Collective Purpose is a collaborative venture that has been created by three organisations striving to make a difference in mental health: WayAhead (Mental Health Association NSW); Being (Being | Mental Health & Wellbeing Consumer Advisory Group); and Mental Health Carers Arafmi NSW, (‘ARAFMI NSW’).
Collective Purpose aims to provide a vibrant, contemporary workplace that is inclusive and participatory with state of the art technology and support systems. We aim to foster collaboration, innovation and excellence in like-minded organisations and individuals.
2. Commitment to Privacy
Collective Purpose and its partners are committed to protecting privacy and confidentiality.
The Privacy Act 1988 (Privacy Act), Australian Privacy Principles and registered privacy codes govern the way in which we must manage your personal information.
This policy sets out how we collect, use, disclose and otherwise manage personal information and provides guidance on our legal obligations and ethical expectations in relation to privacy and confidentiality.
3. Consideration of personal information privacy
Open and transparent
We have designed our business practices to ensure that we will collect, store, use and manage personal information in an open and transparent manner.
We also acknowledge the importance of treating other information (that is not personal information) in a confidential manner. However, we may share information with other involved individuals and organisations where it would be in the best interests of the client, or other individual, to do so (and provided it is lawful to do so).
Anonymity and pseudonymity
Wherever it is lawful and practicable, we will give the option not to identify yourself, to use a pseudonym or to request that we do not store any of your personal information.
4. Collection of personal information
Purpose for collecting information
The personal information which we collect, hold, use and disclose will vary depending on your interaction with us.
Generally, we will collect, use and hold your personal information if it is reasonably necessary for, or directly related to, the performance of our functions and activities. These functions and activities may include, but are not limited to, the following:
- performing staff members’ duties, including work health and safety obligations
- recruiting and engaging staff and contractors
- providing a service to you or to someone you know
- providing you with information about our organisation
- facilitating our internal business operations, including complying with legal obligations
- conducting organisational functions, operations or development activities
- researching and evaluating programs and activities
- investigating and responding to complaints about our services or general operation
- auditing, investigating and responding to allegations of fraud
- contract management; and
- managing and responding to correspondence and enquiries from individuals and organisations.
We collect all personal information in accordance with the Privacy Act and provide a privacy notice as per APP 5 when we solicit personal information.
How information is collected
We collect personal information through a range of different channels, including:
- paper-based and electronic forms (including online forms)
- face-to-face meetings, interviews, assessments and counselling sessions
- telephone, email, and fax communications
- organisation website and other linked websites; and
- social media websites and accounts.
There may be some instances where personal information about you will be collected indirectly; for example, from a family member, carer or case worker in another service. This may be because it is unreasonable or impractical to collect personal information directly from you at that time. We will usually notify you about these instances in advance, or as soon as reasonably practical after the information has been collected.
Types of personal information collected
We may collect and hold personal information about you that can identify you, and is relevant to providing you with our services. The kinds of information we typically collect may be contained in the documents such as:
- records relating to work health and safety matters, including accident and injury records, compensation and rehabilitation case files;
- applications, instruments of appointment, and other records relating to the performance of administrative functions and activities
- correspondence, invoices, receipts and other records relating to goods and services supplied to, provided by or purchased by us
- distribution and mailing lists relating to the dissemination of organisational publications, reports, newsletters and other information of interest to our clients, stakeholders and the broader community
- documents relating to contracts, grants, funding agreements and other procurement processes; and
- documents relating to feedback and complaints.
Failure to provide information
If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else you know, with the services you, or they, are seeking, or otherwise perform our business operations.
It is possible for individuals to configure their personal computer so that it disables cookies or does not accept them. However, this configuration may affect the functionality of the relevant websites and may preclude an individual from being able to take full advantage of services offered therein.
Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites, and linked websites are not subject to our privacy policies and procedures.
5. Holding personal information
Any personal information we hold is stored on both electronic files and hard copy files in accordance with this policy and other internal policies.
6. Dealing with personal information
Use and disclosure
We only use your personal information for the purpose(s) for which it was collected (as set out above), or for purposes where you would reasonably expect us to and which are related to one of the functions or activities of the organisation. Your personal information may be provided to government agencies, other organisations or individuals if:
- you have given us your consent to do so
- we are required or authorised by law to do so; or
- by providing the personal information we will prevent or mitigate a serious and imminent threat to somebody’s life or health.
Marketing and promotion
Collective Purpose may use personal information for the purposes of direct marketing or promotion of the organisation. Collective Purpose will only use personal information for such purposes if: the individual has consented to receive direct marketing, it is reasonable to expect that we would use personal details for personal marketing, or we believe an individual may be interested in the material but it is impractical for us to obtain their consent.
If it is impractical to gain consent, Collective Purpose will always provide a clear and simple ‘opt-out’ option for anyone who does not wish to receive further direct marketing communications. Collective Purpose respects every individual’s preferences and will remove them from our marketing database if requested to do so.
Collective Purpose will never sell or provide personal information to a third party for the purposes of direct marketing without your informed consent.
7. Integrity of personal information
We take reasonable steps to ensure that information collected used and disclosed is accurate, up-to-date, complete and relevant. As outlined in The Privacy Act 1988.
We take reasonable steps to protect the personal information held. This includes implementing physical, technical and administrative safeguards against loss, interference, unauthorised access, use, modification or disclosure and other information misuse. These steps also comprise reasonable physical, technical and administrative security safeguards for electronic and hard copy records.
Cross-border disclosure of personal information
Collective Purpose may use third party service providers to process personal information if we reasonably believe that the overseas entity is subject to the same or similar privacy standards as those found in Australia, or if the individual has otherwise consented to Collective Purpose disclosing their personal information to the overseas entity.
Collective Purpose will never send or store sensitive information, including health information, outside of Australia.
8. Access to, and correction of, personal information
You have a right to access your personal information and upon request we will provide access unless the Privacy Act or any other relevant law permits or requires us to withhold access. If we refuse you access, we will provide you with a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons).
We may charge you a reasonable fee for providing access to your personal information (but not for making a request for access).
We will generally respond to a request to access or amend information within 45 days of receiving the request.
Amendments may be made to your personal information to ensure it is accurate, relevant, up-to-date, complete and not misleading, taking into account the purpose for which the information is collected and used. If a request to amend information does not meet the above criteria, we may refuse the request.
If we refuse your request for changes to personal information, you may submit a written statement about the requested changes which we will attach to the relevant record of personal information. We will provide you with a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide this information), including details of the mechanisms available to you to make a complaint.
We will respond to a request to access or amend personal information within a reasonable period.
9. Complaints and Feedback
If you wish to make a complaint about a breach of the Privacy Act, Australian Privacy Principles or a privacy code that applies to us, please contact us using the details provided below and we will take reasonable steps to investigate the complaint and respond to your complaint. If you are not happy with our response, you may send your complaint directly to the Australian Information Commissioner (www.oaic.gov.au).