About this policy
Version 2.0, June 2015
This policy document also describes how you can:
- access and/or seek correction of the personal information we hold about you, and
- make a complaint about a breach of the Australian Privacy Principles (APPs).
The Privacy Act defines personal information as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable; whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not’ (s 6(1)).
Under the Privacy Act, more stringent obligations apply to the handling of sensitive information, which is classed as a subset of personal information and is defined as:
- information or an opinion (that is also personal information) about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record
- health information about an individual
- genetic information (that is not otherwise health information) (s 6(1)).
The specific legal obligations of MI Fellowship when collecting and handling your personal information are outlined in the Privacy Act 1988 and in particular in the 13 Australian Privacy Principles found in that Act.
MI Fellowship collects and uses personal information to carry out functions or activities under the Privacy Act 1988 (Privacy Act), Information Privacy Act 2000 (VIC), Personal Information Protection Act 2004 (TAS), the Mental Health Act 1986 (VIC), the Health Records Act 2001 (VIC), and the Health Records (Privacy and Access) Act 1997 (ACT).
These functions and activities include:
- delivery of services to MI Fellowship program participants
- coordination of engagement activities relating to membership, volunteering, fundraising, community education and advocacy
- responding to general enquiries
- human resources, payroll and financial operations
- maintaining registers, such as contact lists for advocacy campaigns
- communicating with the public, stakeholders and the media including through websites and social media.
Collection of your personal information
The nature and extent of the kinds of personal information and, where applicable, sensitive information, collected by MI Fellowship varies depending on your particular interaction with us.
Where practicable, you may choose to interact with MI Fellowship anonymously, or use a pseudonym. In some circumstances however, this may mean that we have limited capacity to provide you with information, a service or effective communication in response to your request, complaint, donation or application.
MI Fellowship will only record information that is necessary for the particular function or activity for which it was collected. The purpose of the collection and use of the types of personal information outlined above relate directly to MI Fellowship functions and activities, as illustrated in table 1.1.
Sensitive information – collection
The types of sensitive information that we may collect must relate specifically to the function or activity for which it is collected, and we collect this information only when it is necessary for this function or activity.
If MI Fellowship needs to collect sensitive information from you, we will ask you to provide us with your express consent to the collection. Express consent differs from implied consent, and usually involves documentation such as a signed agreement or record of a verbal statement. We will also make sure your consent is informed consent, by way of explaining how your information will be used and disclosed. Consent must also be given voluntarily by an individual with the capacity to communicate such consent at the time it is given.
The kinds of sensitive information that we may collect (alongside the above-mentioned types of personal information) are listed below, relative to the function-related or activity-related file types to which they apply.
Employee, volunteer and applicant files
The following types of sensitive information are collected directly from an applicant to allow us to assess the suitability of individuals for particular roles with MI Fellowship and to manage an effective employment or volunteer arrangement:
- employment or volunteer applications including resumes, statements addressing the criteria and referee reports
- written tasks undertaken by an employee during the selection process
- notes from the selection committee during the selection process
- employment contracts or volunteer agreements and other records relating to the terms and conditions of employment or volunteering
- details of financial and other personal interests supplied by some employees and their immediate family members for the purpose of managing perceived or potential conflicts of interest
- proof of Australian citizenship or residency
- certified copies of academic qualifications
- records relating to employee salary, benefits and leave
- medical certificates or health related information supplied by an employee or their medical practitioner
- details of emergency contacts
- taxation and superannuation details
- information relating to an employee or volunteer’s training and development
- police check/criminal record details/working with children checks.
The types of sensitive information below are collected from participants in accordance with the Mental Health Act 1986 (VIC), Health Records Act 2001 (VIC), Health Records (Privacy and Access) Act 1997 (ACT), Mental Health Act 2013 (TAS), Privacy Act 1988 (Privacy Act), Information Privacy Act 2000 (VIC), and the Personal Information Protection Act 2004 (TAS), and when it is relevant and necessary, so as to enable MI Fellowship to provide a participant with a service or to ensure an appropriate referral:
- health information
- information relating to program participation (for example, attendance notes, assessment records)
- other personal information that is relevant and necessary for us to provide appropriate supports and services.
Further information on the handling of personal information in participant files can be found in MI Fellowship’s Participant Privacy and Confidentiality policy.
We collect personal information from membership applicants and current members for us to deliver member benefits, engage participation in membership activities, communicate directly to members, process membership payments and for the purposes of fundraising.
Members may also choose to provide us with sensitive information, which may be recorded in communication records where it is relevant to the member relationship, such as:
- a member’s personal connection with mental illness (for example, as a carer, consumer, health professional)
- health information
- membership of a professional association
- political opinion.
We collect personal information from financial supporters for the purposes of donation processing and receipting, but also for the purposes of relationship building, advocacy and fundraising .
