WOMEN’S HEALTH VICTORIA
Last updated: March 2018
Women’s Health Victoria is committed to protecting your privacy of the personal information you disclose to us or which we acquire about you. We recognise and value your trust in us to maintain your personal information and to only use and disclose the information for the purposes for which we collected the information and otherwise in accordance with applicable legislation.
This policy explains:
We reserve the right (at our discretion) to modify, amend or replace this policy from time to time. A new version of this policy will be posted to our website from time to time.
Personal information may be collected from any individual with whom we may have contact. This includes women contacting us seeking a referral to a service provider, a service provider that has submitted information for inclusion in our database, job applicants, representatives from current and prospective suppliers and information sourced from our research activities.
Types of information we collect and hold
For the purposes of this policy, ‘personal information’ is information or opinion that identifies an individual or information or opinion which could reasonably identify an individual, regardless of whether the information or opinion is in a material form or not. It may include (but not necessarily be limited to) an individual’s name, contact details and records of the individual’s dealings with us or with our staff.
We may collect a range of personal information about you, including your name, address, telephone number, email address, age and date and place of birth. We may also collect information relevant to your personal situation, including information about your current health and services which you seek.
We operate a referral service pursuant to which we may refer individuals to health provider(s) who have registered with our service. In registering with our service, a health provider will disclose name, street and postal addresses, contact number and details regarding the services the provider makes available.
Women who contact our referral service provide information including their first name, contact number and information concerning the reasons for their contact to our referral service.
We may also collect personal information in other situations and in other circumstances. For example, we may collect personal information from an individual in the course of completing our research activities. Information may be provided to us when an individual submits a job application to us or when an individual contacts us for the purpose of providing goods and/or services to us.
We may also collect information about you when you visit our website. We use Google Analytics to track visits to our website. The information we collect from visits to our website is generally anonymous, unless you specifically complete and submit a form that we make available online via our website. We generally do not use such information to identify specific individuals.
However, due to the Internet’s nature, such information may contain details which could identify a particular individual. Such information includes the IP address of the computer accessing our website, the Internet service provider used to access the Internet and our website, the web-page directing the individual to our website and the individual’s activity on our website.
How we collect personal information
We collect personal information using lawful and fair means and generally only when relevant to our operations and activities.
We may collect personal information about an individual from a variety of sources using a variety of means, including:
Subject to the foregoing, we generally collect personal information about an individual directly from that individual, unless it is unreasonable or impracticable for us to do so. Additionally, we generally only collect personal information when we specifically request that information.
From time to time, we may receive unsolicited personal information about an individual. In accordance with our statutory obligations, we will determine whether or not we could lawfully have collected such information had we solicited the information. If we determine that we could not lawfully have collected the information then we will take steps to destroy or de-identify that information, except to the extent we are required or authorised to keep the information by law or court order.
Dealing with us anonymously or on a pseudonymous basis
Subject to the following, you may interact and deal with us on an anonymous or pseudonymous basis.
However, if you choose to interact and to deal with us in this fashion, or you do not provide us with personal information when requested, then we may be unable to provide you with all the services and information that you seek from us.
Further, we may need to verify your identity as part of our response to a request to access and/or correct personal information that we hold about you, or as part of our complaints-handling process. If we are unable to verify your identity, or you continue to engage with us in an anonymous or pseudonymous manner, then we may be unable to satisfy your request.
How we use the personal information we collect
As a general principle, and in accordance with our statutory obligations, personal information is only used for the primary purpose(s) for which the information was collected or any secondary purpose that is related to the primary purpose for which you would reasonably expect us to use the collected information or as otherwise permitted by law.
We will take reasonable steps to make you aware of the purpose(s) for which the personal information collected may be used at or before the time of collection.
We may use personal information collected about an individual for one or more of the following purposes:
We may also use personal information collected about an individual to assist us in complying with our regulatory and statutory obligations in relation to the research we undertake and the services we provide (including the 1800 My Options service).
We may use the information we collect to mark, on a publicly accessible map online, the locations of service providers and health practitioners who have agreed to provide their address details to us.
To whom we may disclose your personal information
We may disclose personal information we collect from and about individuals to third parties but only on an as-needs basis and in order to facilitate the fulfilment of one or more purposes for which we collected the personal information, or any secondary purpose related to the primary purpose for which we may be permitted to disclose such information by law.
Personal information collected about an individual may be shared with a health practitioner or a service provider in the event a referral of the individual is made by us.
Personal information about a health practitioner or service provider may be shared with a woman requesting a referral from us.
We may also disclose personal information to any of the following groups:
We may also disclose personal information (including sensitive information) about an individual to other persons authorised by the individual, but only with the consent of the individual concerned.
We may also disclose personal information (including sensitive information) about an individual when required by law or court order, or other governmental order or process to disclose, where we believe in good faith that the law compels us to so disclose the information.
Additionally, we may disclose personal information (including sensitive information) where we are required to do so as a result of any obligations we owe under any contract.
We may disclose personal information such as an individual’s IP address and other information collected from visits to our website or through other online interactions by individuals with us in cooperation with Internet service providers to identify users, if we deem it necessary to do so in order to comply with relevant laws.
