Privacy policy.

1.     Scope and purpose

a.     The Baby Care Collective is committed to protecting the confidentiality and privacy of personal information which the organisation collects, stores and administers and that persons dealing with us, understand our practices in relation to the management of personal information.

b.     The Baby Care Collective complies with the Privacy Amendment (Notifiable Data Breaches) Act 2017, the Privacy Act 1988 and the Australian Privacy Principles.

c.     This policy applies to all staff (paid and unpaid), contractors, participants and online users. This policy has been developed to provide a framework for The Baby Care Collective’s legal and ethical expectations in dealing with confidentiality and privacy matters.

d.     The Baby Care Collective protects the personal information of the people we support.

e.     We only collect personal information for purposes directly related to The Baby Care Collective services. We collect personal information directly from the person using our services (usually a primary caregiver).

f.      We always obtain consent to collect personal information. The people we support may choose to remain anonymous although this may limit the services then available to support them.

g.     The Baby Care Collective obtain consent from the client (and /or client being cared for) before referring the client to other service providers.

h.     We only use personal information for the purpose for which it was provided to us, for related purposes or as required or permitted by law.  All registered nurses employed or working with The Baby Care Collective are mandated notifiers.

i.       The Baby Care Collective use secure IT platforms and software to store confidential information.

j.       The Baby Care Collective are committed to the Information Sharing Guidelines (ISG,) these Guidelines are for use when advising clients about their limits of confidentiality, their right to privacy and explaining duty of care incumbent on The Baby Care Collective staff when sharing carers’ information. Under the ISG framework, The Baby Care Collective will seek your consent to share your information, and only whenever it is safe and possible to do so. In certain circumstances your information may be provided to other agencies or organisations without your consent in order to protect you and others from serious threats to health or safety or if we are required to do so by law.

2.     Types of personal information we collect and hold

a.     We only collect information that is necessary for our work and to help us to provide the support, education and connection for our participants.  Some examples of information that we may collect and hold are:

                                                i.     Personal details, like name and date of birth (of the carer and or the person that they care for)

                                               ii.     Address and contact details

                                              iii.     Details about health, family, care supports and or other issues relating to baby or caregiver’s needs

                                             iv.     Information on whether you meet eligibility criteria for our services and prioritisation to access services

                                              v.     Information to help us measure your progress

                                             vi.     other information to assist us in carrying out our services and activities or requested as part of funding agreements and guidelines.

b.     We collect information on our Staff, in relation to the normal course of human resource management and the operation of a community service organisation. This information is not limited to but includes: address, required clearances, bank details, emergency contract, recruitment information and drivers licence.

3.     How we collect information

We only collect personal information by lawful and fair means.  We usually collect personal information from:

a.     Telephone calls

b.     Face-to-face meetings and interviews

c.     Online meetings i.e. Zoom

d.     Forms to participate in programs provided by us. Booking system on our website, Intake form and other assessment forms used in conjunction with Halaxy Clinical software.

e.     Consent forms: such as a consent form to use your name and photo in our publications or social media

f.      Electronic communications: for example, e-mails and attachments, forms filled out by people, including as part of acquiring a product or service from us

g.     Third parties: for example, Caregivers, representatives or agents; and health and medical professionals, with the Primary Caregivers consent recruitment agencies, referees.

h.     Our website: including - from the pages ‘contact us’ and ‘feedback’

4.     How we keep personal information secure

a.     The Baby Care Collective takes the security and confidentiality of your information very seriously. We actively ensure that all personal information we hold is protected from misuse, interference and loss, and from unauthorised access, modification or disclosure. Our staff will comply with the Clinical Governance Standards (NSQHS Accreditation Standards )

b.     Our Staff are trained in relation to their obligations in relation to this policy and have signed a declaration to follow the policy as part of their employment.

c.     Where information is held and it is no longer needed or required by law to be held, we will take reasonable steps to ensure the information is destroyed or de-identified.

5.     Collection, use and disclosure of information

The Baby Care Collective collects personal or health information for the purpose of delivering direct services, administering processes associated with service delivery e.g., referrals, meeting any requirements for government funding, monitoring or evaluating the services we provide, to comply with legal obligations or to produce annual reports or for research purposes. The Baby Care Collective also collects personal information from employees for the purpose of administering their employment conditions. The nature and extent of the information collected by The Baby Care Collective varies depending on the individual’s interaction with us.

a.     Such information may include:

b.     Contact details (name, address, email, etc.)

c.     Personal details (date of birth, gender, emergency contacts, etc.)

d.     Information on personal issues and experiences, areas of interest or relationships

e.     Family background or supports that participants may have in the community

f.      Health information and/or medical history

g.     Criminal history – National Police Check

h.     Credit card or bank account details

i.       Australian Business Number (ABN)

j.       Server address and online visit information

k.     This information may be collected by The Baby Care Collective using in-person interviews, intake, registration or application processes, online or electronic registration or communications, questionnaires or over the telephone. Any individual who accesses external links via our website will need to check that particular website’s privacy policy.

