1. Purpose and Scope
This Policy explains how the National Counselling and Referral Service (NCRS) for people with disability, their family, friends and partners and service providers, complies with the relevant Australian Federal, State and Territory Acts and Legislation in relation to the collection, use, disclosure and handling of your personal information.
Blue Knot Foundation is a for purpose organisation. It provides a National Counselling and Referral Service (NCRS) delivering phone, webchat, video and email counselling support, information and referrals funded by the Federal Government. These services are provided to you at no cost. To support our funding and enable you to access these services at no cost, we are required to collect certain data.
Blue Knot is committed to protecting the privacy of individuals who use our services. However, due to the nature of the services that we deliver, and to optimise your safety, it may be necessary for us to collect minimal personal data.
3. Types of information NCRS collects
3.1 Personal Information
We collect and hold personal information which is needed for us to provide professional digital trauma counselling, information and referral services. While this may vary depending on your needs and our interactions with you, we may collect the following information on each interaction:
- Your phone number for telephone counselling, information and referral
- Your IP Address for web-based counselling, information and referral
Additional information may include the following:
- your name
- your age or date of birth
- your e-mail address
- comments and feedback
- any barriers to communication and particular needs and preferences
- other personal information needed to provide an effective and efficient trauma counselling service
You may choose not to share any additional information with us; or alternatively, to use a pseudonym.
3.2 Sensitive Information and Health Information
Subject to this Policy, we may also collect and hold sensitive information and/or health information disclosed by you, including (but not limited to):
- your physical, mental or psychological health
- whether you are living with disability
- information regarding whether you are from an Aboriginal and Torres Strait Islander background or from a culturally and linguistically diverse background
- your sexual preference / gender identity
4. Collection of Information
We only collect information by fair and lawful means and when it is reasonable and practicable to do so. We do this to provide you with effective services, accurate information and to meet our legal obligations.
If you do not provide us with the information we ask for, we may not be able to provide you with an efficient service, or the information you want about the service. Our client management system may assign a unique identifier to your information so we can store it and report on it in a de-identified way.
4.1 Ways we collect Information
a) We collect information that you provide:
- when you visit our websites at https://www.blueknot.org.au or https:// www.professionals.blueknot.org.au
- during telephone, video, online chat conversations
- in written correspondence (including email)
If you contact us on chat, we keep a transcript of your interaction to help us improve our service. If you don’t want us to keep a transcript, please let the counsellor know.
We also collect information from third parties which we need for a specific purpose, such as checking information that you have given us or where you have given us consent to do this. We will take reasonable steps to contact you to ensure that you are aware of the reason for and purpose of us collecting it where that reason or purpose is not reasonably expected from the use of our services or not outlined in this Policy.
We will also collect information about you if Australian law requires us to do so. If so, we will inform you of this where we can, including details of the relevant law.
We may also collect information about you from different publicly available sources including newspapers, journals, directories, the internet and social media sites.
4.2 Using the internet
There are risks in using the internet, and so we recommend you take all the appropriate steps to protect your information, when you are using it. If you are concerned, please call or mail us.
- your browser type
- your location
- your IP address
- information about when and how you use our website
- your device and connection information, such as browser, operating system, mobile platform and unique device and other technical identifiers; URL click stream data, including date and time, and content you viewed or searched for
- information about your past internet usage, such as other websites you visit before coming to our website
4.3 Disposal of information
Blue Knot Foundation has documented Information and Communications Technology processes to manage personal and health information including its destruction or de-identification to prevent unauthorised access following retention periods.
We will check whether we need any unsolicited information we receive about you to provide you with a service or meet our other obligations. Necessary information will be handled in the usual way and unnecessary information will be securely destroyed or de-identified.
4.4 Unsolicited Information
Where we receive unsolicited information about you, we will check whether that information is reasonably necessary for our functions. If it is, we will handle this information in the same way we do other information we seek from you. If not, we will securely destroy or de-identify it.
5. Use of information
5.1 Personal Information
We may use and disclose your personal information for the primary purpose for which it is collected, for anticipated secondary purposes related to the primary purpose, and in other circumstances authorised by the relevant Federal, State or Territory Act or legislation.
In general, we use and disclose your personal information to:
- conduct our organisation
- provide our services to you
- communicate with you
- help us manage and enhance our service standards
- understand your needs and establish an account for you
- respond to and assist you with your requests, inquiries or complaints
- contact you regarding our services or other services from third parties
- invite you to participate in surveys
- manage our website
- analyse data, perform audits, evaluate and report
- prevent and detect security threats, fraud or other malicious activity
- comply with our legal obligations, resolve disputes, and enforce our agreements
- improve your online experience with us
5.2 Sensitive Information and Health Information
We will not collect Sensitive Information and Health Information about you unless:
- we obtain your consent to collect and use it; or
- it is reasonably necessary to provide our services; or
- its collection is required or authorised by or under Australian law or a court/tribunal order.
5.3 National Counselling and Referral Service and Consent
If you engage with the National Counselling and Referral Service (by any means including, but not limited to, by telephone, online chat, video) you will be:
- informed that notes from your interaction with us will be digitally recorded and electronically stored by us, which may include the collection of your information;
- informed that information you provide is subject to the terms of this Policy and where you can read this Policy; and
- provided with the opportunity to consent or not consent to these Policy terms.
If you do not consent to these Policy terms, we may not be able to provide services to you.
