PRIVACY POLICY STATEMENT

INTRODUCTION

The Bloomhill Cancer Care Privacy Policy explains the how, what, when and why of the personal, sensitive and health Information we may collect, hold, use and disclose when you interact with our services. We take your privacy seriously and are committed to treating your personal information in accordance with the Privacy Act 1988 (Cth) (the Act), its Australian Privacy Principles (APP’s) and other relevant State and Territory laws that govern the use of Personal Information.

Bloomhill is committed to open and transparent management of Personal Information. In some situations, the APP’s do not apply (employee records and other sensitive information) however Bloomhill has made a governance decision to comply with the APP requirements where possible, even though exemptions may apply.

This privacy policy applies to the collection of information from employees, volunteers, board members, members, contractors, suppliers, clients, donors and sponsors of Bloomhill Cancer Care and others who may make contact with Bloomhill. The information may be collected via the website, or by providing us with your personal information, either electronically, in writing, over the telephone or in person. In providing this information you agree to be bound by the terms and conditions of this Policy, the Acts or other applicable laws of Australia.

ABOUT US

We have supported the Sunshine Coast Community for over 21 years and provide a range of services to our clients. We have staff and volunteers who care for, and support people from all walks of life who have had a cancer diagnosed, including older people, people with a disability, children, families and Indigenous people.

DEFINITIONS

Us and You: When we say ‘us’, ‘we’ or ‘our’ in this statement, we mean Bloomhill Cancer Care and our services. When we say ‘you’ or ‘your’, we’re referring to all of the people or entities that use our services, engage with Bloomhill services and events, provide services to Bloomhill or visit our websites.

Privacy Statement: Our privacy policy, written in accordance with the Act, details the ways we collect, use, disclose manage and dispose of Personal Information.

Personal Information

Personal information: Information or opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether the information or opinion is recorded in a material form or not. Examples of Personal Information are:

  • Contact details including name, address, phone number, email address, date of birth, signature, police checks, blue cards, pensioner or concession details, Medicare, Veteran’s Affairs and health fund details, emergency contacts and gifts and donation amounts.
  • Credit card numbers, bank account details and business details in order to process payments, fees for services, payments for products and donations.

Sensitive information: Is a subset of Personal Information, attracting a higher level of protection under the Act. It includes health, genetic and biometric information as well as information about race or ethnic origin, political opinions, membership of political parties, sexual orientation and criminal record.

Health information: Is information or an opinion about an individual’s physical or mental health or disability, health preferences including future provision of health services and use of health services.  In order to provide appropriate support to its clients on their cancer journey Bloomhill will ask their consent to collect and maintain health information such as health status, diagnosis, test results and cancer treatment as well as contact details of treating doctors.  Health and other sensitive information is collected in accordance with rules established by professional health bodies that deal with obligations of professional confidentiality which bind the organisation.

 

YOUR INFORMATION

1. Why We Collect Information

We collect Personal Information so that we can provide you with the most appropriate services. We only collect Personal and other sensitive Information necessary for our functions and activities. It is your decision as to what information you provide, however, if you fail to provide us with all information we request, we may be limited in the services we can provide for you. All information we obtain is held securely.

If you are a Bloomhill donor or sponsor, or decide to support Bloomhill Cancer Care, we may ask you for further information in order to contact you again about the work of our organisation, to inform you about wellness services available, upcoming events, functions and appeals and to thank you for your support. You may Opt Out or unsubscribe from Bloomhill mailing lists at any time. If you do not wish to receive general notifications but are a regular donor, you can request to be marked as ‘no mail’ on the database.

If you are a contractor, vendor or supplier to Bloomhill, personal and business information will be collected to allow normal business processes to take place. This information may include name, address for payment, contact information, bank account details to allow for electronic payment of accounts, and Australian Business Number.

If you’re applying for employment with Bloomhill, Personal Information will be collected in relation to your application.

2. Information Collected by Our Websites

When you visit our website, we do not try to identify you or collect Personal Information. However, you might choose to provide your Personal Information when you complete an online form or make an enquiry via the ‘contact us’ page. Our websites take every precaution to protect Personal Information collected and measures are in place to protect the loss, misuse and alteration of this information (see the Security section of this policy).

To help us keep our websites working optimally, our sites may collect statistics about visits, such as how many people visit our sites, the user’s IP address, which pages people visit, the domains our visitors come from and which browsers they use. This information will not be used to identify you.

Cookies: Our websites may collect ‘cookies’ when you access them. Cookies identify your IP address and browser type, but not your Personal Information. Whilst cookies enable better website functionality, you can choose to reject them if you wish.

