greatway support solutions

Privacy Policy

1. Purpose

Overview of organisation

Greatway Support Solutions (GSS) is a for-profit organisation providing services in the form of Disability Support.

The organisation holds contracts to deliver State and Commonwealth government programs. In providing such services, we comply with the relevant state and national privacy principles and any additional obligations under individual contracts.

GSS respects the privacy of all employees, volunteers, clients/customers, donors, business partners and online users and is committed to safeguarding the personal information that is provided by these people.

The purpose of this policy is to provide a position statement with regard to how GSS adheres to the Australian Privacy Principles contained within the Privacy Act (1988) C’wth and the Information Privacy Act (Qld) and in so doing, manages personal information transparently, safely and securely.

2. Scope

This policy applies to collection and disclosure of recorded personal information by GSS employees, volunteers, clients/customers, donors, business partners and online users. The Privacy Act and this Privacy Policy do not apply to acts or practices which directly relate to:

  • GSS’s current and former employment relationship with an employee: and

  • An employee record held by the organisation relating to the employee

3. Definitions

APP: Australian Privacy Principles

Anonymity: Requires that an individual may deal with an APP entity without providing any personal information or identifiers.

Pseudonymity: Requires that an individual may deal with an APP entity by using a name, term or descriptor that is different to the person’s actual name. Examples include an email address that does not contain the person’s actual name, and a username that a person uses when participating in an online forum.

Personal information:  Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not it is true or in recorded material form. This can include information about an individual’s business or work activities. Personal information includes two subcategories: Sensitive and Health Information.

Sensitive information: Means information or opinion (that is also personal information) about an individual’s:

  • Racial or ethnic origin

  • Political opinions

  • Membership of a political association

  • Religious beliefs or affiliations

  • Philosophical beliefs

  • Membership of a professional or trade association

  • Membership of a trade union

  • Sexual orientation or preferences or practices, or

  • Criminal record

  • Health information about an individual

  • Genetic information about an individual that is not otherwise health information

  • biometric information this is to be used for the purpose of automated biometric verification or biometric identification, or:

  • biometric templates

Health Information: Means information about someone’s health, in particular:

  • information or an opinion that is personal information and is about the health (including an illness), disability or injury (at any time) of an individual, about an individuals expressed wishes about the future provision of health services to them or about a health service provided, or to be provided, to an individual;

  • other personal information collected to provide, or in providing, a health service;

  • other personal information collected in connection with the donation, or intended donation, by an individual of his or her body parts, organs or body substances; or

  • genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.

Unsolicited personal Information: Information received by GSS where our organisation has taken no active step to collect the information (e.g. misdirected mail, an employment application sent to GSS on an individual’s own initiative and not in response to an advertised vacancy).

De-identified information: De-identified information can still be personal information, an individual’s identity can often still be reasonably ascertained from information that does not state their name, for eg:

  • by matching it with other information that identifies them (eg matching an account ID with the account holder’s name); or

  • where the person’s identity is evident from the context in which information is given

Direct marketing: Involves the use and/or disclosure of personal information to communicate directly with an individual to promote goods and services

Consent: Can be expressed consent or implied consent. Four key elements of consent are:

  • It must be provided voluntarily

  • The individual must be adequately informed of what they are consenting to
  • It must be current and specific, and
  • The individual must have the capacity to understand and communicate their consent


Online Users: Anyone who accesses the GSS website (www.greatwaysupportsolutions.com.au)

4. policy

4.1 Our Personal Information Handling Practices

4.1.1 Our obligations under the Privacy Acts

This Privacy Policy sets out how we comply with our obligations under the Privacy Act 1988 (Cwlth) and Information Privacy Act 2009 (Qld) (Privacy Acts). We are bound by the Australian Privacy Principles (APPs) in the Privacy Act which regulate how organisations may collect, use, disclose and store personal information, and how individuals may access, and correct personal information held about them.

4.1.2 Collection of Personal and Sensitive Information

If you would like to access any GSS service on an anonymous basis or using a pseudonym, please tell us. If this is possible and lawful, we will take all reasonable steps to comply with your request. However, we may not be able to provide the services in question if we are not provided with the personal information requested.

The nature and extent of personal and sensitive information collected by GSS varies depending on your particular interaction with IMPACT.

GSS collects personal and sensitive information from clients/customers, donors, business partners, GSS people and online users. Further information about the kind of information which may be collected from each of these groups and the usage of such information is detailed below.

