Us and You: When we say ‘us’, ‘we’ or ‘our’ in this statement, we mean Bloomhill Cancer Care and our services. When we say ‘you’ or ‘your’, we’re referring to the person or entity that is using our services, engaging with our services, or visiting our websites.
Personal information: Information or opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether the information or opinion is recorded in a material form or not. Examples of Personal Information are your name and address, your signature and your date of birth.
Sensitive information: Is a subset of Personal Information, attracting a higher level of protection under the Act. It includes health, genetic and biometric information as well as information about race or ethnic origin, political opinions, membership of political parties, sexual orientation and criminal record.
Health information: Is information or an opinion about an individual’s physical or mental health or disability, health preferences including future provision of health services, use of health services, bodily donations (eg. blood, organs) and genetics.
We have supported the Sunshine Coast Community for over 21 years and provide a range of services to our clients. We have 49 staff and over 400 volunteers who care for, and support people from all walks of life who have had a cancer diagnosed, including older people, people with a disability, children, families and Indigenous people.
1. Why We Collect Information
We collect Personal Information so that we can provide you with the best and most suitable service possible. We only collect Personal Information necessary for our functions and activities. It helps us to run our business efficiently and effectively and when you provide the most accurate and complete information, you get the best possible service from us.
2. Kinds of Information We Collect
The types and forms of Personal Information that we collect from you will depend on your relationship with us, the nature of the service we are providing or activity you are involved in, and the legal obligations we may have.
Information we collect may include:
- Date of birth
- Details of treating practitioners including General Practitioner
- Medical history, test results, diagnosis and treatments
- Telephone numbers
- Banking details to enable the processing of your account
- Police checks
- Blue cards
- Pension or other concession details
- Medicare number, Health Fund details
- Names and telephone numbers of persons to contact in an emergency
- Address (postal and email)
- Gift and donation amounts
At times we are required to collect government identifiers such as Medicare, Pension or Veteran’s Affairs numbers. We will only use or disclose this information in accordance with the Act.
If you’re applying for employment with us, Personal Information will be collected in relation to your application.
3. Information Collected by Our Websites
When you visit our website, we do not try to identify you or collect Personal Information. However, you might choose to provide your Personal Information when you complete an online form or make an enquiry via the ‘contact us’ page. Our websites take every precaution to protect Personal Information collected and measures are in place to protect the loss, misuse and alteration of this information (see the Security section of this policy).
To help us keep our websites working optimally, our sites may collect statistics about visits, such as how many people visit our sites, the user’s IP address, which pages people visit, the domains our visitors come from and which browsers they use. This information will not used to identify you.
Our websites may collect ‘cookies’ when you access them. Cookies identify your IP address and browser type, but not your Personal Information. Whilst cookies enable better website functionality, you can choose to reject them if you wish.
Third Party Links
It is also important to know that we may, at times, be obliged by law to allow law enforcement agencies and other government agencies with relevant authority, to inspect our IP logs.
4. How We Collect Your Information
In most cases, we collect your Personal and Sensitive Information from you directly (unless you are unable to provide the information). For example, we collect this from you when you provide the following:
- Admission forms.
- Administration and financial forms.
- Employment applications for an advertised role.
- Personal and Sensitive Information provided in person or over the telephone.
- When a complaint is lodged with us.
We endeavour to gain your consent when collecting your Personal Information. This may happen before, during or after the process. Once you have provided your consent, you are able to withdraw it at any time by contacting us. However, please understand that by withdrawing your consent, we may not be able to provide you with the services you require.
If we are unable to collect Personal Information from you directly, we may obtain further information from a third party, such as:
- An authorised representative (e.g. your legal adviser).
- A health service provider (e.g. order prosthetics).
- A family member (e.g. a complaint).
- Other sources where necessary to provide services.
If you choose, you can deal with us anonymously or use a pseudonym (as long as that does not contravene legal requirements). However, in order for us to provide you with the best service, we will need to know your personal details. That way we will be able to work with other providers and apply relevant concessions such as Insurance Funds, Pharmaceutical Benefits etc.
6. How We Use and Disclose Your Information
We use and disclose your Personal Information for the purpose for which we have collected it. There are various exceptions to this:
- You have consented to the use of your Personal Information for another purpose.
- Your Personal Information is used or disclosed for another related purpose.
- In relation to your Sensitive Information, the other purpose is directly related to the reason why it was collected.
- We are required or authorised by law to disclose your information for another purpose.
- The use or disclosure is otherwise permitted by the Act.
Here are some examples of how your Personal Information may be used and disclosed:
- Enabling better co-ordination between us and other providers involved in your care and treatment.