Third Party Links: Our websites may contain links to other websites that are not ours. These sites are not subject to our privacy policy, and we are not responsible for the content of these websites or the privacy practices of these sites.

Law Enforcement: It is also important to know that we may, at times, be obliged by law to allow law enforcement agencies and other government agencies with relevant authority, to inspect our IP logs.

3. How We Collect Your Information

In most cases, we collect your Personal, Sensitive and Health Information from you directly (unless you are unable to provide the information). This may be by phone, mail, email, application forms, administrative and financial forms, client admission forms and interviews or when a complaint is lodged with us. Personal information is also collected from the website if you fill in a contact form, make an online donation, register for an event or send an email.

We endeavour to gain your consent, whether expressed or implied, prior to obtaining your Personal Information. Once you have provided your consent, you are able to withdraw it at any time by contacting us. However, please understand that by withdrawing your consent, we may not be able to provide you with the services you require.

If we are unable to collect Personal Information from you directly, we may obtain further information from a third party, such as:

  • An authorised representative (e.g. your legal adviser).
  • A health service provider (e.g. order prosthetics).
  • A family member (e.g. a complaint).
  • Other sources where necessary to provide services.

4. Anonymity and use of Pseudonyms

If you choose, you can deal with us anonymously or use a pseudonym (as long as that does not contravene legal requirements). However, in order for us to provide you with the best service, we will need to know your personal details. That way we will be able to work with other providers and apply relevant concessions such as Insurance Funds, Pharmaceutical Benefits etc.

5. How We Use and Disclose Your Information

The Act allows an organisation to use or disclose your personal information for the reason they collected it (the primary purpose), including for direct marketing activities.

There are some examples of exceptions to this including

  • You have consented to the use of your Personal Information for another purpose.
  • Your Personal Information is used or disclosed for another related purpose.
  • In relation to your Sensitive Information, the other purpose is directly related to the reason it was collected.
  • We are required or authorised by law to disclose your information for another purpose.
  • The use or disclosure is otherwise permitted by the Act.

Here are some examples of how your Personal Information may be used and disclosed:

  • Enabling better co-ordination between us and other providers involved in your care and treatment.
  • Providing information to a responsible person (e.g. a parent, guardian, spouse) if you are incapable or cannot communicate, unless you have requested that we do not disclose your health information;
  • Management, funding, service monitoring, planning, evaluation and complaint handling, insurer or legal services;
  • Quality assurance processes, accreditation, audits, risk, client / patient satisfaction surveys and staff education and training;
  • Invoicing, billing and account management;
  • Undertaking customer surveys, customer and market research;
  • Compiling or analysing statistics relevant to public health and safety e.g. reporting a notifiable disease;
  • Provision of reminders for appointments or follow-up care;
  • Informing you about support services options available to assist you;
  • Inviting you to participate in events and fundraising; and
  • Inclusion in research undertaken by us (use of your Personal Information for health-related research is subject to approval by a registered Human Research Ethics Committee which is governed by National Health and Medical Research Council Guidelines).

6. Marketing and Fundraising

We are an organisation focussed on community outcomes. We strive to continually improve and offer the best and most relevant services and support to you and the communities we serve. When you become a client, customer, contractor, employee, volunteer, supplier, sponsor or donor of Bloomhill, we may use your Personal Information for direct marketing or fundraising purposes, in accordance with the Act. This means from time to time we may contact you with marketing or fundraising materials either by email, mail, SMS, telephone or targeted online advertising or online behavioural marketing.

You may Opt Out or unsubscribe from Bloomhill mailing lists or direct marketing emails at any time. If you do not wish to receive general notifications but are a regular donor, you can request to be marked as ‘no mail’ on the database.

7. Unsolicited Information

If we receive unsolicited Personal Information, we will make an assessment as to whether we could have collected the Personal Information from you ourselves. If we could not, we will destroy it or de-identify it as soon as it is lawfully and reasonably possible to do so. This can be affected by the options available to us and the resources and costs of taking such action.

8. Accessing and Correction of Your Information

Legislation: The Act protects Personal Information that is held by relevant organisations. It regulates how we collect, use, disclose and store Personal Information including sensitive information, and how you may access and correct your Personal Information that we hold. In some situations the APPs do not apply (employee records and other sensitive information) however Bloomhill has made a governance decision to comply with the APP requirements where possible, even though exemptions may apply.

If you would like to see your information that we hold, you can ask us by writing to the relevant service. These requests can be limited by exceptions permitted by law, and you may be charged a reasonable fee for us providing this information. We will let you know the fee when you submit your request.

