Policy Statement

Created: June 2014

Policy Statement 

Kirkbrae respects and upholds individuals’ rights to privacy and rights to their personal information. Consequently, Kirkbrae is committed to protecting the privacy of personal and sensitive information it collects, holds and administers in the process of providing its services. These commitments are undertaken in compliance with the Australian Privacy Principles prescribed in the Commonwealth Privacy Act 1988. 


Kirkbrae will collect personal information (as well as any health or other sensitive information) with the individual’s consent (or that of their valid substitute decision maker) that is necessary for the best possible care and service provision. When collecting personal information individuals will be informed as to the reasons for its collection, the way it will be used and that their information is available to them on request. The matters an organisation is required to inform an individual of when the organisation collects their personal information include: 

  • How to contact Kirkbrae 
  • The purpose(s) of the collection 
  • Any collections from third parties 
  • Consequences of non-collection 
  • Complaint handling process 
  • Potential overseas disclosure 

Use and Disclosure 

Kirkbrae will only use personal information for the purpose/s indicated at the time of collection, unless: 

  • consent has been obtained; 
  • the purpose is directly related to the purpose indicated at the time of collection; 
  • there is a serious threat to someone’s life, health or safety; 
  • there is suspected unlawful activity, or serious misconduct involving the functions or activities of Kirkbrae, or it is reasonably necessary for the functions or activities of Kirkbrae to be carried out; 
  • it is required or authorised by law or court/legal proceedings; or 
  • an individual is incapable of giving or communicating consent and personal information is required to be given to a ‘responsible person’ for the necessary provision of appropriate care or treatment or for compassionate reasons. 

There may be occasions where personal information is used for direct mailing purposes. There is the opportunity on the Kirkbrae consent form and each direct mail out for individuals to opt out of having their information used for this purpose. 

Data Quality 

Kirkbrae will endeavour to ensure that personal information collected is relevant, accurate, complete, and up-to-date for the purpose for which it is to be used, both at the time of collection and use. At the time of first collecting the information it is assumed to be accurate, complete and up-to-date, unless there is other information to suggest that it is not. Personal information will be routinely updated where it is necessary to use or disclose that information. 

Data Security 

Kirkbrae will strive to ensure the security, integrity, and privacy of personal and sensitive information and periodically review and update our security measures in relation to current technologies. Kirkbrae will retain information in line with its statutory obligations and its record retention policies. When information is no longer required or relevant it will be destroyed and de-identified in a secure manner. 

Kirkbrae is aware of the amendments to the Privacy Act 1988 which took effect in February 2018 and introduce a mandatory notification procedure for data breaches. 

Kirkbrae is bound by the Australian Privacy Principles and will report any instances where there is an eligible data breach. Kirkbrae will notify the Office of the Australian Information Commissioner (OAIC) and any parties who are at risk because of the breach. 

An eligible data breach is either: 

  • unauthorised access or disclosure of information that a reasonable person would conclude is likely to result in serious harm to any individuals to whom the information relates; or 
  • information that is lost in circumstances where unauthorised access or disclosure of information is likely to occur and it can be reasonably concluded that such an outcome would result in serious harm to any of the individuals to whom the information relates. 


As well as this Privacy Policy, Privacy and Consent Client Information is available to clients of Kirkbrae residents, authorised representatives and employees in our aged care facilities which specifically details the type of personal and sensitive information that may be collected and the ways in which it will be used or disclosed. Kirkbrae has a nominated Privacy Officer to assist with privacy queries. See contact details below. 

Access and Correction 

If requested within a reasonable timeframe, an individual will be provided access to any personal information held about them, unless: 

  • it is unlawful to provide the information; 
  • it poses a serious threat to the life or health of any individual; 
  • it has an unreasonable impact upon the privacy of other individuals; 
  • the request is frivolous or vexatious; or 
  • access is otherwise exempt under the Australian Privacy Principles. 

In order to provide clarity and a record of the request it is preferred that requests for access to personal and sensitive information not already available are made in writing to the relevant Kirkbrae Service Manager. Kirkbrae will take all reasonable steps to assess and correct any personal information that is believed to be inaccurate, incomplete or out-of-date. A fee may be charged to third parties to cover the costs of copying documents or for staff time to discuss the information. 


Kirkbrae will identify individuals (including clients and staff) by a unique identifier assigned internally by Kirkbrae by consent. Kirkbrae may, however, retain a record of other external personal identifiers that are required to provide services, coordinate with other care agencies, or otherwise fulfil service, operational, or reporting obligations for the purposes of your care. 


