Privacy Policy
1. Introduction
We manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This privacy policy applies to information collected by Leading Staff Pty Ltd trading as Heather Hill Group and Heather Hill Home Care.
We only collect information that is reasonably necessary for the proper performance of our activities or functions. We do not collect personal information just because we think it could be useful at some future stage if we have no present need for it. We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems.
By reading the below policy you will be able to find out how we manage your personal information as an APP Entity under the APP. You will also be able to find out about the information flows associated with that information. If you have any questions please do not hesitate to contact us by any of the methods outlined in section 9 below.
1.1 AAP Entity
Leading Staff Pty Ltd manages personal information, as an APP Entity, under the APPs. Because we are frequently contracted to a range of Commonwealth, State and Territory government agencies, it sometimes becomes necessary for us to collect and manage personal information as an Agency under different privacy arrangements. If you wish to know whether this applies to you, please contact us as per section 9 below.
1.2 Information Flows
When we collect your personal information:
- we check that it is reasonably necessary for our functions or activities as a nursing agency and a provider of home care services;
- we check that it is current, complete and accurate. This will sometimes mean that we have to cross-check the information that we collect from you with third parties;
- we record and hold your information in our Information Record System (see section 5.1. below);
- we retrieve your information when we need to use or disclose it for our functions and activities. At that time, we check that it is current, complete, accurate and relevant. This will sometimes mean that we have to cross-check the information that we collect from you with third parties once again, especially if some time has passed since we last checked;
- subject to some exceptions, we permit you access to your personal information in accordance with the APPs (see section 7.1 below);
- we correct or attach associated statements to your personal information in accordance with the APPs (see section 7.2 below);
- we destroy or de-identify your personal information when it is no longer needed for any purpose for
which it may be used or disclosed provided that it is lawful for us to do so. We do not destroy or de-identify information that is contained in a Commonwealth Record.
2. Kinds of information that we collect and hold
Personal information that we collect and hold is information that is reasonably necessary for the proper performance of our functions and activities as a nursing agency and provider of home care services and is likely to differ depending on whether you are a Workseeker, Client or Referee.
2.1 For Workseekers
The type of information we typically collect and hold about Workseekers is information that is necessary to assess amenability to work offers and work availability; suitability for placements; or to manage the performance in work obtained through us and includes:
- your full name, contact numbers, emails addresses, and physical and postal addresses;
- your banking, superannuation, taxation and other miscellaneous general employment information;
- the details of all references provided by Referees (both nominated and otherwise);
- the details of any AHPRA registration, other relevant certifications, training and assessments that you have completed;
- your availability for work and hours worked on specific dates, times and locations;
- the details of any work performance issues, clinical issues and other incidents; and
- the details of any workplace accident or injury, rehabilitation and subsequent investigations and capacity assessments (both formal and informal).
2.2 For Clients
The type of information that we typically collect and hold about Clients is information that is necessary to help us manage the presentation and delivery of our services and includes:
- your full name, contact numbers and email addresses;
- all correspondence with you where relevant to the provision of our services; and
- other miscellaneous background and work history information relevant to maintaining a close professional relationship with you.
2.3 For Referees
The type of information that we typically collect and hold about Referees is information that is necessary to help to make determinations about the suitability of one of our Workseekers for particular jobs or particular types of work and includes:
- details to confirm your identity, current position and employer; and
- details of the reference provided for the Workseeker.
3. Purposes
The purposes for which we collect, hold, use and disclose your personal information are likely to differ depending on whether you are a Workseeker, Client or Referee.
3.1 For Workseekers
Information that we collect, hold, use and disclose about Workseekers is typically used for:
- general recruitment functions;
- statistical purposes;
- worker rehabilitation; and
- statutory compliance requirements.
3.2 For Clients
Personal information that we collect, hold, use and disclose about Clients is typically used for:
- Client relationship management;
- recruitment functions;
- marketing services to you;
- statistical purposes; and
- statutory compliance requirements.
3.3 For Referees
Personal information that we collect, hold, use and disclose about Referees is typically used for:
- confirming your identity and authority to provide a reference;
- assessments of Workseeker suitability for positions; and
- general recruitment functions.