We may disclose personal information if it is reasonably necessary to do so in order to identify, contact or bring legal action against someone whom we suspect or know is causing harm to, or interference with services we supply, our information technology systems and equipment, or to our property.
Personal information about individuals we have collected may be disclosed to third parties in the event there are discussions or negotiations concerning a merger of us with another organisation.
Where we engage third parties to provide products and/or services to us or to users of our services on our behalf, those third parties may have access to personal information (including sensitive information) that we hold about individuals. We generally do not authorise those third parties to use any personal information we may disclose or allow the third parties to access to use or disclose such personal information for any purpose other than to facilitate the completion of their obligations they owe to us.
Without limiting the foregoing, we may disclose individuals’ personal information to our advisers, including (but not limited to) auditors, financial services and insurance companies, and to our professional advisers (such as our legal and accounting advisers) for them to complete their obligations owed to us under agreements that we have entered into for the purpose of undertaking or furthering our business operations and activities.
In addition, we may disclose de-identified statistics regarding the users of our services to reputable third parties and to the Government primarily for the purpose of assisting us to improve our service offering and to meet our contractual obligations owed to the Government.
We use Survey Monkey (which is based in the United States of America) to assist in the provision of our services to collect personal information. By using our online forms to provide us with personal information, you agree to our use of Survey Monkey to collect personal information from you.
You have the right to inform us that you do not wish for us to send information to you other than for the primary purpose for which the information was collected. We will always attempt to ensure that our disclosure of personal information to other parties is carried out in a manner that does not personally identify individuals, to the extent that it is practicable and lawful to do so.
We may directly market us and the services we offer to an individual on the basis that the individual would reasonably expect us to do so, where we have already collected the individual’s personal information.
Where we collect information about an individual from a party other than that individual, we will not use that information to directly market to that individual unless that individual provides us with consent (either express or implied).
In directly marketing our products and services, we will comply with other laws relevant to marketing, including the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and the Competition and Consumer Act 2010 (Cth) (including the Australian Consumer Law).
All direct marketing communications which we send will include an easy opt-out procedure if at any time you wish for us to stop sending you marketing communications.
We strive to ensure the security of personal information we collect and hold. We take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.
We regularly review and update our physical and data security measures in light of current technologies. Unfortunately, no data transmission over the Internet or over mobile data and communications services can be guaranteed to be totally secure.
In addition, our employees and contractors who provide services related to our information systems and who have access to personal information we collect and hold are obliged to respect the confidentiality and privacy of any personal information we hold.
Quality of the personal information we hold
We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy of the information we hold largely depends on the accuracy of the information supplied to us or which we collect. If at any time you discover that any information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please contact us to correct the information.
Accessing and correcting personal information we hold
Where we hold personal information about an individual, that individual is entitled at any time (upon request) to access the personal information we hold about that individual.
Where we receive a request to access the personal information we hold about an individual, we will respond within a reasonable period of time. Unless it is unlawful or impracticable for us to do so, we will generally provide access to the requested information in the manner requested.
Please note that we are entitled, under the relevant law, to charge a reasonable administrative fee to cover our costs incurred in providing access to the personal information we hold about an individual.
Please also note that we reserve the right to verify the identity of the person making an access request, to ensure that we are not inadvertently disclosing personal information to an individual not entitled to access such information.
Further, we reserve the right to redact the information we make available in response to an access request, to protect the privacy of other individuals.
We may from time to time refuse to provide access to the information we hold about an individual, in accordance with the relevant law. Where we refuse access, we will explain the reasons for refusal in writing and provide details in relation to the relevant complaint process.
As noted above, we take reasonable steps to ensure that the information we collect, hold, use and disclose about an individual is complete, up-to-date and accurate. However, if at any time you believe that personal information we hold about you is incorrect, incomplete, outdated or inaccurate, you have the right to request that we amend such personal information. If we refuse the correction requestion, we will provide written reasons and information about the complaint process should you not be satisfied with our reasons.
Where information about you is incorrect and the information has previously been disclosed to third parties, we will take reasonable steps to notify third parties of the correction.
Lodging a complaint
If you wish to complain about an alleged breach of the privacy of your personal information, the complaint should be made in writing to us and addressed to the attention of our privacy officer. The details of our privacy officer are set out below.
We will promptly acknowledge receipt of your complaint and we will endeavour to deal with your complaint and to provide you with a response within a reasonable period of time following receipt of your complaint (generally within 30 days of receipt).
Where a complaint requires a more detailed investigation, it may take longer to resolve. If this is the case, then we will provide you with progress reports.
We will verify your identity and seek (where appropriate) further information from you in connection with your complaint.
Where required by law, we will provide our determination on your complaint to you in writing.
Please note that we may refuse to investigate or to otherwise deal with a complaint if we consider your complaint to be vexatious or frivolous.
If you are not satisfied with the outcome of your complaint, you may write to us seeking an internal review of our decision. Such internal review will be completed by an officer not previously involved in your complaint.
If you still remain dissatisfied following the outcome of our internal review, you may escalate the complaint to the Office of the Australian Information Commissioner.
In relation to any query, concern or complaint about how we comply with our privacy obligations, please direct such communications to the following:
The Privacy Officer
Women’s Health Victoria
T: +61 3 9664 9305
Version: CYS 6986120v2 CYS