Personal information collected by Spinal Cord Injuries Australia (SCIA) is protected by the Privacy Act 1988 (Cth).
Spinal Cord Injuries Australia (SCIA) respects the privacy of its members, clients, volunteers, beneficiaries, donors, business partners, app users, and online users and is committed to safeguarding the personal information that is provided to us.
Our obligations under the Privacy Act
Online users refers to anyone that accesses the SCIA website: http://scia.org.au.
App Users refers to any user of the apps associated with the Wheelchair Book & Ride service provided by SCIA. This includes, but is not limited to, customers, drivers and vehicle owners.
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.
Sensitive information is information or opinion (that is also personal information) about an individual’s racial or ethnic origin, religious beliefs or affiliations, membership of a professional or trade association, criminal record or health information that is also personal information.
Overview of SCIA’s Programs and Services
SCIA provides support, information and resources for people with a spinal cord injury at every stage of their life journey. SCIA’s focus is to get people ‘back on track’ following a spinal cord injury – finding solutions to obstacles that may arise and providing information and resources to ensure people with a spinal cord injury remain actively involved in personal, social and vocational activities. SCIA’s services encompass all of life, from hospital to home to workplace, and the organisation strives to develop programs to educate and support the SCI community. In carrying out this mission SCIA engages volunteers and employees and receives donations, funding and support from members of the community, corporations, groups and governments. In addition to the services which we provide from funds donated by the public and corporations, SCIA also holds contracts to deliver State and Commonwealth government programs. In providing such services, we comply with the relevant state or national privacy principles and any additional obligations under the contract.
Confidentiality practices of SCIA
Any personal or sensitive information obtained from an individual will be regarded as confidential and will not be used for any purpose other than that for which it has been given. Employees of SCIA understand their obligations for privacy and confidentiality and have signed a Staff Code of Conduct which states the confidentiality obligations under their employment contract with SCIA.
Who does SCIA collect personal and sensitive information from?
SCIA collects personal and sensitive information from members, clients, volunteers, beneficiaries, donors, business partners, app users, and online users. The nature and extent of personal and sensitive information collected varies depending on the particular interaction with SCIA.
What are the types of information SCIA collects?
SCIA will only collect personal and sensitive information that is directly relevant to a service of SCIA and for the purposes of delivering our services in an efficient and timely manner. This information may include:
Does SCIA use Government related identifiers?
If an individual has an identification number assigned from a government agency, SCIA will ensure that this identification is not used in the collection of personal information. An example of an identification number could be a Medicare number, Centrelink reference number or Passport number. This will ensure that an identification number will not be used to jeopardise privacy by enabling personal information from different sources to be matched and linked in ways that an individual may not agree with or expect. There are exceptions to this rule, namely if SCIA needs to verify the identity or verify that the individual is who or what they claim to be, for example to verify their name and age and it hasn’t been possible to obtain this information through other disclosures of personal information.
What does SCIA do with unsolicited personal or sensitive information?
If SCIA obtains unsolicited information that has not come from the individual or that is not contained in a Commonwealth record, we will ensure that the individual is aware of the receipt of this information and if the individual decides that they do not wish SCIA to have this information, SCIA will as soon as practicable destroy the information or ensure that the information has been de-identified.
How does SCIA collect personal and sensitive information?
Where possible, we collect your personal and sensitive information directly from you. If you feel that the information that we are requesting via any of the channels noted above, is not information that you wish to provide, please feel free to raise this with us.
In some situations we may obtain personal information about you from a third party source. If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purposes for which we are collecting your personal information and the organisations to which we may disclose your information, subject to any exceptions under the Privacy Act. For example, we may collect information about you from a health care professional, such as your doctor or social worker.
How does SCIA gain your consent?
