Peak Plan Management is committed to providing quality services. Your right to privacy and confidentiality will be recognised, respected, and protected in all aspects of your contact with us. This Policy outlines our ongoing obligations to you in respect to how we manage your Personal Information.
Peak Plan Management Privacy Statement Policy has been developed to ensure that such information is handled and protected appropriately and in accordance with the 13 Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Act’).
This policy applies to any individuals whose personal information that we may hold or collect. This includes:
- Contractors, Suppliers of goods or services or Consultants
- A person’s information provided by third parties
- A person who is seeking employment with Peak Plan Management
What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include:
- Names, addresses and email addresses
- Phone numbers
- Personal Information includes Health Information, which is information about the physical or mental health or disability of an individual.
We collect your Personal Information in various ways including
- By telephone
- By email
- Third parties
- Via our website
- Other publicly available sources and
- Engaging contractors, and other personnel
Peak Plan Management will only request and retain Personal Information that is necessary to:
- Assess your eligibility for a service
- Provide a safe and responsive service
- Monitor the services provided; and
- Fulfill contractual requirements to provide non-identifying data and statistical information to a funding body.
When we collect Personal Information, we will explain to you why we are collecting the information and how we plan to use it.
In handling your personal information, we will comply with the Privacy Act 1988 (Cth) (Privacy Act) and with the thirteen Australian Privacy Principles in the Privacy Act.
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances, we may be provided with information by third parties (such as other disability support services).
Disclosure of Personal and Sensitive Information
Your Personal Information will only be disclosed:
- For the purposes communicated to you at the time we collect your Personal Information;
- To prevent or lessen a serious and imminent threat to the life or health of you or another person;
- To outside agencies with your or your representative’s permission.
- With written consent from a person with lawful authority; or
- When required by law, or to fulfil legislative obligations such as mandatory reporting.
Disclosing your personal and sensitive information:
We will not give your personal information to government agencies, private sector organisations, or anyone else unless you consent or one of the following exceptions applies:
- You would reasonably expect us to use the information for that other purpose;
- It is legally required or authorised, such as by an Australian law, or court or tribunal order;
- Where such information is formally requested by regulatory bodies, government agencies and law enforcement bodies, including the department of human services, the NDIA or the NDIS quality and safeguards commission;
- We reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety; or
- We have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in, and we reasonably believe that it is necessary for us to take appropriate action in relation to the matter.
Do we disclose your personal information to anyone outside of Australia?
We may disclose your personal information (including sensitive information) to:
- our employees and third-party contractors (including information technology suppliers and business partners located in Australia and overseas, who help us conduct our business);
- third parties authorised by you (generally, this will be with your consent) to receive information held by us. This may include to someone with responsibility for you (such as your parent or guardian); and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, or authorised by applicable law (including the NDIS Act, or policy requirements of the NDIA).
Other than third parties and as required by applicable law, Peak Plan Management will seek written consent or verbal consent to obtain or release any information about you to or from an external party (e.g. to speak to other support providers) in accordance with these four provisions. You may grant or withhold consent at your discretion, but if the Consent is not obtained, we may ask the person seeking information to liaise directly with you or your nominated person.
Sharing your Personal Information
We may disclose Personal Information to third party contractors, who help us conduct our business. In addition, we may disclose your Personal Information to other providers or a support coordinator that provides goods, services or other support to you as part of your plan. Where information is shared with these third parties, we will take all reasonable steps to ensure that third parties observe the confidential nature of such information and are prohibited from using or disclosing such information beyond what is necessary to assist us.
Other than third party contractors, providers or your support coordinator, Peak Plan Management will seek written consent from the participant to release any information about them to an external party.
Security and Destruction of Personal Information
Your Personal and Health Information is stored in a manner that reasonably protects it from misuse and loss and unauthorized access, modification or disclosure.
When your Personal and Health Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify it.
We will retain and dispose of your Personal and Health Information in accordance with the State Records Authority of Victoria’s Functional Retention and Disposal Authority: FA306.
We safeguard our IT systems against unauthorised access and ensure that paper-based files are secured. We also ensure that access to your personal or sensitive information within our systems is only available to our staff who need to have access to do their work, and to people that you have authorised access to the information available.
If a data breach occurs, such as if personal or sensitive information that we hold is subject to unauthorised loss, use or disclosure, we will respond in line with the Office of the Australian Information Commissioner’s Data breach notification process. We will aim to provide timely advice to you to ensure both we and you are able to manage any potential harm or loss, financial or otherwise, that could result from the breach.
Access to your Personal Information
You may access the Personal or Health Information we hold about you, to update or correct it, subject to certain exceptions. If you wish to access your Personal or Health Information, please speak to a staff member.
To protect your Personal or Health Information we may require identification from you before releasing the requested information.
You have the right to:
- request access to the personal information we hold about you
- access this information; and
- make corrections if you consider the information is not accurate, complete or up to date
However, access may be denied in part or total where:
- the request is frivolous or vexatious;
- providing access would have an unreasonable impact on the privacy of other individuals;
- providing access would be likely to prejudice an investigation of possible unlawful activity;
- providing access would pose a serious and imminent threat to the life or health of any individual; and
- denying access is required or authorised by or under law.
We aim to address all requests to access or correct information within 2 working days. We will not charge any fee for your access request.
Maintaining the Quality of your Personal Information
It is important to us that your information is up to date. We will take all reasonable steps to make sure that your Personal Information is accurate and complete. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Peak Plan Management Privacy and Confidentiality and Records and Information Management Policies and Procedures will be formally reviewed at least annually. Formal reviews will include participant, staff and other stakeholder feedback. Peak Plan Management may alter this policy from time to time, the site should be accessed to ensure that the policy is the current version. Employees should not rely on printed documents without checking the current status of this Policy.
If you have any queries or complaints about our Privacy Statement, please contact us at:
Peak Plan Management
Jo Debrincat – General Manager
People & Culture email@example.com
Shop 9,73 Victoria Street, Bakery Hill,3354