3.4 Our Policy of Direct Marketing
Personal information about Workseekers and Clients may be used to:
- inform them about potential training, educational and networking opportunities available to them, for example, free educational seminars;
- update them on current and upcoming clinical and operational issues and activities, for example, as part of our monthly newsletter; and
- conduct other miscellaneous employee and or business relationship management activities, for example, the posting of birthday cards.
This personal information may also be disclosed to third party providers of postal or email systems where their services are utilised to distribute this material. We will not collect personal information through the use or purchase of customer lists from third parties. Additionally when distributing this material by electronic mail (email) we also ensure that we comply with our obligations under the SPAM Act 2003 (Cth). If you do not consent to us using your personal information in any or all of the above ways then please do not hesitate to contact us as per section 9 below.
4. How your personal information is collected
The means by which we will generally collect your personal information are likely to differ depending on whether you are a Workseeker, Client or Referee.
We sometimes collect information from third parties and publicly availably sources when it is necessary for a specific purpose, such as checking information that you have given us or where you have consented or would reasonably expect us to collect your personal information in this way.
Sometimes the technology that is used to support communications between us will provide personal information to us see the section in this policy on Electronic Transactions in section 4.5 below. Please also see the section on Photos & Images in section 4.4 below.
4.1 For Workseekers
Personal information will be collected from you directly when you fill out and submit one of our application forms or any other information in connection with your application to us for work. Personal information is also collected whenever you communicate with us in relation to your ongoing employment with our organisation.
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. In certain circumstances we may also collect personal information about you through the use of outside consultants and private investigators.
When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs and our Privacy Policy.
4.2 For Clients
Personal information about you may be collected when you provide it to us for business or business related social purposes.
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites.
When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs and our Privacy Policy.
4.3 For Referees
Personal information about you may be collected when you provide it to us in the course of our checking Workseeker references with you and when we are checking information that we obtain from you about Workseekers.
We may also collect personal information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites.
When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs and our Privacy Policy.
4.4 Photos & Images
We will not request that you supply photographs, scan photo ID, or capture and retain video image data of you in cases where simply sighting photographs or proof of identity documents would be sufficient in the circumstances. Notwithstanding this Workseekers will need to provide 100 points of ID including at least one form of photo ID and a photo for their workplace ID card.
4.5 Electronic Transactions
Sometimes, we collect personal information that individual’s choose to give us via online forms or by email, for example when individuals:
- ask to be on an email list;
- register as a site user to access our online services;
- make a written online enquiry or email us through our website;
- submit a resume or application by email; or
- submit information through our website or another website, for example, by responding to a job advertisement.
It is important that you understand that there are risks associated with use of the internet and you should take all appropriate steps to protect your personal information. It might help you to look at the OAIC’s resource on Internet Communications and other Technologies. You can contact us by land line telephone or post if you have concerns about making contact via the internet as per those details contained in section 9 below.
5. How your personal information is held
Personal information is held in our information record system until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.
We take a range of measures to protect your personal information from misuse, interference and loss, and unauthorised access, modification or disclosure.
5.1 Our Information Record System
Our information record system contains both hardcopy and electronic formats. All electronic records are stored on computer servers located in our Brisbane office and are backed up daily. All hardcopy records are kept in lockable filing cabinets in our Brisbane office and offsite at a secure storage facility.
5.2 Information Security
Our information record system implements a range of security measures including in-depth staff training, password protection, scheduled archiving and destruction, and need-to-know policies.
6. Disclosures
We may disclose your personal information for any of the purposes for which it is primarily held or for a lawful related purpose. We may disclose your personal information where we are under a legal duty to do so. Disclosure will usually be either internally, to our Clients, or to Refereees for suitability and screening purposes.
6.1 Related Purpose Disclosures
We outsource a number of services to contracted service suppliers (CSPs) from time to time. Our CSPs may see some of your personal information. Typically our CSPs would include our information technology systems providers, software providers, internet service suppliers, legal and other professional advisors, insurance brokers, loss assessors and underwriters, superannuation fund managers, private investigators, contracted consultants, and background and screening agents.
We take reasonable steps to ensure that terms of service with our CSPs recognise that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach these obligations.
6.2 Cross-Border Disclosures
Some of your personal information may be disclosed to overseas recipients. We cannot guarantee that any recipient of your personal information will protect it to the standard to which it ought to be protected. The costs and difficulties of enforcement of privacy rights in foreign jurisdictions and the impracticability of attempting to enforce such rights in some jurisdictions will mean that in some instances, we will need to seek your consent to disclosure.
