapable of giving permission;
• Anyone to whom the individual authorises the Centre to disclose information.
This information is used to evaluate our services and to plan future services. When any information is sent to another agency, such as the Department of Human Services, it is kept secure.
Any information that identifies an individual is removed before it is used for statistical purposes.
Laws that require us to collect specific information
The Incorporations Act 1981 and employment related laws and agreements require us to collect specific information. Failure to provide the required information could affect;
• The Centres ability to function as an Incorporated Association
• An employees employment
Management and security of information
In order to protect the personal information from misuse, loss, unauthorised access, modification or disclosure, the Committee of Management and staff will ensure that:
• Access will be limited to staff who require this information in order to do their jobs.
• It will not be left in areas that allow for unauthorised access.
• The physical storage of all material will be in a secure cabinet or area.
• Computerised records containing personal or health information will require password access.
• There is security in transmission: Emails will only be sent to a person authorised to receive the material.
• Faxes will only be sent to a secure fax, which does not allow unauthorised access.
• Telephone – only limited personal information will be provided over the telephone to persons authorised to receive that information.
• Transfer of information interstate and overseas will only occur with the permission of the person concerned or their parent/guardian.
Access to information and updating personal information
Individuals have the right to ask for access to personal information we hold about them without providing a reason for requesting access.
Under the privacy legislation, an individual has the right to:
• ask for access to personal information that the Centre holds about them
• access this information and
• make corrections if they consider the data is not accurate, complete or up to date.
There are some exceptions prescribed by legislation where access may be denied in part or totally. An example of some of the exceptions is where:
• The request is frivolous or vexatious;
• Providing access would have an unreasonable impact on the privacy of other individuals;
• Providing access would pose a serious threat to the life or health of any person.
• The service is involved in the detection, investigation or remedying of serious improper
conduct and providing access would prejudice that process.
Disposal of Information
• We will not store personal information longer than necessary.
• When disposing of personal information we will ensure that it is either shredded or destroyed in such a way that no one can access the information.
Process for considering access requests
A person may seek access to view or update their personal/health information by contacting the Centre Co-ordinator or the Chairperson of the Committee of Management.
Personal information may be accessed in the following way:
• Viewing and inspecting information
• Taking notes
• Obtaining a copy
Requests for access or to update personal information should nominate the type of access required, and specifying where possible, what information they seek. No reason is required in relation to why the request is made. The person seeking information, if unknown to the employee or Committee of Management member, must provide a visible form of identification.
The employee or Committee of Management member receiving the request will record the request and the date received. Each request will be acknowledged within 14 days, but preferably within 2 working days. Requests will be complied with within 30 days. However there could be a delay in responding if the timeline occurs over a period when the Centre is closed.
Access will be provided in line with the privacy Legislation. If the requested information is not given, the reasons for denying access will be given in writing to the person requesting the information.
In accordance with the legislation the Centre reserves the right to charge for information provided, in order to cover the costs involved in providing the information.
Key Responsibilities and Authorities
The Committee of Management is responsible for ensuring the overall responsibility for the implementation of this policy. Both the Committee of Management and employees are responsible for the collection, use, disclosure, access, storage and disposal of information in line with this policy and the Privacy Principles set out in the Victorian Health Records Act 2001 and the Information Privacy Act 2000.
Further information can be obtained from:
• Health Services Commissioner (03) 8601 5200 or 1800 136066 or www.health.vic.gov.au/hsc/
• Victorian Privacy Commissioner (03) 8619 8719 or 1300 666444 or www.privacy.vic.gov.au