What is privacy?
The Privacy Act 1988 (‘the Privacy Act’) and the Australian Privacy Principles (‘APPs’) which commenced on 12 March 2014 set out the way organisations can collect, use, disclose and provide access to Personal and Sensitive Information.
Privacy Act 1988 Australian Privacy Principles 2014 Spam Act 2003
A Data Breach - Occurs where there has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals, or where such information is lost in circumstances that are likely to give rise to unauthorised access or unauthorised disclosure.
Eligible Data Breach - A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the information relates.
Personal and Sensitive Information - Is any information that identifies or could identify a person, whether it is true or not. It includes, for example, your name, age, gender and contact details.
Personal Information can also include ‘Sensitive Information’, which is information about your health and health services provided to you.
Serious Harm - Serious harm is defined to include physical, psychological, emotional, economic and financial harm, as well as harm to reputation.
Storing - An entity ‘holds’ personal information if the entity has possession or control of a record that contains the personal information.
Websites - Is Diabetes SA’s website www.diabetessa.com.au and the online learning platform www.onlinelearning.diabetessa.com.au.
Who is Diabetes SA?
Diabetes SA is an independent, not for profit, community based organisation in South Australia committed to supporting people with diabetes. As an organisation Diabetes SA provides information, support, education and products to people living with diabetes in South Australia. Diabetes SA has a contractual arrangement with Diabetes Australia Ltd to administer the National Diabetes Service Scheme (NDSS) in South Australia.
Collection of information
Diabetes SA collects your Personal and Sensitive Information only if you have consented to the information being collected, if the information is reasonably necessary for one or more of our functions or activities or if one of the other exceptions applies under the APPs. We may collect Personal Information about you including the following, depending on the services you access:
- Your username and password.
- Your full name, address, email address and telephone number.
- Gender and date of birth.
- Medicare or Department of Veterans’ Affairs number.
- Country of birth.
- Details of your parent, carer and/or medical practitioner.
- Products and services purchased and purchasing preferences.
- Credit card details and method of payment (where you make purchases/donations or other payments).
- Any other information you provide to us.
We may also collect Sensitive Information about you, such as:
- Whether you are of Aboriginal or Torres Strait Islander origin.
- Main language spoken at home.
- Diabetes type.
- Health and lifestyle information such as height, weight, daily physical activities, nutrition and lifestyle choices.
- Whether your immediate relatives have had diabetes.
- Treatment information.
- Insulin status.
- Any other information you provide to us.
Information collection and storing
Diabetes SA will only collect personal information that is necessary for one or more of our legitimate services, functions or activities e.g. diabetes related enquiries.
We only collect your information by lawful and fair means. We collect your information in a few different ways, including:
- Forms you provide to us
- Electronically, such as through our websites
- Phone calls.
- Information you provide while visiting us or our agents including NDSS Access Point.
- Information you provide while participating in diabetes support services, education sessions or seminars/events provided by us.
- Other correspondence, such as email and mail.
Diabetes SA will not use unlawful; or unfair means to obtain information. We will always collect Personal Information from you directly unless it is unreasonable or impractical for us to do so. When a person with diabetes is under 15 years old, or lacks the mental capacity and legal competence to make decisions, the person’s primary carer or guardian must consent to the collection of the person’s information.
Use of your information
We only use your Personal and Sensitive Information for purposes which are directly related to the reason you provided us with your information and where you would reasonably expect us to use your information. We will not use your Personal Information for another purpose unless you have given consent (for example by agreeing to our website terms and conditions or on the NDSS registration form).
We will not use your Personal Information for another purpose unless you have given consent or one of the exceptions under the Privacy Act applies. For example, if the use of the information is authorised by Australian law or is necessary for law enforcement by an enforcement body, such as the Australian Federal Police.
Disclosure of your information
Diabetes SA will only transfer your Personal Information to third parties in the following circumstances:
- Where you have consented to the disclosure.
- To protect or defend the legal rights or property of Diabetes SA, our affiliated and group companies or their employees, agents and contractors (including enforcement of our agreements).
- To protect against fraud or for risk management purposes.
- To comply with law or legal process.
