Privacy
Introduction
The Privacy Act 1988 (‘the Privacy Act’) requires entities bound by the Australian Privacy Principles (APPs) to have a privacy policy. This privacy policy outlines the way Diabetes Qualified handles personal information. Diabetes Qualified also has a summarised privacy policy.
The specific legal obligations of Diabetes Qualified when collecting and handling your personal information are outlined in the Privacy Act, in particular in the APPs found in that Act. We will update this privacy policy when our information handling practices change.
Collection of your personal information
We always try only to collect and hold information that we need for a particular function or activity.This may include collecting information for Marketing; Tailoring and providing communications; eLearning courses Health Programs; Services; Research; and Volunteering.
The kinds of information we may collect or hold include your name, gender, date of birth, lifestyle information, postal address, residential address, email address, phone number, credit card details and/or other payment information.
The main way we collect personal information is directly from you. This may include collecting information:
- Face to face during events, interviews undertaken for the provision of diabetes services, or at a Diabetes Qualified resource centre;
- Over the phone – including on the Infoline;
- In writing – including when you fill out a Membership Application Form, Diabetes Qualified Questionnaires or send a letter to us;
- Online – including when you use online member portals or member email system and course registration
- From received job applications.
When a person with diabetes is under 18 years old or lacks the mental capacity and legal competence to make decisions, the person’s primary carer or guardian must consent to the collection of the person’s information.
Collecting sensitive information
To administer our services, we may also collect or hold sensitive information – including health information, racial or ethnic origin, and preferred language.
Indirect collection
From time to time we may also collect personal information from third parties. This may include Diabetes NSW employees, organisations or health care professionals and information providers (i.e. providers of personal information available in the public domain or list purchase providers).
Anonymity
It is your choice to provide personal information to us. Wherever it is lawful and practicable, you have the option not to identify yourself or to use a fictional name when interacting with us.
You can remain anonymous when using some parts of our Websites. However, it may be necessary for us to collect your Personal or Sensitive Information if you would like to access certain materials or services. If you choose to withhold the information we require, we may not be able to provide the services you have requested.
Website usage and cookies
We use a range of tools provided by third parties, including Google and Bing, to collect or view website traffic information. These sites have their own privacy policies.
We also use cookies and session tools to improve your experience when accessing our websites. An individual can browse and access our website without revealing their identity.
We collect the following data from individuals who visit our website: The number of visits; The number of visits; Date and time of visits; Number of pages viewed; and How users navigate through the site.
A cookie is a small amount of data that is transferred to the individual’s browser by a Web server and can only be read by the server that gave it to the individual. It functions as the individual’s identification card and enables us to record the individual’s passwords, purchases, and preferences. It cannot be executed as code or deliver viruses.
Most browsers are initially set to accept cookies. An individual can set their browser to notify them when they receive a cookie, giving them the chance to decide whether to accept it or not. (For some Web pages that require an authorisation, cookies are not optional. Users choosing not to accept cookies will probably not be able to access those pages.)
While we use cookies to track individual visits to www.diabetesqualifed.com.au, and our Web servers automatically log the IP/Internet address of an individual’s computer, we do not use this information to identify the individual personally.
Storage and security your personal information
We are committed to protecting the security of all personal information we hold from misuse, interference, loss and unauthorised access, disclosure or modification.
We store personal information in both paper and electronic format.
Paper-based: All personal information stored as a paper-based record is held either on the premises within locked cabinets or at a secured external access controlled facility.
Electronic-based: All personal information held as electronic data is securely stored on local Australian servers backed up nightly or in real-time. Personal information held in this manner is subject to restricted access and password protection. All staff access to personal information held on our servers is monitored. Our network is secured to ensure that no-one outside the office can access it unless they have been afforded special privileges.
When personal information is no longer required for carrying out our functions or activities, all reasonable steps are taken to destroy or ensure that the information is de-identified. This will apply unless we are required, under Australian law, to retain the personal information for a specified period of time.
Diabetes Qualified uses Hubspot an online marketing platform service provider to send and manage emails. In using this service, the company may collect personal information which may contain email addresses and other information to be used for the distribution of email campaigns and other important information. All information collected using the Hubspot service is the property of “Diabetes Qualified” and is never shared or used by third parties. Hubspot maintains your data in compliance with Australia’s SPAM ACT 2003 and Australian Privacy Provisions.
All data is maintained within Australia and never leaves Australian jurisdiction. Where stipulated data is encrypted in transit using SSL connections.
Direct Marketing
Diabetes Qualified regularly contacts members, non-members and subscibers on our database through letters and email providing updates on our services.