Where lawful and practicable, Kirkbrae allows people to participate in activities anonymously or under a pseudonym (e.g. when completing evaluation forms, opinion surveys or when making a donation. 

Overseas Data Flows 

Kirkbrae will not transfer personal or sensitive information to third parties outside Australia unless authorised by law and the individual’s consent has been obtained permitting the transfer or other provisions of this Australian Privacy Principle apply. 

Internet and Email 

Kirkbrae uses an electronic care management system to record, plan and manage the care of residents. This software is hosted on secure servers that are maintained by the company providing the software (Leecare solutions Pty ltd). 

Kirkbrae’s internal network of computers is secured by quality antivirus / malware software and is maintained by a specialist IT company (Invoteck Pty Ltd). 

All staff are responsible for the appropriate use and management of personal information to which they have access. Access to various levels of information is controlled individually or according to the staff member’s role. Roles and individual access is managed within the electronic system by the Facility Manager and Quality Manager, who authorise the level of access accordingly. 

Research or government reporting 

For government reporting and other research purposes such as the National Quality Indicator program, information will be de-identified and the privacy of the individual maintained at all times. 

Kirkbrae collects personal information and makes use of cookies* in its websites. However this is only used to log the following information for statistical purposes: 

  • the number of page hits; 
  • the number of unique sessions as identified by server address and top-level domain name (e.g. .com, .gov, .org, etc.); 
  • the pages accessed or downloaded by session; and 
  • the type of browser being used. 


A cookie is a small piece of data which is sent from Kirkbrae’s web server to your web browser when you visit the Kirkbrae website. The cookie is stored on your machine as a historical identifier and is used for interactive features and remembering your preferences and settings. When you access our secure online services we may also use cookies for security purposes to: 

  • help identify you during your secure session; 
  • time your session so you will be logged off if you are not using the service for a specified time period; and 
  • maintain an audit trail of your secure session. 

Kirkbrae cookies are not used to collect personal information for any other purpose. Most internet browsers accept cookies by default. You can specify the use of cookies by configuring the preferences and options in your browser and/or firewall. If you choose to disable cookies, you will still be able to access most of the content on the Kirkbrae website; however some interactive features may become unavailable. 

Email addresses 

We strive to be efficient with the funding that has been entrusted to us. As email can be sent more economically than postal mail we give our donors, supporters, clients, residents, staff and stakeholders the opportunity to supply their email address and to consent to Kirkbrae using the given addresses. 


Although we will securely maintain information you provide to us, this site does not provide facilities for the secure transmission of information across the Internet. You should be aware that there are inherent risks in transmitting information across the Internet. If you have concerns about submitting information using the electronic forms available on this site, please use the alternate postal addresses provided with each service to write to us at Kirkbrae. 

Links to other websites 

This site contains links to other sites. We are not responsible for the content or the privacy practices of other web sites and we encourage you to examine each website’s privacy policy. 


Links to external websites are provided as an information service only and should not be construed as an endorsement of any associated organisation, product or service. Conversely, omissions should not be construed as non-endorsement. Although care has been taken to provide links to suitable material from this site, no guarantee can be given about the suitability, completeness or accuracy of any of the material that this site may be linked to or other material on the Internet. 

Kirkbrae cannot accept any responsibility for the content of material that may be encountered. 

Further, Kirkbrae cannot accept any liability if sites referred to or services offered in this homepage are not available at any particular time. 

Use of images on this site 

Every effort is made to obtain permission from subjects and owners prior to the use of images on this website. However, if an image raises concerns please contact Kirkbrae through the Enquiry form. All images used on this website are the property of Kirkbrae. You are requested not to copy or use them without the express written permission of Kirkbrae. 


If an individual believes that Kirkbrae has breached any aspect of its privacy policy a complaint may be lodged either with the relevant Kirkbrae Service Manager or Kirkbrae Privacy Officer. If the complaint is not addressed to the individual’s satisfaction, or they do not wish to deal with Kirkbrae in the first instance, they have the opportunity to direct the issue to the Commonwealth Government’s Information Commissioner. Kirkbrae will work with the Commissioner and the individual to resolve the issue. 

Policy Review 

This policy will be reviewed in line with Kirkbrae’s policy review practices and any necessary changes will be posted to our website. 

Further Questions 

Any questions about this policy can be directed to the: 

Kirkbrae Privacy Officer 
794 Mount Dandenong Road Kilsyth VIC 3137 
Ph. 03 9724 5200 
Email: [email protected] 

You can download a copy of our privacy policy here.


Book a tour