GSS clients/customers

Kind of information collected includes (depending on circumstances):

  • Contact details (name, address, email etc)
  • Personal details including date of birth, gender
  • Employment history
  • Educational qualifications
  • Areas of interest
  • Health information and/or medical history
  • Family and community support
  • Cultural identification, racial or ethnic origin
  • Country of birth, citizenship, residency and/or visa details
  • Drivers licence details
  • Credit card numbers or bank account details

How the information is collected includes:

  • Application and referral forms
  • Telephone
  • Face to face interviews
  • Online, telephone and personal orders

Purpose for which GSS uses the information includes:

  • To provide GSS services
  • To provide clients/customers with the most appropriate services/products for their needs
  • To meet any requirements of government funding for programs
  • To monitor and evaluate existing services and plan for future services
  • To comply with legal obligations
  • To coordinate services with other providers/agencies for the benefit of individuals (e.g. Department of Social Services)

     

GSS donors

Kind of information collected includes (depending on circumstances):

  • Contact details (name, address, email etc.)
  • Credit card numbers/details or bank account details
  • Donation history

     

How the information is collected includes:

  • Communications
  • Email
  • Online information
  • Telephone
  • Face to face

     

Purpose for which GSS uses the information includes:

  • To process donations and provide accurate receipts
  • To facilitate ongoing fundraising for special projects
  • To comply with legal obligations
  • To provide transparency relating to donated funds

     

GSS business partners

Kind of information collected includes (depending on circumstances):

  • Contact person’s name, position title
  • Name of organisation which is our business partner
  • Contact telephone numbers, fax numbers, addresses, email addresses
  • Bank details (if GSS is to receive payment or make payment for services received)
  • Type of support (e.g. goods in kind, program support, financial, volunteering)

     

How the information is collected includes:

  • Communications
  • Email
  • Telephone
  • Letter

     

Purpose for which GSS uses the information includes:

  • To provide GSS services
  • To pay for services
  • To establish and manage partnerships
  • To receive services from the partner organisation
  • To manage our relationship with the business partner
  • To provide information about IMPACT’s services
  • To update the company on IMPACT’s programs or services

GSS people (employees, volunteers)

Kind of information collected includes (depending on circumstances):

  • Contact details (name, address, contact numbers, email etc.)
  • Personal details including personal details of emergency contact people
  • Date of birth
  • Country of birth, citizenship, residency and/or visa details
  • Details of current/previous employment or volunteer involvement
  • Skills and experience
  • Cultural identification or languages spoken or written
  • Qualifications, driver’s licence details
  • Information and opinions from referees for prospective employees and volunteers
  • Worker Screening or a Police Check may be required for some roles within IMPACT. Any information provided as a result of Worker Screen or Police Check will be stored in a secure manner and destroyed when necessary, according to law.
  • In some situations, it is necessary for GSS to collect or receive information about an individual’s health or disability. In this circumstance, GSS will advise why the information is being collected and whether and to whom it will be released.

     

How the information is collected includes:

  • Application forms
  • Resumes
  • Timesheets
  • Personnel forms

     

Purpose for which GSS uses the information includes:

  • To provide GSS services
  • To process an application to become an employee or a volunteer
  • To facilitate a placement in an appropriate service or position
  • To assist with services whilst an individual is employed or engaged as a volunteer with IMPACT
  • To provide feedback on performance as an employee or volunteer
  • To meet legislative responsibilities to all employees and volunteers
  • To obtain feedback from individuals about their experiences with IMPACT
  • To assist GSS to review and improve its cultural awareness, programs, services and products to keep individuals informed about GSS developments and opportunities
  • To provide information about GSS services
  • To facilitate further involvements with GSS(disability supports etc.)
  • To ensure appropriate and adequate access to infrastructure, and/or to enable appropriate modifications if necessary

     

Online users

To the extent that this Privacy Policy applies to online privacy issues, it is to be read as forming part of the terms and conditions of use for the GSS organisation website (www.greatwaysupport.com.au

Kind of information collected includes (depending on circumstances):

  • Contact details (name, address, telephone numbers, email etc.)
  • Credit card number details
  • Non-personal information e.g. visitor navigation and statistics
  • Server address, browser type, date and time of visit
  • Personal information
  • Employment and education history
  • Interests and goals
  • Names of referees

     

How the information is collected includes:

  • Online

     

Purpose for which GSS uses the information includes:

  • To process purchase orders, online bookings, purchases/transactions (e.g. purchase of products)
  • To recruit for positions vacant
  • To analyze website usage and make improvements to the website

     

Additional information:

The website may from time to time contain links to other websites. GSS stresses that when an online user accesses a website that is not the GSS website, it may have a different privacy policy. To verify how that website collects and uses information, the users should check that particular website’s policy.

4.1.3 How We Collect Information

Where possible, we collect your personal and sensitive information directly from you. We collect information through various means, including telephone and in-person interviews, appointments, forms and questionnaires. If you feel that the information that we are requesting, either on our forms or in our discussions with you, is not information that you wish to provide, please feel free to raise this with us.

In some situations, we may also obtain personal information about you from a third-party source. If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purposes for which we are collecting your personal information and the organisations to which we may disclose your information, subject to any exceptions under the Act. For example, we may collect information about you from a health care professional, such as your doctor.

