This services privacy statement explains how we manage your personal information.
At MacKillop Family Services Ltd (‘MacKillop’) we are committed to protecting your privacy and your personal information and we are bound by the Privacy Act 1988 (Cth) (‘Privacy Act’) and will protect your personal information in accordance with the Australian Privacy Principles. These principles govern how we can collect, use, hold and disclose your personal information, as well as ensuring the quality and security of your personal information. We are also bound by relevant state laws in New South Wales, Victoria and Western Australia including:
- Privacy and Personal Information Protection Act 1998 (NSW)
- Health Record and Information Privacy Act 2002 (NSW)
- Privacy and Data Protection Act 2014 (Vic)
- Health Records Act 2001 (Vic)
- Children, Youth and Families Act 2005 (Vic)
- Freedom of Information Act 1992 (WA)
What is personal information?
Personal information is any information which identifies an individual and information from which an individual’s identity can be reasonably ascertained. It includes information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not. For example, your name, date-of-birth, nationality or heritage, home address and telephone number are personal information.
Personal information includes "sensitive information", which means information or an opinion about an individual's racial origin, membership of a political association or trade union, religious beliefs, sexual preferences or criminal record.
Personal information also includes "health information", which means information, or an opinion about the health or a disability of an individual, or individual's wishes about the provision of health services.
What kinds of personal information do we collect and hold?
MacKillop collects, holds and maintains personal and sensitive information from clients, staff and potential staff, volunteers, foster carers and member of their household and supporters (including donors, sponsors, consultants and referring agencies).
MacKillop collects personal information directly from individuals, in writing, by telephone, email or via our website. We collect and manage a range of personal information for the purposes of carrying out our services and activities including:
- Education and training
- Support to children, young people and their families
- Residential, foster/home based and kinship care
- Youth and community work services
- Disability services
- Therapeutic and clinical services
- Family violence services
- Homelessness services
- Heritage and information service
MacKillop will usually collect personal information directly from you and with your consent. However, we sometimes need to collect information from a third party, such as your carer, trustee or authorised representative, or from public sources. We may also receive personal information from a variety of other sources, including:
- information about individuals which is given to us by government or non-government agencies acting on behalf of those individuals
- information about personal attributes of officers, employees and other representatives of other organisations including information about their roles and means of communications, collected incidentally in the course of dealings
- publicly available sources of information, such as public registers
- other organisations, who jointly with us, provide services
- your previous employer
- if required to do so in accordance with legislation.
Personal information collected will be stored confidentially unless disclosure is required by law.
For what purpose do we collect, hold, use and disclose personal information?
All information collected by MacKillop will be used only for the primary purpose intended, i.e. for the employment of staff and carers, recording and processing of donations and to facilitate the provision of services and protect the safety of our clients.
With the exception of what is contained in this Privacy Statement, we do not sell or otherwise disclose your personal information to other organisations.
MacKillop may not be able to provide some or all services to an individual, unless the organisation is provided with the personal information requested.
MacKillop may collect and disclose your personal information to government or statutory agencies to comply with legislative or statutory requirements. For example, to comply with state-based mandatory reporting or reportable conduct schemes or the management and reporting of client incidents.
MacKillop may disclose personal information to other organisations or agencies that help with our work or to facilitate the provision of services. This information is disclosed with the understanding that all parties comply with Commonwealth and state legislation and the information disclosed is for the specific purpose we ask them to perform.
MacKillop may find it necessary to share some of your personal information with our volunteers, contractors or third party providers where tasks are outsourced
MacKillop may use the information collected to communicate with you about MacKillop’s services and events.
How do we hold personal information?
Much of the personal information MacKillop holds will be stored electronically in secure data centres. Some personal information may also be stored in paper files.
MacKillop takes measures to ensure your personal information is accurate, up-to-date, complete and relevant, and is protected from unauthorised access, loss, misuse, disclosure or alteration. MacKillop uses a variety of physical, electronic and procedural security measures to protect the security of personal information held. For example:
- MacKillop’s heritage files are secured in a fire-rated safe and have been digitally scanned
- MacKillop’s website uses 128 bit SSL security to protect personal information online
- access to information systems is controlled through identity and access management
- employees are bound by internal information security procedures and are required to keep information secure
- all employees are required to complete training about information security and are required to sign a code-of-conduct as part of their employment contract
- MacKillop regularly monitors and reviews our compliance with internal policies and industry best practice.
We also take reasonable measures to remove, destroy or de-identify your personal information in a timely manner when it is no longer required for the purpose for which it was collected.
Who do we disclose your personal information to, and why?
