St John WA Privacy Policy

At St John WA, we take your privacy very seriously and are committed to protecting the security of your personal information.

This page explains how we, St John Ambulance Western Australia Limited and Apollo Health Limited (together St John WA) may collect and user the information you give us, and the conditions under which we may disclose it to others. 

St John WA’s Privacy Officer can help you with any queries about privacy. If you have would like to give general feedback or raise a complaint, please Contact Us.

If you are unhappy with the resolution of any complaint, or the way we have handled your complaint, you may refer your complaint in writing to the Office of the Australian Information Commissioner by email to

You can download a .pdf version of our full Privacy Policy here. If you require the Policy in a different format, please contact our Privacy Officer.

We may change our Privacy Policy from time to time due to changes in legislation or as we improve our services. If you have any queries, please contact our Privacy Officer.


Frequently asked questions


What is personal information?

In the Privacy Act, personal information is defined as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.’

The term ‘personal information’ covers a broad range of information including:

  • General information – your identity (name, age, date of birth, sex, marital status), contact details (residential / mailing address, email, telephone number, next of kin etc) and financial details (for payment of services).
  • Sensitive information – includes information or opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation, or criminal record, provided the information or opinion otherwise meets the definition of personal opinion.
  • Health information – any personal information about your health or disability such as medications and medical history (this might include sensitive information).
  • Employee record information – current and former employee records are exempt from the Privacy Act 1988 (Cth), however records kept during the recruitment process are personal information. Employee records are held under the Fair Work Act 2009 and Fair Work Regulations 2009. For more information on your rights, please see the Fair Work Ombudsman website –

Information can be in any form, including voice recordings, photographs, biometrics, location information from a mobile device, tissue samples, as well as traditional written and digital formats.

What is de-identified information?

De-identified information is when personal information has gone through a process to remove or alter it so that individuals can no longer be identified.

Generally, de-identification involves two steps:

  • removing personal identifiers, such as an individual’s name, address, date of birth or other identifying information, and
  • removing or altering other information that may allow an individual to be identified, for example because of a rare characteristic of the individual, or a combination of unique or remarkable characteristics that enable identification.

We may de-identify information for secondary business purposes such as research or where it is no longer required for the primary purpose for which it is collected.

Can I be anonymous or use a pseudonym?

The Privacy Act allows individuals to ask to be anonymous or to use a pseudonym (fake name) instead of giving personal information. Due to the nature of emergency and health services we provide, there are very limited situations, such as when you provide feedback through our website or telephone us to a make a general enquiry, where you will be able to be anonymous or use a pseudonym. However, if you have a specific requirement, such as for your safety in a family or domestic violence situation, please contact us.

What about consent?

Under the Privacy Act, we must collect personal information in a lawful and fair way and that includes asking for consent, where practicable to do so. You can withdraw your consent to us collecting your personal information at any time, however this might make it more difficult for us to provide our services to you. In a situation where there is a serious threat to your life, health, or safety, we may collect personal information, such as your name and contact information, and sensitive information such as health information, without your consent so that we can provide emergency health services to you.

If practical, we will collect the personal information directly from you but there are situations where this might not be possible, for example:

  • if you are unconscious or unable to communicate, we will provide emergency health services to you.
  • if you cannot understand us, we may ask an interpreter to help us communicate with you.
  • if you are a minor, we may ask a parent or guardian.
  • if you have a physical or mental impairment, we may ask a carer or guardian.
  • if you are temporarily incapacitated, we may ask a responsible person to assist us.

We will need to provide your personal information, including any sensitive and health information we have collected, when we hand over your care from our service to another health service provider to assist with your ongoing treatment. We may be unable to obtain your consent at the time to do this.

There are permitted general situations under the Privacy Act where we may collect or disclose personal, including sensitive and health information, without your consent, such as where there is a serious threat to your life, health, or safety; to locate a missing person; if unlawful activity or misconduct of a serious nature is suspected; during a confidential alternative dispute resolution process; or defending a legal or equitable claim.

There are also rules under the Privacy Act which allow health information to be collected if it is required or authorised by or under another Australian law or is collected in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind us. An example of this is when we collect information to include in your My Health Record under the My Health Records Act 2012 (Cth) if you as an individual have opted into My Health Records and provided access rights for us to do so.

If you are concerned about what information has been collected and disclosed, without your consent, please contact us.

For more information about your rights under the Privacy Act 1988 (Cth) in relation to health services, please see the Office of the Australian Information Commissioner website –

Why do we collect, use, hold or disclose your personal information?

