Privacy at Help

Purpose

This Public Privacy Policy (Policy) is Help Enterprises Limited’s ACN 009 776 032, ABN 46 479 304 129 (“HELP”) official privacy policy as required by the Privacy Act 1988 (Cth) (the “Act”) and the Australian Privacy Principles (the “APPs”) contained in the Act.

Scope

This Policy applies to all personal information (including sensitive information) about individuals, which HELP and its various business divisions collect, hold, use and disclose.

This Policy explains how HELP manages personal information. This includes:

• the kinds of personal information (including sensitive information) about individuals that we collect;
• how and why we collect that personal information;
• how we use it;
• how we store and protect it;
• the purposes for which we will disclose it; and
• the rights of individuals in relation to their personal information held by us, including the rights of individuals to access and seek correction of their personal information held by us and to complain about a breach of the APPs.

Definitions

Personal Information

Is information or an opinion about an identified individual, or an individual who is reasonably identifiable:

a) whether the information or opinion is true or not; and
b) whether the information or opinion is recorded in a material form or not.

Examples of personal information include:

• name, photo identification
• contact details (e.g. addresses, email addresses, telephone numbers)
• age, gender and ethnicity
• financial information
• health information

Information does not need to have a name attached to it to be ‘personal information’. A person can also be identified if information can be linked with other information to work out who they are or details about them.

Sensitive Information

Is a subset of personal information and is defined as information or an opinion about an individual’s:

• racial or ethnic origin
• political opinions or associations
• religious or philosophical beliefs
• trade union memberships or associations
• sexual orientation or practices
• criminal records
• health or genetic information (e.g. physical and mental disability, use of health services, etc.)
• some aspects of biometric information.

Data Breach

occurs when personal information that an entity holds is subject to unauthorised access or disclosure, or is lost. Data breach may be caused by human error, a failure in information handling systems or by malicious action.

Examples of a data breach include, but are not limited to:

• Unauthorised access to personal information by an employee;
• Inadvertent disclosure of personal information due to human error e.g. sending an email to the wrong person; or
• Loss or theft of a device e.g. (laptops, mobile phone)

Policy Statement

HELP is committed to complying with Commonwealth legislation (the Act and the APPs) that deals with how we may collect, hold and use personal information (including sensitive information) about individuals and to protecting and safeguarding individual’s privacy when they deal with us.

You and Your Information

HELP will only collect and use personal information that is reasonably necessary for one or more of our functions or activities, or as required by law.

HELP is a registered charity whose Mission is to enhance the lifestyle, independence and ambitions of people living with disability (Purposes). All of our activities are undertaken to fulfil these Purposes.

These activities include:

• Providing disability support and care services, including National Disability Insurance Scheme (NDIS) services, social and community support, supported employment, and homing and accommodation;
• Employment services;
• Supply chain services, including warehousing, third-party logistics, assembly, packaging, light manufacturing and recycling;
• Manufacturing services, including Binsafe, Mailsafe and Garagesafe;
• Operating a wholesale nursery business; and
• Operating cafés and catering services.

What kinds of Information to we collect?

We collect, hold, use and disclose personal information. Personal information means “information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.”

The personal information which we collect and use about you will depend on your relationship with us and the services we provide to you.

In order to provide our services, HELP also sometimes needs to collect sensitive information about you.

Sensitive information is a subset of personal information and includes information or an opinion (which is also personal information) about an individual’s: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association membership of a trade union; sexual preferences or practices; criminal record; or health information, which includes such things as information or an opinion about the health (including an illness, disability or injury) of an individual.

Prior to the collection of your sensitive information, HELP will ensure that you are adequately informed as to the reason of collection and that you understand and communicate your consent.

The kinds of personal information that HELP may collect, hold and use in respect of individuals includes:

• Names, including the name/s of carers, parents, legal guardians and next-of-kin;
• Contact details (including those of carers, parents, legal guardians and next-of-kin) and identification information including photo identification;
• Age;
• Gender;
• Ethnicity;
• Nationality;
• Academic history;
• Employment history;
• Health information including: details of any mental conditions or disabilities; prescribed medications; medical conditions; prescribed therapies; assistance required; medical procedures; etc.
• Medicare information;
• Financial information, including information about transactions and trading history with HELP;
• Information about credit history;
• Criminal history.

How Personal Information is Collected

HELP will only collect personal information about you directly from you unless it is unreasonable or impracticable to do so.

For example, sometimes we may need to collect personal information about you from third parties where we need the information to assist us to process an application (such as to verify information you have provided or to assess your circumstances) or to assist us to locate or communicate with you.

Where the information HELP needs to collect is sensitive information, HELP will only collect it with your express consent or the consent of your Legal Guardian.

