Budget Guys PTY LTD
Privacy & Information Management
Policy & Procedures
Budget Guys PTY LTD will comply with:
- The Privacy Act 1988, Privacy Amendment Act 2012, and the Information Privacy Act 2009 (Queensland) to protect the privacy of individuals’ personal information.
- The Office of the Information Commissioner receives privacy complaints under the Information Privacy Act 2009 (Queensland).
This includes having systems in place governing the appropriate collection, use, storage and disclosure of personal information, access to and correction and disposal of that information.
Budget Guys PTY LTD are compliant with legislative requirements governing privacy of personal information. All Budget Guys Clients and Participants are satisfied that their personal information is kept private and used only for intended purposes.
The Privacy Act 1988 is an Australian law which regulates the handling of personal information about individuals by private sector organisations. Amendments were made to this legislation in 2012 which updates the Australian Privacy Principles (APP) and came into effect in March 2014. The amendment requires an organisation to explicitly state how they will adhere to the APP and inform their Participants on how their privacy will be protected. The APP cover the collection, use, storage and disclosure of personal information, and access to and correction of that information. The APP are summarised in Appendix 1 of this document.
Ensuring all Budget Guys PTY LTD team members understand Privacy and Confidentiality Requirements
- All team members will undergo training related to Privacy and Confidentiality Requirements at the time of induction and then annually.
Managing Privacy of Client and Participant Storage
- Participant information collected is kept in an individual Client and Participant record.
- Each clean and Participant record has a unique identification name.
- A Client and Participant record includes personal information, investigations, correspondence from other providers (if applicable), photographs & footage.
- Firewall and virus protection are installed and up to date on all computers utilised by Budget Guys PTY LTD.
- Paper records are kept in a locked filing cabinet.
- Client and Participant information is stored for seven years post the date of last discharge, In the case of Clients or Participants under the age of 18 years, information is kept until their 25th Birthday and 7 years post discharge.
- Client and Participant related information or any papers identifying a Client or Participant are destroyed by shredding and deleting from the computer and all databases.
- User access to all computers and mobile devices holding Client and Participant information is managed by passwords and automatic inactive logouts.
Managing Privacy and Confidentiality Requirements of Clients and Participants
- When engaging in services with Budget Guys PTY LTD, Clients and Participants agree to provide:
- Consent for sharing and obtaining information with relevant parties where applicable.
- Consent for receiving services.
- Consent for photography.
- Consent to participate in Client and Participant Feedback Surveys.
- Consent to participate in Quality Management Activities (where applicable).
- Persons contacting Budget Guys PTY LTD to obtain pricing or a quotation agree to the above consents.
- Persons contacting Budget Guys PTY LTD to obtain pricing or a quotation will be asked to provide basic information and contact details.
- Budget Guys PTY LTD may need to share pertinent Client or Participant information with other professionals in order to provide quotations or services. Information is only shared to provide the best service possible and is only shared with those people whose Professional Codes of Ethics include privacy and confidentiality. Permission to share information is sought from the Client or Participant prior to the delivery of services and as required at other points of intervention as / if required.
- Personal information is not disclosed to third parties outside of Budget Guys PTY LTD, other than for a purpose made known to the Client or Participant and to which they have consented, or unless required by law.
- Clients and Participants are informed there may be circumstances when the law requires Budget Guys PTY LTD to share information without their consent.
Keeping Accurate Client and Participant Information
Clients, Participants and/ or their decision makers are informed of the need to provide us with up to date, accurate and complete information. Budget Guys PTY LTD team members will update information on the Client and Participant record at the time of review or when they become aware of changes to information.
Using Client and Participant Information for Other Purposes
Under no circumstances will Budget Guys PTY LTD use personal details for purposes other than stated above, unless specific written consent is given by the Client, Participant, or their representative.
Client and Participant Access to Their Information
Clients and Participants have the right to access the personal information Budget Guys PTY LTD holds about them. To do this, Clients and Participants must contact the Director or Budget Guys PTY LTD.
Management of a Privacy Complaint
- If a person has a complaint regarding the way in which their personal information is being handled by Budget Guys PTY LTD, in the first instance they are to contact the Director. The complaint will be dealt with as per the Complaints Management Policy. If the parties are unable to reach a satisfactory solution through negotiation, the person may request an independent person, such as the Office of the Australian Privacy Commissioner or the NDIS Quality and Safeguards Commission to investigate the complaint. Budget Guys PTY LTD will provide every cooperation with this process.
Appendix 1: Summary of the 13 Australian Privacy Principles
APP 1 — Open and transparent management of personal information
APP 2 — Anonymity and pseudonymity
Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.
APP 3 — Collection of solicited personal information
Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.
APP 4 — Dealing with unsolicited personal information
Outlines how APP entities must deal with unsolicited personal information.
APP 5 — Notification of the collection of personal information
Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.
APP 6 — Use or disclosure of personal information
Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.
APP 7 — Direct marketing
An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.
APP 8 — Cross-border disclosure of personal information
Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.
APP 9 — Adoption, use or disclosure of government related identifiers
Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier or use or disclose a government related identifier of an individual.
APP 10 — Quality of personal information
An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
APP 11 — Security of personal information
An APP entity must take reasonable steps to protect personal information it holds from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.
APP 12 — Access to personal information
Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.
APP 13 — Correction of personal information
Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.