1.Our functions and activities
1.1We will only collect and maintain a record of personal information if it is reasonably necessary to pursue at least one of our functions and activities in the course of fulfilling our role as a provider of ambulance and first aid services and training.
1.2Our functions and activities include, but are not limited to:
(a)Our functions and activities include, but are not limited to:
(b)providing emergency and non-emergency ambulance services;
(c)delivering first aid training and services;
(d)providing medical services at public events;
(e)providing industrial health services; and
(f)providing general health services.
2.What personal information do we collect?
2.1We may collect the following types of personal information:
(c)mailing or street address;
(e)telephone number and facsimile number;
(f)age or date of birth;
(i)academic record and level of education;
(j)driver’s licence details;
(k)previous employment and training information;
(l)financial details (e.g. credit card, tax details, superannuation information);
(m)third party contact information (e.g. carer, employer);
(n)any other personal information that may be required in order to facilitate your dealings with us or which may be reasonably necessary to pursue our functions and activities.
2.2In the course of carrying out recruitment activities in respect of employees and volunteers we may collect a wide range of information, including information regarding an applicant’s educational qualifications, career history, interests, hobbies and job interests and such other information as may be routinely included within a curriculum vitae.
2.3From time to time, we collect sensitive information about individuals in order to provide our services. However, we generally only collect sensitive information if:
(a)the collection is reasonably necessary for one or more of our activities or functions; and
(b)we have the individual’s consent to the collection.
2.4The APPs list a number of circumstances that permit the collection of sensitive information about an individual without their consent. We only collect sensitive information without an individual’s consent if one or more of those circumstances applies.
3.How do we collect personal information about you?
3.1We will only collect personal information by lawful and fair means and not in an unreasonably intrusive way.
3.2We may collect this personal information either from you, or from third parties. We may collect this information when you:
(a)use our ambulance or patient transfer services;
(b)undertake first aid training with us;
(c)interact with our event or industrial health services;
(d)interact with our general health services;
(e)communicate with us through correspondence, telephone conversations, email, or when you share information with us from other social applications, services or websites;
(f)interact with our sites, services, content and advertising; or
(g)otherwise deal with our organisation, including purchasing or accessing goods or services from our organisation.
3.3In order to provide our services we may collect personal information from third parties, including health and support service providers, government agencies, event organisers/partners and your family and friends.
3.4We will only collect personal information from third parties if:
(a)we are required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual concerned; or
(b)it is unreasonable or impracticable to collect the information directly from the individual concerned; or
(c)it is provided to us in the course of us providing at least one of our functions and activities.
4.Why do we collect, use and disclose personal information?
4.1We will only collect and hold personal information if it is reasonably necessary to pursue at least one of our functions or activities or its collection and storage is required or authorised by or under an Australian law, or a court/tribunal order.
4.2When information is sensitive information we will only collect and store information with the consent of the individual concerned and when the information is reasonably necessary for us to carry out at least one of our functions or activities. Alternatively we may collect sensitive information when the APPs otherwise permit such collection.
4.3We may collect, hold, use and disclose your personal information for the following purposes:
(a)to provide you with appropriate and safe healthcare services and treatment;
(b)to enable you to access and use our website, goods or services;
(c)to operate, protect, improve and optimise our provision of healthcare services, including ambulance/patient transfer services and first aid training and services;
(d)to assess and process the release of patient records;
(e)to investigate complaints and manage insurance claims;
(f)to send you messages, reminders, notices, updates, security alerts, and information requested by you;
(g)to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our related organisations that we think you may find interesting;
(h)to comply with our legal obligations, resolve any disputes that we may have with any of our website users, and enforce our agreements with third parties; and
(i)to consider your employment or volunteering application.
4.4Generally, we will only use or disclose personal information for the purpose for which it was collected (the primary purpose), including the purposes set out above.
4.5However, we may use or disclose personal information for secondary purposes if we receive your consent to do so, or without your consent if you would reasonably expect us to use your information for the secondary purpose, or otherwise when the APPs permit us to do so.
4.6For example, the APPs permit us to use and disclose personal information for a secondary purpose without an individual’s consent if the individual would reasonably expect us to use or disclose the information for a certain secondary purpose and the secondary purpose is:
(a)if the information is sensitive – directly related to the primary purpose; or
(b)if the information is not sensitive – related to the primary purpose; or
(c)the use or disclosure of the information is permitted or authorised by or under an Australian law or a court/tribunal order (for example where disclosure of your information will reduce or prevent a serious threat to life, health or safety or where our disclosure is in response to any unlawful activity).
