Privacy Policy

Ability Works Privacy Policy

Purpose

Ability Works Australia (AWA) is committed to privacy protection and compliance with applicable privacy laws and standards and will manage personal information in an open and transparent way.

AWA will fulfil its obligations under the Privacy Act of 1988 by complying with the Australian Privacy Principles (APPs). The APPs detail how organisations should collect, update, use, keep secure or where necessary disclose and give access to personal information, as well as how complaints should be handled and how, in some circumstances, anonymity can be maintained.

This Policy outlines how AWA handles the personal information of individuals, including staff, employees, participants, contractors and personnel from our suppliers. It covers the collection, use, disclosure and storage of personal information, including how individuals can access their information.

Scope

This Policy applies to the Ability Works Board directors, all staff, employees, volunteers and contractors of Ability Works Australia.

This Policy explains how Ability Works manages personal information, which includes:

the kinds of personal information (including sensitive information) about individuals that we collect

how and why, we collect that personal information

how we use it

how we store and protect it

the purposes for which we will disclose it; and

the rights of individuals in relation to their personal information held by us, including the rights of individuals to access and seek correction of their personal information held by us and to complain about a breach of the APPs.

Definitions

Personal Information

Information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

For example, personal information may include: an individual’s name, signature, address, phone number or date of birth, employee record information, photographs, internet protocol (IP) addresses, voice print and facial recognition biometrics (because they collect characteristics that make an individual’s voice or face unique)

Sensitive Information

Sensitive information is a subset of personal information and includes information or an opinion (which is also personal information) about an individual’s: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association membership of a trade union; sexual preferences or practices; criminal record; or health information, which includes such things as information or an opinion about the health (including an illness, disability or injury) of an individual.

Generally, sensitive information has a higher level of privacy protection than other personal information

Data Breach

Occurs when personal information that an entity holds is subject to unauthorised access or disclosure or is lost. Data breach may be caused by human error, a failure in information handling systems or by malicious action.

Examples of a data breach include but are not limited to: Unauthorised access to personal information by an employee, Inadvertent disclosure of personal information due to human error e.g. sending an email to the wrong person.

Responsibilities

Executive Team and Managers

It is the role of Executive Team and Managers of the services to:

Ensure this policy is implemented and monitored

Validate its continuing effectiveness (e.g. achieving its purpose and remains relevant/current)

All Managers are responsible for the implementation of this policy and associated policies, principles and procedures and ensuring that employees receive training in Ability Works processes related to this Privacy Policy.

Staff and Employees

All employees are responsible for complying with this Privacy Policy.

Compliance, Monitoring and Review

The overall responsibility for the implementation of this Privacy Policy resides with the Privacy Officer

Quality and Compliance Manager is responsible for monitoring compliance to this Policy and will review the processes prior to the next document review.

AWA is committed to complying with Commonwealth legislation (the Act and the APPs) that deals with how we may collect, hold and use personal information (including sensitive information) about individuals and to protect and safeguard individual’s privacy when they deal with us.

You and Your Information

AWA will only collect and use personal information that is reasonably necessary for one or more of our functions or activities, or as required by law. These activities include:

Providing disability support and care services, including National Disability Insurance Scheme (NDIS) services, including customised employment and supported employment

Inclusive Employment Australia services

Supply chain services, including warehousing, third-party logistics, assembly, packaging, and light manufacturing.

What kinds of Information do we collect?

AWA collects and holds personal information that is necessary for the purposes of business functions and activities and as required or permitted by law.

The kinds of personal information that Ability Works may collect, hold and use in respect of individuals includes:

Names, including the name/s of carers, parents, legal guardians and next-of-kin

Contact details (including those of carers, parents, legal guardians and next-of-kin) and identification information including photo identification

Date of Birth

Gender

Ethnicity or Nationality

Academic history and qualifications

Employment history and referee comments

Health information including details of any mental health conditions or disabilities; prescribed medications; medical conditions; prescribed therapies; assistance required; medical procedures; etc.

Medicare information

Financial information, including bank and superannuation fund details

Criminal history.

