The National Stroke Foundation is committed to protecting the privacy and confidentiality of our clients and supporters.
The National Stroke Foundation supports and is bound by the Privacy Act 1988, by the Privacy Amendment (Private Sector) Act 2000 and the National Privacy Principles. A copy of the National Privacy Principles can be found at www.privacy.gov.au
National Stroke Foundation respects the privacy rights of all individuals in the workplace and is committed to ensuring that the Chief Executive Officer, all Supervisors and others involved in the management of National Stroke Foundation comply at all times with their obligations under the Privacy Act 1988.
2. National Privacy Principles
The National Privacy Principles (NPP) established by the Privacy Act 1988 apply to all businesses. National Stroke Foundation therefore adheres to the principles as set out in the NPP in the way it collects, manages and uses information provided to the company from employees, customers and other parties associated with National Stroke Foundation.
The National Stroke Foundation has always had a policy of protecting the personal information of our supporters and clients.
3. Collection of Information
National Stroke Foundation collects personal information from a number of sources for varying reasons. Personal information is only collected by lawful means where it is necessary for National Stroke Foundation to collect and use this information.
When personal information is collected directly from the individual, the individual will also be informed as to the purpose for the collection of the information and that they are able to access any information provided to National Stroke Foundation.
4. Data Security
National Stroke Foundation undertakes to adequately protect the personal information held by the company from misuse, loss and unauthorised access, modification or disclosure.
All employees are required to respect private information held by the company and to ensure all company procedures in relation to the security of information are adhered to.
Unauthorised access, misuse, modification or disclosure of this personal information held by the company by any of its employees will be considered a serious breach of company policy and will lead to appropriate disciplinary action.
5. Use and Disclosure
National Stroke Foundation will only use personal information it collects for its original purpose which is disclosed at the time of collection. However, the company may disclose personal information it holds where there is a legal duty to do so, including circumstances where a lawful duty of care to disclose information exists.
Personal information collected may be disclosed to other branches/departments/ divisions within the company provided it is used in a manner which is in line with its original purpose of collection and use.
Where the information provided is used to communicate with a client the client will be provided with the opportunity to decline receiving communication from the company.
The company does not disclose any information to any other party external to the organisation, for reasons other than its original purpose.
Type of Personal Information Held
Personal and/or sensitive information that is collected and held by National Stroke Foundation usually falls into the following categories:
Client contact and client details
Information regarding products and services the client offers/provides
Information regarding how the client interacts with National Stroke Foundation
Previous dealings with the client, which may include meeting notes and information obtained through the provision of products and services
Contact names of individual staff of the client obtained through dealings
Purposes for Which Personal Information is Held
There is a variety of reasons why National Stroke Foundation is required to hold personal information. Primarily these reasons include:
For contact purposes
To comply with legislation and government requirements
For research purposes
To provide information to Government, researchers and other bodies
To identify clients when they request information or change their details
To answer client queries
To ensure the continual improvement of the National Stroke Foundation business, its employees and the services offered
To customise advertising and marketing content
To conduct research and collect statistics
When clients make contact with the National Stroke Foundation, they consent to their personal details being used on our database unless they specifically indicate otherwise.
Subject to some exceptions that are set out in the National Privacy Principles, all persons may gain access to their personal information that is held by National Stroke Foundation. Access may be refused if it would interfere with the privacy rights of other persons or if it breached any confidentiality that attaches to that information.
Access to another person’s personal information will not be provided in any circumstances except:
An agent that a client/employee has provided consent to requests such information
Where we are required to by law
If we believe it is necessary to protect National Stroke Foundation property or rights, another National Stroke Foundation customer or a member of the public
To another party if we sell our company or part its business to that other party
To another party involved in activities relating to the original purpose.
In certain circumstances National Stroke Foundation may charge an administration fee to cover the cost of accessing such personal information.
7. Data quality
On a regular basis National Stroke Foundation will make a request directly to individuals for them to check and up date records of their personal information.
8. Information Destruction Policy
National Stroke Foundation hold all required personnel information for a period of 7 years.
All non-current information or information deemed no longer to be required by National Stroke Foundation shall be destroyed 6 months after the information has been collected. Items shall be destroyed in a secure manner.
Prior to destruction notations from the information may be made for later reference.
Anyone who feels that there has been an unwarranted invasion of their privacy should contact the Chief Executive Officer.
Privacy Act 2000
Last Updated ( Thursday, 17 March 2011 )