From time to time Hunter Podiatry Services is required to collect, hold, use and disclose personal information relating to individuals (including, but not limited to, its customers, contractors, suppliers and employees) in the performance of its business activities.
This document sets out the Hunter Podiatry Services’ policy about the protection of personal information, as under the Privacy Act 1998 (Cth) the (“Act”) and the Australian Privacy Principles (“APP”).
What is Personal Information?
Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can reasonably be ascertained, from the information or opinion.
This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.
An employee record is a record of personal information relating to the employment of an employee. Examples of personal information relating to the employment of the employee include, but are not limited to, health information and information about the engagement, training, disciplining, resignation, termination, and terms and conditions of employment of the employee. Please see the Act for further examples of employee records.
Kinds of information that Hunter Podiatry Services collects and holds
Hunter Podiatry Services collects personal information that is reasonably necessary for one or more of its functions or activities.
The type of information that Hunter Podiatry Services collects and holds may depend on your relationship with them. For example:
Candidate: if you are a candidate seeking employment with Hunter Podiatry Services, they may collect and hold information including your name, address, email address, contact telephone number, gender, age, employment history, references, resume, medical history, emergency contact, taxation details, qualifications and payment details.
Customer: if you are a customer of Hunter Podiatry Services, they may hold on to the following information: your name, address, email address, contact telephone number, gender and age.
Supplier: if you are a supplier of Hunter Podiatry Services, the information held may include your name, address, email address, contact telephone number, business records, billing information, and information about goods and services supplied by you.
Referee: if you are a referee of a candidate being considered for employment by Hunter Podiatry Services, the information collected and held may include your name, contact details, current employment information and professional opinion of the candidate.
Hunter Podiatry Services will only collect sensitive information where you consent to the collection of the information, and the information is reasonably necessary for one or more of Hunter Podiatry Services’ functions or activities. Sensitive information includes, but is not limited to, information or an opinion about the racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preferences, criminal record, health information or genetic information.
How Hunter Podiatry Services collects and holds personal information
Hunter Podiatry Services must collect personal information only by lawful and fair means. Hunter Podiatry Services will collect personal information directly from you if it is reasonable or practicable to do so.
Hunter Podiatry Services may collect personal information in some ways, including without limitation:
(a) through application forms;
(b) by email or other written mechanisms;
(c) over a telephone call;
(d) in person;
(e) through transactions;
(f) through our website;
(g) through surveillance camera;
(h) by technology that is used to support communications between us;
i) through publicly available information sources (which may include telephone directories, the internet and social media sites);
ii) direct marketing database providers;
When Hunter Podiatry Services collects personal information about you through publicly available information sources, it will manage such information in accordance with the APPs.
At or before the time or, if it is not reasonably practicable, as soon as practicable after, Hunter Podiatry Services collects personal information, Hunter Podiatry Services must take such steps as are reasonable in the circumstances to either notify you or otherwise ensure that you are made aware of the following:
(a) the identity and contact details of Hunter Podiatry Services;
(b) that Hunter Podiatry Services has collected personal information from someone other than you or if you are unaware that such information has been collected;
(c) that collection of personal information is required by Australian law if it is;
(d) the purpose for which Hunter Podiatry Services collects the personal information;
(e) the consequences if Hunter Podiatry Services does not collect some or all of the personal information;
(f) any other third party to which Hunter Podiatry Services may disclose the personal information;
(h) whether Hunter Podiatry Services is likely to disclose personal information to overseas recipients and the countries in which those recipients are likely to be located.
Unsolicited personal information is personal information that Hunter Podiatry Services receives which it did not solicit. Unless Hunter Podiatry Services determines that it could have collected the personal information in line with the APPs or the information is contained in a Commonwealth record, it must destroy the information to ensure it is de-identified.
Purposes for which Hunter Podiatry Services collects holds, uses and discloses personal information
Hunter Podiatry Services will collect personal information if it is reasonably necessary for one or more of its functions or activities.
The main purposes for which Hunter Podiatry Services may collect, hold, use and disclose personal information may include but are not limited to:
(a) recruitment functions;
(b) customer service management;
(c) training and events;
(d) surveys and general research; and
(e) business relationship management.
Hunter Podiatry Services may also collect, hold, use and disclose personal information if you consent or if required or authorised by law.
(a) Hunter Podiatry Services may use or disclose personal information (other than sensitive information) about you for direct marketing (for example, advising you of new goods and services being offered by Hunter Podiatry Services).
