HEARTH SUPPORT SERVICES & HEARTH ALLIED HEALTH
In this Privacy Policy, ‘us’, ‘we’, or ‘our’ means Hearth Support Services Pty Ltd (ABN 21 618 155 810) and Hearth Allied Health Pty Ltd (ABN 22 646 222 746), referred to as ‘Hearth’
We understand the importance of protecting the privacy of your personal information (including your sensitive personal information). We are required to comply with the Privacy Act 1988 (Cth) (Privacy Act), and we will handle your personal information that we collect and hold in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act.
ABOUT HEARTH’S PRIVACY POLICY
The purpose of this Privacy Policy is to explain and ensure that you understand how we collect, hold, use, disclose, secure, and otherwise manage your personal information.
By providing your personal information to us, you acknowledge that you have read and understood this Privacy Policy and you consent to our collection, use, storage, and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us.
WHAT IS PERSONAL/SENSITIVE INFORMATION
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Sensitive information is a type of personal information that is afforded a higher level of protection by privacy laws. It includes information or an opinion about an identified individual’s health, genetic and biometric information, race or ethnic origin, political opinions, membership of political, professional or trade associations or trade unions, religious beliefs, sexual orientation, or practices and/or criminal record. References to personal information in this Privacy Policy include sensitive information.
PERSONAL INFORMATION WE MAY COLLECT
We may collect the following types of personal information:
- your name, date of birth, mailing or street address, email address, personal or work telephone number, and other contact details;
- your financial information and payment details (such as National Disability Insurance Scheme (NDIS) plans, financial managers, and funding amounts);
- any information that you provide to us when making an enquiry in person, by telephone, email, forms, or via our website;
- any information that you provide to us when requesting an appointment in person, by telephone, email, forms, or via our website;
- details of the services we have provided to you or that you have enquired about, including any additional information necessary to deliver those services and respond to your enquiries;
- any additional information relating to you that you provide to us directly or indirectly in person, by telephone, email, forms, or via our website;
- any additional information that is shared by your guardian or person in charge of your supports such as the NDIS, your support coordinator, allied health professionals (such as allied health plans and progress), medical practitioners or others involved in your support needs, and other service providers;
- any additional information that is shared by a different supports provider previously engaged by you, including information about your care needs, health conditions, and any amounts paid, owed and/or to be paid in the future by you to the other provider;
- personal information which is sensitive information including: your racial or ethnic origin; religious beliefs or affiliations; philosophical beliefs; sexual orientation or practices; and health information including genetic information (including the health information contained in your plans prepared from time to time pursuant to the National Disability Insurance Scheme (NDIS);
- your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information; and
- any other personal information that may be required in order to facilitate your dealings with us and our related entities (including Hearth Housing Pty Ltd).
HOW DO WE COLLECT PERSONAL INFORMATION?
We may collect these types of personal information directly from you when you:
- use our website;
- enquire about or receive services or supports from us;
- complete a document, such as a service request form, services agreement, or other related form;
- communicate with us in person, by telephone, correspondence (e.g. letters, email, etc.), via social networking sites (e.g. Facebook), or via our website;
- when you share information with us from other social applications, services or websites; and
- interact with our sites, services, content, advertising, and marketing campaigns.
We may also receive your personal information indirectly from the following sources:
- your family members, guardians or other legally authorised representatives;
- your carer, attorney or guardian or other persons responsible for your healthcare decisions;
- your GP and other medical and healthcare professionals involved in your care, including therapists and other specialists;
- the NDIS and any other government agencies which administer subsidies and benefits relevant to our services;
- your NDIS support coordinator;
- your health insurer or other insurer;
- your job referees;
- our related third parties (including Hearth Housing Pty Ltd);
- our professional advisors, contractors, service providers and other personnel;
- other third-party sources where necessary to provide our services (e.g. Occupational Therapists) or to assess job applicants (e.g. police checks);
- any person who completes a document, such as a service request form, services agreement, or other related form on your behalf;
- any person who makes an enquiry or referral in person, by telephone, email or via our website on your behalf; and
- if you have previously engaged a different supports provider to us, that service provider.
If you provide any personal information of a third party to us, you must inform that third party about our Privacy Policy and that you are providing their personal information to us.
WHY DO WE NEED YOUR PERSONAL INFORMATION?