MacKillop may find it necessary to share some of your personal information. Generally, the organisation discloses personal information to other organisations that help with our work, to facilitate the provision of services and to protect the safety of our clients. This information is disclosed with the understanding that all parties comply with the Privacy Act and obligations are made to use the personal information disclosed for the specific purpose we ask them to perform.
Organisations that may receive personal information from MacKillop in accordance with the Privacy Act, include:
- contractors or external service providers (including mailing houses or technology service providers)
- health care providers
- non-government agencies or organisations, who jointly with us, provide services to our clients
- client representatives (including legal advisors, guardians, carers or trustees)
- regulatory bodies and government agencies and law enforcement bodies in jurisdictions in which MacKillop operates.
MacKillop may also disclose your personal information if:
- required or authorised by law or where there is a public duty to do so, in the case of suspected or actual child abuse or other matters of a serious or criminal nature as outlined in the Family Law Act 1975
- an individual has expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances
- your health is at risk, an individual has applied for a position with the organisation and we are required to exchange some or all of your personal information with your referees, police, Centrelink and recruitment consultants for purposes relating to considering your application, or
- where the organisation is otherwise permitted to disclose the information under the Privacy Act or relevant state legislation.
Do we disclose information overseas?
MacKillop Family Services provides services to children, young people and families in New South Wales, Victoria and Western Australia. The disclosure of personal information should generally remain within the states in which we operate or our clients reside. The organisation does not transfer information outside these states unless satisfied that the recipient organisation is subject to a binding legal obligation to protect privacy that is equivalent to the obligations that apply to us.
Reasons for disclosing information may include:
- recruitment of an employee, volunteer or carer from another Australian state or overseas
- a request is made from a government agency or law enforcement body from another jurisdiction
- a request is made from a former client now living in another jurisdiction or overseas.
Do we use or disclose personal information for marketing?
MacKillop may use personal information, only if we have received express consent to do so. If you no longer wish to receive marketing material please advise us.
Do we collect personal information electronically?
MacKillop will collect information from individuals electronically, for instance through internet browsing, mobile or tablet applications.
MacKillop does not collect personal information through our website, unless provided by an individual.
Our website may record non-identifiable information about an individual for statistical reporting, administration and maintenance purposes. Information collected may include:
- date and time of visit(s)
- pages viewed
- users navigation through the site and interaction with pages (including fields completed in forms, information downloaded and applications completed)
- location information about users
- information about the device used to visit our website, and
- IP address.
MacKillop takes care to ensure that information provided on our website is protected.
MacKillop cannot ensure or warrant the security of any information sent to us or received online or via email. MacKillop takes all reasonable steps to protect personal information once it has been received.
Access to and correction of personal information
MacKillop takes all reasonable steps to ensure that personal information held is accurate and as up-to-date as is possible.
Individuals can request access to the personal information we hold about them and can ask for corrections to be made. MacKillop will always provide access to any personal information we hold about an individual. Individuals are able to contact MacKillop at any time and ask for corrections if it is felt the information held is inaccurate, incomplete or out-of-date.
There are some circumstances in which MacKillop is not required to give access to an individual’s personal information, for example,
- the request does not relate to the personal information of the person making the request
- providing access would pose a serious threat to the life, health or safety of the person making the requests
- Providing the information would have an unreasonable impact on the privacy of other individuals
- the request for access is frivolous or vexatious
- the information relates to existing or anticipated legal proceedings
- providing access would prejudice negotiations with the individual making the request
- providing access would be unlawful
- denying access is required or authorised by law
- providing access would be likely to prejudice:
- law enforcement activities
- an action relating to suspected unlawful activity, or misconduct of a serious nature relating to the functions or activities of MacKillop
- access discloses a commercially sensitive decision-making process or information; or
- any other reason that is provided for under the privacy legislation.
If MacKillop refuse to provide access individuals will be provided with an explanation of the reasons, except where it is unreasonable to do so. If MacKillop refuse a request an individual has the right to request that a statement be associated with their personal information noting that they disagree with its accuracy. The organisation will also provide information on how you can complain about the refusal.
Before MacKillop provides access to personal information proof of identity is required. This is to protect the confidentiality of personal information.
Resolving your privacy concerns and complaints – your rights
If you have any questions or are concerned about how personal information is being handled or have a complaint about a breach by us of the Australian Privacy Principles, please contact the Privacy Officer on (03) 9699 9177. You may also make a complaint to the relevant external body (see contact details below under ‘For more information on privacy’.
Changes to our Privacy Statement
MacKillop’s Privacy Statement has been updated to reflect the changes made to the Australian Privacy Act. MacKillop may change the way we handle personal information from time to time. In these instances our Privacy Statement will be amended. This website will reflect the most up-to-date version.
If you wish to gain access to your personal information, or have a complaint about a breach of privacy or any other query about our collection, use or handling of personal information, you can: