Total Care Services Policy Statement

Totalcare Services is legally bound by the Privacy Act 1988 and the Australian Privacy Principles (APP’s). TOTALCARE SERVICES will endeavour to ensure the security, accuracy and quality of all staff, clients and business information that we collect, use, disseminate and disclose.

  • It is TOTALCARE SERVICES usual practice to collect personal information directly from staff, clients and when reasonably expected, third parties.
  • The types of information we collect may include your contact details, DOB, financial details, health and medical information and employment history.
  • TOTALCARE SERVICES and/or its employees shall only access and use any personal information supplied by clients/staff for the purpose of fulfilling its obligation under the agreement TOTALCARE SERVICES has with its clients.
  • TOTALCARE SERVICES will take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and current. If you are aware of any error or inaccuracy in the personal information about you please contact the Manager at TotalCare Services.
  • TOTALCARE SERVICES will take all reasonable steps to protect your information from misuse, loss, unauthorized access, modification or disclosure. All information is stored in secured premises and electronic databases which are access level or password protected. Only authorised TOTALCARE SERVICES personnel are to have access to personal information.

Use and disclosure

  • TOTALCARE SERVICES and/or its employees shall not disclose any personal information obtained in connection with its agreement with its clients/staff without the written authority of its clients/staff.
  • TOTALCARE SERVICES shall not disclose personal information to other clients, agencies or organisations or anyone else unless the staff member has consented, or it is reasonably expected or it is a legal requirement. Private information may be disclosed without permission if it will lessen a serious and imminent threat to somebody’s life or health.

Accessing your personal information

  • You are entitled to request access to the personal information that we have in our possession. Request for personal information must be made in writing. TOTALCARE SERVICES can deny this request in certain circumstances. In this case, TOTALCARE SERVICES will advise the client of the reasons for doing so.
  • TOTALCARE SERVICES shall advise its clients immediately if it becomes aware that a disclosure of personal information may be required by law.
  • TOTALCARE SERVICES are to advise its clients immediately if a breach of the above occurs and that these obligations will survive any termination of an agreement between TOTALCARE SERVICES and its clients.

Purpose

In fulfilling TOTALCARE SERVICES legislated and moral responsibilities to provide protection of personal information, collected in any manner whatsoever through the operations of the business, the Policy is enforced to ensure your personal information will not be released unless the law requires or permits it, and or your permission is given.

Scope

The Policy applies to Koorthy Family Pty Ltd T/A Totalcare Services in Australia and is binding on its employees, contractors, visitors, other persons and/or end users of our premises:

  • whilst present in any premises or facility owned, occupied or managed by Totalcare Services;
    and or,
  • whilst a person employed or contracted to Totalcare Services and is defined as a worker under the relevant legislation and is within any premises or facility owned, leased, occupied or managed by the third party; and/or,
  • in the course of, or as a result of any recreational, social, occupational, educational, commercial activity Totalcare Service endorsed whatever its location.

Accountabilities and Responsibilities

Each level of management within Totalcare Service is accountable and/or responsible to implement existing policies and procedures and to continuously review and improve our processes. Management and those who have supervisory roles shall endeavour to raise awareness and knowledge of the company’s Privacy Policy and Standard with staff under their supervision and/or control. All employees are to participate and ensure all steps are taken to secure private information and as such are proactive in their behaviour to ensure legal compliance to the relevant Act and company policy.

Totalcare Services will develop, implement and maintain a reporting structure and process to manage and improve TOTALCARE SERVICES’ Privacy Policy, Standards and procedures and manage personal information in an open and transparent way including dealing with inquiries and complaints from individuals.

Authorised Officer

A TOTALCARE SERVICES Senior Executive is nominated as Authorised Privacy Officer.

Definitions

Personal information – is information or an opinion (including or forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.

Sensitive information – Sensitive information includes health and genetic information as well as personal information about an individual’s religious beliefs and affiliations, race, ethnicity, political opinions, membership of a political association, sexual preferences or practices, philosophical beliefs, membership of a professional or trade association, membership of a trade union, or criminal record. The Privacy Act imposes stricter rules about when sensitive information can be collected and how it should be handled. Usually, sensitive information can only be collected with the individual’s consent and there are tighter restrictions on how this type of information can be used and disclosed.