We may disclose your information (including producing documents) to another person, entity, authority or government body if:
- we are required to do so by an Australian law
- we are ordered to do so by a court/tribunal order
- there is an immediate or imminent risk of serious harm to you, an identified third party and/or the general public
- you have disclosed to us that you or another person has engaged in, or is planning to engage in, suspected unlawful activity or serious misconduct
- Where a permitted general or health situation exemption applies under the Federal Privacy Act 1988
5.4.1 Disclosure to Funders
We may disclose information to our funders according to the contractual obligations of our service agreement. Where practicable, this information will be de identified.
Where we are required to disclose information to another entity, either as requested by you, or under a relevant Australian law, we will ensure the receiving entity is governed by an Information Privacy system equal to the relevant Australian Privacy Principles (APP), Information Privacy Principles (IPP) or Health Privacy Principles (HPP) that apply to your information.
5.4.2 Internal use
We may use and/or disclose your information in order to seek your feedback on our services.
6. Storage and Security
We take reasonable steps to protect your information against misuse, interference, loss, unauthorised access, modification and disclosure including:
- confidentiality requirements are placed on our employees via contracts and policies
- limiting access to information to employees who need to use the information
- educating our employees in relation to obligations under the relevant Federal, State and Territory Acts and legislation and ethical codes of conduct for health practitioners
- document and file storage security policies
- security measures for restricted access to our systems
- deletion, destruction or de-identification of information no longer required by us
Our aim is to ensure that the information we collect and hold about you is current and accurate. Please contact us to update any of your information as per the contact details at the end of this Policy.
If you contact us regarding an apparent inaccuracy in relation to your information and we are satisfied that the information is inaccurate, irrelevant or misleading, we will take reasonable steps to correct it within 30 days, without charge. If we determine that the correction is not required, we will provide you with written notice stating the reasons and refer you to our complaints process.
If we correct any information previously disclosed to a third party, and if it is reasonable to do so, we will notify each such recipient in writing of the correction within a reasonable period and will also notify you that the correction has been made.
8. Access to your Information
You are entitled to access your information. You can do so by lodging a written request by emailing [email protected] or by post to PO Box 597, Milsons Point NSW 1565. Please include your name, address, and the contact number you used to access our services. Please also identify the information you wish to access. If you are requesting the information on behalf of another person, please provide your authority for this.
We may charge a fee to cover our reasonable costs in meeting an access request. You will be provided with access to the information within 30 days of the request (unless exceptional circumstances apply).
We are not required to provide you access to your information if:
- it would be unlawful to do so; or
- denying access is required or authorised by an Australian law or a court/tribunal order; or
- providing it would likely prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
If we do not give you access to your information you will receive written notice that explains the reason for this decision.
Complaints about alleged breaches by us of a relevant Australian Federal, State or Territory Act, legislation related to Information Privacy, or this Policy can be made by contacting the Complaints Officer at:
PO Box 597
MILSONS POINT NSW 1565
Email: [email protected]
Online form: https://www.blueknot.org.au/about-us/compliments-feedback-complaints Telephone: 02 8920 3611
If you do not consider that your privacy complaint has been adequately dealt with by us, you may make a further complaint to the following:
- Office of the Australian Information Commissioner, which has complaint handling responsibilities under the Federal Privacy Act 1988
- the Victorian Health Complaints Commissioner, which has complaint handling responsibilities under the Health Complaints Act 2016 (VIC)
- New South Wales Privacy Commissioner, which has complaint handling responsibilities under the Health Records and Information Privacy Act 2002 (NSW)
- The ACT Health Services Commissioner handles health record privacy complaints in the ACT under the Health Records (Privacy and Access) Act 1997 (ACT)
10. Access to this Policy
This Policy will be reviewed from time to time to take account of new laws and technology, changes to our operations and practices and the changing environment that our organisation operates in.
The most recent version of the Policy is available here on our website or by emailing [email protected].
11. Further Information
If you have any questions about privacy-related issues, please contact the Privacy Officer at [email protected] or 02 8920 3611
For further information about privacy, the protection of privacy and credit reporting can also be found on visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au .
APPs means the Australian Privacy Principles introduced under the Privacy Act.
Information is used in this Policy to describe Personal Information, Sensitive Information and Health Information collectively.
IPP means the Information Privacy Principles under relevant Federal, State or Territory legislation.
Health Information is defined in the Health Records Act 2001 (VIC) and the Health Records and Information Privacy Act 2002 (NSW) as applicable.
HPP means Health Privacy Principle under relevant Federal, State or Territory Act or Legislation.
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Privacy Act means the Privacy Act 1988 (Cth) as amended from time to time.
Sensitive Information is defined in the Privacy Act to include things such as race, sexual orientation, political opinions, members of a trade association or trade union, criminal record or health information.
13. References/Related Documents
- Privacy Act 1988 (Cth)
- Office of Australian Information Commissioner – https://www.oaic.gov.au
- Health Records and Information Privacy Act 2002 (NSW)
- Information and Privacy Commission NSW – https://www.ipc.nsw.gov.au/
- Health and Community Services Complaints Commission Northern Territory – https://www.hcscc.nt.gov.au/
- QLD Office of the Health Ombudsman – https://www.oho.qld.gov.au/
- South Australia Health and Community Services Commissioner – https://www.hcscc.sa.gov.au/
- Health Records Act 2001 (VIC)
- Victoria Health Complaints Commissioner – https://hcc.vic.gov.au/
- Government of Western Australia Health and Disability Services Complaints Office – https://www.hadsco.wa.gov.au/home/
- Health Records (Privacy and Access) Act 1997 (ACT)
- ACT Human Rights Commission – https://hrc.act.gov.au/