Policy, Legislation, Scope
We respect your right to privacy under the Privacy Act 1988 (Cth) and we comply with all of the Act’s requirements in respect of the collection, management and disclosure of your personal information.
This policy is not a replacement for any Act or Regulation. The criminal law and legislation still apply to all staff. If any conflict arises between this policy and the provisions of any Act or Regulation, the latter provisions will prevail.
The following legislation and conventions are relevant to this policy:
- Charitable Fundraising Act 1991 (NSW)
- Health Records and Information Privacy Act 2002 (NSW)
- National Disability Insurance Scheme Act 2013 (Cth)
- Privacy Act 1988 (Cth)
- Privacy Amendment, Private Sector, Act 2000 (Cth)
- Privacy and Personal Information Protection Act 1998 (NSW)
Who is this policy for?
Clients, members, donors, staff, volunteers, supporters and board of MDNSW, users of the MDNSW website.
What type of information do we collect, hold and how do we collect it?
What type of information do we collect and hold?
MDNSW is a member-based association, not-for-profit charity and service provider, delivering NDIS services and supports. In order for MDNSW to carry out our activities, we collect personal information from people involved with the association.
MDNSW only collects personal information by lawful means and will not collect information in any unreasonably intrusive way and only what is necessary to conduct its activities and provide supports.
We collect the following information:
- your name, address, email, phone number/s, gender, date of birth
- payment information for a service or a donation
- information on family members, carers and relationship to client
MDNSW will only collect sensitive information that is necessary to provide services and supports to clients.
The type of sensitive information collected may include:
- health or medical information
- information about a client’s disability
- information about a client’s cultural background and/or religious beliefs
- billing information and Medicare/NDIS number/Tax file number
- information generated by a health service provider (eg notes, opinions about an individual and their health)
We do not use or disclose Medicare, NDIS or tax file numbers unless we need to by law or you have consented to disclose this information to a third party.
We may also collect information that doesn’t identify a person directly – like statistics from a survey / consultation, or how many people access our website and what they click on so we can improve our website.
How do we collect your information?
We collect your information directly from you in most cases, including:
- from our website, when you sign up for something or make a donation
- from surveys and evaluations you complete (unless you chose to be anonymous)
- from social media – eg. interactions on our Facebook page or community fundraising pages
- over the phone or in person as part of our client services and supports
- over the phone or in person as part of our fundraising activities
- from an application form for a MDNSW event or program
- from a MDNSW Service Agreement
What happens if we can't collect your information, and for what purpose do we hold, use and disclose information?
What happens if we can’t collect your personal information?
You have the right to choose what information you will share. If you choose not provide us with the personal information described above:
- we may not be able to provide the requested services to you, either to the same standard or at all.
- we may not be able to send you information about programs and services that you may be interested in if we don’t for example have your contact details.
- your experience of our website may not be as enjoyable or useful
- we may not be able to process payments, issue receipts and other administrative actions.
For what purposes do we collect, hold, use and disclose your personal information?
We collect personal information about you so that we can perform our activities and functions and to provide best possible quality of customer service.
We collect, hold, use and disclose your personal information for the following purposes:
- to provide services to you and to send communications requested by you
- to keep your details up-to-date
- to distribute information about fundraising events and opportunities to donors and supporters
- to keep accurate records about MDNSW membership, including payments
- to inform clients about MDNSW’s programs, supports and events that might be of interest
- to process and respond to any complaint made by you; and
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with a governmental authority.
We will only collect, use and share your information with your consent unless it is required by law.
From whom do we collect your information, and when do we disclose this information?
From whom do we collect your information?
MDNSW will generally collect information directly from you, the client, but may also collect information from third parties including families, carers, service providers and government organisations but only with your consent.
Where information is collected from third parties, MDNSW will use reasonable endeavours to:
- ensure the information is accurate
- inform the client of the information collected
MDNSW will take reasonable steps to ensure the client is aware of:
- the name of the person/organisation MDNSW received information from
- their right to access the information
- the purpose for which the information is collected
- any law that requires the particular information to be collected
- what happens if we don’t receive this information
In what circumstances may we disclose your information?
MDNSW may disclose personal and sensitive information:
- where necessary to provide services or supports but only with your consent.
- to organisations providing services for MDNSW such as legal, financial, reporting, surveying – provided those organisations also undertake to protect the confidentiality of that information and with your consent.
MDNSW may disclose personal and sensitive information without your consent:
- in an emergency where failure to disclose the information may cause adverse outcomes for the client
- where required for mandatory government reporting
- when required by law.
Where a client is incapable of making decisions about the provision or disclosure, a responsible person as defined by legislation may make this decision on behalf of the client.
MDNSW encourages family support and communication between family members. However MDNSW will not provide personal information about a client aged over 16 years to family members without the individual’s consent.
Information may be disclosed for other purposes permitted by privacy legislation including but not limited to where legislation requires that the information be released, MDNSW is subpoenaed to provide information for court proceedings, or there is an overwhelming public interest in disclosing the information.
Unsolicited information, Personal dignity and privacy and disclosing information outside of Australia
Unsolicited information is personal, sensitive and/or health information that a staff member may receive having taken no active steps to collect it. This may be in the form of an email that has been sent to you by mistake or divulged by someone who you don’t have consent to collect information from and wasn’t provided directly by the client.
If MDNSW receives unsolicited personal information, staff need to destroy or de-identify the information that MDNSW has not obtained with consent to receive. However, before you destroy any information, you must make sure there is no other legal requirement to retain it. If you are not sure, seek legal advice before destroying or de-identifying information you have on file.