l.       If participants would like to access any The Baby Care Collective services on an anonymous basis or using pseudonym, the participant is required to advise us and, if it is possible and lawful, we will take all reasonable steps to comply with the request. However, The Baby Care Collective may not be able to provide the services in question if we are not provided with the personal information requested.

m.   The Baby Care Collective only uses personal information for the purposes for which it was given to us, or for purposes which are in relation to one of our services. We may also disclose information to other external organisations such as funding bodies, contractors who work for us, health care professionals who assist us to deliver services, other regulatory bodies, referees or our professional advisors including our accountants, auditors and other professional services engaged by The Baby Care Collective.

n.     Any personal or health details collected will not be disclosed to any other person or agency external to The Baby Care Collective without the individual’s written consent or unless required or authorised by law. If we receive information about an individual from a third party, The Baby Care Collective will take all reasonable steps to contact that individual to ensure that you are aware of the purposes for which we are collecting that information.

o.     It should be noted that ‘use’ and ‘disclosure’ are separate practices, with ‘use’ being the handling or management of information within The Baby Care Collective, whereas ‘disclosure’ is when information is released from our control to another individual or entity.

6.     Disclosure of personal information

a.     Staff may make referrals, for clients (and the person that they support) to access services. For this to happen, The Baby Care Collective will obtain consent.

b.     In some cases, we may disclose your personal information to researchers, contractors or others working directly on our behalf who are also bound by privacy laws and confidentiality obligations.  We will always get your consent to use and disclose your personal information for research (where your information is usually de-identified) or in any publicity or marketing activities.

c.     The Baby Care Collective will not otherwise disclose your personal information without your consent, unless we are required or authorised under law to do so.

7.     Use and disclosure

a.     We will only use your sensitive information for the purpose for which it was initially collected or for a directly related purpose, as required or permitted by law, or where you consent to such use.

b.     The Baby Care Collective uses de-identified carer (and the person that they car for) data to provide statistics and reporting to our Grant Funding body.  This is done through the Government de-identified IT reporting platform (DEX).

c.     The Baby Care Collective may also use your de-identified information for internal research, to assess the effectiveness of our programs and to plan for future activities.

8.     Exemptions for disclosure

a.     A legal requirement to disclose personal information may override the Australian Privacy Principles; this is known as a ‘duty of care’. Situations where this may occur include the following:

b.     Where there is serious risk of abuse or physical harm to the individual or other person, including our participants, the general public and own employees

c.     Where the disclosure if required under a law i.e., mandated notifier.

d.     Where the individual would reasonably expect us to use or give that information, e.g., referral processes.

e.     When the disclosure is necessary by or for a law enforcement agency (e.g. prevention, investigation, prosecution of punishment of criminal offences, protection of public revenue, preparation or implementation of a court or tribunal order.)

f.      In the event that a legal need for disclosure arises, the employee will inform the Founder and Lead Clinician of The Baby Care Collective prior to making the decision to breach confidentiality and privacy. This decision will also be communicated to the individual, if appropriate, unless such advice to the individual is not allowed by legislation.

9.     Definitions

a.     Personal information (as defined by the Privacy Act 1988)
Is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

b.     Sensitive information (As defined by the Privacy Act 1988)
Is information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health, genetic or biometric templates, that is also personal information.

c.     Confidentiality
Implies the relationship of confidence between the organisation and individuals.

10.  Definitions

a.     Privacy – Keeping certain personal information free from public knowledge and having control over its disclosure and use.

b.     Personal information – Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form.

c.     Confidential information – The names, details and information relating to carers; matters of a technical nature; trade secrets; technical data; marketing procedures and information; financial information; strategic and business plans; and other information which The Baby Care Collective informs a staff member or volunteer is confidential.

d.     Sensitive information – Type of personal information) Information or an opinion about an individual’s race or ethnicity, political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences, trade or professional associations, union membership, criminal record, health or genetic information or biometric information.

e.     Confidentiality Declaration – A separate legal concept to privacy, confidentiality applies to information given to a person or organisation under an obligation not to disclose that information to others unless there is a statutory requirement or duty of care obligation to do so. Confidentiality also applies to organisational information which is not to be used or disclosed by Board Directors, staff or volunteers.

f.      De-identified Information and DEX reporting  – That is the processes that personal data that has been encrypted to take out/remove identify information ie name and address of the carer (and the person that they care for) so that the remaining data can be used for program and performance reporting, service evaluation, strategic program development and policy planning.

g.     ISG – Information Sharing Guidelines prescribe a regulatory framework for The Baby Care Collective to sharing personal information to other organisations.