Australian Privacy Principles (APP) Standards

TOTALCARE SERVICES has established an appropriate policy and standards, systems, infrastructure and practices that apply the Australian Privacy Principles. The TOTALCARE SERVICES Privacy Policy and Standards are open, transparent and consistently applied. The Australian Privacy Policy (APP) deals with:

  • The kinds of information the TOTALCARE SERVICES collects and holds;
  • How TOTALCARE SERVICES collects and holds personal information;
  • The purposes TOTALCARE SERVICES collects holds, uses, and discloses personal information;
  • How an individual may access personal information about the information that is held by TOTALCARE SERVICES and seek the correction of such information;
  • How an individual may complain about a breach of the APP and how TOTALCARE SERVICES will deal with such a complaint;
  • Whether TOTALCARE SERVICES is likely to disclose personal information to overseas recipients; and
  • If TOTALCARE SERVICES is likely to disclose to overseas recipients, the countries in which recipients are likely to be located.

Anonymity and pseudonymity

TOTALCARE SERVICES understands that where an individual chooses to not provide personal information when requested that is their entitlement, however, we may not be able to deliver the service requested. We will endeavour to make this as clear as possible for each service.

Where you choose to deal with us anonymously or using a pseudonym, this may affect our ability to provide services to you, and/or our ability to deal with issues you have raised. While TOTALCARE SERVICES will not demand that a notifier identify themselves, a refusal to give your name and contact details may mean that:

  • an investigation cannot be commenced or completed
  • any claims you make may be less easy to establish, and
  • it may be impracticable for the relevant national law entity to continue to deal with or contact an anonymous notifier.

Collection of solicited personal information

Generally, we will collect personal and sensitive information directly from the individual whose identity has been confirmed, e.g. employee, applicant for employment with TOTALCARE SERVICES or for permanent or on-hire employment with a TOTALCARE SERVICES Client, or from clients – and only to the extent necessary to provide the service (including our agency functions) you requested TOTALCARE SERVICES to carry out. An ‘agency function’ means a service that we provide on-hire employees to our Clients.

We may collect personal information when:

  • an application for employment form is lodged from TOTALCARE SERVICES
  • a request for delivery of  services from TOTALCARE SERVICES
  • service is provided directly by TOTALCARE SERVICES
  • deal with us over the telephone
  • e-mail us
  • create an account with us
  • ask us to contact after visiting our web site.

We will collect personal information by lawful and fair means and not in an unreasonably
intrusive way.

Information Collected and Retained by TOTALCARE SERVICES is generally but not limited to:

  • Personnel Records and Information
  • Medical Records and Information
  • Electronic Media and Communication
  • Criminal History Records and Information

TOTALCARE SERVICES secures information from a variety of sources, but not limited to:

  • From the individual
    • Employment Application
    • TOTALCARE SERVICES’ web site
    • Service Request Forms
  • NDIS
  • Recruitment companies
  • AHPRA
  • CrimTrac
  • Company Insurers
  • Regulators
  • Government Agencies e.g. Australian Tax Office, Social Security, Department of Foreign Affairs etc
  • Law enforcement
  • Legal Firms
  • Business partners and Clients
  • Medical Practitioners and Medical Facilities (e.g. Hospitals)
  • Courts and Tribunals

Dealing with unsolicited personal information

‘Unsolicited personal information’ is personal information about an individual that TOTALCARE SERVICES has unintentionally received. This is an uncommon occurrence, but when it does happen, we will protect the rights of the individual’s personal information with the same rigour as we treat personal information that we intended to collect. If we could not have collected this information through our normal processes, we will de-identify that information as soon as reasonably practicable, and forward the received information to the person or organisation that was the intended recipient.

Notification of the collection of personal information

TOTALCARE SERVICES when collecting and collating personal information about an individual we ensure that the provider of such information is notified to ensure the individual is aware of how TOTALCARE SERVICES will deal with the information. Where applicable and reasonably practicable prior to collection or after collection,

TOTALCARE SERVICES will:

  • Confirm legal identity and contact information
  • The circumstances of collection
  • Whether the collection is required or authorised by law
  • The purposes of collection
  • The consequences if personal information is not collected
  • Provide its usual disclosures of personal information of the kind collected
  • Information about TOTALCARE SERVICES’s APP Privacy Policy
  • Whether TOTALCARE SERVICES is likely to disclose personal information to overseas recipients, and if practicable, the countries where they are located.