Some examples of how we collect personal information from individuals include:

• Where an individual completes a Post School Services Program Initial Interview Form, an Application for Registration – Job Seeker Identification Number, or any other application form required to be completed by an individual to enable and/or facilitate services to be provided by us;
• When an individual applies for a job with us;
• Where an individual provides health information to us to enable and/or facilitate services to be provided by us;
• Where an individual contacts HELP, we may keep a record of that communication or correspondence;
• When you contact us online via our web enquiry form on our website, or on one of our social media platforms;
• When applying for and/or establishing and/or accessing an account with us or ordering products or services from us;
• Conducting certain types of transactions such as cheque or credit card purchases, donations or refunds;
• An individual submitting their contact details to be included on our mailing lists;
• When an individual places an order on our web-site to purchase goods or make a donation, we may require the individual to provide us with contact information including their name, address, telephone number or email address and financial information (such as credit card details);
• Purchasing your contact details from a third-party service.

How Personal Information is Used and Disclosed

HELP will only use or disclose your personal information for the purposes for which it was collected (‘the primary purpose’) unless:

• you have consented to a secondary use or disclosure;
• you would reasonably expect us to use or disclose the information for the other purpose which is directly related to the original purpose;
• the use or disclose is required or authorised by law and/or under the Act; or
• a permitted general situation exists in relation to the secondary use or disclosure.

Some examples of how we use or disclose personal information include:

• Processing an application or enrolment form or service request (including verifying a person’s identity, health information, employment history, carer’s assistance required, employment history, Government assistance eligibility);
• Reporting to government agencies and funding bodies regarding the outcomes of our programs and services;
• Communicating with our service providers to provide our services or conduct our activities (for example, insurance providers);
• Processing an application or product order or service request;
• Sending you communications regarding our latest activities e.g. direct marketing;
• Marketing and/or feedback;
• Managing and providing our products and services or other relationships and arrangements, including processing receipts, payments and invoices;
• Assessing and monitoring credit worthiness;
• Detecting and preventing fraud and other risks to us and our customers;
• Responding to inquiries about applications, accounts or other products, services or arrangements;
• Understanding our clients’ and customers’ needs and developing and offering products and services to meet those needs;
• Researching and developing our products and services and maintaining and developing our systems and infrastructure (including undertaking testing);
• Dealing with complaints;
• Meeting legal and regulatory requirements;Various Australian laws may expressly require us to collect/and or disclose personal
  information about individuals, or we may need to do so in order to be able to comply with other obligations under those laws.
• Enforcing our rights, including undertaking debt collection activities and legal proceedings.

There are instances where we may use or disclose your personal and sensitive information without your consent where a permitted general situation exists. For instance, in emergency situations to lessen or prevent a serious threat to your life, health or safety or that of other individuals.

Transfer of Information Overseas

HELP is unlikely to disclose personal information to overseas recipients. Personal information will only be disclosed by HELP to overseas recipients in accordance with Australian Privacy Principle 8, such as where the individual consents to the disclosure or if the disclosure is required by Australian law.

HELP’s website may contain links to other third-party websites that may collect personal information about individuals. We are not responsible for the privacy practices of those third-party businesses and encourage all users to be aware when they leave our site and to read the privacy statements of each website they visit.

Information Security and Storage

HELP is committed to ensuring the security of all personal information (including sensitive information) which we hold of our customers, clients and others who we deal with.

HELP takes all reasonable steps to protect against the loss, misuse, alteration and unauthorised access to or disclosure of personal information under our control. These steps include:

• Holding all personal information in electronic form on secure servers in controlled facilities;
• Ensuring personal information contained in our electronic environment is password protected and only accessible by authorised staff with appropriate clearance levels;
• Holding all hard copy documentation provided to us in safe and secure storage and ensuring it is accessible only to authorised staff;
• Destroying and/or de-identifying all personal information which is no longer required by us or required to be maintained in a secure and safe manner;
• Regularly conducting internal audits and reviews to ensure compliance; and
• Regularly training staff in data handling procedures.

While we strive to protect user’s personal information, HELP cannot ensure or warrant the security of any information transmitted to it or from its online products or services over the internet, and users do so at their own risk. Once HELP receives a transmission, we make every effort to ensure the security of such transmission on our systems.

Access to and Correction of Personal Information

HELP is committed to and takes all reasonable steps in respect of maintaining accurate, timely, relevant, complete and appropriate information about our customers, clients and web-site users.

You may request access to personal information we hold about you by contacting the HELP’ Privacy
Officer:

Help Enterprises’ Privacy Officer
520 Curtin Avenue East
Eagle Farm QLD 4009
Telephone: 07 3868 1765
Email: [email protected]

We may refuse to provide you access to your personal information in some circumstances. For instance:

• If HELP reasonably believes that giving you access would pose a serious threat to the life, health or safety of any individual, or to public health and safety; or
• If the request relates to existing or anticipated legal proceedings between HELP and the individual; or
• If denying access is required or authorised by law.

If we refuse to provide you with access to personal information, we will provide reasons for such refusal and how you can seek review of that decision.

