Respecting your privacy

Accoras Limited (ABN 21 510 905 907) (“Accoras”) is dedicated to protecting the privacy of your Personal Information. We confirm our compliance with the Privacy Act 1988 (Cth) (“the Act”). This Policy sets out the types of Personal Information we collect, the purposes for which we collect it and how we hold, use and disclose Personal Information. By donating, fundraising, volunteering, submitting a website form, using one of our service offerings or providing your Personal Information to us, you agree to the terms of this Policy.

The purpose of this Policy is to ensure that Accoras manages all Personal Information compliant with the Australian Privacy Principles (“APPs”), found in schedule 1 of the Act, and ensuring that individuals’ privacy is protected.

The policy also describes how you can access or correct information we hold about you, how you can ask further questions or make a complaint. We will update this privacy policy when our information handling practices change. Updates will be published on our website.

Definitions

Privacy: The right for people (clients, participants, employees and stakeholders) to be able to control who can see or use data or information relating to them.

Personal Information : Any information or an opinion about an identified individual, or an individual who is reasonably identifiable, including indirectly identifiable information such as metadata or behavioural date:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not

Common examples are an individual’s name, signature, address, telephone number, date of birth, Health information and medical records, bank account details, employment details and commentary or opinion about a person. This also includes metadata, and biometric information used for verification.

Sensitive Information: A subset of Personal Information and is defined as:

Information or an opinion (that is also Personal Information) about an individual:

  • racial or ethnic origin
  • political opinions
  • membership of a political association
  • religious beliefs or affiliations
  • philosophical beliefs
  • membership of a professional or trade association
  • membership of a trade union
  • sexual preferences or practices
  • criminal record
  • health information about an individual
  • genetic information (that is not otherwise health information)
  • biometric information about an individual that is used for the purpose of automated biometric verification or biometric identification
  • biometric templates

Data Breach: An incident where personal, sensitive or confidential information normally protected by effective controls is copied, sent, viewed, stolen or used by an unauthorised person or parties.

Our Policy Statement

Accoras aims to only collect the Personal or Sensitive Information it requires to carry out its functions and duties in any given instance. We maintain the confidentiality of all Personal Information and value discretion in all interactions. Personal Information will be kept secure, accurate and up to date. When you register as a client in our programs, you provide consent for Accoras to access and use your Personal Information so they can provide you with the best possible outcomes.

Accoras’ practices meet the standards as set out in the APP’s and complies with the Act. The information collected is used to provide services in a safe and healthy environment with individual requirements, to meet duty of care obligations, to initiate appropriate referrals and to conduct business activities to support those services. We take all reasonable steps to protect your Personal Information and together with a strong technical defence we have coupled this with continuing training of all relevant personnel in the handing of this Personal Information.

Protecting Personal Information (including Sensitive Information) from misuse, interference and loss, as well as unauthorised access, modification or disclosure is considered extremely serious by Accoras. Anyone with access to Personal Information must ensure they only access records, data or information directly relevant to their role and scope of responsibility.

What if you want to interact with us anonymously or use a pseudonym?

If you have general enquiry questions, you have the right to choose to do this anonymously or use a pseudonym. Be aware, we might not always be able to interact with you this way as we are often governed by strict regulations that require us to know who we’re dealing with. In general, we won’t be able to deal with you anonymously or where you are using a pseudonym when:

  • it is impracticable; or
  • we are required or authorised by law or a court/tribunal order to deal with you personally.

How we collect your Information

Collecting Personal Information

We collect Personal Information about you directly from you – this can be in person, in documents you give us, from telephone calls, emails, interaction with our website, online forms software we use such as Vision6 or Microsoft Forms or from other interactions you undertake with us.

All Accoras employees, contractors, volunteers and Board members must ensure that:

  • Personal Information should only be collected when necessary for Accoras’ business purposes;
  • Personal Information is only collected where it is relevant and directly related to the purpose for which it is being collected;
  • You have expressly authorised and consented to the collection of the Personal Information.

We may also collect your Personal Information from third parties including public sources, GPs, external psychologists, social workers, guidance officers, schools, government agencies such as child safety, non-government agencies, other community not-for-profits.

We may collect Personal Information from our publicly available website: http://www.accoras.org.au, which is hosted in Australia. There are a number of ways which we collect information through this website including various online tools, such as Google Analytics – a website analytics tool.

Google Analytics

Accoras uses Google Analytics as a website analytics tool to collect data about how you interact with the Accoras website, including:

  • device IP address (collected and stored in an anonymised format);
  • search terms and pages visited on the Accoras website;
  • date and time when pages were accessed;
  • downloads, time spent on page and bounce rate;
  • referring domain and out link if applicable;
  • device type, operating system and browser information;
  • device screen size; and
  • geographic location (city).

This information will not ordinarily be Personal Information, because you will not be identified, or reasonably identifiable from it.

Google publishes its own privacy policy – it can be accessed here:

https://policies.google.com/privacy?hl=en

Cookies

Cookies are small data files transferred onto computers or devices by websites for record- keeping purposes and to improve your website user experience.

Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing Accoras website. Please note however, that some data may still be collected separately by tools such as Google Analytics, even though you may have set your browser preferences to reject all cookies.

The information collected about you using cookies will not ordinarily be your Personal Information, because you will not be identified or reasonably identifiable to Accoras from it.

Social networking services

Accoras uses Facebook, Instagram, YouTube and LinkedIn to communicate with the public about its work. When you communicate with Accoras using these services, Accoras collects the Personal Information you provide to it by engaging in that communication.

