Privacy Policy

Privacy Policy

St Anthony’s Family Care (SAFC) respects every person’s right to privacy, dignity and confidentiality and operates in accordance with the Australian Privacy Principles under the Commonwealth Privacy Act 1988 (Cth) (the “Privacy Act”). This Privacy policy provides information about how SAFC collects and handles information; and how SAFC’s stakeholders can enquire or provide feedback on how personal information is being used.


SAFC is committed to protecting and securing the privacy and confidentiality of personal information. SAFC does not sell, rent, or trade the information that is collected. SAFC maintains the necessary internal controls to ensure that information is secure. If at any time further information is required about SAFC’s policy, there are concerns about how individual details are stored and used, or there are suggestions on how SAFC can improve practices, please let contact SAFC to discuss.


This privacy policy provides information about how SAFC manages the personal information collected, held, used, and disclosed. In short, any personal information collected by SAFC is covered by this policy, so it’s important to that the following information is easy to understand.
SAFC will review this policy every three years or where there may be changes to legislation.
This policy publicly available on our website.


Types of information collected
SAFC collects personal information that is necessary for the delivery of services and helps us to engage with each stakeholder. If you do not wish to provide some or all of the personal information requested, SAFC may not be able to do what was intended by collecting your personal information, for example, we may not be able to manage or provide you with supports/services, process your donation, progress your employment application or respond to your queries.


The nature of personal information collected by SAFC generally comprises of the following:
• an individual’s name and contact details (including address, phone, fax, and email.)
• date of birth
• gender
• financial information (eg. bank account or credit card details)
• details of donors’ donation history, emails, letters, and other interactions with SAFC
• the names, contact information and employment and academic history of potential staff or volunteers
• the names and email addresses of persons who subscribe to our emails.
• sensitive information of our staff, Board members and volunteers or prospective staff and volunteers, including completed police checks and medical information. (Sensitive information may be defined as racial or ethnic origin, political opinion, religious affiliations, philosophical views, sexual preferences, criminal record, health, or disability).

How information is collected
SAFC collects personal information from you by various methods including (but not limited to) the following:
• when you access and use our website.
• when you contact us by telephone, letter or email.
• by contracting with us or completing in-take forms.
• when you make payments via our payment gateway.
• by completing surveys, providing feedback or complaints to us.
• when you agree to support us through donations or by other means.


Where reasonable and practical, SAFC will collect your personal information only directly from you. However, SAFC will also collect information about you from third parties including but not limited to other individuals and companies, health professionals, social and community workers and the government, with your consent or as legally required.


If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us, as SAFC may collect, use, and disclose that information as outlined in this policy.


If you wish, you can remain anonymous or use a pseudonym when you contact us and if you make a donation. We will respect your anonymity. If you choose not to provide us with your personal information, we may not, for example, be able to provide you with an official tax-deductible receipt or a letter of thanks or assist you fully with your query or complaint.

SAFC Policy Privacy of Personal Information & Data
Why information is collected and how it is used
We do not sell, rent, or trade the information we collect. SAFC may use and disclose your personal information for the primary reason for which it is collected.
We will only disclose certain information if the disclosure is required or authorised by law, or the disclosure is necessary for the business of SAFC.


You consent to SAFC, its contractors, employees, volunteers, agents, and third-party service providers using and disclosing your personal information for the primary purpose for which it was collected or for:
• verifying your identify.
• communications.
• your actual or possible work placement.
• service delivery.
• our management of any complaint, feedback, investigation, or inquiry in which you are involved.
• any insurance claim or proposal that requires disclosure of your personal or sensitive information.
• fees and transactions.
• fund raising, including processing donations, providing receipts and the administration and management of donations.
• send to you information about SAFC including newsletters, updates, and information on appeals.
• update you if we have information that may affect your support.
• the administration of SAFC’s business operations.
• research.
• government funding requirements and legal obligations.

Direct Marketing and Fundraising
SAFC keeps the personal information we collect through service delivery separate from our supporter database. We identify our donors and supporters through fundraising and marketing, and do not directly market to the people we support unless they have elected to be on our supporter database.
From time-to-time SAFC may use the personal information of donors and supporters to provide you with current information about our current services, special offers you may find of interest, changes to our organisation, or new services being offered by us. SAFC may also use your personal information as part of our fundraising initiatives. By providing SAFC with your personal information, you consent to us using your information to contact you on an ongoing basis for these purposes, including by mail, email, SMS, social media, and telephone.


