LITTLE BIG STEPS LTD (ABN 32 626 833 832) (“LBS”)
Adopted: 5 December 2019
LBS understands that privacy is an important issue for individuals. LBS believes that due respect for individual privacy not only protects an important personal right but is a powerful tool in the creation of healthy relationships with the individuals with whom we deal.
LBS is a charitable, non-profit company limited by guarantee committed to advance health in the field of oncology, including but not limited to leukemia in children, by
- providing to individuals suffering from cancer and registered public benevolent institutions (including but not limited hospitals) that treat and relieve suffering in individuals suffering from cancer, technology that encourages individuals suffering from cancer to engage in appropriate and beneficial physical and/or mental activity before, during and after treatment,
- raising money to provide to registered public benevolent institutions (including but not limited hospitals) that treat and relieve suffering in individuals suffering from cancer, to enable them to acquire technology that encourages such individuals to engage in appropriate and beneficial physical and/or mental exercise before, during and after treatment;
- providing support programmes to cancer sufferers, their families and carers, to encourage cancer sufferers to engage in appropriate and beneficial levels of physical and/or mental activity before, during and after treatment;
- raising public awareness, the awareness of medical practitioners and of cancer sufferers and their families and carers of the benefits to cancer sufferers of appropriate physical and/or mental activity before, during and after treatment; and
- raising money for research grants to registered public benevolent institutions (including but not limited hospitals) that treat and relieve suffering in individuals suffering from cancer into the benefits to cancer sufferers of physical and/or mental activity before, during and after treatment.
For convenience, we refer to these collectively as “Our Purposes” in this policy document
To achieve Our Purposes effectively, we need to collect personal information about children/adults and their families, guardians and others. Sometimes we need to disclose this information to others, if we are to do our job.
Wherever possible, however, we will seek to protect privacy within the parameters of applicable laws.
This policy statement outlines the policy of LBS on the privacy of personal
information and our compliance with the Australian Privacy Principles (“APPs”) contained in the Privacy Act, 1988 (Cth).
For convenience in this policy the aforementioned principles are referred to as “Privacy Principles”.
This policy statement is a general outline of our approach to privacy. In any particular case we will be happy to provide further detail of our treatment of personal information, subject to the law and the restraints of security and confidentiality.
Also, we aim to get better at privacy matters and, accordingly, this policy may change over time.
We do not re-state the provisions of the Privacy Act or the Privacy Principles in this policy. Material to assist you can be viewed on-line at www.oaic.gov.au, or by contacting the Office of the Australian Information Commissioner by means of the following:
- Phone: 1300 363 992. (Enquiries Line). If calling from outside Australia call: + 61 2 9284 9749.
- Assisted contact if you are deaf, or have a hearing or speech impairment, contact the OAIC through the National Relay Service:
Teletypewriter (TTY) users phone 133 677 then ask for 1300 363 992.
- Speak and Listen users phone 1300 555 727 then ask for 1300 363 992.
- Internet relay users connect to the National Relay Service then ask for 1300 363 992.
- Translation and interpretation services – If you do not speak English, or English is your second language, and you need assistance to communicate with us, call the Translating and Interpreting Service on 131 450 then ask for 1300 363 992.
- OAIC Post Sydney Office: GPO Box 5218 Sydney NSW 2001
- OAIC Canberra Office: GPO Box 2999 Canberra ACT 2601
- Email firstname.lastname@example.org
- Facsimile +61 2 9284 9666
- Street address Office of the Australian Information Commissioner, Level 3, 175 Pitt Street, Sydney 2000.
It is the responsibility of all LBS staff to comply with privacy laws and this policy.
LBS will, wherever commercially and legally possible and appropriate, require contractors to be contractually bound to comply with this policy.
Violation of this policy may lead to disciplinary procedures being imposed. Non-compliance with privacy laws and contractual privacy protections may lead to termination of relevant contracts.
Staff of LBS must report breaches of this policy to the Privacy Officer where they become aware of them. Breach of this policy will include:
- non-compliance with the terms of this document and privacy procedures we implement;
- breach of the Privacy Principles or the provisions of the Privacy Act;
- gaining or attempting to gain unauthorised access to personal information held by LBS; and
- unauthorised disclosure to third parties, or use of personal information held by LBS.
CONSENT AND OUR APPROACH TO IT
In some cases, the Privacy Act provides that LBS may not collect or make certain use of personal information or disclose it without the consent of the individual. On the other hand, in other cases LBS is in fact subject to other laws that may require or authorise it to collect, use or disclose personal information.
We will not put undue pressure on an individual to give consent. We will endeavour to ensure that individuals can make an informed decision and that they are not under duress.
We recognise that children are “individuals” whose information is subject to the provision of the Privacy Act. However, in all but exceptional cases, it is our policy that children lack the maturity and understanding of privacy issues to act on their own behalf in relation to such matters.
