Boab Health Services is committed to protecting the privacy of client information and to handling personal information in a responsible manner in accordance with Privacy legislation.
- Clearly communicate Boab Health’s personal information handling practices;
- Give individuals and staff a better and more complete understanding of the sort of personal information that Boab Health Services holds, and the way we handle that information;
- Outline how Boab Health complies with Privacy legislation
- Outline how Boab Health would manage a data breach if it were to occur
This policy to be adhered to on a companywide level.
‘Privacy legislation’ refers to the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and the Australian Privacy Principles (APPs), and the Privacy Amendment (Notifiable Data Breaches) Act 2017. A summary of the 13 APPs is available from the Office of the Australian Information Commissioner’s website:
A ‘cookie’ is a small text file that our website may place on your computer as a tool to remember your preferences. See Section 6.0 Privacy on the Website.
The CEO is responsible for managing the implementation of this policy and for ensuring its provisions are adhered to and applied consistently across the organisation.
The ways and circumstances under which personal information is collected, used and stored by Boab Health Services is described below:
What is personal information?
Personal information is any information that can tell us who you are. Some examples are:
- Your name
- Your address
- Your date of birth
Health information is personal information about your health. Some examples are:
- Reports from doctors
- Reports from other clinicians or health professionals
- Information from other health or specialist services for example medications and health conditions
Sensitive information is personal information about:
- Your race
- Your culture
- Your religion
Why does Boab Health Services collect information?
Boab Health Services only collects personal information for purposes which are directly related to our activities and only when it is necessary for, or directly related to, those purposes. For example Boab may collect personal information:
- Because an individual has provided it to us, for example by signing a medical or media consent form, by registering to attend training, by contacting us to make a complaint or to ask us questions about our services
- Because we need it to provide a product or service that an individual has requested, for instance, if they subscribe to an email list or authorise us to purchase medical equipment on their behalf
- Because an individual works for us, or applies to us for a job
- Because an individual or business supplies a service to us
- Because we would like to improve our services, for instance through the collection and analysis of statistical data from our website (see section 6.0 below)
Where is this information stored?
We keep your personal information safe. Only the people who need to see it will see it. If you stop receiving services we make sure your personal information remains safe. All data and documents are stored on secure servers within Australia.
How can I access my personal information?
You can access your personal information by making a request to the CEO. This can be done using the contact details listed in section 8.0 of the policy. You may also request access to your personal information from a treating clinician who will respond if practical to do so. If not able to they will ask you to make a formal request to the CEO.
How can I change my personal information?
You can update your details by contacting our Reception on 08 9192 7888 or via email to email@example.com. You can also ask the clinician who is treating you to update your personal information and they will do so if practical to do so.
Boab Health may use a subscriber list from time to time for the distribution of information via email for example our Boab Banter newsletter. Where it does so, there will always be the option to unsubscribe.
Boab Health will manage all information on social media on the basis that consent is implicit when someone lodges their own information. Boab Health will never lodge anyone’s personal information without express consent. Boab Health will also manage all its social media accounts according to Boab’ Social Media Policy and organisational values, ensuring posts are respectful and inclusive.
6.0 Privacy on the website
In complying with privacy legislation Boab provides the following advice to users of our web site www.old.boabhealth.com.au about the collection, use, disclosure and storage of personal information.
The aim of this advice is to inform users of this site about:
- What personal information is being collected
- Who is collecting personal information
- How personal information is being used
- Access to personal information collected on this site
- Security of personal information collected on this site
What personal information is being collected on the website?
Unless the website asks for specific personal information in order to respond to requests for information or to register users for particular services, only the following information will be collected when you use this site:
- Your server address
- Your top-level domain name (for example .com, .gov,.au etc.)
- The date and time of your visit to the site
- The pages you accessed, and the documents downloaded
- The previous site you visited
- The type of browser you are using
This information is collected for analytical purposes and to enable us to understand and improve the website traffic and webpage usage.
Who is collecting personal information on the website?
The above information is collected by our Internet Service Provider and website management service. Where this site specifically asks for your personal information (for example to respond to requests for information or to register users for particular services), your personal information will only be collected by staff of Boab Health who have responsibility for responding to such requests or administrating such registrations.
How is personal information used?
Personal information collected on this website will only be used for the purposes stated at the time of collection. Your personal information will not be added to a mailing list or used for any other purpose without your consent.
What happens if there is a data breach?
A data breach occurs when personal information an organisation or agency holds is lost or subjected to unauthorised access or disclosure. For example, when:
- A device with a customer’s personal information is lost or stolen
- A database with personal information is hacked
- Personal information is mistakenly given to the wrong person
When a data breach occurs, Boab Health will follow best practice recommendations by the Office of the Privacy Commissioner. These include:
Step 1: Contain the data breach to prevent any further compromise of personal information.
Step 2: Assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals and, where possible, taking action to remediate any risk of harm.
Step 3: Notify individuals and the Commissioner if required. If the breach is an ‘eligible data breach’ under the NDB scheme, it may be mandatory for the entity to notify.
Step 4: Review the incident and consider what actions can be taken to prevent future breaches.
Whereas data breach is deemed notifiable. The relevant forms will be used for notifying the Privacy Commissioner and for responding to the breach. Individuals whose related data is accessed unlawfully, will be kept notified during the response period.
7.0 Complaints Handling
How can I make a complaint about privacy?
You can make a complaint if you’re not happy with how we:
- Collected your personal information
- Store your personal information
- Share your personal information
8.0 To make a complaint or request about privacy, please contact our CEO:
Phone: 08 9192 7888
Email: firstname.lastname@example.org (Attention: CEO)
Post: PO Box 1548 Broome WA 6725
Any complaints in relation to Boab Health’s handling of personal information should be directed to the CEO. In most cases the complainant will be asked to lodge their complaint in writing and identify themselves so that Boab Health can respond to them personally. Unless a complaint can be dealt with immediately to the satisfaction of both parties, Boab Health will provide a written response to the complaint within 30 days of its being received.
If an individual believes their complaint has not been appropriately handled by Boab Health, they should contact the Office of the Australian Information Commissioner on 1300 363 992 or through their website:
Complaints Management Policy and Procedure