Diabetes Tasmania Privacy Statement
What is Privacy?
Diabetes Tasmania is covered by the Privacy Act 1988 (‘the Privacy Act’) and the Australian Privacy Principles (APPs). The APPs set out the way organisations such as Diabetes Tasmania can collect, use, disclose and provide access and correction to personal and sensitive information.
Personal information is any information that identifies or could identify a person, whether it is true or not. It includes, for example, your name, age, gender and contact details. Personal information can also include sensitive information, which is information about your health and health services provided to you.
Diabetes Tasmania and what we do
Diabetes Tasmania, a member of Diabetes Australia, is a charity delivering high quality diabetes support, education and advocacy for the Tasmanian community. Our purpose is to reduce the impact of diabetes and to empower our community to better health.
Diabetes Tasmania provides services to people living with or at risk of diabetes. Our services include education and information support services, advocacy, fundraising and member support.
Diabetes Tasmania engages volunteers and employees. We receive donations, funding and support from members and volunteers, corporations, stakeholder groups and governments.
Diabetes Tasmania is contracted to deliver a number of State and Commonwealth government funded programs. In providing such services, we comply with the relevant state or national privacy principles and any additional contractual obligations.
National Diabetes Services Scheme (NDSS)
Diabetes Tasmania is a National Diabetes Services Scheme (NDSS) agent contracted to provide NDSS services on behalf of Diabetes Australia in Tasmania.
Collection of Information
Diabetes Tasmania collects your personal and sensitive information only if you have consented to the information being collected, if the information is reasonably necessary for one or more of our functions or activities or if one of the other exceptions applies under the APPs.
We may collect personal information about you, including the following which may not all be relevant to you depending on the service you access:
- contact details – full name, address, email address and telephone number
- personal details such as date of birth and gender
- Medicare or Department of Veterans’ Affairs number
- country of birth
- details of your parent or carer
- details of your medical practitioner
- products and services purchased or accessed and purchasing preference
- credit card details and method of payment (when you make a donation or other payment)
We may also collect sensitive information about you such as:
- whether you are of Aboriginal or Torres Strait Islander origin
- main language spoken at home
- diabetes type
- health and lifestyle information such height, weight, physical activity, nutrition and lifestyle choices
- whether your immediate relatives have had diabetes
- treatment information
- insulin status
- any other information you may provide to us
We will only collect your health or other sensitive information, if we obtain your consent to such collection or we are permitted by law. Where practicable we will explain how your health or other sensitive information will be used or disclosed.
How we collect your personal information
We only collect your information by lawful and fair means. We collect your information in a few different ways, including:
- forms you provide to us
- electronically, such as through our website
- phone calls
- information you provide while visiting NDSS Access Points
- information you provide to us while participating in diabetes support services and attending events
- other correspondence, such as email and mail.
We will always collect personal information from you directly unless it is unreasonable or impractical for us to do so. When a person with diabetes is under 15 years old, or lacks the mental capacity and legal competence to make decisions, the person’s primary carer or guardian must consent to the collection of the person’s information.
How we use your personal information
We only use your personal and sensitive information for purposes which are directly related to the reason you provided us with your information in the first place and where you would reasonably expect us to use your information. For example, we may send a receipt to people who make a donation to Diabetes Tasmania.
We use your information to provide you with information about our services. We also use it to improve our services and notify you of opportunities that we think you might be interested in, including:
- informing you about upcoming events and activities;
- engaging with you regarding ongoing fundraising and marketing activities;
- providing follow-up information in response to comments or questions;
- seeking your feedback about our services or programs to monitor and evaluate existing services and plan for future service delivery;
- providing you with information about research trials and initiatives delivered by external providers that you may wish to participate in.
We will not use your personal information for another purpose unless you have given consent or one of the exceptions under the Privacy Act applies. For example, if the use of the information is authorised by Australian law or is necessary for law enforcement by an enforcement body, such as the Australian Federal Police.
Disclosure of your information
Your personal information may be disclosed to third parties to whom Diabetes Tasmania contracts out specialised functions. If Diabetes Tasmania should disclose personal information to third party contractors Diabetes Tasmania takes steps to either:
- de-identify the personal information; or
- ensure that those contractors are authorised only to use your personal information in order to perform the specialised function; or
- must comply with the APPs when handling your personal information.
We will not disclose your personal information to any other person unless you have given your consent or one of the exceptions under the Privacy Act applies.
From time-to-time, Diabetes Tasmania will provide statistical information to the Tasmanian Department of Health and Human Services, the Commonwealth Department of Health, universities or other organisations that provide funding to Diabetes Tasmania. This information is statistical information and does not identify individuals. By agreeing to these terms and conditions you consent to your information being de-identified, included in this statistical information and presented to the Tasmanian Department of Health and Human Services, the Commonwealth Department of Health, universities or other organisations that provide funding to Diabetes Tasmania.