(b) Hunter Podiatry Services may use or disclose sensitive information about you for direct marketing if you have consented to the use or disclosure of the information for that purpose.
(c) You can opt out of receiving direct marketing communications from Hunter Podiatry Services by contacting the Privacy Officer in writing or if permissible accessing Hunter Podiatry Services’ website and unsubscribing appropriately.
Disclosure of Personal Information
Hunter Podiatry Services may disclose your personal information for any of the purposes for which it is was collected, or where it is under a legal duty to do so.
Disclosure will usually be internally and to related entities or third parties such as contracted service suppliers.
Before Hunter Podiatry Services discloses personal information about you to a third party, Hunter Podiatry Services will take steps as are reasonable in the circumstances to ensure that the third party does not breach the APPs about the information.
Access to personal information
If Hunter Podiatry Services holds personal information about you, you may request access to that information by putting the request in writing and sending it to the Director. Hunter Podiatry Services will respond to any request within a reasonable period, and a charge may apply for giving access to the personal information.
There are certain circumstances in which Hunter Podiatry Services may refuse to grant you access to the personal information. In such situations, Hunter Podiatry Services will give you written notice that sets out:
(a) the reasons for the refusal; and
(b) the mechanisms available to you to make a complaint.
Correction of personal information
If Hunter Podiatry Services holds personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading, it must take steps as are reasonable to correct the information.
If Hunter Podiatry Services holds personal information and you make a request in writing addressed to the Director to correct the information, Hunter Podiatry Services must take steps as are reasonable to correct the information and respond to any request within a reasonable period.
There are certain circumstances in which Hunter Podiatry Services may refuse to correct the personal information. In such situations, Hunter Podiatry Services will give you written notice that sets out:
(a) the reasons for the refusal; and
(b) the mechanisms available to you to make a complaint.
If Hunter Podiatry Services correct personal information that it has previously supplied to a third party and you request us to notify the third party of the correction, Hunter Podiatry Services will take such steps as are reasonable to give that notification unless impracticable or unlawful to do so.
Integrity and security of personal information
Hunter Podiatry Services will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that it collects is accurate, up-to-date and complete.
Employees must take steps as are reasonable in the circumstances to protect the personal information from misuse, interference, loss and unauthorised access, modification or disclosure.
Employees must report any incident or suspected incident where personal information could be used for malicious intent or is likely to result in serious harm to any individual affected (Data Breach) to the Privacy Officer as soon as reasonably practicable and no later than 24 hours after becoming aware of the Data Breach.
Examples of a Data Breach include:
(a) Lost or stolen laptops or tablets;
(b) Lost or stolen mobile phone devices;
(c) Lost or stolen USB storage devices;
(d) Lost or stolen paper records or documents containing personal information relating to the Employer’s customers or employees;
(e) Employees mistakenly providing personal information to the wrong recipient (e.g. payroll details to wrong address);
(f) Employees providing confidential information to the Employer’s competitors;
(g) Credit card information lost from insecure files or stolen from garbage bins;
(h) Where a database has been “hacked” to illegally obtain personal information; and
(i) Any incident or suspected incident where there is a risk that personal information may be misused or obtained without authority.
If you are aware of, or reasonably suspect a Data Breach, please contact the Director to report the Data Breach.
If Hunter Podiatry Services holds personal information and it no longer needs the information for any purpose for which the information may be used or disclosed and the information is not contained in any Commonwealth record and Hunter Podiatry Services is not required by law to retain the information, it will take such steps as are reasonable in the circumstances to destroy the information or to ensure it is de-identified.
Anonymity and Pseudonymity
Individuals have the option of not identifying themselves or using a pseudonym when dealing with Hunter Podiatry Services about a particular matter. This does not apply:
(a) where Hunter Podiatry Services is required or authorised by or under Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
(b) where it is impracticable for Hunter Podiatry Services to deal with individuals who have not identified themselves or who have used a pseudonym.
However, in some cases, if an individual does not provide Hunter Podiatry Services with the personal information when requested, Hunter Podiatry Services may not be able to respond to the request or provide the individual with the goods or services that they are requesting.
Individuals have a right to complain about Hunter Podiatry Services’ handling of personal information if the individual believes Hunter Podiatry Services has breached the APPs.
Individuals who are dissatisfied with Hunter Podiatry Services’ response to a complaint may refer the complaint to the Office of the Australian Information Commissioner.