In some circumstances AWA may need to collect sensitive information about you so AWA can provide specific services and/or products to you. Sensitive information is only collected, held, used, and disclosed with your consent or as otherwise required or permitted by law.

If you do not provide requested personal information, we may not be able to provide you with certain services, respond to specific enquiries, or fulfil legal obligations.

How Personal Information is Collected

AWA will only collect personal information about individuals directly from the individual unless it is unreasonable or impracticable to do so. For example, sometimes we may need to collect personal information about an individual from third parties where we need the information to assist us to process an application (such as to verify information or to assess an individual’s circumstances) or to assist us to locate or communicate with an individual.

Where the information AWA needs to collect is sensitive information, AWA will only collect it with express consent of the individual, or the consent of an appointed Legal Guardian.

Some examples of how AWA collects personal information from individuals include:

Where an individual completes an application form required to enable and/or facilitate services to be provided by us.

When an individual applies for a job with us.

Where an individual provides information, including health and disability information, to us to enable and/or facilitate services to be provided by us.

Where an individual contacts AWA, we may keep a record of that communication or correspondence.

When and individual contact AWA online via our web enquiry form on our website, or on one of our social media platforms.

When applying for and/or establishing and/or accessing an account with us or ordering products or services from us.

Conducting certain types of transactions such as cheque or credit card purchases, donations or refunds.

An individual submitting their contact details to be included on our mailing lists.

When an individual places an order on our website to purchase goods or donate, we may require the individual to provide us with contact information including their name, address, telephone number or email address and financial information (such as credit card details).

How Personal Information is Used and Disclosed

AWA will only use or disclose your personal information for the purposes for which it was collected (‘the primary purpose’) unless:

The individual has consented to a secondary use or disclosure

The individual would reasonably expect us to use or disclose the information for the other purpose which is directly related to the original purpose

The use or disclose is required or authorised by law and/or under the Act; or

A permitted general situation exists in relation to the secondary use or disclosure.

There are instances where we may use or disclose an individual’s personal and sensitive information without their consent where a permitted general situation exists. For instance, in emergency situations to lessen or prevent a serious threat to their life, health or safety or that of other individuals.

AWA will not adopt, use, or disclose government-related identifiers unless permitted by the APPs. Government-related identifiers include numbers or codes assigned by a government agency, such as a tax file number, Medicare number, or driver’s license number. These identifiers will only be used or disclosed in accordance with the APPs, which may include situations where it is necessary to verify an individual’s identity for the provision of a service or where required or authorised by law.

Ability Works Website

To improve your experience on AWA’s website, we may use “cookies.” A cookie is a small text file that allows AWA to collect information about your visit. The information collected includes the type of browser, device, and platform you use as well as your traffic patterns through the website, including what you did while on the website. No personal information is stored within cookies. If you prefer not to receive these cookies, you can adjust your browser settings. However, if you disable cookies, you may not be able to use the full functionality of the website.

The information collected through cookies is only collected for statistical and website improvement purposes. AWA will not make any attempt to identify users or their browsing activities.

If you access another party’s website via our website, including via any links to other websites contained on AWA’s website, the other party will deal with your personal information in accordance with their own Privacy Policy. AWA is not responsible for the privacy practices, or the use and protection, of your personal information on those websites.

Information Security and Storage

AWA is committed to ensuring the security of all personal information (including sensitive information) held in relation to our staff, employees, participants, clients and others who we deal with.

AWA takes reasonable steps to protect the personal information that is held about you from intentional and unintentional interference, loss, misuse, or unauthorised access, disclosure or modification. These steps include:

Holding personal information in electronic form on secure servers in controlled facilities

Ensuring personal information contained in our electronic environment is password protected and only accessible by authorised staff with appropriate clearance levels

Holding all hard copy documentation provided to us in safe and secure storage and ensuring it is accessible only to authorised staff

Destroying and/or de-identifying all personal information which is no longer required by us or required to be maintained in a secure and safe manner

Regularly conducting internal audits and reviews to ensure compliance; and

Regularly training staff in Privacy and data handling procedures.

While we strive to protect user’s personal information, AWA cannot ensure or warrant the security of any information transmitted to it or from its online services over the internet, and users do so at their own risk. Once AWA receives a transmission, we make every effort to ensure the security of such transmission on our systems.