Personal dignity and privacy
Where MDNSW provides services of a highly personal nature with clients, such as dressing, showering and other personal services, MDNSW will provide clients with as much privacy as possible to protect their personal dignity.
MDNSW will ensure all staff providing personal care services are appropriately screened, trained and deliver services sensitively and professionally at all times.
Do we disclose your personal information to anyone outside Australia?
It’s rare that MDNSW would be asked to disclose personal information to a person outside of Australia. MDNSW will only do so:
- with your consent
- if we reasonably believe the recipient is subject to a law, binding scheme or contract which are substantially similar to the Australian Privacy Principles
- if the transfer of information is for your benefit and again with your consent.
A cookie is a small data file stored on your computer’s browser. Cookies allow our website to “remember” what a user has done on previous pages or interactions with the website to enhance users’ experience.
Most websites and internet browsers support cookies; however, users can set their browsers to decline certain types of cookies or specific cookies or delete cookies at any time. You will usually find information on cookies and how to manage them under ‘options’ or ‘settings’ in your browser. This may inactivate some of the features of our website.
Disclosure of Donors’ personal information and Direct marketing materials
Disclosure of Donors’ personal information
Personal information may be disclosed to third parties for marketing purposes: we may provide your contact details to other like-minded organisations to contact you with information that may be of interest to you. From time to time, we participate in data collectives where we share your personal information (other than sensitive information) with other organisations.
If you would prefer not to receive communications from other organisations, please let us know. Contact us at Muscular Dystrophy NSW – 80 Betty Cuthbert Drive, Lidcombe 2141, Tel: +612 9888 5711 and email: firstname.lastname@example.org
Otherwise, we will only share your personal and sensitive information in accordance with your consent and instructions, as provided through the exclusions set out in the Australian Privacy Principles, or in accordance with the specific collection statement provided to you by us at or near the time of collection of your personal and sensitive information.
Direct marketing materials
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail and email, in accordance with applicable marketing laws.
At any time you may opt-out of receiving marketing communications from us by contacting us at: Muscular Dystrophy NSW – 80 Betty Cuthbert Drive, Lidcombe, 2141 Tel: + 612 9888 5711 or via email: email@example.com
We do not provide your personal information to other organisations for the purposes of direct marketing. If you do not elect to opt out, we will assume we have your implied consent to receive similar information and communications in the future.
Accessing and correcting your personal information and Security of personal information
How can you access and correct your personal information?
You may request access to any personal information we hold about you at any time by contacting us.
Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it, for example, by mailing or emailing it to you within 30 days of your request. We will need to verify your identity first. This information will not be unreasonably withheld.
There may be instances where we cannot grant you access to the personal information we hold. For example, if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.
Security of personal information
MDNSW takes reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form.
Access to personal information in electronic records is restricted to authorised staff and password protected.
Hard copy records are securely stored or disposed of according to the relevant law or regulation.
All staff complete screening checks before commencing employment with MDNSW including Working with Children checks and NDIS Worker Checks.
Privacy breach process
What is the process for complaining about a breach of privacy?
If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate it.
Our procedure for investigating complaints of this nature is explained in our Complaints Feedback and Resolution Policy and you can contact us by phone, email, and website or at our office – details at the end of this policy.
Where a serious breach has been suspected, MDNSW will comply with the Privacy Act requirements. We will investigate, act to mitigate any further breach, we will notify the affected people and report the breach to the Office of the Australian Information Commissioner (OAIC).
Photos, video and written material, De-identified data, Anonymity and Links to external websites.
Photos, video and written material
MDNSW uses images, videos and stories of the people in the MDNSW community, including children, on our website, social media and in other communications including email, newsletters, promotional materials and annual reports.
MDNSW includes image and video consent in all program and service applications, however staff will attempt to seek your consent if your/your child’s image is selected to be used in MDNSW communications.
Crowd photos/video taken at events are an exception, because it can be very difficult to identify and contact every person in a crowd photo. Event participants will be notified if photographs or video will be taken at the event in the promotional material and at the event. The images/videos will only be used to promote our services, programs or fundraising activities.
People whose image, video or story is being used by MDNSW can withdraw their consent at any time by contacting us by phone, email or via the website. MDNSW will make our best efforts to remove the image/other media in a timely manner. However, where images are used in print publications or in a video, removing an image from circulation might be impossible. If this is the case, MDNSW will advise the person.
Personal information where details are removed so a person cannot be reasonably identified is considered to be de-identified data.
MDNSW uses de-identified data to:
- report statistical information to funding bodies and donors.
- conduct research and service improvement initiatives.
This information is not personal or sensitive because it is de-identified. When using data for this purpose MDNSW will ensure that no individual could reasonably be identified from the data used even after primary identifiers have been removed.
Only de-identified data will be used for research purposes. Any research requiring identification of a client requires their explicit consent.
Where it is lawful and practicable, individuals may interact with MDNSW without identifying themselves, or use a pseudonym if they choose to.
However, when accessing member services and other direct services it is not practicable to do so without individuals identifying themselves.
Links to external websites
Our website contains links to other websites operated by third parties. These links are provided for your information and convenience and are not an endorsement by MDNSW of the content of third party websites.
If you use these links, you leave our website. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
Contact and Complaints
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.
Please contact us at:
More information on making complaints and contacting external bodies to make a complaint is available in our Compliments Suggestions and Complaints information.
Updated policy approved by Board February 2021, and is due for review February 2022.
Download a PDF of this policy HERE