Northcott Privacy Policy

The Northcott Society (ACN 000 022 971) (Northcott) values your privacy and takes reasonable steps to protect personal information (that is, information that identifies or may reasonably be used to identify you) received from clients, families, volunteers, employees, service providers, sponsors and community partners.

This privacy policy has been created in order to disclose Northcott's information gathering and dissemination practices.  Northcott is bound by the Privacy Act 1988 and Australian Privacy Principles as well as other applicable laws protecting privacy, including State and Territory health information legislation. 

By providing personal information to us, you consent to our collection, use and disclosure of that personal information on the terms of this Privacy Policy and any other contractual or other arrangements that apply between us (if any). 

Definitions 

Personal Information

Information or an opinion about an identified individual, or an individual who is reasonably identifiable. Examples of personal information that we collect may include: names, addresses, email addresses and phone numbers. This personal information is obtained in many ways including interviews, correspondence, by telephone and facsimile, by email, via our website and from third parties.

Sensitive Information

Information or an opinion about an individual’s: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual orientation or practices; criminal record; or health information.   

What personal information do we collect and why?

Northcott only collects personal information from you that is necessary for us to perform its functions.  The types of personal information Northcott collects, and purposes of collecting that information, include:

Providing services to clients

Northcott collects our clients, and, if required, their family members' names, addresses and other contact details, date of birth, other information about our clients' needs and circumstances (such as living or financial circumstances), records of communication and as otherwise required in order to provide our services and communicate with our clients.  Subject to Northcott obtaining the relevant individual's consent, this information may include health information about the individual including correspondence with the client's health and other service providers and other sensitive information. Digital images or videos of clients may also be collected if required for service provision. The specific information will depend on the type of service provided and it will be collected from the client before and during provision of services. 

The following responsible persons may, depending on the circumstances of a client, be treated as being able to act on a client's behalf for the purposes of this privacy policy and the collection, use and disclosure of personal information:

  • a guardian, parent, carer or other person responsible for the care of the client;
  • someone with a general Power of Attorney or a Power of Attorney which includes health-related power;
  • a person recognised under a law as responsible for any aspect of the care or welfare of the client which is relevant to something Northcott does or intends to do; and
  • a person nominated in writing by the client while the client is capable of giving consent.

Donors

When you make a donation, including via the website, Northcott collects and stores in our fundraising database your name, email address, mailing address, payment and billing details (including credit card details if relevant), and other contact information.  We will use this information to process your donation, complete your tax receipt, to send you further information about Northcott and for promotional purposes.  Northcott engages third party service providers to process online donations, and we take reasonable steps to ensure that they are bound to protect the privacy of that personal information.  

Supporters and volunteers

Northcott may collect its supporters' and volunteers' names, addresses and other contact details. We will also retain records of communication with these individuals, as well as other personal information about our current and potential supporters and volunteers. This would only be for the purpose of encouraging, recording and acknowledging their support and to communicate with them about Northcott and our activities. Supporters and volunteers may choose to have their names and addresses removed from our database by contacting us.   

Distributing publications

With an individual’s consent we collect contact details (which may include name, address, email address, and mobile phone number) when individuals interact with us in order to distribute newsletters and other communications in print and electronic form from time to time.  Recipients may choose to have their names and addresses removed from our distribution lists by contacting us. 

Conducting events

We collect contact details, donation history and other personal information, including photographs and videos, about clients and their family members, donors and other supporters who wish to join or participate in our events and programmes we conduct.  This information is used to administer these events and to promote and seek support for such events and for the activities of Northcott.  With the consent of the relevant person, this information may include health or other sensitive information.

Assisting with your queries

You may choose to provide us with your name or other contact details when you contact us so that we can respond to your requests for our newsletter or for other information about Northcott's services or operations. 

Conducting our general business activities

Northcott collects personal information about individuals who are contracted to, or are employed by, our suppliers (including service and content providers), contractors and agents for our general business operations.

Applying for a position (as a volunteer or employee) with Northcott

We may collect your personal information, including name and contact details, information about your working history and relevant records checks when you apply for a position with us in order for us to assess your suitability for that or other positions. 

Function Centre bookings

We collect contact details (which may include name, address, email address, and mobile phone number) and payment and billing details (including credit card details if relevant). The information is used to confirm your booking, contact you about your booking, complete your invoice and process your payment. 

Website use

Northcott collects aggregate, anonymous data that our websites use to analyse trends, administer the websites, diagnose problems on sites' servers, track user's movement, gather broad demographic information for aggregate use and to help improve the quality of the web pages.  Such data may include your domain name or your IP address.  None of this information can reasonably be used to identify you. 

Northcott's website uses cookies for site administration purposes. If for any reason you wish not to take advantage of cookies, you may have your browser not accept them, although this may disable or render unusable some of the features of Northcott's website. Northcott's website may also detect and use your IP address or domain name for Internet traffic monitoring and capacity purposes or to otherwise administer the website. No personal information is collected, rather the patterns of usage of visitors to the website may be tracked for the purposes of providing improved service and content based on aggregate or statistical review of user site traffic patterns.

How do we collect personal information?

Generally, we collect information directly from the relevant individual.  Sometimes, we may need to collect information about a client from a third party, such as a parent, carer, guardian or other responsible person or a third party such as a health service provider, government or similar agency or the client's educational institution or workplace.  We will do this if the client has consented for us to collect the information in this way, or where it is not reasonable or practical for us to collect this information directly from the client (such as in an emergency, because the client is not able to provide the information required or where collection in this way is a reasonable and efficient way to collect the information without inconvenience to the client). 

How do we use and disclose personal information?

Where an individual has provided consent we use and disclose personal information we collect to:

  • provide and improve our services to our clients and their family members, including to:
    • assess, provide and obtain services required by the client including the care and treatment of the client as well as providing information, advice and assistance to the client; this includes supporting persons’ responsible and others (including third party service providers) in their care and treatment of the client;
    • assess what third party services (including medical services and allied health and therapeutic or support services) may be required or available for the client;
    • apply for and administer support from third parties (including government and other sources), whether of a financial, administrative, social, medical or other nature;
    • allow exchange of information between service providers with whom Northcott deals or who provide care, services or support of any kind and Northcott;
    • assess the adequacy of, and our clients' and their family members' level of satisfaction with, our services.
  • process donations and communicate with our donors and supporters, including sending them information (which may be by phone, email or other electronic means);
  • communicating with our clients and their family members, donors and supporters, and volunteers (including responding to queries and complaints) and distributing our publications, conducting events and raising awareness about our services;
  • our general business activities, including interacting with contractors and service providers, billing and administration including measuring and assessing the level of support we receive and the effectiveness of our fundraising activities and assessing applicants for positions with us.

We will not share any of your personal information with third parties without your consent except: 

  • if we are required by law or we believe in good faith that such action is necessary in order to comply with law, cooperate with law enforcement or other government agencies, or comply with a legal process served on the company (including other service providers or insurers) or court order;
  • the disclosure of the information will prevent or lessen a serious and imminent threat to somebody's life or health;
  • to our contractors, service providers and volunteers only to the extent necessary for them to perform their duties to us.

We are obliged to report to government and other bodies on the services they fund us to provide. Reports cover demographic and service use information only – your personal information will not be passed on. 

How secure is your personal information? 

We regard the security of your personal information as a priority and implement a number of physical and electronic measures to protect it. Northcott will ensure that: 

  • Personal information is protected from misuse, loss, unauthorised access, modification or inappropriate disclosure; 
  • Personal information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure; 
  • Electronic data is kept within secure network storage and ensure that staff may only access that data which is necessary to perform their role.
  • When the personal information is no longer needed for the purpose for which it was obtained; Northcott will take reasonable steps to destroy or permanently de-identify that information. 

We remind you, however, that the Internet is not a secure environment and, although all care is taken, we cannot guarantee the security of information you provide to us via electronic means.

Quality of Personal Information

Northcott will take reasonable steps to ensure that the personal information it collects uses or discloses is accurate, complete, up-to-date and relevant to its functions and activities.

Accessing and correcting your personal information 

Generally, you have the right to access the personal information we have about you.  Northcott will handle requests for access to personal information in accordance with the Privacy Act. To request access to your personal information, please contact Northcott using the contact details at the end of this Privacy Policy. 

