1. Who do we collect personal information from?
At Southern Cross Housing we collect personal information from applicants, tenants, and members of tenants’ households, job applicants, staff, volunteers and others including contractors, visitors and others that come into contact with our organisation.
2. What kinds of personal information do we collect?
We may collect:
- Personal Information including names, addresses and other contact details, dates of birth, next of kin details, financial information, photographic images and meeting or conversation records.
- Sensitive Information including government identifiers, nationality, country of birth, languages spoken at home, family court orders and criminal records.
- Health Information including medical records, disabilities, individual health care plans and counselling reports.
3. How do we collect your personal information?
If it is reasonable and practical to do so, we will collect personal information directly from you. Where possible we have standardised the collection of personal information by using specifically designed forms (e.g. housing application forms). However, given the nature of our operations, we also receive personal information by email, letters, notes, over the telephone, in face to face meetings and through financial transactions. We may also collect personal information from other people (e.g. referring agencies, service providers including health service providers and partner agencies), or independent sources (e.g. a telephone directory), however we will only do so where you have provided consent or it is not reasonable and practical to collect the information from you directly. Sometimes we receive your personal information without having sought it through our normal means of collection. We refer to this as ‘unsolicited information’. If unsolicited information could not have been collected by normal means and is not necessary for our primary purpose then we will destroy, permanently delete or de-identify the information as appropriate.
4. How we use personal information?
We only use personal information that we need for our functions or activities (the primary purpose) or for a related purpose that you would reasonably expect, or to which you have consented.
Our uses of personal information include:
- providing housing, accommodation, community development and related services,
- satisfying our legal obligations including our duty of care to tenants, workers, and child protection obligations,
- developing and implementing personal support plans for tenants and other household members,
- keeping tenants informed as to community housing matters through correspondence, newsletters and magazines,
- marketing, promotional and fundraising activities, Privacy Statement
- helping us to improve our day to day operations including training our staff, systems development, developing new programs and services, undertaking planning, research and statistical analysis using de-identified information wherever practicable,
- administration, including for insurance purposes,
- the employment of staff, and
- the engagement of volunteers.
We only collect sensitive information if we have your consent, or if the collection is necessary to lessen or prevent a serious threat to life, health or safety, or another permitted general situation (such as locating a missing person) or permitted health situation (such as the collection of health information to provide a health service) exists. If we do not have your consent and other permitted situations do not exist, then we may still collect sensitive information provided it relates solely to individuals who have regular contact with our organisation. These individuals may include applicants, tenants, members of a tenant’s household, carers, family members, volunteers, service providers including contractors, sub-contractors, and other individuals with whom we have regular contact in relation to our activities.
5. Storage and Security of Personal Information.
We store personal information on our databases, in hard copy files and on personal devices including laptop, computers, mobile phones, cameras and other recording devices. The security of your personal information is important to us and we take all reasonable steps to protect the personal information we hold about you from misuse, loss, unauthorised access, modification or disclosure.
These steps include:
- Restricting access to information on our databases on a need to know basis with different levels of security based on staff roles and responsibilities and security profile.
- Ensuring all staff are aware that they are not to reveal or share personal passwords.
- Ensuring where sensitive and health information is stored in hard copy files that these files are stored in lockable filing cabinets in a secure office. Access to these records is restricted to staff on a need to know basis.
- Implementing physical security measures around the buildings and grounds to prevent break-ins.
- Implementing ICT security systems, policies and procedures, designed to protect personal information storage on our computer networks.
- Implementing human resources policies and procedures, such as email and internet usage, confidentiality and document security policies, designed to ensure that staff follow correct protocols when handling personal information.
- Undertaking due diligence with respect to third party service providers who may have access to personal information, to ensure as far as practicable that they are compliant with the Australian Privacy Principles or a similar privacy regime.
- Requiring third party service providers to sign confidentiality and privacy undertakings where practicable.
Personal information that is no longer needed is destroyed in a secure manner, deleted or de-identified as appropriate.
6. When we disclose personal information.
We may disclose your personal information to government agencies, our service providers, agents, contractors, partner support agencies, business partners and other recipients from time to time, if:
- you have consented; or
- you would reasonably expect us to use or disclose your personal information in this way; or
- we are authorised or required to do so by law; or
- to meet our obligations under mandatory reporting; or
- disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety; or
- where another permitted general situation or permitted health situation exception applies; or
- disclosure is reasonably necessary for a law enforcement related activity.
7. How we ensure the quality of your personal information.
We take all reasonable steps to ensure the personal information we hold is accurate, complete and up to date, both at the time of collection and when we use or disclose it. On an ongoing basis, we maintain and update personal information when we are advised by you or when we become aware through other means that your personal information has changed. Please contact us if any of the details you have provided change. You should also contact us if you believe that the information we have about you is not accurate, complete or up to date.
8. How to gain access to your personal information we hold.
You may request access to the personal information we hold about you, or request that we change your personal information, by contacting us. If we do not agree to provide you with access, or to change your personal information, you will be notified. Where appropriate we will provide you with the reason/s for our decision. If we do not agree to change your personal information you may make a statement about the requested change and we will attach this to your record.
9. Privacy complaints.
If you wish to make a complaint about a breach by us of your privacy, you can do so by email, letter, fax, phone or face to face. We will respond to your complaint within a reasonable time (usually no longer than 21 days) and we may seek further information from you in order to provide a full and complete response. Your complaint may also be taken to the Office of the Australian Information Commissioner or the NSW Privacy Commissioner.