Where consent is required concerning privacy matters, it is our policy not to seek it from children themselves. Instead we will, where consent is required, seek such consent from the parent, guardian or carer on behalf of the child.
In other dealings with children, we also believe that the requirements of the Privacy Act can only be dealt with by communication with the parents or carer of the child. For example, where the Privacy Principles require that a notice be given to the individual on collection of personal information about that individual, that notice will be given to the parents or guardian. Where rights of access to personal information are available to the child, access will be given on the request of the parent or guardian.
WHAT KINDS OF PERSONAL INFORMATION DO WE NORMALLY COLLECT AND FOR WHAT PURPOSES DO WE COLLECT IT?
The kinds of personal information we collect, the way we collect it and our purpose of doing so depends on the individual from whom we collect it and the nature of our interaction with that person. Broadly, the individuals we collect information from can be grouped into the following main categories:
- their families and responsible others;
- suppliers of goods and services to LBS and the children and families we serve;
- sponsors, donors and supporters;
- ther charitable organisations with which we collaborate from time to time;
- hospitals, research foundations and other health organisations; and
- our volunteers.
To achieve Our Purposes, we need to collect personal information about the children to whom we provide our goods and services.
We routinely collect names, addresses, phone numbers and email details for contact and identification purposes – but we also collect “sensitive” information, particularly health information, concerning the illness of the child.
We use also use this information from time to time to advise children/adults of other services that may be of interest or assistance to them in managing their illness.
We also use the information we collect in the collation of statistics that will help us provide our services and add to the body of knowledge in the field of oncology and care of the children to whom we provide goods and services.
If we wish to use information collected about children or families for the purposes of studying demographics, research or other social issues relevant to our goods and services, or for better understanding of oncology, we will generally ensure that the information is de-identified in the study, ie readers of the relevant study will not be able to determine the identity of the individuals whose information was used.
Family Members and Responsible Others
We will collect information about family members and others with an important connection or responsibility of care for the children (“responsible others”) to whom we provide our goods and services.
When we collect information about a child we must also collect personal information that enables us to communicate with their families and responsible others. That information will comprise name and contact details.
Other Business Contacts – Suppliers etc
We will not normally collect personal information of suppliers and other business contacts other than will enable us to communicate and manage our commercial or other dealings with that person — such as the individual’s name, job-title, address, phone numbers, facsimile numbers and email addresses.
We collect the information from suppliers to enable us to communicate effectively with suppliers and to manage our commercial relationships with them.
Donors, sponsors and supporters
LBS collects personal information such as name, address telephone numbers, email addresses — supplied to us for use in our transactional relationship.
Our donors and supporters are very important to our long-term viability. In some cases, we may keep other personal information that allows us to maintain a more “personal” contact with such individuals, such as birthdates and the names of family members
We collect personal information about donors, sponsors and supporters so that we can maintain contact and to let them know of the work we are doing so that they can see the outcomes of their support and so that, if they so wish, they can continue to do so.
If a donor wishes to remain anonymous, that is their choice and we will facilitate this.
We will offer “opt-out” choices to donors, sponsors and supporters – and will act promptly to ensure that if individuals do not want to receive further invitations from us to assist, we will cease such communications.
Volunteers help us in a wide variety of ways. Our volunteers are equally special to us and, again, are an essential pillar of our long-term viability.
LBS collects personal information concerning volunteers such as name, address telephone numbers, email addresses and information concerning the skill-sets they have. Again, to facilitate a more “personal” relationship, we will sometimes collect other information about the volunteer, such as birthdays.
We aim to maintain long term relationships with our volunteers. We collect the information about them so that we can maintain a close relationship and ask them to help us in various activities from time to time.
HOW DO WE HOLD THE PERSONAL INFORMATION WE COLLECT?
We hold personal information we collect in a variety of ways, including on our electronic (computer) database and on file in hard copy. LBS has adopted various security measures to protect this information form unauthorised access (see below).
Where we send your data
Visitor comments may be checked through an automated spam detection service.
WILL WE DISCLOSE PERSONAL INFORMATION TO OTHERS?
Normally we will obtain the consent of parents before disclosing sensitive personal information about the child to a third party. However, we may be required by law to disclose personal information of the child in a range of circumstances. For example, we may be required to disclose personal information of the child:
- to the parents, guardian or other person responsible for the child;
- to other family members or contacts in an emergency or where we consider that a child is injured or is at risk of further/worsened illness or injury;
- to the child’s medical practitioner;
- to other health or medical practitioners where the child is sick or injured or at risk of illness or injury;
In some instances, we may be obliged (under the laws made for child care and protection) to collect, and report to proper authorities, information about the child and its family or others where we have grounds for suspecting that the child is at risk of harm.
This is not an exhaustive list. There may be many other circumstances where LBS will be required to disclose personal information held about the child to a person other than the parent or guardian.
