Privacy Policy

Privacy Policy

Privacy Policy

 

OBJECTIVE

Chique recognises that every individual has the right to ensure their personal information is accurate and secure, and only used or disclosed to achieve the outcomes for which it was initially collected. Personal information will be managed openly and transparently in a way that protects an individual’s privacy and respects their rights under Australian privacy laws.

IMPLEMENTATION

Our Service practices are consistent with the Australian Privacy Principles.

COLLECTION OF PERSONAL INFORMATION

We collect personal information if it is necessary for us to carry out Service operations or to comply with our legal obligations. Information may also be collected to comply with other Laws including State or Territory Health Laws.

We collect personal information directly from you, or parent/guardian either in writing or verbally. We may also collect information through our website, social media page, promotions and training courses.

We may occasionally request information from other organisations which you would reasonably agree necessary. We will not request information without obtaining the consent of the individual (or parent) concerned.

Chique will destroy any unsolicited personal information that is not directly related to our Service operations unless it adversely impacts the health, safety and wellbeing of you. If this happens the licensee will contact the appropriate Government authorities and take action as directed while protecting the confidentiality of the individuals concerned.

USE OR DISCLOSURE OF PERSONAL INFORMATION

We will not use personal information for any purpose that is not reasonably needed for the proper or effective operation of the service. Personal information may be accessed by and exchanged with staff.

We do not disclose your personal information to others unless you would have reasonably expected us to so or we have your consent.
For example, personal information may be disclosed to:
  • Emergency service personnel so they can provide medical treatment in an emergency
  • Volunteers, trainees and work experience students (with consent)
  • Training organisations if conducted in-house (with consent)
  • Organisations related to the clinic (e.g. other medical professionals, with consent)
  • Another clinic to which you are transferring to
  • The new operator of the clinic if we sell our business and you have consented to the transfer of documentation
We may disclose personal information where we are permitted or obliged to do so by an Australian law. For example, personal information may be disclosed to:
  • Authorised inspection officers when our service is audited
  • Government employees
  • Software companies that provide our booking services
  • Management companies we may engage to administer the Service
  • Software companies that provide tailored computer based tools
  • Lawyers in relation to a legal claim
  • Officers carrying out an external dispute resolution process
  • A debt collection company we use to recover outstanding fees
  • Authorities if we are taking action in relation to unlawful activity, serious misconduct, or to reduce or prevent a serious threat to life, health or safety
  • We do not disclose personal information to any person or organisation overseas or for any direct marketing purposes

QUALITY OF PERSONAL INFORMATION

Chique will take reasonable steps to ensure the personal information we collect, use and disclose is accurate, current and complete.  Staff will:

  • View original sources of information if practical when information is collected
  • Collect and record personal information in a consistent format, for example using templates for personal details, incident, injury, trauma and illness and administration of medication
  • Record the date personal information was collected or updated
  • Update information in our physical or electronic records as soon as it is provided

In addition, Chique will:

  • Regularly remind client’s via newsletters, emails or through displays on the clinic notice board to update their personal information
  • Verify the information is accurate, current and complete before disclosing it to any external organisation or person

SECURITY OF PERSONAL INFORMATION

Chique will take reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification or disclosure. These steps include:

  • Taking responsibility for the security of personal information and regularly checking the practices implemented to protect it. This will include management of access privileges to ensure only people who genuinely need to see personal information can access it.
  • Ensuring information technology systems have appropriate security measures including password protection, anti-virus and ‘malware’ software, and data backup systems.
  • Ensuring physical repositories of personal information are secure ensuring all staff are aware of their obligations in relation to the collection, use and disclosure of personal information.
  • Requiring all staff, volunteers and work experience students to sign a ‘Confidentiality Statement’ acknowledging that personal information:
    1) can only be accessed if it is necessary for them to complete their job
    2) cannot be disclosed to other organisations (including colleges, RTOs) or discussed with individuals outside the service including personal family members unless they have written consent from the person concerned.
    3) must be stored in compliance with service practices which safeguard its security.
Ensuring records such as unsuccessful job applications are destroyed in a secure way as soon as possible by, for example, shredding, incinerating or permanently deleting electronic records including archived or back-up copies. Where possible, the destruction of records containing personal information will be overseen by two staff members.
  • ‘De-identifying’ personal information which may come into the public domain. For example, removing identifying names or details from newsletters etc.
  • Ensuring staff comply with our Social Media Policy (for example by obtaining authorisation from client before posting any photos on the Service social media page, and not posting personal information on any social media page which could identify clients.)
  • Ensuring confidential conversations with client’s or with staff are conducted in a quiet area away from other client’s and staff.

ACCESS TO PERSONAL INFORMATION

Individuals may request access to their personal information and may request the correction of any errors. These requests may be made to Head Office, the Manager, staff member, by telephone, email or letter.

Personal information will be provided as soon as possible, and no later than 30 days from a request. We will provide the information in the form requested, for example by email, phone, in person, hard copy or electronic record unless it is unreasonable or impractical to do this for example due to the volume or nature of the information.

Chique will always verify a person’s identity before providing access to the information, and ensure someone remains with the individual to ensure information is not changed or removed without our knowledge.

There is no charge for making a request to access the information. However, we may charge a reasonable cost for staff, postage and material expenses if the information is not readily available and retrieving the information takes a lot of time. We will advise you of the cost before agreeing to proceed.

There may be rare occasions when we are unable to provide access because we believe:

  • Giving access would be unlawful, the information relates to unlawful activity or serious misconduct, or it may prejudice the activities of a law enforcement body
  • There is a serious threat to life, health or safety
  • Giving access would unreasonably affect the privacy of others
  • The request is frivolous or vexatious, for example to harass staff
  • The information relates to legal proceedings (e.g. unfair dismissal claim) between the Service and the individual
  • Giving access would reveal sensitive information about a commercial decision

We may, however, provide the information in an alternative way for example by:

  • Deleting any personal information which cannot be provided
  • Providing a summary of the information
  • Giving access to the information in an alternative format
  • Allowing the individual to inspect a hard copy of the information and letting them take notes
We will advise you promptly in writing if we are unable to provide access to the information, or access in the format requested. The advice will include the reasons for the refusal to provide the information (unless it is unreasonable to do this) and information about how to access our grievance procedure.

CORRECTION OF PERSONAL INFORMATION

Individuals have a right to request the correction of any errors in their personal information. These requests may be made to the Head Office, the Manager, staff member, by telephone, email or letter.