11.  General matters

a.     We recognise the rights of participants and employees for The Baby Care Collective to maintain their privacy and confidentiality and to have their information administered in ways which they would reasonably expect.

b.     In the state jurisdiction (as a contract between a state government agency and The Baby Care Collective) the Information Privacy Act 2009 will prevail and apply.

c.     All new and current records will be administered in accordance with the Australian Privacy Principles (APPs). When the personal information is no longer required, it will be destroyed in a secure manner, deleted or de-identified in accordance with legal or compliance requirements.

d.     Staff members will receive training in awareness of the privacy principles and this policy.

e.     Dignity and privacy will also be extended to clients when they visit our premises with the provision of private meeting rooms to undertake confidential discussions, when it is applicable and available to do so.

f.      It is a criminal offence for any individual to falsify records and any staff member who is aware of this occurring is to report it immediately.

12.  Information quality and alterations

a.     The Baby Care Collective takes steps to ensure that information that it collects is accurate, up-to-date and complete. These steps may include maintaining and updating information either proactively or when we are advised by individuals that the information has changed, and can include checking information that is provided by a person about another individual is correct.

b.     Should any information be deemed to be inaccurate or require deletion, the individual can discuss the required amendments with the relevant manager. In the event that a manager declines the request to have information amended, the individual has the right to lodge an appeal of this decision with the Founder and Lead Clinician using the Feedback and Complaint Management Policy and associated procedure.

13.  Information security and access

a.     The Baby Care Collective ensures that safeguards are in place to protect the personal information it administers against loss, interference, unauthorised access, inappropriate disclosure, modification or other misuse. These safeguards include reasonable physical and technical steps for both electronic and hard copy records. Some of these include, but are not limited to:

b.     Securing information in lockable storage cabinets

c.     Not storing personal information in public areas

d.     Restricting physical access

e.     Positioning electronic equipment so that they cannot be seen or accessed by unauthorised persons, and/or

f.      Using passwords, different levels of information systems access, anti-viral software and firewalls to restrict unauthorised use.

g.     The Code of Conduct also outlines the expectations of staff and contractors to take all reasonable steps to protect organisational and personal information and all employees and third party contractors are required to sign a confidentiality and privacy agreement to that effect.

h.     Requests to access personal information are required in writing and need to be submitted to the Founder and Lead Clinician.

i.       The Baby Care Collective reserves the right to charge a reasonable fee as reimbursement for any costs we incur relating to an individual’s request for access to information, including photocopying information or accessing information stored off site.

14.  Breach of policy

a.     If an employee or Contractor is dissatisfied with the conduct of a colleague regarding privacy and confidentiality of information, the matter should be raised with the staff member’s direct supervisor.  Staff members who are deemed to have breached privacy and confidentiality standards set out in this policy may be subject to disciplinary action. An employee’s obligation with respect to confidentiality survives the termination of their employment with The Baby Care Collective.

b.     If a user of our services is dissatisfied with the conduct of one or more of our employees or Contractors regarding privacy and confidentiality of information, the participant is encouraged to have their concern addressed using The Baby Care Collective’s Feedback and Complaints Policy and associated procedures.

15.  Notifiable Data Breaches

a.     In the unlikely event of a data breach, The Baby Care Collective will notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner must also be notified of eligible data breaches via a Notifiable Data Breach Statement – Form.

b.     Note: an eligible data breach is one which is likely to result in serious harm to any individual affected.

c.     Should a data breach occur, The Baby Care Collective will undertake a full assessment of the incident and take steps to mitigate the risk of a data breach happening again in the future.Review and changes

d.     This policy is to be reviewed annually.   This policy remains in effect unless otherwise determined by the Founder.

e.     How to contact us

                                                i.     Email: babycare@internode.on.net

                                               ii.     Mobile: 0475 781 554

f.      If you wish to contact us about our services, obtain access to or change your personal information, have any questions about this policy or make any other enquiries contact The Baby Care Collective’s Founder, Cherith Frisby-Smith

g.     by writing to: The Baby Care Collective Founder, Cherith Frisby-Smith, Address disclosed upon request telephone: 0475 781 554.

16.  Access

a.     The Baby Care Collective takes special care to ensure that the personal information it holds is accurate and up to date.  You can request access to the personal information The Baby Care Collective holds about you, or you can request that we change that personal information.

b.     We will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act 1988, or other relevant law to withhold the information.

c.     Personal Information can be updated by The Baby Care Collective staff by calling 0475 781 554 with any general queries.

17.  Links to other websites

a.     The Baby Care Collective’s privacy policy does not apply to external links, social media or non-The Baby Care Collective web pages. Such third party websites may collect your personal information. We encourage you to read the privacy policies of external website. The Baby Care Collective does not accept responsibility for any content contained on sites.