We may collect, hold, use and disclose your personal to for the following purposes:
- to provide supports and services to you;
- to provide appropriate information and opinions about your care needs and our supports and services to you;
- to operate, protect, improve and optimise our website, services and user-experience – such as to perform research and analytics;
- to undertake research and the compilation or analysis of statistics relevant to our service provision and/or health and safety;
- to conduct participant experience surveys with the aim of evaluating and improving our services;
- for advertising and marketing purposes;
- to send you marketing and promotional messages, and other information that may be of interest to you;
- to provide information to our related third parties (including Hearth Housing Pty Ltd), professional advisors, contractors, service providers and other personnel for the purpose of supporting our everyday operations including our provision of our services to you;
- to obtain information from any previous supports provider(s) you have engaged for the purpose of our provision of our services to you;
- to provide information to a hospital or aged care facility if you are referred for respite or higher levels of care;
- to confirm the level of government funding available in relation to your supports;
- to ensure the health and safety of our staff and other individuals who use our services;
- to lawfully liaise with your nominated representative and to contact your family if requested or needed;
- to provide education and training for our staff;
- to verify your identity;
- to assess job applications;
- to provide information to a third-party support provider in circumstances where you decide to engage them to provide services to you;
- to provide information credit reporting agencies and courts, tribunals and regulatory authorities if you fail to pay for the services and supports, we have provided;
- to provide information to courts, tribunals, regulatory authorities, and law enforcement officers as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- to comply with our legal obligations (including under the National Disability Insurance Scheme Act 2013 (Cth) and its associated Rules);
- to respond to any feedback, complaint, or resolve any disputes with or in relation to you;
- to enforce our agreements with third parties; and
- for other purposes permitted or referred to under any terms and conditions you enter into or otherwise agree to with respect to our services.
WHO DO WE DISCLOSE YOUR PERSONAL INFORMATION TO?
We may disclose your personal information to the following third parties for the purposes described in this Privacy Policy:
- your family members;
- your carer, guardian, legally authorised representative, or other persons responsible for your healthcare decisions;
- your GP and other medical and healthcare professionals involved in your care;
- the NDIS and any other government agencies responsible for administering entitlements and benefits relevant to our services;
- your NDIS support coordinator;
- if you receive services and/or supports from third parties – those third parties to the extent reasonably required to coordinate service delivery or as otherwise required at law;
- if you transition to another service provider – that third party service provider to facilitate their provision of your services and supports;
- third party suppliers, including cloud-based storage solution service providers and other service providers that we rely on to operate our website and otherwise provide our services;
- third party payment service providers that we rely on to process your payments to us;
- our existing or potential agents, business partners or partners;
- anyone to whom our assets or business (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us – e.g. your GP and other medical and healthcare professionals;
- private health insurers and other insurers;
- our related third parties (including Hearth Housing Pty Ltd), our insurers, professional advisors (including legal representatives), contractors, service providers and other personnel; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
We may not use or disclose personal information for a purpose other than the primary purpose of collection, unless:
- the secondary purpose is related to the primary purpose, and you would reasonably expect disclosure of the information for the secondary purpose;
- you have consented;
- the information is health information, and the collection, use or disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety, it is impractical to obtain consent, the use or disclosure is conducted within the privacy principles and guidelines, and we reasonably believe that the recipient will not disclose the health information;
- we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to your life, health or safety or a serious threat to public health or public safety;
- we have reason to suspect unlawful activity and use or disclose the personal information as part of our investigation of the matter or in reporting our concerns to relevant persons or authorities;
- we reasonably believe that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct, or prepare or conduct legal proceedings; or
- the use or disclosure is otherwise required or authorised by law.
We may engage service providers to securely store and manage our business information, including your personal information.
DISCLOSURE TO A PERSON RESPONSIBLE
We may disclose your personal information to a person who is responsible for you if:
- you are incapable of giving consent or communicating consent;
- the relationship manager is satisfied that the disclosure is necessary to provide appropriate support, for compassionate reasons, or is necessary for a quality review of;
- our services (and the disclosure is limited to the extent reasonable and necessary forthis purpose); and
- the disclosure is not contrary to any wish previously expressed by you of which the relationship manager is aware.
A ‘person responsible’ is a parent, a child or sibling, a spouse, a relative, a member of your household, a guardian, an enduring power of attorney, a person who has an intimate personal relationship with you, or a person nominated by you to be contacted in case of emergency, provided they are at least 18 years of age.
MANAGING PRIVACY PREFERENCES AND CAPACITY
Whether you have the capacity to make your own privacy decisions is assessed by our staff on a case-by-case basis having regard to matters such as your age and circumstances. Generally, an individual aged 15 years and over will have the capacity to make their own privacy decisions.
For children under 15 years or for individuals who lack capacity to make privacy decisions for themselves, we will refer or deal with requests for access, consents, and notices in relation to personal information by reference to the parent and/or guardian or other responsible persons authorised by applicable laws and will treat consent given by them as consent given on behalf of a child or the individual who lacks capacity.
NOTIFICATION
We will, at or before the time or as soon as practicable after we collect your personal information, take all reasonable steps to ensure that you are notified or made aware of the purpose for which we are collecting personal information as well as the identity of other entities or persons to whom we usually disclose personal information.
DISCLOSURE AND TRANSFER OF PERSONAL INFORMATION OUTSIDE AUSTRALIA
We may disclose your personal information to entities who may store or process your data overseas.
These countries may not provide the same level of protection as the privacy laws of Australia. When you provide your personal information to us, you consent to the disclosure and/or transfer of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with the Privacy Act. We take reasonable steps to ensure that overseas recipients deal with your personal information in a way that is consistent with the Privacy Act (including the APPs). Third parties located overseas are not permitted to access or use your personal information except for these limited purposes and we only choose reputable service providers.
USING OUR WEBSITE AND COOKIES
We may collect personal information about you when you use and access our website. While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, mobile phone, or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies, but our website may not work as intended for you if you do so.