Taking steps to notify the individual may not be reasonable where:

  • The individual (the owner of the information) is aware that personal information is being collected, the purpose of collection and other matters relating to the collection, for example, a doctor has informed a patient that a specialist to whom the patient is referred for treatment will obtain the patient’s health information from the doctor
  • TOTALCARE SERVICES collects personal information from an individual on a recurring basis in relation to the same matter. However, if a long period of time has elapsed since the notice was provided and the individual may no longer be aware of, TOTALCARE SERVICES may need to take steps to notify or ensure awareness. Similarly, if a change in circumstances as to how personal information is collected under the AAP, TOTALCARE SERVICES shall take reasonable steps to ensure an individual is aware of those matters.
  • Notification may pose a serious threat to the life, health or safety of an individual or pose a threat to public health or safety.
  • Notification may jeopardise the purpose of collection or the integrity of the personal information collected and there is a clear public interest in the purpose of collection, for example, a private investigative company or police undertaking lawful covert surveillance of an individual in connection with a criminal or civil investigation
  • Notification would be inconsistent with another legal obligation, for example, by breaching a statutory secrecy provision, a client’s legal professional privilege, or a legal obligation of confidence
  • The impracticability of notification, including the time and cost, outweighs the privacy benefit of notification. For example:
    • a) where TOTALCARE SERVICES collects personal information about the individual’s next of kin for emergency contact purposes, it would generally be reasonable for the entity to take no steps to notify the next of kin of the collection of their personal information
      b) where an individual provides unsolicited personal information to an entity about a third party for the purposes of a confidential alternative dispute resolution process, and the entity is not required to destroy or de-identify the information and would generally be reasonable for TOTALCARE SERVICES to take no steps to notify the third party. This is especially so where TOTALCARE SERVICES will not rely on the personal information in investigating or resolving the matter or does not have
      the contact details of the third party.

Dealing with personal information

Use or disclosure of personal information

We use the personal information for purposes consistent with the reason it was provided, or for a directly related purpose. We may also use personal information where required or permitted by law. We may also use information where it has been provided to us with the express or implied consent of the owner of the information.

We do not share personal information with other organizations unless:

  • The owner of the personal information provides express consent, or
  • Sharing is otherwise required or permitted by law, or
  • This is necessary on a temporary basis to enable our contractors to perform specific functions.

When we temporarily provide personal information to companies who perform services for us, such as specialist information technology companies, mail houses or other contractors to TOTALCARE SERVICES we require those companies to protect your personal information as diligently as we do. Strict contractual and other quality assurance measures are used to ensure your personal information is protected.

We have a strict duty to maintain the privacy of all personal information we hold. However, certain exceptions do apply. For example, where disclosure of your personal information is:

  • Authorised or required by law (e.g. disclosure to various government departments and agencies such as the NDIS, the Australian Taxation Office, Centrelink, Child Support Agency, or disclosure to courts under subpoena)
  • In the public interest (e.g. where a crime, fraud or misdemeanour is committed or suspected and disclosure against the customer’s rights to confidentiality is justified)
  • With your consent – your consent may be implied or express and it may also be verbal or written.

TOTALCARE SERVICES can disclose personal information (excluding sensitive information) with its other companies and brands where the purpose of sharing is related to the reason the personal information was originally collected. This excludes companies operating outside Australia.

Direct marketing

From time to time we may use the personal information we collect to identify particular TOTALCARE SERVICES products and services which we believe may be of interest to the owner of the information. We may then contact the owner of the information to let you know about these products and services and how they may benefit you. We will generally only do this with your prior consent (where practical) and we will always give you a choice to opt out of receiving such information in future.

Direct Marketing from TOTALCARE SERVICES generally takes the form of Direct Mail, Electronic Marketing or Telemarketing. Each of these channels is handled as follows:

Direct mail – Where we use personal information to send you marketing information via the post we may do so with your implied consent or, if this is impracticable, we will ensure that you are provided with an opportunity to opt out of receiving future such communications. By not ticking a clearly displayed “opt out” box, we will assume we have your implied consent to receive similar marketing communications in the future. We will always ensure that our opt-out notices are clear, conspicuous and easy to take up.