Access to Personal Information

AWA is committed to and takes all reasonable steps to maintain accurate, timely, relevant, complete and appropriate information about our staff, employees, participants, clients and website users.

You may request access to personal information we hold about you by contacting the Ability Works Privacy Officer:

AWA Privacy Officer
1 Yarra Blvd, Kew, Victoria, 3101
Post: PO Box 5047, Kew, Victoria, 3101

Phone: 03 9853 7080

Email: privacy@abilityworks.org.au

AWA may refuse to provide access to personal information in some circumstances. For example:

If AWA reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health and safety; or

If the request relates to existing or anticipated legal proceedings between AWA and the individual; or

If denying access is required or authorised by law.

If we refuse to provide an individual with access to personal information, we will provide reasons for such refusal and how you can seek review of that decision.

As part of any request by for access to personal information, the individual will need to verify their identity so that AWA may be satisfied that the request for access is being made by and disclosed to the individual concerned.

Correction of Personal Information

If any of the personal information that AWA holds about an individual is incorrect, incomplete or out of date, please let us know by contacting Ability Works Privacy Officer.

At the request of an individual, AWA will take all reasonable steps to correct personal information and ensure that it is accurate, up to date, complete and relevant. When AWA receives a request to correct or amend personal information the Privacy Officer will:

Respond within 30 calendar days from the date AWA receives the request.

Ensure the act of correction is recorded in the file and where practicable, who made the correction and the date of the correction.

Notify other relevant third parties of the correction/change if it is required for the delivery of services

If correction/change is refused AWA will advise the individual in writing, or via their preferred communication method, the reason for refusal, the option to make an associated statement and the complaint process.

Take reasonable steps to associate a statement with personal information it refuses to correct.

Not charge an individual for making a request, correcting personal information, or associating a statement.

Complaints

If an individual, or their representative, has a complaint about a breach of the APPs by AWA in relation personal information, please contact the Ability Works Privacy Officer.

AWA Privacy Officer
1 Yarra Blvd, Kew, Victoria, 3101
Post: PO Box 5047, Kew, Victoria, 3101

Phone: 03 9853 7080

Email: privacy@abilityworks.org.au

The first step is to lodge your complaint to AWA, either by phone or in writing. AWA takes any complaint regarding the privacy of personal information seriously and will work with you to try to resolve the complaint. We will consider and respond to a complaint within a reasonable time (usually 30 days).

If your complaint remains unresolved, or you are unhappy with the way we have handled your complaint, you may contact the Office of the Australian Information Commissioner. The contact details for the Office of the Australian Information Commissioner can be found via its website located at www.oaic.gov.au and are also listed below:

Office of the Australian Information Commissioner

Telephone: 1300 363 992

Online: oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us

Facsimile: 02 9284 9666

Post: GPO Box 5218, Sydney, NSW 2001

Data Breaches

A data breach occurs where an unknown or unauthorised person gains access to our network or client information, or information is lost in circumstances where unauthorised access or disclosure occurs.

If a data breach relating to your personal information occurs or we suspect one might have occurred, the Ability Works Privacy Officer will investigate and take action to reduce or prevent harm the data breach may cause to you.

AWA may take further steps if it determines that the breach will cause serious harm to the individuals affected. If we form the view that any individuals are at risk of serious harm, AWA will notify those individuals through usual means of communicating with them. Where direct notification is not practicable, we will publicise the statement on our website abilityworks.com.au

Continuous Improvement

Ability Works is dedicated to the continuous improvement of its information security and privacy practices. This involves regularly assessing security and privacy objectives, processes, and controls to address current risks and vulnerabilities. Feedback from incidents, audits, and staff insights are incorporated to update and enhance policies and procedures, while a structured approach to corrective actions addresses issues to prevent recurrence.

Document Review

Ability Works will review the Privacy Policy annually or when triggered by significant business / legislative change. Individuals, including employees, participants and their family, friends, carers and advocates can make recommendations for changes to the Privacy Policy by contacting the Privacy Officer.

Where the Privacy Policy is changed, AWA will publish the updated version on our website.