We always aim to keep the most accurate, complete, up-to-date and relevant Personal Information. However, if you seek correction of any Personal Information that we hold, please contact us by applying in writing to the relevant service. If we cannot change your information we will let you know why. There is no charge for requesting the correction of your Personal Information.

9. Other Times and Ways We Collect, Use and Disclose Information

Contractors: When we outsource services or hire contractors to perform professional services, they are required to comply with the requirements of the Act, other relevant legislation and our Privacy Policy.

Closed Circuit Television Surveillance (CCTV): We may use CCTV to maintain the safety and security of customers, visitors, staff and property. These systems may but not always, collect and store personal information.

10. Employee, Volunteer and Job Applicants’ Personal Information

Employees Information: The Fair Work Act 2009 requires all employers to keep certain personal information about employees in their employee records. Personal information held by an employer, relating to someone’s current or former employment, isn’t covered by the Australian Privacy Principles, but only when used by the employer directly in relation to their employment. As a best practice employer, Bloomhill will apply the APP’s requirements where possible, even though exemptions may apply.

Employee information is collected in a variety of ways, including, but not limited to, the employment application form, submitted resumes, reference checks, terms and conditions of employment, taxation, banking and superannuation information, performance feedback, complaints, incidents or accident reports, police checks and when you provide personal or sensitive information either in person, over the phone or by email.

Job Applications: An applicants’ Personal Information is only collected to help us assess (and if successful) engage the applicant. This information is then held to satisfying legal obligations, and is used to manage the individual’s employment, insurance, and contact information. We may store information about an unsuccessful applicant for the purpose of future recruitment. Personal information about unsuccessful job candidates will be held in accordance with the Act and the APP’s.

Volunteer Records: Records of Personal Information collected and held by us in relation to Bloomhill volunteers will be managed in accordance with the Act and the APPs.

11. Public Health and Safety Concerns

From time to time, Queensland Health may require businesses to keep a register of contact details for all attendees on our premises to assist with contact tracing or disease management in order to prevent the spread of a communicable disease (Covid-19, Influenza, etc) and fulfil our work health and safety obligations. Information is collected by either hard copy or an electronic record.  Bloomhill fully complies with the Australian Privacy Principles in this regard and follows the recommendations outlined by Queensland Health.

COVID-19 Information Collection: Queensland Health requires businesses keep a register of contact details for all attendees on their premises to assist with contact tracing in the event of an outbreak of COVID-19.  This is done in either hard copy or electronic.  Bloomhill fully complies with the Australian Privacy Principles in this regard and follows the recommendations outlined by QHealth: covid19.qld.gov.au

12. Information Security

Information security is a high priority for us. We have strong policies and procedures in place, and we take all reasonable steps to keep the Personal Information you provide us secure and protected from misuse, interference and loss, as well as unauthorised access, modification or disclosure. Our security measures include but are not limited to:

  • Training provided to all staff, volunteers and contractors about their obligations for Personal Information Privacy;
  • Requiring staff to use passwords when accessing our systems;
  • Employing firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses entering our systems;
  • Using dedicated secure networks or encryptions when we transmit electronic data; and
  • Providing secure storage for physical records.

Overseas Disclosure: If we disclose Personal Information to an overseas recipient, we will only do so in circumstances where we comply with the Act.

Use of Cloud-based Storage: In the course of managing our services, we use cloud technology for the purpose of storing our information. All contracts with service providers limit their handling of Personal Information to only what is required. There are also strict security measures in place.

When information we hold is identified as no longer needed for any purpose, we ensure it is permanently de-identified, deleted or effectively and securely destroyed.

Questions or Concerns

If you have any questions or concerns about Personal Information Privacy, would like to correct your Personal Information or you wish to make a complaint about a breach of the Act at any time, please get in touch. We take your privacy very seriously, so we are always ready to listen. If you are not happy with the way we collect, use, and hold or disclose your information you are welcome to lodge a complaint.

To do so, please contact:

Bloomhill Cancer Care, 58 Ballinger Road, Buderim QLD 4556

Postal: PO Box 319, Buderim, QLD 4556

Telephone: 07 5445 5794

Email: admin@bloomhill.com.au

Policy Statement Currency

This Privacy Policy Statement may be updated from time to time.

References

Australian Government. Privacy Act 1988 (Cth) Privacy Act 1988 (legislation.gov.au)

Australian Charities and Not-for-profits Commission – Managing People’s Information and Data.

Justice Connect. (2022). Privacy Guide – A guide to complying with Privacy laws in Australia.  (nfplaw.org.au)

Fair Work Ombudsman. Workplace privacy – Best Practice Guide. (fairwork.gov.au)

Australian Government – Guide to developing an APP privacy policy – (oaic.gov.au)