Mates4Mates Privacy Policy
Introduction
Mates4Mates Limited (ABN 54 160 646 999) (we, us, our and Mates4Mates) respects and upholds your rights to privacy established by the Australian Privacy Principles contained in the Privacy Act 1988 (Act).
This policy outlines Mates4Mates commitment to protecting and upholding the right to privacy of clients, staff, volunteers, Governing body/Management Committee members and representatives of agencies we deal with.
Mates4Mates is committed to protecting and upholding the rights of our clients to privacy in the way we collect, store and use information about them, their needs and the services we provide to them.
Mates4Mates requires all staff, volunteers and the governing body/management members to be consistent and careful in the way they manage what is written and said about individuals and how they decide who can see or hear this information.
Policy Statement
Mates4Mates is committed to secure information management and privacy and will ensure that:
- it meets its legal and ethical obligations as an employer and service provider in relation to protecting the privacy of clients and organisational personnel
- we provide information about the right to privacy to our clients, which includes how we collect, use and disclose personal information in order to perform our functions and activities, which includes the provision of health, wellbeing and social connection services to veterans and their families
- clients and organisational personnel are provided with privacy when they are being interviewed or discussing matters of a personal or sensitive nature
- all staff, Governing body/Management Committee members and volunteers understand what is required in meeting these obligations
- will adhere to all requirements imposed under the Privacy Act 1988, including the requirements imposed by the Privacy Amendment (Notifiable Data Breaches) Act 2017, to strengthen the protection of personal information.
We are firmly committed to protecting the privacy and confidentiality of your personal information and to maintaining various physical, electronic and procedural safeguards to protect personal information in our care.
You can find more information about the APPs and privacy rights and responsibilities at the website of the Office of the Australian Information Commissioner (www.oaic.gov.au).
About this Privacy Policy
This Privacy Policy conforms to the Privacy Act (1988) and the Australian Privacy Principles which govern the collection, use and storage of personal information and outline:
- how we collect, use, exchange and disclose information about our clients, suppliers (and their employees) and people who use our services or apply for employment with us;
- how we ensure that people know what sort of personal information is held, what purposes it is held it for and how it is collected, used, disclosed and who will have access to it;
- how to contact us if you have any questions or concerns about the management of your personal information;
- how you can access your personal information;
- how we will respond to and manage any breach of privacy.
In this policy we use the terms “personal information” and “sensitive information” – these terms are defined in the Privacy Act 1988.
In general terms, “personal information” is information or an opinion that can be used to personally identify you. “Sensitive information” is a type of personal information that requires higher protection and includes information or an opinion about an individual’s racial or ethnic origin, political opinions or associations, religious or philosophical beliefs, trade union membership or associations, sexual orientation or practices, criminal record, health information and genetic information.
Mates4Mates’s handling of employee records in relation to current and former employment relationships is exempt from the APPs in certain situations, in which case this privacy policy will not apply.
What personal information do we collect
We only collect your personal information if it is necessary for what we do (such as psychological counselling, physical rehabilitation, skills for recovery programs, veteran research) or to comply with the law. The kind of personal information that we need to collect from you will depend on how and why you are connecting with us and may include the following:
- your contact details, including your full name, street address, email address and telephone number, as well as your date of birth and gender, no matter which type of product or service you are requesting from us;
- if you are accessing our services online, we might also collect your IP address, browser type, domain names, browsing preferences, access times and the addresses of referring websites;
- your occupation;
- your service history;
- information concerning your dealings with the Department of Veterans' Affairs;
- any relevant payment or billing information;
- your health or disability related information, including your medical history, treating medical and allied health, and other service providers;
- your proof of identity information and documentation including driver's license, passport or birth certificate information;
- your next of kin and emergency contact information;
Mates4Mates Veteran & Family Wellbeing Centre clients
- limited information about your services record/history, including your branch of service and status (e.g. serving, ex-serving, transitioning);
- inferred information and characteristics as a result of undertaking data analysis;
- information provided in surveys, incidents, feedback, complaints and commentary;
- images from CCTV used in and around the centre.
Sensitive Information
In limited circumstances we may need to collect sensitive information about you, such as:
- your physical and mental health information, including your medical history and treating doctor relevant to the services we will provide to you
- information about your cultural background, such as whether you identify as Aboriginal or Torres Strait Islander
If we collect your sensitive information, we will only do so with your consent (unless otherwise required by law).
How we collect personal information
The main ways we collect personal information are:
Directly
- when you contact or visit us (or we visit you), including visiting a centre, contacting us directly or through a call centre, making an inquiry, completing our online forms,
- making a complaint or supplying feedback, attending an event
- if you access our websites, including using cookies, which may track what you view on our websites and other websites/apps that you visit, and can also help the website to recall your specific information on later visits. Cookies may also come from third party services for the purpose of collecting data to enable website performance measurement and personalised advertising (for more information see our Cookie Policy below). For the provision of online services, such as telemedicine or social connection activities, we may also collect contact information that will be used to provide these services to you.