- To enable the sale of Diabetes SA or its assets.
From time to time, Diabetes SA will provide statistical information to the South Australian Department of Health, the Commonwealth Department of Health, universities or other organisations that provide funding to Diabetes SA. This information is statistical information and does not identify individuals. By agreeing to these terms and conditions you consent to your information being de-identified, included in this statistical information and presented to the South Australian Department of Health, the Commonwealth Department of Health, universities or other organisations that provide funding to Diabetes SA.
We do not currently disclose your Personal Information to overseas parties. If your Personal Information is transferred overseas, we will comply with our obligations under the APPs.
Accessing and correcting information
We will take reasonable steps to ensure that all Personal Information that we collect, use or disclose is accurate, up to date, complete, relevant and not misleading. We will correct any Personal Information that we believe to be incorrect, out of date, incomplete, irrelevant or misleading. This includes taking reasonable steps to notify any organisation or government agency to which information was disclosed about the correction. You may request to access or correct your Personal Information at any time by contacting the Privacy Officer using the details below. We will give you access to the information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.
We are not responsible for any problems that may arise if you do not give us accurate, truthful or complete information or if you fail to update such information. We will reject and delete any entry that we believe in good faith to be false, fraudulent or inconsistent with these terms and conditions.
If you wish to amend any of your details or the information you have provided to us please contact us using the details on the websites. If you request to access or correct your information, we will respond within a reasonable time. If your request is refused, we will give you a written notice that sets out the reasons for refusal and how to complain about the decision.
It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself or to use a fictional name when interacting with us. You can remain anonymous when using some parts of our websites. However, it may be necessary for Diabetes SA to collect Personal or Sensitive Information if you would like to access certain materials or services. If you choose to withhold the information we require, we may not be able to provide the services you have requested.
Security of your information
We recommend that you review the privacy policies of those external websites as we are not responsible for their privacy practices. When we no longer need Personal Information for any purpose.
The Association will take reasonable steps to destroy the information or ensure that the information is de-identified. This will apply except where the information is part of a Commonwealth record, or we are required by law or a court/tribunal order to retain the information.
Notifiable Data Breaches
The Privacy Act Amendment Notifiable Data Breaches (NDB) Act 2017 requires Diabetes SA to notify particular individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the personal or sensitive information relates. Diabetes SA will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action.
Should you have any concerns regarding your personal information and notifiable data breaches, see https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme for information.
Direct communications and promotional materials
From time to time, we may contact you or send out promotional materials for the purposes of Diabetes SA or the NDSS. If you do not wish to receive these communications, please contact Diabetes SA to unsubscribe (see contact details below). Your information may also be used by us to provide you with details of our services and events where permitted by the Privacy Act or where you have consented to the use or disclosure of your Personal Information for direct communications and promotional materials.
It is our policy that any direct communication or promotional material will include a statement advising that you may request not to receive further material by contacting us using the details provided. Even if you unsubscribe, if you are registered with the NDSS or a member of our organisation you will still receive important information about diabetes and NDSS product safety issues.
It is our policy that all electronic communications will include an unsubscribe facility. The Spam Act 2003 prohibits sending unsolicited commercial emails, SMS and MMS messages for commercial purposes. Examples of unsolicited communications are ones that do not directly relate to a service you have previously signed up with or agreed to. While not-for-profit organisations such as Diabetes SA do have some exemptions from the Spam Act, we are guided by the Code of Practice developed by the Australian Direct Marketing Association.
Links to Other Sites
The Diabetes SA website contains links to other websites that are not controlled by Diabetes SA. While care has been taken in providing these links, Diabetes SA is not responsible for the content on those sites and does not necessarily endorse their content. It is the responsibility of the web user to make their own decisions about the accuracy, reliability, relevance and correctness of information found. In general Diabetes SA will only link to government or not-for-profit websites.
Complaints and enquiries
If you are unhappy with the outcome, you may lodge a complaint with the Office of the Australian Information Commissioner.
See http://www.oaic.gov.au/privacy/making-a-privacy-complaint for further information.
Privacy Officer Contact details
PO Box 1930
Hilton SA 5033
Phone: 1300 198 204