As part of any request by an individual for access to personal information, the individual will need to verify their identity so that HELP may be satisfied that the request for access is being made by and disclosed to the individual concerned. If any of the personal information that HELP holds about you is incorrect, incomplete or out of date, please let us know by contacting HELP’s Privacy Officer.

Complaints

If you have a complaint about a breach of the APPs by HELP in relation to your personal information, please contact the HELP’ Privacy Officer via the details above.

The first step is to lodge your complaint to HELP in writing. HELP takes any complaint regarding the privacy of personal information seriously and will work with you to try to resolve the complaint. We will consider and respond to a written complaint within a reasonable time (usually 30 days).

If your complaint still remains unresolved, you may take your complaint to the Office of the Australian Information Commissioner. The contact details for the Office of the Australian Information Commissioner can be found via its website located at www.oaic.gov.au and are also listed below:

Office of the Australian Information Commissioner
Telephone: 1300 363 992
Email: [email protected]
Facsimile: +61 2 9284 9666

Post:

Sydney Office
GPO Box 5218
SYDNEY NSW 2001

Data Breaches

A data breach occurs where an unknown or unauthorised person gains access to our network or client information, or information is lost in circumstances where unauthorised access or disclosure occurs.

If a data breach relating to your personal information occurs or we suspect one might have occurred, HELP’s Data Breach Response Team will conduct an investigation and take action to reduce or prevent harm the data breach may cause to you.

HELP may take further steps if it determines that the breach will cause serious harm to the individuals affected. If we form the view that any individuals are at risk of serious harm, HELP will notify those individuals through usual means of communicating with them. Where direct notification is not practicable, we will publicise the statement on our website (https://www.helpenterprises.com.au/).

Changes to Public Privacy Policy

If HELP decides to or is required to change its Public Privacy Policy, we will publish the updates on our website so that you are always aware of what information is collected by us, how it is used and the way in which information may be disclosed. Please refer back to this Public Privacy Policy regularly to review any amendments.

Responsibilities

Executives/Head of/Managers

It is the role of Executives/Head of/Managers of the services to:

• Ensure this policy is implemented and monitored;
• Validate its continuing effectiveness (e.g. achieving its purpose and remains relevant/current).

Compliance, Monitoring and Review

• The overall responsibility for the implementation of this Public Privacy Policy resides with Legal Counsel/Privacy Officer;
• All Managers are responsible for the implementation of this policy and associated policies, principles and procedures and ensuring that employees receive training in HELP processes related to this Public Privacy Policy.
• All employees are responsible for complying with this Public Privacy Policy.
• The Legal Counsel/Privacy Officer and Quality, Assurance and Risk team are responsible for monitoring compliance to this Policy and will review the processes prior to the next document review.
• The frequency of planned review of this Public Privacy Policy is annually.

Reporting

No additional reporting required.

Records Management

All records related to this Public Privacy Policy are to be stored in a manner consistent with HELP records management requirements which are consistent with legislative, regulatory and contractual requirements. For any specific records management requirements please refer to associated procedures. Information provided by individuals is protected under the HELP Privacy Policy and is only accessed by those involved directly in managing and/ or providing services.

Related Legislation and Documents

Privacy and Data Legislation:

• Privacy Act (Cth) 1988;
• Information Privacy Act (QLD) 2009
• Right to Information Act (QLD) 2009

Australian Government Guidelines:

• Australian Cyber Security Centre (ACSC) – Information Security Manual (ISM)
• Australian Cyber Security Centre (ACSC) – Essential Eight Maturity Model
• Australian Cyber Security Centre (ACSC) – Strategies to Mitigate Cyber Security Incidents
• Australian Privacy Principles guidelines | OAIC
• Australian Privacy Principles quick reference | OAIC
• Read the Australian Privacy Principles | OAIC

Australian Standards:

• AS/NZS ISO/IEC 27001 – Information Security Management Systems
• AS/NZS ISO/IEC 27002 – Information Security Controls

Contractual Requirements:

• Disability Employment Services (DES) Grant Agreement Disability Employment Services Grant Agreement (dss.gov.au)

HELP related documents:

• Authority to Exchange Information
• Code of Conduct
• Cyber Security Policy
• Data Breach Response Procedure
• Data Breach Policy
• Employee Privacy Policy
• Feedback and Complaints Policy
• Fraud Control and Corruption Prevention Policy
• Information Security Incident Management Manual
• ICT Acceptable Use Policy
• Information Security Policy
• Privacy Consent Form
• Social Media Policy
• Whistleblower Protection Policy

Feedback

Help employees may provide feedback about this document through FOLIO GRC. If further clarification or interpretation of this document is required, please email [email protected]

Approval and Review Details

Version 4.01

Approval Authority: Chief Executive Officer

Edit Authority: Legal Counsel / Privacy Officer / Group Manager, Quality Assurance and Risk

Last Review Date: November 2024

Review Frequency: Annually

Next Review Date: November 2027