4.1.4 Health (or other) Sensitive Information

As part of administering its services, GSS may collect health or other sensitive information. For example, GSS collects health information (such as medical history) from some clients participating in GSS programs. When collecting health information from you, GSS will obtain your consent to such collection and explain how the information will be used and disclosed.

If health information is collected from a third party (such as your doctor), GSS will inform you that this information has been collected and will explain how this information will be used and disclosed.

GSS will not use health (or other sensitive) information beyond the consent provided by you, unless your further consent is obtained or in accordance with one of the exceptions under the Privacy Acts or in compliance with another law. If GSS uses your health (or other sensitive) information for research or statistical purposes, it will be de-identified if practicable to do so.

4.1.5 Use and Disclosure of Personal Information

We only use personal information for the purposes for which it was given to us, or for purposes which are related to one of our functions or activities. Within GSS we may share your personal information with other sections or divisions when necessary.

For the purposes referred to in this Privacy Policy (discussed above under “Collection of Personal and Sensitive Information” we may also disclose your personal information to other external organisations including:

  • Government departments/agencies that provide funding for IMPACT.
  • Contractors who manage some of the services we offer to you, such as distribution centers that may send information to you on behalf of IMPACT. Steps are taken to ensure they comply with the APPS when they handle personal information and are authorized only to use personal information in order to provide the services to perform the functions required by IMPACT.
  • Health care professionals who assist us to deliver our services
  • Other regulatory bodies such as Work Health and Safety Queensland
  • Referees and former employers of GSS employees and volunteers, and applicants for GSS employee and volunteer positions
  • Our professional advisors, including our accountants, auditors and lawyers.

Except as included above, GSS will not disclose an individual’s personal information to a third party unless one of the following applies:

  • The individual has consented
  • The individual would reasonably expect us to use or give that information for another purpose related to the purpose for which it was collected (or in the case of sensitive information- directly related to the purpose for which it was collected)
  • It is otherwise required or authorised by law
  • It will prevent or lessen a serious threat to somebody’s life, health or safety or to public health or safety
  • It is reasonably necessary for us to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature that relates to our functions or activities
  • It is reasonably necessary to assist in locating a missing person
  • It is reasonably necessary to establish, exercise or defend a claim at law
  • It is reasonably necessary for a confidential dispute or resolution process
  • It is necessary to provide a health service
  • It is necessary for the management, funding or monitoring of a health service or relevant to public health and safety
  • It is necessary for research or the compilation or analysis of statistics relevant to public health or public safety
  • It is reasonably necessary for the enforcement of a law conducted by an enforcement body

We do not usually send personal information out of Australia. If we are otherwise required to send information overseas, we will take measures to protect your personal information. We will protect your personal information either by ensuring that the country of destination has similar protections in relation to privacy or that we enter into contractual arrangements with the recipient of your personal information that safeguards your privacy.

4.1.6 Security of Personal and Sensitive Information

GSS takes reasonable steps to protect the personal and sensitive information we hold against misuse, interference, loss, unauthorised access, modification and disclosure.

These steps include password protection for accessing our electronic ICT systems, securing paper files in locked cabinets and physical access restrictions. Only authorised personnel are permitted to access these details.

When the personal information is no longer required, it is archived and then destroyed in a secure manner or deleted according to our records management procedures.

4.1.7 Access to and Correction of Personal Information

If an individual requests access to the personal information we hold about them, or requests that we change that personal information, we will allow access or make the changes unless we consider that there is sound reason under the Privacy Acts or other relevant law to withhold the information, or not make the changes.

Requests for access and/or correction should be made to the Privacy Officer (details of which are set out below). For security reasons, you will be required to put your request in writing and provide proof of your identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is not undermined.

In the first instance, GSS will generally provide a summary of the information held about the individual. It will be assumed (unless told otherwise) that the request relates to current records. These current records will include personal information which is included in GSS databases and in paper files, and which may be used on a day to day basis.

We will provide access by allowing you to inspect, take notes or printouts of personal information that we hold about you. If personal information (for example, your name and address details) is duplicated across different databases, GSS will generally provide one printout of this information, rather than multiple printouts.

We will take all reasonable steps to provide access or the information requested within 14 working days of your request. In situations where the request is complicated or requires access to a large volume of information, we will take all reasonable steps to provide access to the information requested within 30 working days.

GSS may charge you reasonable fees to reimburse us for the cost we incur relating to your request for access to information, including in relation to photocopying and delivery cost of information stored off site. For current fees, please contact the Privacy Officer.

If an individual is able to establish that personal information GSS holds about him/her is not accurate, complete or up-to-date, GSS will take reasonable steps to correct our records.