5.Notification of collection
5.1At or before the time we collect personal information about an individual (or, if that is not practicable, as soon as practicable after), we will take such steps as are reasonable in the circumstances to notify the individual of the following information (“Collection Information”):
(a)our identity and contact details;
(b)that we have collected the personal information;
(c)if the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order – the fact that the collection is so required or authorised;
(d)the purpose for collecting the personal information;
(e)the main consequences (if any) for the individual if we do not collect all or some of the personal information;
(f)the organisations, or types of organisations, to which we usually disclose personal information of that kind;
(i)whether we are likely to disclose the personal information to overseas recipients, and if so, the countries in which such recipients are likely to be located (if practicable to do so).
5.2Circumstances may arise where it would be reasonable for us not to provide the individual about whom the information relates with notice of all or some of the Collection Information. This will often be the case when we are providing emergency ambulance services or similar.
6.Do we use your personal information for direct marketing?
6.1We are a not-for-profit organisation that performs services for the benefit of the community and we may, from time to time, use or disclose personal information for the purpose of direct marketing.
6.2We may send you direct marketing communications and information about our services and products. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
6.3We may use or disclose personal information (other than sensitive information) for direct marketing if:
(a)we collected the information from the individual concerned;
(b)the individual has consented to, or would reasonably expect us to, use or disclose the information for that purpose; and
(c)we provide the individual with a simple means by which they may easily request not to receive direct marketing communications from us and they have not made such a request to us.
6.4In this regard, you may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link).
6.5If personal information is sensitive, we will not use or disclose the information for direct marketing without the consent of the individual concerned.
7.To whom do we disclose your personal information?
(a)our volunteers, employees and related bodies corporate;
(b)third party suppliers and service providers (including providers in connection with providing our products and services to you);
(c)professional advisers, dealers and agents;
(d)payment system operators;
(e)our existing or potential agents, business partners or partners;
(f)anyone to whom our assets or divisions (or any part of them) are transferred;
(g)specific third parties authorised by you to receive information held by us; and/or
(h)other persons, including government agencies, regulatory bodies, healthcare providers and law enforcement agencies, or as required, authorised or permitted by law.
8.Receipt of unsolicited personal information
8.1If we receive personal information that we did not solicit, we will, within a reasonable period of receiving the information, determine whether we would have been permitted to collect the information pursuant to the APPs.
8.2If we determine that we have received personal information that we would not have been permitted to collect pursuant to the APPs (and the information is not contained in a Commonwealth record), we will as soon as practicable and where it is lawful and reasonable to do so, destroy the information or ensure that it is de-identified.
8.3If we determine that we would have been permitted to collect the personal information pursuant to the APPs, we will ensure that the information is dealt with in a manner that complies with the APPs.
9.Disclosure to overseas recipients
9.1From time to time, circumstances may arise where there may be a need for us to disclose personal information to an overseas recipient. This may occur in a range of circumstances, for example where data is being stored and accessed by way of cloud computing or where we correspond with the Order of St John’s international offices in London, United Kingdom.
9.2Before disclosing personal information to an overseas recipient, we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient also complies with the APPs in relation to that information, unless the APPs do not require us to do so.
9.3We will not be required to take the steps described in clause 9.2 above if:
(a)we reasonably believe that:
(i)the recipient of the information is subject to a law or a binding scheme that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information; and
(ii)there are mechanisms that could be taken to enforce the law or binding scheme; or
(b)both of the following apply:
(i)we expressly inform the individual about whom the information relates that if they consent to the disclosure of the information, we will not be required to take the steps described in clause 9.2 above; and
(ii)after being so informed, the individual consents to the disclosure; or
(c)the disclosure of the information is required or authorised pursuant to an Australian law or a court/tribunal order; or
(d)the APPs otherwise allow us to refrain from taking the steps described in clause 9.2 above.
10.Our website and cookies
10.1We may collect personal information about you when you use and access our website.
10.2While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
10.3We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
11.1We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information.
11.2If we hold personal information about an individual which we no longer require, we will take reasonable steps to destroy the information or ensure that it is de-identified (unless our compliance with the APPs or a law requires us to avoid taking such steps).
11.3We may need to maintain records of patient information in order to assist in providing relevant health services. Therefore, we may need to hold health information for longer periods of time than other kinds of personal information in order to carry out some of our functions and activities.
12.Anonymity and pseudonymity
12.1When interacting with us, individuals may choose to remain anonymous or to use a pseudonym. However, we may elect not to deal with the individual anonymously or pseudonymously if:
(a)we are required or authorised by or under an Australian law, or a court/tribunal order, to deal with them in accordance with their identity; or
(b)it is impracticable for us to deal with them in this way.
12.2In some circumstances, it may not be possible for us to properly provide a service without the knowledge of an individual’s identity. This will often be the case where we are providing healthcare services.