Opting Out
If you wish to opt out of communications you are currently receiving, contact SAFC on enquiries@safc.org.au, call us on (02) 9747 5782 or mail us at 11 Monash Parade, Croydon NSW 2132.


Storage and protection of information and data
SAFC takes all necessary steps to keep your information secure, however due to the nature of the internet, SAFC cannot provide any guarantee or warranty regarding the security of your personal information during transmission to or by us, or storage by us, and you acknowledge that you disclose your personal information to SAFC at your own risk.
SAFC takes all reasonable steps to protect all of the personal information SAFC and third-party service providers store from misuse, interference, and loss, and from unauthorised access, modification or disclosure. Personal information is stored for the required timeframes in accordance with the applicable legislative requirements, and when the information is no longer needed for any purpose for which the information may be used or disclosed, it will be destroyed or permanently de-identified.

SAFC may store data in:
• electronic information management systems.
• web or cloud-based platforms.
• internal server storage.
• hard-copy files in locked cabinets.
• external server data storage used by SAFC approved software systems.
• contracted third party database storage or cloud hosting services in Australia or overseas.


We engage third party data storage and cloud-based application providers that may transfer personal information outside Australia to countries whose privacy laws may not provide the same level of protection as Australia’s privacy laws. When engaging third party offshore data storage or cloud-based application providers, SAFC will take reasonable steps through our contract and agreement arrangements to try and make sure they are compliant with Australian Privacy Principles and the Australian Privacy Act. By providing SAFC with your personal information, you give consent to us disclosing your information to entities located outside Australia and, when permitted by law, to do so.
Hard copy information is stored in our offices when not in active use for the delivery of a service, which are secured to prevent entry by unauthorised people.


Purchases, donations, or payments made to SAFC using our online system are secured by encryption.
Disclosure of information and data relating to the people we support
At the commencement of a service or a support with SAFC we will ask for consent to release information to the relevant funding bodies, government or partnering organisations as detailed in the relevant SAFC procedure.


In the course of providing our services, we may disclose your personal information to:
• companies and contractors retained to provide services for us, such as IT developers, lawyers, consultants, and auditors, who will need to have access to your personal information to provide those services; and
• other individuals or companies consented to by you.
This consent will be updated whenever the intended use of the information needs to change. Consent to disclose information can be changed or revoked at any time by notifying SAFC in writing.
SAFC may disclose de-identified data to meet regulatory obligations or for other purposes (for example statutory reporting, research, or quality assurance).
On occasion, SAFC is required or authorised by law to disclose your personal information. For example:
• the service user has a notifiable disease or there is some statutory notification requirement (for example, notification of a case of child abuse);
• a court or other agency authorised by statute has issued a subpoena for specific information; or
• SAFC is seeking information or has been requested to provide information under State or National legislation.

Managing actual or potential privacy breaches
SAFC regularly reviews its data security systems and those of any engaged third-party providers to ensure that all data is kept secure and confidential according to the Australian Privacy Principles. In the unlikely event of a breach of SAFC’s data security, SAFC will work promptly to reduce the risk of exposure to your information and inform the relevant stakeholders who provided the information as to the potential or actual breach. SAFC reports privacy and data breaches to the relevant regulatory bodies, including the Office of the Australian Information Commissioner for Notifiable Data Breaches, as required by the type of service and location the service is provided.


Keeping your information accurate
SAFC aims to ensure that the personal information we hold about you is accurate, complete, up-to-date, relevant, and not misleading. However, the accuracy of this information is largely dependent on the information you provide.
To assist us with this, please contact us if you are aware of any changes required to your personal information.


Even if you don’t contact us, if we are satisfied that, having regard to the reasons for which we hold your personal information, that personal information is inaccurate, incomplete, out-of-date, irrelevant, or misleading, we may take reasonable steps to correct that information.


Contacting us
Please contact us if:
• you have any queries in relation to the privacy policy of SAFC;
• you would like to know what personal information SAFC holds about you and how you can gain access to it, or you would like to correct or update it; or
• you believe that your privacy has been breached, or if you believe that SAFC has breached the Australian Privacy Principles or the Privacy Act, and you wish to make a complaint.


