1.Statement of Context and Purpose
Pursuant to Commonwealth privacy laws, PGDC is required to have a privacy policy which is available to all people associated with PGDC for whom records are maintained.
Privacy laws regulate how PGDC can collect, use, hold and disclose personal information. PGDC is bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth).
2.Application
This policy applies to all PGDC personnel. This policy does not apply to records which are subject to the employee records exemption in the Priacy Act 1998 (Cth) and are not otherwise covered by this policy.
-
Reference Points / Background Papers
- Privacy Act 1988 (Cth);
- Health Records Act 2001 (Vic);
- Surveillance Devices Act 1999 (Vic);
- Children's Services Act 1996 (Vic);
- Children's Services Regulations 2009 (Vic);
-
Definitions
PGDC personnel means all PGDC employees, contractors, volunteers and visitors.
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable;
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not. Examples include an individual's name, address, contact number and email address. Sensitive Information is a special category of personal information and means: (a)information or an opinion about an individual’s:
(i)racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv)religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual preferences or practices; or
(ix) criminal record;
that is also personal information; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information; or
(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) biometric templates.
PGDC may collect personal information which is "sensitive information". PGDC will only collect sensitive information with the consent of the individual to whom the information relates or as otherwise permitted by the Privacy Act or other applicable law.
If a third party provides personal information (which is also sensitive information) to PGDC without asking, PGDC will take steps to verify your consent to collect that information.
-
Types of Personal Information Collected
PGDC may collect personal information, including sensitive information, about: · children;
- parents or guardians;
- PGDC personnel or prospective PGDC personnel;
- any other person who comes into contact with PGDC.
The types of personal information that PGDC collects and holds depends on the circumstances of collection. PGDC may collect information such as name, age, contact details, and may collect sensitive information (such as information about health or racial or ethnic origin).
-
Collection and storage of personal information
Information may be collected in a number of ways including directly from the relevant person, from other parties (such as medical practitioners or other organisations) or from publicly available sources.
The primary purpose of collecting the information is to enable PGDC to provide support and services for transgender children and their families.
The information PGDC collects about current or prospective PGDC personnel may be collected in a number of ways including:
- directly from job applicants and employees during the recruitment phase and during the course of employment;
- from other parties (such as job applicants representatives or referees, or social media sites);
- from publicly available sources; and
- from medical forms, incident reports, occupational health and safety requirements (including capacity to work certificates), provided by an applicant or employee, or any other third party authorised by an applicant or employee.
-
Use and Disclosure of Information
PGDC collects personal information for a range of purposes to enable it to fulfil the primary purpose of providing support and services to transgender children and their families.
PGDC only uses personal information for the purposes of which the information was collected. PGDC may use or disclose personal information for a secondary purpose for which the information was collected if the secondary purpose is related to the primary purpose and where the individual to whom the information relates could reasonably expect PGDC to use the information for that purpose.
PGDC may also use or disclose personal information for any other purposes for which PGDC has received consent from the person to whom the personal information relates or otherwise as permitted by legislation.
In relation to personal information which is "sensitive information", PGDC will not use or disclose that information for a purpose other than a primary purpose for which it has been collected unless:
- PGDC has the consent of the individual to whom the information relates to disclose or use the information for some other purpose;
- the secondary purpose is directly related to the primary purpose of collection and the individual would reasonably expect PGDC to use or disclose that information for the secondary purpose; or
- use or disclosure is otherwise permitted by legislation.
7.1 Use
Children and Parents
PGDC may use personal information collected about students and parents for the following purposes:
- providing support for transgender children;
- to make contact with parents in relation to their child;
- internal accounting;
- day-to-day administration;
- seeking donations and marketing for PGDC;
- to satisfy legal obligations; and
- for any other purposes that would be reasonably expected.
Prospective PGDC Personnel
PGDC may use personal information collected about prospective PGDC personnel in accordance with the Australian Privacy Principles including for the following purposes:
- to assess whether an individual is suitable for employment or work, including child connected work;
- administering the individual's employment or contract;
- to ensure that information PGDC has collected is accurate and up-to-date; · internal accounting and administration;
- insurance;
- seeking funds and marketing for PGDC;
- to satisfy legal obligations including with respect to child safety and child abuse; · for any other purposes that would be reasonably expected.
7.2 Disclosure
PGDC may disclose personal information, including sensitive information, for administrative purposes and to ensure child safety. This may include disclosing information to:
- medical practitioners;
- people providing services to PGDC;
- parents; and
- anyone else that PGDC is authorised to disclose information to.
Personal information may be disclosed to organisations that assist in PGDCs fundraising. Disclosure to Overseas Recipients
PGDC is not likely to disclose personal information to overseas recipients.
-
Information Quality
PGDC will take reasonable steps to ensure that the personal information that is collected, used and disclosed is accurate and up-to-date. PGDC will immediately update its records when an individual provides any new information or information that has changed.
-
Integrity of Information
PGDC will take such steps that are reasonable to protect personal information from:
- misuse, interference and loss; and
- unauthorised access, modification or disclosure.
This includes taking appropriate security measures to protect electronic materials and material stored and generated in hard copy.
PGDC will take reasonable steps to ensure that information is destroyed or de-identified when it is no longer required by law.
10. Access to Information
PGDC will, on request by an individual, give that individual access to any personal information held by PGDC about that individual.
Any request for access should be made to the Founder – staff@pgdc.org.au. PGDC will provide individuals with access to their personal information, but may charge an access fee to cover the cost of retrieving and supplying the information.
-
Consent
PGDC will treat consent given by parents as consent given on behalf of the child, and notice given to parents will act as notice given to the child.
12.Enquiries and Complaints
Any person may request further information about the way PGDC manages the personal information it holds by submitting a request to:
The founder , email staff@pgdc.org.au
A person who wishes to make a complaint about PGDC's compliance with the Australian Privacy Principles, can submit the complaint to:
The founder , email staff@pgdc.org.au
PGDC will investigate any complaint and will notify the person who made the complaint of the outcome as soon as practicable after it has been made.
-
Consequences for Breach of this Policy
PGDC emphasises the need to fully comply with the requirements of this policy. Breaches of this policy will be treated seriously and dealt with appropriately.
-
Implications for Practice
14.1At Board Level
To properly implement this policy , PGDC must ensure:
- that this policy is endorsed on an annual basis;
- that copies of this policy are made available to all PGDC personnel;
- that this policy is incorporated into the PGDC's record of current policies;
- that this policy is incorporated into PGDC's induction program, to ensure that all PGDC personnel are aware of the policy, have read and understood the policy, and acknowledge their commitment to comply with the policy; and
- that periodic training and refresher sessions are administered to PGDC personnel in relation to this policy.
14.2At Other Levels
To properly implement this policy, all PGDC personnel must ensure that they abide by this policy and assist PGDC in the implementation of this policy.