Use of External Contractors
In addition, LBS may use external contractors to assist it from time to time with its operations, such as:
- experts in information technology, to set up, host and maintain our computer system, including our student/family database;
- to archive and store our records; and
- fund-raising, including direct mail and (where permissible) electronic communications.
LBS will, wherever commercially possible and appropriate, require the contractor to comply with the Act and with LBS’s procedures in relation to the protection of privacy.
HOW DO WE COLLECT PERSONAL INFORMATION?
We collect personal information in a variety of ways, depending on how we initially made contact with you – or you with us. This may be by phone, face to face, or by email. In some cases, we may receive personal information about you from third parties, but we will ascertain that disclosure to us was permissible under privacy laws before we collect or accept it.
We will not disclose personal information overseas unless we have consent of the individual of the individual’s parent or “responsible other”, as the case may be.
SECURITY OF YOUR PERSONAL INFORMATION
It is not appropriate in this policy to provide specific details of security measures adopted by LBS to protect information held by it. To do so could compromise those security measures.
LBS will use an appropriate combination of:
- physical measures including physical barriers, locks, etc;
- and access technology; and
- administrative protocols,
- to exclude unauthorised persons or intruders from gaining access to information.
To maintain the integrity of personal information, LBS has acquired and will continue to acquire (within its means) up-to-date computer virus prevention technology and makes use of other appropriate technology, such as password security protocols and “fire-walls” to exclude unauthorised access or hacking into its computer system.
YOUR ACCESS AND CORRECTION RIGHTS
The Privacy Act requires LBS to provide individuals access to the personal information which LBS holds about them – unless LBS is entitled under the Privacy Act or other legislation to deny access or provide an explanation for a decision instead.
In the case of personal information held about children, LBS will provide access on the request of the parent or guardian. Parents and other persons responsible for a child (as well as various other categories of authorised persons) have a right of access to records kept about their children under regulations made under child care legislation.
When requesting access to personal information, LBS requires use of a written request form, which can be obtained by contacting our Privacy Officer (see below).
LBS will respond to requests for access as soon as possible and will acknowledge the request within 14 days and deal with it within 30 days or earlier. Though we may ask, we will not require an explanation of why as a pre-requisite to giving access. We will not charge a fee for providing access to your personal information.
Some circumstances where it may be appropriate and lawful for LBS to deny access are where:
- providing access would unreasonably be to the detriment of the privacy of another individual;
- the request is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings between LBS and the individual, and the information would not be available by the legal discovery processes;
- giving access would reveal LBS’s intentions in relation to negotiations with the individual and prejudice those negotiations for LBS;
- providing access would be unlawful or if denying access is required or is authorised under law.
This is not an exhaustive list of circumstances where we may be entitled or perhaps required to deny access.
USE OF GOVERNMENT IDENTIFIERS
LBS may collect them if you provide them to us, but we will not use government identifiers such as tax file numbers or Medicare numbers as a means of identifying a person from whom the identifier has been collected.
Wherever appropriate, we will give individuals the option of remaining anonymous when communicating with LBS. This will be most relevant to the collection of information from donors who wish to remain anonymous and via the LBS web site (as to which, please see the privacy statement on its home page) and via survey. In those cases, if information is collected that identifies the individual, we will de-identify it before storing or using it.
CONTACTING LBS AND PRIVACY COMPLAINTS
If an individual:
- has an enquiry about our management of personal information or privacy procedures;
- wishes to request access to personal information;
- wishes to see a copy of this policy document; or
- wishes to make a complaint about our handling of personal information,
that person can contact our Privacy Officer by the following means:
Phone: 0423 551 935
Postal Address: The Privacy Officer, Little Big Steps Ltd, 75 Wales Street, Kingsville VIC 3012
Complaints will be dealt with in the first instance by the Privacy Officer or in his/her absence, by a person nominated by him/her.
Complaints should be made by using the form we prescribe/provide from time to time. This will allow us to deal with complaints in a professional, sensitive and consistent manner in compliance with the Act. A copy of the form can be obtained from the Privacy Officer on request.
We will acknowledge receipt of a request within 14 days of receiving it and we will respond within 30 days of receipt. We will also do our best to deal with the complaint within that time, assuming that we are able to investigate and ascertain the necessary facts in that time. We will let you know if it is likely to take much longer.
Complainants will be given an opportunity to put their complaint in writing, to propose a remedy for the complaint and to discuss the matter with the LBS Privacy Officer.
If the complainant is not satisfied that the Privacy Officer has dealt properly and reasonably with the complaint, the complainant may request that the Privacy Officer bring the matter to the attention of the Chief Executive Officer.
The Privacy Officer will determine in the case of each complaint (if any) whether the complaint demonstrates a systemic issue and will make recommendations to the management of LBS as to how to address/rectify such issues if they are identified.