Enquiries and complaints
We want to hear from you. Enquiries or concerns about privacy matters, including complaints about how SAFC handles personal information and concerns that SAFC has breached the Australian Privacy Principles, should be made in writing as detailed below under the heading “Contact us”.
SAFC will respond to all enquiries as quickly as possible. An acknowledgement of the receipt of a complaint will be made by letter, email, or phone call within 14 days of making the complaint. An investigation of the complaint will be undertaken and SAFC aims to resolve the issue within 28 days. You will be informed of the outcome of the complaints and the reasons for the decision.
If you would prefer to deal with us anonymously, you are not required to provide your personal information to us unless we are required by law to deal with individuals who have identified themselves or it is impractical for us to deal with individuals who have not identified themselves.
If you are not satisfied with how we have handled your matter, you may wish to contact the Office of the Australian Information Commissioner via the contact details listed on
Lodge a privacy complaint with us | OAIC

If you wish to make a complaint about our privacy practices, please submit a written complaint by email to enquiries@safc.org.au or by post to: 11 Monash Parade Croydon NSW 2132

External Framework
The Privacy of Personal Information and Data policy illustrates SAFC’s adherence to the:
• NDIS Practice Standards (2018) and NDIS Code of Conduct, specifically within the NDIS Practice
Standards and Quality Indicators:
• Core Module: 1. Rights and Responsibilities, under the relevant Outcomes.
• Core Module: 2. Provider Governance and Operational Management, under the relevant Outcomes.
• Core Module: 3. Provision of Supports, under the relevant Outcomes.
• Core Module: 4. Support Provision Environment, under the relevant Outcomes.
• Supplementary Module: 2. Specialist Behaviour Support Module, under the relevant Outcomes.
• Supplementary Module: 2a. Implementing Behaviour Support Plans, under all Outcomes.
• Supplementary Module: 3. Early Childhood Supports, under the relevant Outcomes.
• Supplementary Module: 4. Specialist Support Coordination, under the relevant Outcomes.
• Disability Standards for Education (2005), specifically:
• Part 8: Standards for Harassment and Victimisation.
• NESA Registered and Accredited Individual Non-government Schools (NSW Manual), specifically: 3.
Requirements for Registered Non-government Schools, under requirements for Safe and Supportive
Environments.
• Standards for Registration and Review of Registration of Schools in South Australia, specifically the relevant quality related criteria for: o Standard 1 School Governance.
• Standard 3 Student Safety, Health, and Welfare.
• Education and Care Services National Regulations


Critical Definitions
SAFC Stakeholders – are organisations and individuals with whom SAFC regularly interacts, namely:
• people wanting to / or choosing to access SAFC services
• governments
• donors and supporters
• SAFC staff
Data – refers to personal information, including sensitive information that is collected, stored, used, or disclosed digitally.
Personal Information – is any information or an opinion about an identified or reasonably identified person, regardless of if the information is true or is stored in a material form. This can be identifying information (for example, name, contact details, etcetera) and may include sensitive information, which is given additional protection in the Privacy Act (for example, information regarding a person’s health, political, philosophical, or religious beliefs and affiliations, sexual orientation and practices, criminal record, etcetera).
Privacy – protection from unwanted actions or unauthorised disclosure or use of personal information (including sensitive information) that is collected, stored, used or disclosed in any hardcopy, digital or immaterial form.


Legislation References
• National Australian Education Act 2013 (Cth)
• Disability Services Act 1986 (Cth)
• Disability Standards for Education 2005 (Cth)
• Freedom of Information Act 1982 (Cth)
• National Disability Insurance Scheme Act 2013 (Cth)
• National Disability Insurance Scheme Amendment (Quality and Safeguards Commission and other measures) Bill 2017 (Cth)
• Privacy Act 1988 (Cth)
• Privacy Amendment (Enhancing privacy protection) Act 2012 (Cth)
• Privacy Amendment (Notifiable data breaches) Act 2017 (Cth)
• Privacy Amendment Act (Private Sector) Act 2000 (Cth)
• Spam Act 2003 (Cth)
• New South Wales – Children and Young Persons (Care and Protection) Act 1998 (NSW) Community Services (Complaints, Reviews and Monitoring) Act 1993 (NSW) Education Act 1990 (NSW) Health Records and Information Privacy Act 2002 (NSW) Health Services Act 1997 (NSW) Privacy and Personal Information Protection Act 1998 (NSW)

Authorised by

Joanna Najdzion
Chief Executive Officer