Created: June 2014
Kirkbrae respects and upholds individuals’ rights to privacy and rights to their personal information. Consequently, Kirkbrae is committed to protecting the privacy of personal and sensitive information it collects, holds and administers in the process of providing its services. These commitments are undertaken in compliance with the Australian Privacy Principles prescribed in the Commonwealth Privacy Act 1988.
Kirkbrae will collect personal information (as well as any health or other sensitive information) with the individual’s consent (or that of their valid substitute decision maker) that is necessary for the best possible care and service provision. When collecting personal information individuals will be informed as to the reasons for its collection, the way it will be used and that their information is available to them on request. The matters an organisation is required to inform an individual of when the organisation collects their personal information include:
- How to contact Kirkbrae
- The purpose(s) of the collection
- Any collections from third parties
- Consequences of non-collection
- Complaint handling process
- Potential overseas disclosure
Use and Disclosure
Kirkbrae will only use personal information for the purpose/s indicated at the time of collection, unless:
- consent has been obtained;
- the purpose is directly related to the purpose indicated at the time of collection;
- there is a serious threat to someone’s life, health or safety;
- there is suspected unlawful activity, or serious misconduct involving the functions or activities of Kirkbrae, or it is reasonably necessary for the functions or activities of Kirkbrae to be carried out;
- it is required or authorised by law or court/legal proceedings; or
- an individual is incapable of giving or communicating consent and personal information is required to be given to a ‘responsible person’ for the necessary provision of appropriate care or treatment or for compassionate reasons.
There may be occasions where personal information is used for direct mailing purposes. There is the opportunity on the Kirkbrae consent form and each direct mail out for individuals to opt out of having their information used for this purpose.
Kirkbrae will endeavour to ensure that personal information collected is relevant, accurate, complete, and up-to-date for the purpose for which it is to be used, both at the time of collection and use. At the time of first collecting the information it is assumed to be accurate, complete and up-to-date, unless there is other information to suggest that it is not. Personal information will be routinely updated where it is necessary to use or disclose that information.
Kirkbrae will strive to ensure the security, integrity, and privacy of personal and sensitive information and periodically review and update our security measures in relation to current technologies. Kirkbrae will retain information in line with its statutory obligations and its record retention policies. When information is no longer required or relevant it will be destroyed and de-identified in a secure manner.
Kirkbrae is aware of the amendments to the Privacy Act 1988 which took effect in February 2018 and introduce a mandatory notification procedure for data breaches.
Kirkbrae is bound by the Australian Privacy Principles and will report any instances where there is an eligible data breach. Kirkbrae will notify the Office of the Australian Information Commissioner (OAIC) and any parties who are at risk because of the breach.
An eligible data breach is either:
- unauthorised access or disclosure of information that a reasonable person would conclude is likely to result in serious harm to any individuals to whom the information relates; or
- information that is lost in circumstances where unauthorised access or disclosure of information is likely to occur and it can be reasonably concluded that such an outcome would result in serious harm to any of the individuals to whom the information relates.
Access and Correction
If requested within a reasonable timeframe, an individual will be provided access to any personal information held about them, unless:
- it is unlawful to provide the information;
- it poses a serious threat to the life or health of any individual;
- it has an unreasonable impact upon the privacy of other individuals;
- the request is frivolous or vexatious; or
- access is otherwise exempt under the Australian Privacy Principles.
In order to provide clarity and a record of the request it is preferred that requests for access to personal and sensitive information not already available are made in writing to the relevant Kirkbrae Service Manager. Kirkbrae will take all reasonable steps to assess and correct any personal information that is believed to be inaccurate, incomplete or out-of-date. A fee may be charged to third parties to cover the costs of copying documents or for staff time to discuss the information.
Kirkbrae will identify individuals (including clients and staff) by a unique identifier assigned internally by Kirkbrae by consent. Kirkbrae may, however, retain a record of other external personal identifiers that are required to provide services, coordinate with other care agencies, or otherwise fulfil service, operational, or reporting obligations for the purposes of your care.
Where lawful and practicable, Kirkbrae allows people to participate in activities anonymously or under a pseudonym (e.g. when completing evaluation forms, opinion surveys or when making a donation.
Overseas Data Flows
Kirkbrae will not transfer personal or sensitive information to third parties outside Australia unless authorised by law and the individual’s consent has been obtained permitting the transfer or other provisions of this Australian Privacy Principle apply.
Internet and Email
Kirkbrae uses an electronic care management system to record, plan and manage the care of residents. This software is hosted on secure servers that are maintained by the company providing the software (Leecare solutions Pty ltd).
Kirkbrae’s internal network of computers is secured by quality antivirus / malware software and is maintained by a specialist IT company (Invoteck Pty Ltd).
All staff are responsible for the appropriate use and management of personal information to which they have access. Access to various levels of information is controlled individually or according to the staff member’s role. Roles and individual access is managed within the electronic system by the Facility Manager and Quality Manager, who authorise the level of access accordingly.
Research or government reporting
For government reporting and other research purposes such as the National Quality Indicator program, information will be de-identified and the privacy of the individual maintained at all times.
- the number of page hits;
- the number of unique sessions as identified by server address and top-level domain name (e.g. .com, .gov, .org, etc.);
- the pages accessed or downloaded by session; and
- the type of browser being used.
- help identify you during your secure session;
- time your session so you will be logged off if you are not using the service for a specified time period; and
- maintain an audit trail of your secure session.
We strive to be efficient with the funding that has been entrusted to us. As email can be sent more economically than postal mail we give our donors, supporters, clients, residents, staff and stakeholders the opportunity to supply their email address and to consent to Kirkbrae using the given addresses.
Although we will securely maintain information you provide to us, this site does not provide facilities for the secure transmission of information across the Internet. You should be aware that there are inherent risks in transmitting information across the Internet. If you have concerns about submitting information using the electronic forms available on this site, please use the alternate postal addresses provided with each service to write to us at Kirkbrae.
Links to other websites
Links to external websites are provided as an information service only and should not be construed as an endorsement of any associated organisation, product or service. Conversely, omissions should not be construed as non-endorsement. Although care has been taken to provide links to suitable material from this site, no guarantee can be given about the suitability, completeness or accuracy of any of the material that this site may be linked to or other material on the Internet.
Kirkbrae cannot accept any responsibility for the content of material that may be encountered.
Further, Kirkbrae cannot accept any liability if sites referred to or services offered in this homepage are not available at any particular time.
Use of images on this site
Every effort is made to obtain permission from subjects and owners prior to the use of images on this website. However, if an image raises concerns please contact Kirkbrae through the Enquiry form. All images used on this website are the property of Kirkbrae. You are requested not to copy or use them without the express written permission of Kirkbrae.
This policy will be reviewed in line with Kirkbrae’s policy review practices and any necessary changes will be posted to our website.
Any questions about this policy can be directed to the:
Kirkbrae Privacy Officer
794 Mount Dandenong Road Kilsyth VIC 3137
Ph. 03 9724 5200