Donors may also choose to provide us with sensitive information, which may be recorded in communication records where it is relevant to the donor relationship, such as:
- specific interests in relation to our programs and services
- interest in attending events, becoming a member, supporting our advocacy efforts and other opportunities for engagement
- communication preferences
- a donor’s personal connection with mental illness (for example, as a carer, consumer, health professional).
Collecting information through our website
Personal information that you provide via our website (for example, when you submit an online form or subscribe to our e-newsletter) is collected by MI Fellowship via servers that are located in Australia.
Credit card details submitted via our online donation or membership forms are immediately encrypted via Australia Post’s SecurePay facility for secure online transaction processing, which means that MI Fellowship does not store your credit card and debit card information.
Other data collected through our website include website traffic information and visitor behaviour, including the IP address of your computer or device. However, this is not considered personal information, because you are not reasonably identifiable to MI Fellowship through this type of data. We use Google Analytics for collecting such data, which are stored by Google on servers in the United States, Belgium and Finland. You can opt out of the collection of information via Google Analytics by downloading the Google Analytics Opt-out browser add on.
How we use your personal information
We only use personal information for the purposes for which it is given to us, or for purposes which are directly related to one of our functions or activities. (Refer to Table 1.1 above.)
With strict adherence to the Privacy Act and relevant state legislation, personal information is only disclosed for the purposes for which you gave it to us, or for directly related purposes that you would reasonably expect or if you agree. As specified in the Privacy Act, exceptions refer to situations where a disclosure is required or authorised by law or if a disclosure can lessen or prevent a serious threat to life, health or safety.
Examples of disclosure of personal information
Disclosure of personal information may occur when:
- a member of staff contacts a referee or former employer, or conducts a police check, for the purposes of assessing an application for employment or volunteering role
- a key worker provides information to a participant’s carer, or to a health care professional involved in the care of the participant, in the course of delivering a service to that participant
- a fundraising administrator receives a request from a donor to receive no further contact from MI Fellowship and passes on the details to our third party suppliers to ensure their wishes are respected.
Disclosure of personal information overseas
It is not the practice of MI Fellowship to disclose personal information to overseas parties.
When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.
Storage and security of your personal information
We take steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure and against other misuse. These steps include:
- information technology security measures
- password protection for accessing our electronic IT systems
- password access for electronic files is limited to authorised personnel in relevant roles for undertaking the MI Fellowship function or activity
- securing paper files in locked cabinets
- physical access restrictions
- staff training in file-handling procedures.
When no longer required, MI Fellowship destroys paper records that contain personal information and deletes or digitally archives personal information in electronic files, in a secure manner and in accordance with relevant legislative requirements.
There are inherent risks in transmitting information across the internet and we do not have the ability to control the security of information collected and stored on third party platforms. In relation to our own servers, we take all reasonable steps to manage data stored on our servers to ensure data security.
Access and correction of your personal information
You have the right to request access to the personal information we hold about you and to request that we correct that personal information. To make such a request, you can contact MI Fellowship and ask to see your personal details. (See ‘How to contact us’.) Participants of MI Fellowship programs can also request access to their file via a key worker or allocated staff member.
We may need to verify your identity if you request access or corrections to your personal information, both as a privacy measure, and to ensure the quality of the personal information that we hold. Under the Privacy Act, there are limited circumstances in which some or all access to a record may be denied (for example, where it may violate the privacy of another individual). In such circumstances, we will provide an explanation in response to the request.
You may also contact us to request removal from a mailing list, alter or cancel automated donations or if you are on one of our automated email lists, you may opt out of further contact from us by clicking the 'unsubscribe' link at the bottom of the email.
Please be aware that donors who request to be removed from our mailing list or records are archived but not deleted. This ensures that we have a record of their wishes and do not approach them as prospective donors in the future. Without your written permission, we will not allow anyone other than you to access or alter your donor record or automated donation unless they provide written proof of Power of Attorney.
How to make a complaint
If you wish to complain to us about how we have handled your personal information you should complain in writing. If you need help lodging a complaint, you can contact us.
If we receive a complaint from you about how we have handled your personal information we will determine what (if any) action we should take to resolve the complaint.
If we decide that a complaint should be investigated further, the complaint will usually be handled by a more senior officer than the officer whose actions you are complaining about.
We will contact you to acknowledge that we have received your complaint within three business days. We will then contact you with a response, or a progress report on the actions being undertaken, within 30 days. (This may not be possible with anonymous complaints.)
If you are not satisfied with the outcome of your complaint, you can take your complaint to the Office of the Australian Information Commissioner (OAIC) atwww.oaic.gov.au. The OAIC has the power to investigate Australian organisations and agencies that are bound by the Privacy Act, with respect to possible breaches of the Australian Privacy Principles.