Please refer to the privacy policies of each of these services:

Facebook;
Instagram; and
LinkedIn.

Using Personal Information

All Accoras employees, contractors, volunteers and Board members must ensure that all information obtained as part of their role with Accoras is treated as confidential and managed using this Privacy Policy.

We do not sell Personal Information for marketing purposes to other organisations or allow such companies to do this. We confirm that Personal Information is only used for the purpose for which it was collected. Personal Information is not used for personal gain or shared with unauthorised individuals. We may share your Personal Information with service providers, but only with your written consent.

We may use your Personal Information to communicate with you and deal with or investigate any complaints or enquiries.

What are the other ways we use your information?

Other than our core business activities there may be other ways we use your Personal Information.

Here are some more ways we may use your Personal Information including:

  • giving you information about a program or service;
  • considering whether you are eligible for a program or service;
  • administering the program or service we provide you, which includes answering your requests and complaints, varying programs and services and managing our relevant program;
  • identifying you or verifying your authority to act on behalf of one of our clients;
  • assisting in arrangements with other organisations in relation to a program or service we make available to you;
  • allowing us to run our business and perform administrative and operational tasks, such as:
    • training staff;
    • developing and marketing products and services;
    • risk management;
    • systems development and testing, including our websites and other online channels;
    • undertaking planning, research and statistical analysis;
    • preventing or investigating any fraud or crime, or any suspected fraud or crime;
    • as required by law, regulation or codes binding us; and
    • for any purpose for which you have given your express consent.

Sharing Personal Information?

All Accoras employees, contractors, volunteers and Board members must ensure that Personal Information is only shared (disclosed) to authorised individuals or organisations where consent has been expressly acquired from you or where disclosure is permitted by law.

Who do we share your Personal Information with?

To make sure we can meet your specific needs and for the purposes described in ‘Using Personal Information’, we sometimes need to share your Personal Information with others. We may share your information with other organisations for any purposes for which we use your information.

Important: Accoras is permitted to share your Personal Information if we reasonably believe the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

Sharing at your request

We may need to share your Personal Information with:

  • your representative or any person acting on your behalf (for example, Guardians, Attorneys, Allied Health Professionals, executors; and
  • any person or organisation you have expressly given your consent for.

Storing Personal Information

Personal Information is stored securely, both physically and electronically, at our premises and the premises of our service providers. The Personal Information may be stored in cloud servers which may be hosted in Australia or overseas. Where this occurs, we take all reasonable steps to prevent unauthorised access or disclosure.

We use security procedures and technology to protect the information we hold. By ensuring up to date internal policies, training and monitoring of staff in the access and use of Personal Information seeks to prevent misuse or unlawful disclosure of the information.

Where the Personal Information we collect is no longer required, we delete the information or permanently de-identify it in accordance with relevant laws.

A client may withdraw their consent to the collection of Personal Information. Accoras will do all things necessary to ensure no further collection will occur without their voluntary informed consent.

Keeping Information Accurate

We will take all reasonable steps to ensure that all information we hold is as accurate as possible. Clients are able to contact Accoras at any time and ask for its correction if they feel the information we have about them is inaccurate or incomplete.

How you can access or correct your Information

You can contact us to request access or correction if your Personal Information. In normal circumstances Accoras will give you full access to your information or make the requested corrections to your Personal Information. However, there may be some legal or administrative reasons to deny these requests. If a request is denied, Accoras will provide the reason why (if possible). Where Accoras decides not to make a requested correction to Personal Information and you disagree, you have the right to ask Accoras to make a note of the requested correction with the information.

Data Security

Accoras will maintain strong passwords for all Accoras’ computers and systems and applications. It is our policy to be cautious when using public Wi-Fi networks and avoid accessing sensitive information over such networks. We will lock computers and devices when not in use and log out of systems that contain Personal Information and implement multi-factor authentication for accessing systems containing Personal Information where applicable.

Reporting Incidents

Any data breaches will be reported to the CEO immediately and treated as an incident, with investigation occurring if required. All Accoras employees, volunteers, contractors or Board members must advise Accoras as soon as practical if they become aware that any Personal Information has or potentially has been lost or stolen.

Accoras will report any data breach where people are at risk of serious harm to the relevant funding body (if applicable) and the Office of the Australian Information Commissioner.

Do you have any Questions or Complaints?

A client has the right to ask questions or make complaints regarding a breach of this Privacy Policy including the way in which Accoras has collected, held, used, disclosed, kept or given access to Personal Information. The complaint should be directed to:

Please write to:

The Privacy Officer
Accoras
PO Box 6231
Upper Mount Gravatt QLD 4122

or phone on 07 3255 6555.

Or via the Accoras website: https://www.accoras.org.au/contact-us/

Please mark communications to the attention of the Privacy Officer.

Accoras must respond, within 30 days, to advise who will be handling the matter and when they can expect a further response.

If the concerns are not resolved to the client’s satisfaction, they may contact Accoras to discuss further or either party can refer the complaint to the Office of the Australian Information Commissioner (OAIC) who can be contacted here:

Phone: 1300 363 992
Post: GPO Box 5288
Sydney NSW 2001
Fax: +61 2 6123 5145

Online: http://www.oaic.gov.au/privacy

Email: enquiries@oaic.gov.au

Availability of Privacy Policy

A copy of the Privacy Policy (this document) is available from us free of charge. It is easily downloaded here from the Accoras website or if required a copy can be emailed or posted to you.