How to ‘opt-out’ of direct marketing communication
You can choose to ‘opt-out’ of receiving direct marketing. Direct marketing communications include surveys, research opportunities, and general information.
You can choose to ‘opt out’ of receiving direct marketing communications at any time by selecting ‘unsubscribe’ on email communications sent by us, or by one of the following ways:
- Emailing the Diabetes Qualified Privacy Officer on privacy@diabetesqualified.com.au; or
- Writing to the Diabetes Qualified Privacy Officer GPO Box 9824, Sydney 2001.
If you choose to ‘opt out’ of receiving our direct marketing communications, you may be asked to provide your full name, address, date of birth and membership number for verification purposes.
Disclosure of Personal Data
Diabetes Qualified will only disclose your personal information to third parties in the following circumstances:
- Where you have consented to the disclosure;
- Where third party contractors deliver services on our behalf or to us, government agencies, mailing houses and other organisations. All external parties who receive your information must sign a confidentiality agreement that requires them to comply with the Privacy Act and our Privacy Policy;
- To protect or defend the legal rights or property of Diabetes Qualified, our affiliated and group companies or their employees, agents and contractors (including enforcement of our agreements);
- To protect against fraud or for risk management purposes;
- If we believe your actions violate this Privacy Policy;
- To comply with the law or legal process; or
- To enable the sale of Diabetes Qualified or its assets.
As Diabetes Qualified is a subsidiary of Diabetes NSW, it is likely that there will be some overlap of shared personal data. Diabetes NSW’s privacy policy can be accessed here.
If Diabetes Qualified should disclose personal information to third party contractors, Diabetes Qualified will take steps to either:
- De-identify the personal information; or
- Ensure that those contractors are authorised only to use your personal information to perform the specialised function.
Choosing not to provide personal information may affect the services and programs we can provide to an individual.
Notifiable Data Breaches
The Privacy Act Amendment, Notifiable Data Breaches (NDB) Act 2017 requires Diabetes Qualified to notify particular individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the personal or sensitive information relates. Diabetes Qualified will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action according to its data breach response plan. See https://www.oaic.gov.au/ for further information.
Disclosure to like-minded charities
Occasionally Diabetes Qualified may disclose your member/donor mailing details to other like-minded charities so that they can provide you with information about their activities or services that you may find interesting. If you do not wish to receive mail from like-minded charities, you can contact our privacy officer by email on privacy@diabetesqualified.com.au. To make a request, please provide your full name and address and/or your membership number for verification purposes.
Disclosure of personal information overseas
Our e-communications (this includes emails) go through platforms based in Australia. Only in the event of an emergency or outage could this potentially revert to an overseas platform.
If you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.
Quality of Personal Information
To ensure that the personal information we collect is accurate, up-to-date and complete we:
- Record information in a consistent format;
- Where necessary, confirm the accuracy of information we collect from a third party or a public source;
- Promptly add updated or new personal information to existing records;
- Regularly audit our contact lists to check their accuracy; and
- We also review the quality of personal information before we use or disclose it.
Accessing and correcting your personal information
Under the Privacy Act (APPs 12 and 13) you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information. We must respond to access and correction requests within 30 days.
You can ask to access or correct your personal information by contacting us using the following methods:
Accessing your personal information
You can access your personal information collected and held by us, provided there is no Australian law preventing you.
You can request access in writing to the Diabetes Qualified Marketing and Operations Manager at GPO Box 9824, Sydney NSW 2001 or in an email to privacy@diabetesqualified.com.au.
To access your information, you must provide your full name, address, date of birth and membership number for verification purposes.
Access to your personal information will be provided in the manner that you request unless it is unreasonable and impracticable for us to do so.
Correcting your personal information
You can ask to correct your personal information throughout the year. This can be done by completing a Diabetes Qualified Membership Renewal form. You can request to have this sent to you by post or email.
You can also correct or update your personal information by:
Writing to the Diabetes Qualified Privacy Officer at GPO Box 9824, Sydney NSW 2001
To correct or update your personal information you will need to provide your full name, address, membership number and date of birth.
How to make a Complaint
If you wish to complain to us about how we have handled your personal information you should complain in writing to the Diabetes Qualified Privacy Officer at GPO Box 9824, Sydney NSW 2001 or by emailing the Diabetes Qualified Privacy Officer on privacy@diabetesqualified.com.au.
If we receive a complaint from you about how we have handled your personal information, we will determine what (if any) action we should take to resolve the complaint.
If you do not wish to raise the complaint with Diabetes Qualified, you can contact the Office of the Australian Information Commissioner.