Access will be denied if:

  • The request does not relate to the personal information of the person making the request
  • Providing access would pose a serious threat to the life, health or safety of a person or to public health or public safety
  • Providing access would create an unreasonable GSS on the privacy of others
  • The request is frivolous and vexatious
  • The request relates to existing or anticipated legal proceedings
  • Providing access would prejudice negotiations with the individual making the request
  • Access would be unlawful
  • Denial of access is authorised or required by law
  • Access would prejudice law enforcement activities
  • Access would prejudice an action in relation to suspected unlawful activity, or misconduct of a serious nature relating to the functions or activities of IMPACT
  • Access discloses a “commercially sensitive” decision making process or information; or
  • Any other reason that is provided for in the APPs or in the Privacy Acts

If we deny access to information, we will set out our reasons for denying access. Where there is a dispute about your right of access to information or forms of access, this will be dealt with in accordance with the complaint’s procedure set out below.

4.1.8 Direct marketing

As part of developing our business, there are times when we may contact you to promote our services or products. This is called direct marketing. You have the option of “opting out” if you do not wish to receive information about our services or products. Simply advise an Greatway Support Solutions staff member that you no longer wish to receive marketing calls/newsletters/brochures etc.

If we contact you to directly market our products or services, we will readily disclose where we sourced your contact details, should you wish to know that.

4.1.9 Complaints Procedure

If you have provided us with personal and sensitive information, or we have collected and hold your personal and sensitive information, you have a right to make a complaint and have it investigated and dealt with under this Complaints procedure.

If you have a complaint about GSS privacy practices or our handling of your personal and sensitive information, please contact our Privacy Officer (details set out below).

All complaints are registered on our Complaints Register.

A privacy complaint relates to any concern that you may have regarding GSS privacy practices or our handling of your personal and sensitive information. This could include matters such as how your information is collected or stored, how your information is used or disclosed or how access is provided to your personal and sensitive information.

The goal of this policy is to achieve an effective resolution of your complaint within a reasonable timeframe, usually 30 working days or as soon as practicable.

However, in some cases, particularly if the matter is complex, the resolution may take longer. Once the complaint has been made, we will try to resolve the matter in a number of ways such as:

  • Request for further information: We may request further information from you. You should be prepared to provide us with as much information as possible, including details of any relevant dates and documentation. This will enable us to investigate the complaint and determine an appropriate solution. All details provided will be kept confidential.
  • Discuss options: We will discuss options for resolution with you and if you have suggestions about how the matter might be resolved you should raise these with the Privacy Officer.
  • Investigation: Where necessary, the complaint will be investigated. We will try to do so within a reasonable time frame. It may be necessary to contact others in order to proceed with the investigation. This may be necessary in order to progress your complaint.
  • Conduct of our employees: If your complaint involves the conduct of our employees, we will raise the matter with the employee concerned and seek their comment and input in the resolution of the complaint.
  • The complaint is substantiated: If your complaint is found to be substantiated, you will be informed of this finding. We will then take appropriate agreed steps to resolve the complaint, address your concerns and prevent the problem from recurring.
  • If the complaint is not substantiated, or cannot be resolved to your satisfaction, but this Privacy Policy has been followed, GSS may decide to refer the issue to an appropriate intermediary. For example, this may mean an appropriately qualified lawyer or an agreed third party, to act as a mediator.
  • At the conclusion of the complaint, if you are still not satisfied with the outcome you are free to take your complaint to the office of the Australian Information Commissioner at www.oaic.gov.au (Commonwealth) or Information Commissioner (State) at www.oic.qld.gov.au

We will keep a record of your complaint and the outcome.

We are unable to deal with anonymous complaints. This is because we are unable to investigate and follow up such complaints. However, in the event that an anonymous complaint is received we will note the issues raised and, where appropriate, try and investigate and resolve them appropriately.

4.1.10 Changes to this Privacy Policy

GSS reserves the right to review, amend and/or update this policy from time to time.

We aim to comply with the APPs and other privacy requirements to be observed under State or Commonwealth Government contracts.

If further privacy legislation and/or self-regulatory codes are introduced or our Privacy Policy is updated, we will summarise any substantial modifications or enhancements in this section of our Privacy Policy.

5. References

Acts: Privacy Act 1988 (Commonwealth) Australian Privacy Principles Information Privacy Act 2009 (QLD)

Right to Information Act 2009 (Qld) Freedom of Information Act 1982 (Cwlth)

crisis prevention institute

Ongoing development training is available for our staff

NDIS SUPPORTERS

we are ndis registered!

NDIS Provider – 431514597

ABN – 89 639 268 830

get in touch

NDIS Provider – 431514597


ABN – 89 639 268 830

Navigate
Legal Links
get in touch
Instagram Facebook

Copyright © Greatway Support Solutions | Designed & Developed By Chalkncheese

Registered NDIS Provider