We do not currently disclose your Personal Information to overseas parties. If your Personal Information is transferred overseas, we will comply with our obligations under the APPs.
Security of your information
We take appropriate steps to protect your personal and sensitive Information held by us from misuse, interference, unauthorised access, modification, loss or disclosure. This includes during storage, collection, processing, transfer and destruction of the information.
When we no longer need Personal Information for any purpose we will take reasonable steps to destroy the information or ensure that the information is de-identified. This will apply except where the information is part of a Commonwealth record, or we are required by law or a court/tribunal order to retain the information.
Please note, Diabetes Tasmania website may contain links to third party websites. We are not responsible for the collection and handling of your personal information by holders of third party websites. We recommend that you review the privacy policies of those third party websites.
How to access and seek correction of your personal information
We will take reasonable steps to ensure that all Personal Information that we collect, use or disclose is accurate, up-to-date, complete, relevant and not misleading.
We will correct any Personal Information that we believe to be incorrect, out-of-date, incomplete, irrelevant or misleading. This includes taking reasonable steps to notify any organisation or government agency to which information was disclosed about the correction.
You may request to access or correct your Personal Information at any time by contacting the Privacy Officer using the details below. We will give you access to the information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.
We are not responsible for any problems that may arise if you do not give us accurate, truthful or complete information or if you fail to update such information. We will reject and delete any entry that we believe in good faith to be false, fraudulent or inconsistent with these terms and conditions.
If you wish to amend any of your details or the information you have provided to us please contact us using the details below.
If you request to access or correct your information, we will respond within a reasonable time (usually within 30 days). If your request is refused, we will give you a written notice that sets out the reasons for refusal and how to complain about the decision.
Can I remain anonymous?
It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself or to use a fictional name when interacting with us. You can remain anonymous when using some parts of the Diabetes Australia website or sites administered by Diabetes Australia. However, it may be necessary for us to collect your personal or sensitive information if you would like to access certain materials or services. If you choose to withhold the information we require, we may not be able to provide the services you have requested.
From time to time, we may send you promotional communications (for example, about our services and events) that we believe you would reasonably expect us to send you. If you do not wish to receive these communications, please contact Diabetes Tasmania (using the details set out below) or unsubscribe using the method set out in the communication.
If we receive your personal information from a third party or we do not believe that you would reasonably expect us to send you promotion communications we will, where practicable, obtain your consent. If it is impracticable to obtain your consent, it is our policy that any promotional communications will include a statement advising that you may request not to receive further communications by contacting us using the details provided in the communication.
Please note, if you are registered with the NDSS and you request not to receive our promotional communications you will continue to receive important information about diabetes and NDSS product safety issues.
It is our policy that all electronic communications will include an unsubscribe facility. The Spam Act 2003 prohibits sending unsolicited commercial emails, SMS and MMS messages for commercial purposes. Examples of unsolicited communications are ones that do not directly relate to a service you have previously signed up with or agreed to. While not-for-profit organisations such as Diabetes Tasmania do have some exemptions from the Spam Act, we are guided by the Code of Practice developed by the Australian Direct Marketing Association.
See www.adma.com.au/comply/code-of-practice/ for further information.
The Diabetes Tasmania website and sites administered by Diabetes Tasmania use software known as ‘cookies’ to record your visit to the website and collect some statistical information. We use this information to help administer and improve our websites. We do not use this information to personally identify you. Information we may collect includes:
- your server address
- your domain name
- the date and time of access to the website
- pages accessed and documents downloaded
- the previous site visited
- if you have visited the website before
- the type of browser software in use.
You may set your web browser to disable cookies when visiting our websites. However, some website functions may be unavailable if you choose to do so.
Notifiable Data Breaches
The Privacy Act Amendment Notifiable Data Breaches (NDB) Act 2017 requires Diabetes Tasmania to notify particular individuals and the Office of the Australian Information commissioner about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the personal or sensitive information relates. Diabetes Tasmania will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action according to its data breach response plan. See www.oaic.gov.au/ for further information
If you have a complaint or enquiry
Our Privacy Officer will assess any complaints and liaise with you to resolve any issues within a reasonable time (usually within 30 days).
If you are unhappy with the outcome, you may lodge a complaint with the Australian Information Commissioner who can order the payment of compensation by Diabetes Tasmania in certain circumstances.
See http://www.oaic.gov.au/privacy/making-a-privacy-complaint for further information.
GPO Box 872
HOBART TAS 7001
Email: firstname.lastname@example.org with subject Attention Privacy Officer