When you request access, we will take measures to verify your identity.  If you would like a copy of personal information that we have about you, in order to verify your identity, please send the request to us in writing, by mail or fax to the address or fax number set out at the end of this Privacy Policy.  In some cases, we may need time to consider and respond to your request for access, however we will respond within 30 days after your request is made.  Depending on the information you want to access, where it is stored and the time it will take us to respond to your request for access, we may charge you a fee for the administrative cost of providing the information to you.  This charge will not be excessive.  If for any reason we refuse to give you access to your personal information, or do not give you access in the manner in which you have requested, we will provide you with a written notice giving you the reasons for our refusal (unless it would be unreasonable for us to do so).  The Privacy Act specifies exceptions where Northcott is not required to provide you with access to your information. 

If you believe your personal information held by us is inaccurate, incomplete or out of date, you may contact Northcott to request we correct that information.  In most cases, we will amend any inaccurate, incomplete or out of date information.  If we are not able to correct your personal information in the way requested by you (for example, if it is necessary for us to keep a record of what we knew or understood to be correct in respect to your personal information at a particular time), we will:

  • notify you of our reasons for refusing your request (unless it would be unreasonable for us to do so); 
  • let you know how you may make a complaint about our decision, should you wish to do so; and
  • take reasonable steps to note on our record containing your personal information that you claim the information is inaccurate, incomplete or out of date.

 

Anonymity and pseudonymity 

Whenever it is lawful and practicable, clients, customers and donors shall have the option of operating anonymously or using a pseudonym when interacting with Northcott. Examples of where this may be possible are a phone call enquiry or making a cash donation. Services requiring a client to be registered with Northcott would be considered impracticable to be provided without accurate personal information.

Government identifier

Although in certain circumstances we are required to collect government identifiers such as your tax file number, Medicare number or Pension card number, we do not use or disclose this information other than when required or authorised by law or unless you have voluntarily consented to disclose this information to any third party 

Your sensitive information

Without your consent, we will not collect information about you that reveals your racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional or trade association, membership of a trade union, details of health, disability, sexual orientation, or criminal record. Sensitive information will only be collected if it is specifically required for operational purposes. 

This is subject to some exceptions including:

  • the collection is required by law 
  • when the information is necessary for the establishment, exercise or defence of a legal claim

Disclosure of information to overseas recipients

It is rare that Northcott will disclose personal information to a recipient outside of Australia. In the event that this does occur, it will only be done when consent has been obtained from the individual and the recipient is subject to laws or binding schemes which are substantially similar to the Australian Privacy Principles.

Making a complaint

You may make a complaint about our handling of your personal information, including if you think we have breached the Privacy Act, by contacting Northcott in writing, by email, mail or fax to the contact information set out at the end of this privacy policy.  The complaint will be managed in accordance with Northcott’s Feedback and Complaints Procedure and we aim to resolve your complaint within 35 days from when your request was made.  If we are not able to resolve your complaint, you may wish to contact the Office of the Australian Information Commissioner at the details set out below; this service will be able to provide you with information about your other options. 

What should you do if you want more information or to make a complaint?

If you would like to access your personal information held by us or wish to make a complaint about the way we have collected, used, held or disclosed your personal information, please contact Northcott by email, fax, letter, or by phone to:

Email: privacy@northcott.com.au

Fax: (02) 9683 2827

PO Box 4055, Parramatta NSW 2124

Ph: (02) 9890 0100

If you want to obtain additional information on your privacy rights and how you can enforce them, you can visit the website of the Office of the Australian Information Commissioner at: http://www.privacy.gov.au or http://www.oaic.gov.au/

Legislation & Standards Compliance

  • Privacy Act 1988
  • Australian Privacy Principles
  • NSW Health Records and Privacy Act 2002 
  • ACT Health Records (Privacy and Access) Act 1997 

 

Review and Evaluation of Policy

This policy will be reviewed within the framework of Northcott’s quality assurance and continuous improvement process.  Process performance and policy effectiveness will be measured against Northcott’s standards, objectives, and practices as part of a scheduled review of the policy and related documents based on the level of risk to clients and the organisation.

Policies and related documentation will be evaluated based on whether they are meeting the overarching standards of the organisation in regards to quality, best practice, consistency, efficiency and effectiveness affecting service provision and organisational capacity.