Indirectly
- from any person authorised to act on your behalf or authorised to provide your personal information to us (such as referrals from medical and allied health practitioners)
From third parties
- from Australian government agencies and departments such as the Department of Veterans' Affairs, the National Disability Insurance Agency or health departments
- from third party providers who work with us
- from RSL Queensland (our related organisation)
How we hold, secure and store your personal information
- having security measures in place to protect the personal information we hold from misuse and loss and from unauthorised access, modification, or disclosure
- having measures to restrict access to only personnel who need that personal information to effectively supply services to you
- appropriate training for our staff on how to keep your information safe and secure
- when personal information is transmitted to other websites, it is protected by encryption, such as the Secure Socket Layer (SSL) protocol
- having a Data Breach Response Plan and following the requirements of the Data Breach Notification scheme under the Privacy Act
- notify individuals and the Office of the Australian Information Commissioner (OAIC) when there has been a data breach (or suspected breach) of personal information, if
it is likely to result in serious harm to individuals whose privacy has been breached - destroy or permanently de-identify personal information no longer needed and/or after legal requirements for retaining documents have expired
What we do with your personal information
We use your personal information in connection with carrying on our business. The way we use your personal information will depend on how and why you are connecting with us and may include the following purposes:
General
- confirm your identity
- verify eligibility requirements
- supply goods or services to you
- communicate with you concerning our services and activities
- manage your involvement in the services
- assess service outcomes
- respond to feedback from you
- conduct fundraising activities
- accept donations from you
- for our own internal administrative purposes, such as to develop and/or test our systems
- aid in administering our policies, or to investigate complaints or incidents
- recruit and assess our employees, or to engage contractors
- in the case of our suppliers or service providers, to administer contracts which we may have with you
- maintain and update our records
- comply with all laws
Mates4Mates Veteran & Family Wellbeing Centre clients
- verify eligibility requirements
- facilitate connection with other ex-service and community organisations within the centre/network
- manage and co-ordinate your attendance at the centre
- conduct a wellbeing check
We may also use your personal information for purposes related to any of the above, or which are disclosed to you at the time the relevant personal information is collected.
Who we share your information with
We may share your information for the purposes set out in section 7 ("What we do with your personal informations"), where you would reasonably expect us to disclose your information, and/to comply with the law. This may include for the purposes of the administration of the products or services you have requested, mailing services, distribution services, IT services, data analysis, research, advertising, consultancy services, advocacy, and relevant stakeholders such as the Department of Veterans' Affairs, National Disability Insurance Agency, Garrison Health/ ADF Health Services , Medicare, medical and allied health practitioners, disability and health services.
The way we disclose your personal information will depend on how and why you are connecting with us. For example, we may disclose your personal information to:
General
- related entities, contractors, suppliers, distributors, and agents used by us in the ordinary course of our business
- law enforcement agencies. Government agencies, or other third parties, where required under or authorised by law
- our professional advisers to enable them to provide services to us
- any other organisations where you have provided your consent
From time to time, we may provide aggregated and de-identified information to other business partners for various purposes, including for research purposes.
In doing so, we will take all steps as are reasonable to ensure that these parties respect and uphold the provisions of this Privacy Policy in relation to your personal information.
Participants in research projects
- given a choice about participating or not
- given the right to withdraw at any time
- informed about the purpose of the research project, the information to be collected, and how information they provide will be used
- given copies of any subsequent publications
How we disclose personal information overseas
Our preference is not to store or disclose personal information outside Australia. However, this does occur in limited circumstances, such as service providers and information
technology and cloud services providers located in countries other than Australia given the nature of ADF deployment.
We take reasonable steps to ensure that overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
You have the option of not identifying yourself, or using a pseudonym, when dealing with us provided it is lawful and practical to do so. However, there are a number of circumstances where this is not possible, including when:
- engaging in any of our services
- you are a prospective employee.
If you do not provide some or all of the personal information we request, we may be unable to effectively provide our services to you
How we engage in direct marketing
We may use your personal information for the purpose of providing you with information about our products, services or events or any other direct marketing activity which we consider may be of interest to you or engage in any other direct marketing activity if it is within your reasonable expectations that we would send you such information given the nature of earlier communications with you and/or the products or services that you have requested from us.
You may at any time opt out of receiving any communications from us (other than as required for the operation of our business e.g. regarding the payment of membership fees) by using the “unsubscribe” facility included in an email you receive from us or by contacting us using the details set out at the bottom of this document.
Accessing, updating and correcting your personal information
Our contact details
If you have any questions or comments about this policy or if you have any questions about this policy or if you have any complaint regarding the treatment of your privacy by us, please contact us in writing using the following details:
- The Privacy Officer
- Mates4Mates
- PO Box 208, Fortitude Valley QLD 4006
- Ph: 1300 4 MATES (62 837)
- Email: privacy@mates4mates.org
Last updated: December 2024