13.Quality of personal information
13.1We will endeavour to take reasonable steps to ensure that the personal information that we collect is accurate, up-to-date and complete.
13.2The reasonable steps described above that we may undertake include:
(a)ensuring that updated and new personal information is promptly added to relevant existing records;
(b)reminding individuals to update their personal information when we engage with them;
(c)with respect to personal information in the form of an opinion, we may take the following steps to verify the accuracy of the opinion:
(i)checking that the opinion is from a reliable source;
(ii)providing the opinion to individuals before we use or disclose it;
(iii)clearly indicating on our record that the information is an opinion and identifying the individual who formed that opinion.
13.3If you think that the personal information we hold about you might be out of date and needs to be corrected, please contact us using the details located at clause 18.
14.Accessing your personal information
14.1You can access the personal information we hold about you by contacting us. Requests for access to personal information should be made in writing and addressed to the Privacy Officer whose contact details are located at clause 18 below.
14.2Upon request of personal information, we will within a reasonable period of the request being made, give access to the information in the manner requested (if it is reasonable and practicable to do so), subject to exceptions set out in the APPs.
14.3The APPs provide a list of situations in which we may deny individuals access to their personal information. These situations include where:
(a)granting access would have an unreasonable impact on the privacy of others;
(b)the information relates to existing or anticipated legal proceedings between the individual about who the information relates and ourselves, and would not be accessible by the process of discovery in those proceedings;
(c)access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;
(d)granting access would be unlawful; and
(e)denying access would be likely to prejudice the taking of appropriate action in relation to the matter.
14.4If we refuse to give access to the personal information in accordance with the APPs, or if we refuse to give access in the manner requested, we will take such steps (if any) that are reasonable in the circumstances to give access in a way that meets our needs and the needs of the individual.
14.5If we refuse to give access to personal information in accordance with the APPs, we will provide a written notice setting out:
(a)the reasons for denying access to personal information (except where it would be unreasonable to provide the reasons);
(b)the mechanisms available to complain about the refusal; and
(c)any other matters prescribed by the regulations.
14.6Generally we will not charge fees for giving access to personal information. However, we reserve the right to charge reasonable fees where requests for personal information contain complications or are resource intensive.
15.Correction of personal information
15.1Requests for correction of personal information should be made in writing and addressed to the contact person listed under clause 18.
15.2If, with regard to the purpose for which it is held, we are satisfied that personal information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, or if the individual about whom the information relates makes a request, we will take reasonable steps to correct the information. However, as a matter of practice, when we receive personal information we will hold the information for a period of time before we consider whether it is inaccurate, out-of-date, incomplete, irrelevant or misleading (unless we are informed otherwise).
15.3If we correct personal information, we will take reasonable steps to notify any third party to whom we had previously disclosed the information, if the individual about whom the information relates requests as such and it is not unlawful or impracticable for us to do so.
15.4If we refuse to correct personal information in accordance with the APPs, we will provide a written notice setting out:
(a)the reasons for the refusal (except where it would be unreasonable to provide the reasons);
(b)the mechanisms available to complain about the refusal; and
(c)any other matter prescribed by the regulations.
15.5If we refuse to correct personal information in accordance with the APPs, the individual may request that we associate the information with a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. Where such a request is made, we will take reasonable steps to associate the statement so that it is apparent to the users of the personal information.
15.6We will aim to respond to any request regarding the correction of personal information within 30 days of the request being made.
15.7We will not charge fees for requests for the correction of personal information or for associating the statement with the personal information.
16.Making a complaint
16.1If you think we have breached the Privacy Act or the APPs, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out in clause 18.1.
16.2Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time.
16.3If you think that we have failed to resolve the complaint satisfactorily, a complaint may be made to the Office of the Australian Information Commissioner.
17.Changes to this policy
St John Ambulance Western Australia Ltd
209 Great Eastern Highway
BELMONT WA 6104
Telephone: (08) 9334 1222
Effective: November 2016
19.Definitions of key terms
Personal information, including sensitive information, will be ‘collected’ if it is included in a record or a generally available publication.
You can give consent either:
• expressly – express consent is given explicitly either in writing or orally; or
• impliedly – your consent will be implied where your consent can be inferred from your conduct and our conduct.
Personal information is defined in the Privacy Act. In summary, personal information is information or an opinion about an identifiable person, or a reasonably identifiable person no matter whether:
• the information or opinion is true or false; and
• the information or opinion is recorded in a material form or not
Some examples of personal information include a person’s name, address and date of birth.
Sensitive information is a type of personal information. Some examples of sensitive information include information or an opinion about an individual’s:
• racial or ethnic origin;
• political opinions or membership of a political association;
• religious beliefs;
• philosophical beliefs;
• membership of a trade union;
• criminal record; and
• sexual orientation or practices.