We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.
We may also use Google Analytics, a service that enables the tracking of user analytics including but not limited to browser information, operating system information, pages viewed while browsing the website, website session times and referring website addresses and enables us to help understand traffic and usage of our website and services. Information about you regarding your usage behaviour is held by Google and is subject to its privacy policy which can be viewed here: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008.
We may also use the Google Ads service to enable remarketing services, and Google UserID, demographic and interest reports. Information about you regarding your web usage behaviour is held by Google. Information from Google’s UserID service may be connected to other data that we hold about you.
We may also use Facebook pixels for conversion tracking and custom audiences, in accordance with Facebook’s terms which can be viewed here: https://www.facebook.com/customaudiences/app/tos/?ref=u2u.
We may also use other third-party providers. You can opt out of a third-party vendor’s use of cookies, or the collection and use of information for ad targeting, by visiting the Network Advertising Initiative opt out page or AdChoices.
STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
We may hold your personal information in both paper and electronic formats. The security of your personal information is very important to us, and we take reasonable steps to ensure that your personal information is protected against misuse, loss, unauthorised access, modification, or disclosure. In particular:
- physical copies are stored on a secure premises and secured by implementing document storage security;
- personal information is backed up to a secure database;
- our secure server is protected by anti-malware software;
- imposing security measures for access to our computer systems – e.g. identity and access management, including password protection);
- requiring our staff to maintain privacy and confidentiality;
- providing a discreet environment for confidential discussions; and
- allowing access to personal information only where the individual seekingaccess to the information has satisfied our identification requirements.
However, we cannot guarantee the security of any personal information.
We may retain your personal information to fulfil the purposes outlined in this Privacy Policy for as long as needed, as allowed, or as required by law.
OPTING OUT OF DIRECT MARKETING
We may send you direct marketing communications and information about us and our services. This may take the form of emails, SMS, mail, or other forms of communication. We will only use personal information for direct marketing and promotional activities with your express consent. You may opt-out of receiving marketing communications and information from us at any time by contacting us via email at info@hearthaustralia.com.au, by phone on 1800 894 013, or by using the opt-out facilities provided (e.g., an unsubscribe link).
LINKS
Our website, and documents produced in the course of providing the services such as reports, may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies and other terms that apply to those other websites may differ substantially from our Privacy Policy, so we encourage you to read them before using those websites
ACCESSING YOUR PERSONAL INFORMATION
Under the Privacy Act, you have a right to access your personal information that is collected and held by us. You can access the personal information we hold about you by contacting your Relationship Manager, the General Manager of the relevant Hearth office or our Privacy Officer using the below contact information. We may also need to verify your identity when you request your personal information and may ask you to complete a request for information form. We will then grant the request within a reasonable period.
However, we may refuse a request for information to some or all of the personal information in certain circumstances allowed by the Privacy Act or other applicable laws or if consent is not granted by the individual the personal information relates to. If we refuse your request for information, we will give written notice of our decision, including our reasons and how to complain if you are not satisfied with the decision. We will endeavour to give access to personal information in the requested form. However, if that is not possible, we will provide alternative means of access or discuss how access can be given through a mutually agreed intermediary.
We will disclose the personal information we give access to, to the individual’s authorised representative or legal adviser where we have been given written authority to do so.
KEEPING PERSONAL INFORMATION ACCURATE AND UP TO DATE
We take all reasonable steps to ensure that your personal information is accurate, complete, and up to date.
We will also take reasonable steps to correct your personal information if we are satisfied that it is inaccurate, incomplete, and out of date, irrelevant or misleading, or if you ask us to correct your personal information for these reasons.
If you think that any of the personal information, we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the contact information below and we will take reasonable steps to ensure that it is corrected. There may be circumstances in which we may have to refuse a request for correction. If this happens, we will notify you in writing of our reasons for the refusal and explain how you can complain if you are not satisfied.
DEALING WITH US ANONYMOUSLY
Where it is lawful and practicable to do so, you may deal with us anonymously or use a pseudonym. However, in many instances we need to identify you when you deal with us, including to provide our services and to respond to complaints. If we do not receive all of the personal information we request, we may not be able to do these things effectively or at all. You may also address any feedback to us anonymously by sending a letter to the mailing address in the Contact Us section below.
CHANGES TO THIS PRIVACY POLICY
We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.
COMPLAINTS
If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us about your complaint using our contact information below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will endeavour to acknowledge receipt of a written complaint within 7 days and provide a written response to the complaint within a reasonable timeframe. It may be necessary to request further information from the complainant before the matter can be resolved. Any such request will be made in writing.
If you are not satisfied that we have resolved your complaint, you have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC). If you wish to make a complaint or to find out any more information about your privacy rights, the OAIC can be contacted as follows:
Website: www.oaic.gov.au
Telephone: 1300 363 992
In writing: Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
You may also make a complaint regarding the handling of your health information to the NDIS or statutory health complaints authority in your State or Territory.
CONTACT US
For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the following contact details:
By mail:
Privacy Officer
Suite 1, 431 Burke Road
Glen Iris VIC 3146
By email: info@hearthaustralia.com.au