At Home Carers Direct (operated by MZMS Enterprises Pty Ltd (ACN 168 971 695) as trustee for the Tower Family Trust) ("HCD") we recognise the importance of your privacy and understand your concerns about the security of the personal information you provide to us.
In the course of providing our services to you or interacting with you, the collection of personal information in some instances is necessary or unavoidable. We are committed to protecting the privacy of all personal information that we collect and ensuring that your personal information is handled correctly.
All personal information collected by us will be treated in accordance with the Australian Privacy Principles ("APPs") as contained in the Privacy Act 1988(Cth). The APPs detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.
What types of personal information do we collect and hold
"Personal information" is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not. Information where we have removed any reference to a person, so that the person cannot be reasonably identifiable from the information, is not personal information.
"Sensitive information", a sub-set of personal information, is information or an opinion about an individual's racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.
We collect personal information from members of the website (care providers or care seekers) and may also collect information regarding the intended recipient of the care services ('care recipient') from the care seeker. The kinds of personal information that we may collect from you and hold include:
- contact information, such as your name, postal address, emergency contact details, e-mail address and telephone number;
- date of birth and gender;
- account information such as your username and password;
- bank account or credit card details;
- your consent to receiving emails or SMS messages;
- if you are a care seeker we may also collect the following information from you (being information about you, or if you are not the intended care recipient, information about the care recipient): emergency contact details; care services needed; health conditions and other medical information; household information; whether you are LGBTI friendly; and whether you are pet friendly;
- If you are a care provider we may also collect from you: your biography; police records; languages spoken; care services provided; whether you own a vehicle; drivers licence details; whether you have a currently valid working with children check; your rates; and business details such as whether you are GST registered, your ABN, your qualifications, references and professional experience; whether you are LGBTI friendly; whether you are pet friendly; and
- any other personal information submitted to us by you.
We may collect sensitive information from care providers and care seekers, but will not do so without your knowledge or consent.
When you browse our website or contact us electronically, we may record geographical tagging, cookies and statistical data. This may include your IP address, date and time of your visit, operating system, language preferences, device characteristics, pages visited, information downloaded and type of browser used to access the website.
We use this information to help us to make decisions about maintaining and improving our website and online services.
How we collect and hold personal information
We aim to collect personal information only directly from you, unless it is unreasonable or impracticable for us to do so. For example, we may collect personal information about you from:
- information you provide us when creating an account as a care provider or care seeker;
- information you provide to us when you make an enquiry or request a service;
- documents, information or material submitted to us or on our website; and
- information derived from other communications between us and you.
However, in some circumstances, it may be necessary for us to collect personal information through other lawful means such as from third parties or from a source of publicly available information. This can include obtaining personal information from referees who you have noted as a reference source for yourself.
If we receive personal information that we have not requested (unsolicited information) and we determine that we could not have collected that information under the APPs if we had requested it, then we will destroy or de-identify the information if it is lawful and reasonable to do so. This includes any information regarding a third party (i.e. a care recipient) which is disclosed to us by you.
Purposes for which we collect, hold, use and disclose personal information
We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to provide our services to you, to carry out our business functions or for such other purposes as specified at the time of collection, or for related purposes that you would reasonably expect.
For example, we may use the information obtained from you to:
- process your application as a care provider or care seeker;
- establish and manage your account on our website;
- connect care seekers with care providers through our website;
- run a background check or qualification check on you;
- respond to and communicate with you about your requests, questions and comments;
- send newsletters, surveys, offers and other materials to you which are relevant to our services;
- facilitate the collection and distribution of payments between care providers and care seekers;
- protect against, identify and prevent fraud and other criminal activity, claims and other liabilities; and
- comply with and enforce applicable legal requirements, relevant industry standards and our policies.
How we hold and protect personal information
We will take reasonable steps to keep secure any personal information which we hold and to keep this information accurate and up to date.
Your personal information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorized access, modification and disclosure. We use industry accepted and compliant technology and security so that we are satisfied that your information is transmitted safely to us through the internet or other electronic means.
We also take the following steps to protect your personal information:
- data held and stored on paper will be stored in lockable offices and in secure premises;
- data that is held and stored electronically is protected by internal and external firewalls, limited access via file passwords and files designated read-only or no access;
- data held and stored "in the cloud" is protected by internal and external firewalls, limited access via file passwords and files designated read-only or no access. We also require our IT contractors and other third parties to implement privacy safeguards;
- where we disclose personal information to third parties (including contractors and affiliated businesses located locally and overseas), our contractual arrangements with them include specific privacy requirements; and
- our staff also receive regular training on privacy procedures.
Destruction and De-identification
We will retain your personal information whilst it is required for the purpose for which it was collected, for our business functions, or for any other lawful purpose.
We use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed. For example, paper records are shredded or destroyed securely and electronic records are deleted from all locations, to the best of our ability, or encrypted and/or placed beyond use.
Disclosure of Information
We respect the privacy of your personal information and will take reasonable steps to keep it strictly confidential. We will only disclose personal information to third parties if it is necessary for the primary purpose of collecting the information, such as to other members of the website to facilitate the connection of care providers and care seekers, or for a related secondary purpose that could be reasonably expected, such as to insurance providers or other third parties for the purpose of arranging insurance on your behalf. Where such a disclosure is necessary, we will require that the third party undertake to treat the personal information in accordance with the APPs.
Otherwise, we will only disclose your personal information to third parties without your consent if the disclosure is:
- necessary to protect or enforce our legal rights or interests or to defend any claims;
- necessary to prevent or lessen a serious threat to a person's health or safety;
- required or authorised by law; or
- permitted by another exception in the Privacy Act.
Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.
Under no circumstances will we sell personal information without the consent of the person to whom it relates.
Third Party Websites
While our website may contain links to other websites with the exception of our related entities, those websites are not subject to our privacy standards, policies and procedures. We recommend that you make your own enquires as to the privacy policies of these third parties and we are in no way responsible for the privacy practices of these third parties.
Requests for access and correction
You have a right to request access to, and correction of, personal information held about you. We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you.
To request access to or correction of personal information held about you, please send a written request to us. Our contact details can be found below.
Your written request should include:
- if it is a request for access to personal information, details regarding which information is requested to be produced; or
- if it is a request to correct personal information, details of the misrepresented information and the corrections to be made.
In most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons why. For example, a request to access personal information may be rejected if:
- the request is frivolous or vexatious;
- providing access would have an unreasonable impact on the privacy of another person;
- providing access would pose a serious and imminent threat to the life or health of any person;
- providing access would prejudice our legal rights; or
- there are other legal grounds to deny the request.
To assist us to keep our records up-to-date, please notify us of any changes to your personal information.
Complaints and Concerns
We have procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act and the APPs. We will respond to your complain in accordance with the relevant provisions of the APP. Any complaints should be directed to us at our contact details below.