We collect, use, hold (store) and disclose (provide to others outside St John WA) personal information if it is reasonably necessary for one or more of our business functions, services, or activities and where required or authorised by law or court/tribunal order. These include:

  • 000 State Operations Centre
  • emergency ambulance services
  • emergency and non-emergency health services
  • patient transport and community transport services
  • first aid training and services, including school programs and youth services
  • medical and first aid services to private clients at public and private events
  • industry medical services provided to organisations
  • urgent care services
  • general practice, medical, medical specialist, pathology, and allied health services
  • dental and emergency dental services
  • digital services including the First Responder App, online first aid community training
  • community engagement activities including school programs
  • volunteer opportunities and services
  • recruitment, employment, and training services
  • stakeholder and relationship management
  • fundraising, donations, and related charitable activities
  • media engagement, marketing, general promotional activities, and surveys
  • goods and services transactions
  • billing and insurance claims
  • internal reporting for evaluation, monitoring, and service improvement
  • evidence-based policy planning
  • governance, legal and statutory regulation obligations
  • reporting to the WA Department of Health and other funding bodies and stakeholders
  • providing information for referral to health professionals, health, and other service providers
  • research or statistical activities relevant to public health or for the management, funding or monitoring of a health service
  • any other services to improve the wellbeing of the community.

We provide real time and historical personal information to our main funding body, the WA Department of Health, as part of our contractual obligations in providing ambulance, non-emergency patient transport and other funded services to the community of Western Australia.

We also provide personal information to assist law enforcement agencies, such as the Western Australia Police Force, the Coroner, courts, tribunals, and statutory agencies. We work with universities and research bodies on medical research projects, which may involve sharing personal information.

What kinds of information do we collect and hold?

We collect a broad range of personal information from you, some of which may include health information, employee record information, financial information, and sensitive information. For example, we may collect personal information such as your name, address, and other information specific to the service provided to you or the business relationship you have with us.

The personal information we collect, and hold is necessary for one or more of our business functions, services, or activities. For example, we may collect:

  • health information, health insurance, Medicare, and financial information from you when you use our emergency ambulance services, patient transport services or attend one of our urgent care, general practice, or dental centres,
  • your financial information when you buy first aid equipment from us or pay for first aid training or make a donation,
  • employment and volunteer application, qualification and licences, health information and financial information to manage our recruitment processes,
  • personal information from you when downloading our First Responder App to access resources and services via the App and to act as a First Responder in the community.

Further detailing on collection, use and disclosure for different service offerings and activities are contained in privacy collections statements for those services or activities.

We generally collect sensitive information about you where it is directly related to one or more of our functions or activities listed in 3.5 and only with your consent. However, we may collect sensitive information without your consent - where it is required or authorised by law; to lessen or prevent a serious threat to life, health, or safety; to take appropriate action against suspected unlawful activity or serious misconduct; to locate a missing person, establish or defend against a legal claim; or for a confidential alternative dispute resolution process.

We may hold your personal information in a number of ways including:

  • in our websites, computer systems or databases
  • in paper records, and / or
  • in social media or surveys.


What about the internet?

We may collect information about your visit to our website and use cookies to assist us to measure and improve how we provide services and information on the internet. Cookies are small information files that an end user’s web browser places on their computer when a website is visited. For information on disabling cookies, please go to the privacy settings within your web browser.

We retain the content and associated data of any online messages, surveys, and emails (and any attachments) that you send to us, if we believe we have a legal right to do so. Your email message may be monitored by us and our response to you may also be monitored for security and quality assurance issues.

What about direct marketing?

We provide services for the benefit of the community and may use personal information for direct marketing purposes to inform you of our services and products, for fundraising activities and appeals. As a registered charity, we are exempt from the Spam Act 2003 and the Do Not Call Register 2006, but we comply with the APPs in our direct marketing and fundraising efforts.

We will follow the obligations set out in any relevant legislation, including the Telecommunications (Telemarketing and Research Calls) Industry Standard 2017 in relation to marketing and promotional communications.

St John WA adhere to the Fundraising Institute of Australia Code, a voluntary, self-regulatory code of conduct for fundraising in Australia which is informed by the International Statement of Ethical Principles in Fundraising.

You can opt out of receiving direct marketing communications from us by using the unsubscribe option in any emails, or submitting a feedback or complaint form, or contacting us by phone or email –

Do we send information overseas?