- Providing information to a responsible person (e.g. a parent, guardian, spouse) if you are incapable or cannot communicate, unless you have requested that we do not disclose your health information.
- Management, funding, service monitoring, planning, evaluation and complaint handling, insurer or legal services.
- Quality assurance processes, accreditation, audits, risk, client/patient satisfaction surveys and staff education and training.
- Invoicing, billing and account management.
- Undertaking customer surveys, customer and market research and analysis.
- Compiling or analysing statistics relevant to public health and safety e.g. reporting a notifiable disease.
- Provision of reminders for appointments or follow-up care.
- Letting you know about support services options available to assist you.
- Inviting you to participate in events and fundraising.
- Inclusion in research undertaken by us. (Use of your Personal Information for health related research is subject to approval by our Human Research Ethics Committee which is governed by National Health and Medical Research Council Guidelines).
7. Marketing And Fundraising
We are an organisation focussed on community outcomes. We strive to continually improve and offer the best and most relevant services and support to you and the communities we serve. When you become a customer of ours, we may use your Personal Information for direct marketing or fundraising purposes, in accordance with the Act. This means from time to time we may contact you with marketing or fundraising materials either by mail, SMS, telephone, targeted online advertising or online behavioural marketing. Of course, you can request not to receive marketing and/or fundraising communications at any time, and we will stop contacting you in this way.
8. Unsolicited Information
If we receive unsolicited Personal Information, we will make an assessment as to whether we could have collected the Personal Information from you ourselves. If we could not, we will destroy it or de-identify it as soon as it is lawfully and reasonably possible to do so. This can be affected by the options available to us and the resources and costs of taking such action.
9. Accessing and Correction of Your Information
If you would like to see your information that we hold, you can ask us by writing to the relevant service. These requests can be limited by exceptions permitted by law, and you may be charged a reasonable fee for us providing this information. We will let you know the fee when you submit your request.
We always aim to keep the most accurate, complete, up-to-date and relevant Personal Information. However, if you seek correction of any Personal Information that we hold, please contact us by applying in writing to the relevant service. If we cannot change your information we will let you know why. There is no charge for requesting the correction of your Personal Information.
OTHER TIMES AND WAYS WE COLLECT, USE AND DISCLOSE INFORMATION
Closed Circuit Television Surveillance (CCTV): We may use CCTV to maintain the safety and security of customers, visitors, staff and property. These systems may but not always, collect and store Personal Information.
Job Applications: An applicants’ Personal Information is only collected to help us assess (and if successful) engage the applicant. This information is then held to satisfying legal obligations, and is used to manage the individual’s employment, insurance, and contact information. We may store information about an unsuccessful applicant for the purpose of future recruitment.
Employee Information: Employment records are managed in accordance with workplace laws and not privacy legislation. Records of current and past employees which are directly related to the employment relationship are exempt from the application of the Act.
Volunteer Records: Records of Personal Information collected and held by us in relation to our volunteers will be managed in accordance with the Act.
Security is a high priority for us. We have strong policies and procedures in place, and we take all reasonable steps to keep Personal Information you provide us secure and protected from misuse, interference and loss, as well as unauthorised access, modification or disclosure. Our security measures include but are not limited to:
- Educating our staff and clients about their obligations to your Personal Information.
- Requiring our staff to use passwords when accessing our systems.
- Employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses entering our systems.
- Using dedicated secure networks or encryptions when we transmit electronic data.
- Providing secure storage for physical records.
When information we hold is identified as no longer needed for any purpose, we ensure it is effectively and securely destroyed or deleted.
2. Overseas Disclosure
If we disclose Personal Information to an overseas recipient, we will only do so in circumstances where we comply with the Act.
3. Use of cloud-based storage
In the course of managing our services, we use cloud technology for the purpose of storing our information. All contracts with service providers limit their handling of Personal Information to only what is required. There are also strict security measures in place.
The Act protects Personal Information that is held by relevant organisations. It regulates how we may collect, use, disclose and store Personal Information including, sensitive information, and how you may access and correct your Personal Information that we hold. This statement does not apply to Personal Information collected by us that is exempted under the Act.
QUESTIONS OR CONCERNS
If you have any questions or concerns, would like to correct your Personal Information or you wish to make a complaint about a breach of the Act at any time, please get in touch. We take your privacy very seriously, so we are always ready to listen. If you are not happy with the way we collect, use, hold or disclose your information you are welcome to lodge a complaint. To do so, please contact:
Bloomhill Cancer Care, 58 Ballinger Road, Buderim QLD 4556
Postal: PO Box 319, Buderim, QLD 4556
Telephone: 07 5445 5794
POLICY STATEMENT CURRENCY
Privacy Act 1988 (Cth)