The collection of sensitive information requires consent from you. Consent can mean ‘express consent’ or ‘implied consent’. There are four elements of consent to consider including:
SCIA will not use sensitive information beyond the consent provided by you, unless your further consent is obtained or is in accordance with one of the exceptions (see following) under the Privacy Act or in compliance with another law. If SCIA uses your health information for research or statistical purposes, it will be de-identified if practicable to do so.
Exceptions under the Privacy Act to which consent is not required when collecting sensitive information
How does SCIA use and manage personal and sensitive information collected?
SCIA will only use and manage personal and sensitive information for the purposes for which it has been given to us, or for purposes which are related to one of our functions or activities. Specifically SCIA will use and manage personal and sensitive information to:
Wheelchair Book & Ride Apps
Personal and sensitive information is managed in the Wheelchair Book & Ride apps as follows:
Does SCIA disclose personal or sensitive information to a third party?
We may disclose your personal or sensitive information to a third party including:
SCIA will not disclose an individual’s personal or sensitive information to a third party unless one of the following applies:
Can an individual be anonymous or use a pseudonym?
Users of SCIA’s services do have the option if they wish, to not identify themselves or to use a pseudonym when using a service but clients should be aware that this may have an impact on the ability of SCIA to provide a service to the client.
Will personal information be used for the purpose of direct marketing?
Personal information held by SCIA will not be used for the purpose of direct marketing (undertaken by SCIA through mail or email for example) unless the individual has given consent and would reasonably expect that their personal information may be used for direct marketing. If personal information is used by SCIA for direct marketing, the individual will always be given the option to ‘opt out’ of receiving any correspondence.
How does SCIA keep personal information secure?
SCIA takes reasonable steps to protect the personal and sensitive information we hold against misuse, interference, loss, unauthorised access, modification and disclosure. These steps include password protection for accessing our electronic IT systems, securing paper files in locked cabinets and physical access restrictions. Only authorised personnel are permitted to access these details. When the personal information is no longer required, it will be destroyed in a secure manner, or deleted according to our Records Disposal Policy.
No location information used by the Wheelchair Book & Ride apps is stored in our systems, other than that associated with timestamps, such as locations when bookings are accepted and completed. This information is required to keep an accurate record of all journeys made using the Wheelchair Book & Ride service. All other location information is used in real time to facilitate journeys only.
How does SCIA maintain accurate and quality personal and sensitive information?
SCIA will undertake regular reviews to ensure that the personal information held on an individual is accurate, up to date, complete and relevant at the time it is to be used or disclosed.
How can individuals get access to and make corrections of their personal information?
If an individual requests access to the personal information we hold about them, or requests that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes. Requests for access and/or correction should be made to the Privacy Officer. For security reasons, you will be required to put your request in writing and provide proof of your identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is not undermined. We will take all reasonable steps to provide the information requested within 14 days of your request. In situations where the request is complicated or requires access to a large volume of information, we will take all reasonable steps to provide access to the information requested within 30 days.
If an individual is able to establish that personal information SCIA holds about her/him is not accurate, complete or up to date, SCIA will take reasonable steps to correct our records.
Access will be denied if:
If we deny access to information we will set our reasons for denying access. Where there is a dispute about your right of access to information or forms of access, this will be dealt with in accordance with the complaints procedure set out below.
What is the complaint process if a breach of privacy has occurred?
If you have a complaint about SCIA’s privacy practices or our handling of your personal and sensitive information please contact our Privacy Officer. This could include matters such as how your information is collected or stored, how your information is used or disclosed or how access is provided to your personal and sensitive information.
We will aim to achieve an effective resolution of your complaint within a reasonable time frame, usually 30 days or as soon as is practicable.
Once the complaint has been made, we will try to resolve the matter in a number of ways such as:
At the conclusion of the complaint, if you are still not satisfied with the outcome you are free to take your complaint to the Office of the Australian Information
Commissioner at www.oaic.gov.au
How to Contact SCIA
T: 1800 819 775
Spinal Cord Injuries Australia
1 Jennifer St, Little Bay NSW 2036
PO Box 397, Matraville NSW 2036