We will only disclose your personal information for the purpose for which it is collected and with your consent, unless authorised by law to do so, or in the interests of your immediate health and safety.

Whilst we try to keep patient and client data within Australia, the nature of cloud computing means that some of our systems may transfer information overseas. We put in place security measures, such as access control and encryption, to reduce the risk of information being misused or interfered with.

We will ask the overseas recipient (organisation or person we are sending information to) to comply with the Australian Privacy Principles if the country they are in do not have a similar law or binding scheme as the Privacy Act.

St John WA are part of the Order of St John, whose head office is in London, England. We provide personal information of Order members (or Members of St John WA company) to St John International, who are the supporting body for all St John organisations.

If you have any concerns about how your personal information will be disclosed, please contact us.

What is unsolicited personal information?

Unsolicited personal information is personal information that we have not asked for. If we receive any unsolicited information that is not reasonably necessary, or directly related to one or more of our business activities, then we will de-identify or destroy it.

If you receive information from us that is not meant for you, please delete it immediately and contact us to let us know.

What about security measures?

We will protect your personal information as far as practicable from misuse, interference, loss, and from unauthorised access, modification, or disclosure. We do this by using security measures in our information, communication and technology systems. We require that our employees, volunteers, and contractors follow policies and procedures regarding accessing information and systems. We use multifactor authentication to reduce the risk of unauthorised access and we monitor our systems for security threats.

We also use third-party solutions or providers to collect, process and hold information, depending on our business activities. In these instances, we take reasonable steps towards ensuring protection of personal information shared, including assessment of the security arrangements and controls of third-party providers.

If we hold personal information that is no longer needed for one of our business activities or functions and we are not required by law to retain it, we will de-identify and / or destroy it. We may need to keep health information for longer than other personal information in order to meet our contractual and legal obligations.

If there is unauthorised access or disclosure of personal information which is likely to result in serious harm to you, and we have been unable to prevent this, we will notify you and report the breach to the Office of the Australian Information Commissioner under the Notifiable Data Breach Scheme. You can find out more about the Scheme on the OAIC website –

How can I access and correct my personal information?

We aim to ensure that the personal information we hold is accurate, up to date, complete, relevant, and not misleading. Under APPs 12 and 13 you have the right to ask for access to personal information that we hold about you, and to ask that we correct that personal information.

If you would like to seek access to, or revise your personal information, or feel that the information we hold may be incorrect or incomplete, please contact us.

We aim to respond to you within 30 days of your initial request.

To access your patient records, you will need to email us at and complete our Request to Access Patient Records Form. There may be a charge for this.

To ensure your personal information remains accurate, up-to-date, complete, and relevant, please email us at to make any necessary corrections. There is no charge for requests to correct your personal information.
We will ask you to verify your identity before we give you access to your information or correct it.

If we are unable to correct your information on the original record due to legal or contractual obligations, we may be able to add a statement instead. If we are unable to give you access to, or correct, your personal information, we will tell you of the reasons why.

We will also take reasonable steps to inform any third parties of your request. We may not provide access to your personal information where exempted from doing so under the APP 12, including where doing so will:

  • pose a serious threat to the life, health, or safety of any individual or to public health or safety;
  • have an unreasonable impact on another person’s privacy;
  • prejudice the taking of appropriate action relating to suspected unlawful activity or serious misconduct;
  • prejudice an enforcement body from conducting enforcement related activity;
  • affect a commercially sensitive decision-making process; affect an existing or anticipated legal proceeding;
  • denying access is required or authorised by law or a court/tribunal order.

How do I make a complaint?

If you believe that we have breached your privacy in our handling of your personal information, you may lodge a complaint with us. Our complaints, feedback and compliments forms are available on our website at

If you are unhappy with the resolution of your complaint, or the way we have handled your complaint, you may refer your complaint in writing to the Office of the Australian Information Commissioner by email to or see their website for more contact details –


Collection Notice

When you use this website

When you visit this website, we may use automated tools and methods (such as cookies and sessions) to collect information about your visit, including:

  • the internet protocol address and domain name used by your computer to connect to the internet
  • the operating system and which browser your computer uses, and
  • any search engine or inbound hyperlink used to reach this website the date, time, and duration of your visit and the pages you viewed.

This information may be used to analyse how this website is being used. We may gather more extensive information if we are concerned about abnormal website usage patterns or website security breaches. If you have any feedback about the website, please contact us using the feedback or complaints form.