The likely countries where this information would be transmitted would be England and America, the type of information would be any related to actual or potential insurance claims and the likely recipients would be insurers and underwriters.
7. Access & Correction
Subject to some exceptions set out in privacy law, you can gain access to your personal information that we hold.
Important exceptions include evaluative opinion material obtained confidentially in the course of our performing reference checks; and access that would impact on the privacy rights of other people. In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that the person who gave us that information is entitled to expect will be observed. We do refuse access if it would breach confidentiality.
For more information about access to your information see our Access Policy below. For more information about applying to correct your information see our Correction Policy below.
7.1 Access Policy
If you wish to obtain access to your personal information you should contact our Privacy Coordinator as per section 9 below.
7.2 Correction Policy
If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting our Privacy Coordinator as per section 9 below.
We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
8. Complaints
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy.
If you are making a complaint about our handling of your personal information, it should first be made to us in writing.
You can make complaints about our handling of your personal information to our Privacy Coordinator as per section 9 below. You can also make complaints to the Office of the Australian Information Commissioner (OAIC) by phone on 1300 363 992, by email at enquiries@oaic.gov.au, by facsimile on 02 9284 9666, by post to GPO Box 2999 Canberra ACT 2601 or any of the other methods outlined on their website here.
Complaints may also be made to the RCSA the industry association of which we are a member. RCSA administers a Code of Conduct for the professional and ethical conduct of its members. The RCSA Code is supported by rules for the resolution of disputes involving members.
Please understand though that the RCSA Code and Dispute Resolution Rules do not constitute a recognised external dispute resolution scheme for the purposes of the APPs; but are primarily designed to regulate the good conduct of the Associations members.
When we receive your complaint:
- We will take steps to confirm the authenticity of the complaint and the contact details provided to us to ensure that we are responding to you or to a person whom you have authorised to receive information about your complaint;
- Upon confirmation we will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy.
- We may ask for clarification of certain aspects of the complaint and for further detail;
- We will consider the complaint and may make inquiries of people who can assist us to established what has happened and why;
- We will require a reasonable time (usually 30 days) to respond;
- If the complaint can be resolved by procedures for access and correction as per sections 7.1 and 7.2 above we will suggest these to you as possible solutions;
- If we believe that your complaint may be capable of some other solution we will suggest that solution to you, on a confidential and without prejudice basis in our response.
If the complaint cannot be resolved by means that we propose in our response, we will suggest that you take your complaint to any recognised external dispute resolution scheme to which we belong or to the Office of the Australian Information Commissioner.
9. Breach of Privacy / Confidentiality
Where it is established that your confidentiality and/or privacy has been breached, we shall initiate our incident management process to investigate this instance. We shall diligently and confidentially deal with your stated complaint, without any bias or discrimination.
“A privacy breach occurs when there is a failure to comply with one or more of the privacy principles set out in the Information Privacy Act 2009 (Qld) (IP Act). Privacy breaches can occur because of a technical problem, human error, inadequate policies and training, a misunderstanding of the law, or a deliberate act.”
We will work with you to determine the information that has been breached and to communicate with you, on the type and extent of the information about you that has been compromised. If you are not satisfied with the outcome of the investigation and the redress provided, then the issue may be escalated as a breach.
The breach shall be reported to the appropriate regulatory authority, not limited to the following:
Office of Information Commissioner QLD
- Office of Australian Information Commissioner
- NDIA / NDIS
- Queensland or Australian Federal Police
10. How to Contact Us
If you wish to obtain access to, correction of or complaint regarding the handling of your personal information you should contact our Privacy Coordinator, Heather Hill, either in person at Level 3, Savoir Faire, 20 Park Road, Milton in the state of Queensland, by phone on 07 3720 9122, by email to heather@Heatherhillgroup.com.au, by facsimile to 07 3720 9244 or by post to PO BOX 932, Toowong QLD 4066 during normal office hours which are 8am to 5pm Monday to Friday except on public holidays.
If you need to contact us about access to, correction of or complaint regarding the handling of your personal information urgently outside normal office hours you should contact our afterhours placement officers on 07 3720 9122 and ask to speak to our Privacy Coordinator, Heather Hill. They will then take all reasonable measures to ensure that Heather Hill returns your call as soon as possible.