Electronic marketing – Where we use your personal information to send you marketing information by e-mail, SMS, MMS or other electronic means we may do so with your express or implied consent. You may give us your express consent by, for example, ticking a box on an electronic or paper form where we seek your permission to send you electronic or other marketing information. Consent may be implied from our existing business relationship or where you have a reasonable expectation of receiving electronic marketing communication. Every directly addressed marketing contact sent or made by TOTALCARE SERVICES will include a means by which customers may unsubscribe (or opt out) of receiving further marketing information.

Telemarketing – TOTALCARE SERVICES does not usually engage in telemarketing activities to our consumer customers. Generally, such marketing is only used in relation to our business customers. Should any consumer telemarketing be undertaken or authorised by TOTALCARE SERVICES, we will, to the extent that it applies, comply with the relevant legislation (see above). Every directly addressed marketing contact sent or made by TOTALCARE SERVICES will include a means by which customers may unsubscribe option in the email (opt-out) of receiving further marketing information.

Additionally, you may instruct us at any time to remove any previous consent you provided to receive marketing communications from us. Requests should be directed to the TOTALCARE SERVICES Privacy Contact Officer via the channels provided under ‘How to contact us’.

Cross-border disclosure of personal information

TOTALCARE SERVICES may transfer personal information to countries outside Australia (for example when you request work application to be lodged with one of TOTALCARE SERVICES international office. We will only do so in compliance with all applicable Australian data protection and privacy laws and where the owner of the information is expressly informed and consented.

TOTALCARE SERVICES will take reasonable steps to protect personal information no matter what country it is stored in or transferred to. Those reasonable steps may include ensuring the recipient does not breach the APP’s and or the recipient is subject to a similar law or binding scheme.

Disclosing personal information to an overseas recipient as required or authorised by law:

  • Lessening or preventing a serious threat to life, health or safety
  • Taking appropriate action in relation to suspected unlawful activity or serious misconduct
  • Locating a person reported as missing
  • Necessary for a diplomatic or consular function or activity
  • Necessary for certain Defense Force activities outside Australia

Adoption, use or disclosure of government related identifiers

TOTALCARE SERVICES generally does not adopt, use or disclose a government related identifier unless an exception applies. The owner of the identifier is the issuing organisation and is personal information. The owner or user of the identifier cannot consent to the adoption, use or disclosure of their government related identifier.

Types of Government Identifiers include but not limited to:

  • Medicare Number
  • Tax File Number
  • Driver’s Licence Number
  • Driver’s Licence card number
  • Centrelink Reference numbers
  • Australian Passport numbers.

Totalcare Services providers are authorised by law, Totalcare Services Identifiers Act 2010, to adopt the individual Totalcare Services identifiers of their patients as their own identifier. That is, they may organise the personal information of their patients by reference to the patients’ individual Totalcare Services identifiers.

TOTALCARE SERVICES employees working in the Totalcare Services industry where the use of Government identifiers is legally permitted must comply with the following: Where a TOTALCARE SERVICES employee is working with an authorised organisation may use or disclose the government related identifier of an individual if the use or disclosure is reasonably necessary for the organisation to verify the identity of the individual for the purposes of the organisation’s activities or functions.

The Government related identifiers are usually contained in high-integrity documents, and are therefore likely to be highly reliable for verifying an individual’s identity such as Australia Passport or Drivers Licence.

The integrity of personal information

Quality of personal information

TOTALCARE SERVICES will take all reasonable steps to ensure that the personal information it collects is accurate, up-to-date and complete, and the personal information it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant. It is implicit that this requirement only applies to personal information ‘held’ by TOTALCARE SERVICES.

Handling poor quality personal information can have significant privacy impacts for the owner of the information and can adversely affect the trust and confidence that the public and business partners have in TOTALCARE SERVICES’s information handling practices.

TOTALCARE SERVICES will ensure as it is reasonably practical, the quality of personal information at two distinct points in the information handling cycle. The first is at the time the information is collected. The second is at the time the information is used or disclosed.

Regular reviews, at other times, of the quality of personal information held by the APP entity, may also assist in ensuring it is accurate, up-to-date, complete and relevant at the time it is used or disclosed.

Reasonable steps include but not limited to:

  • The implementation of policies, standards, procedures and systems to audit, monitor, identify and correct poor quality personal information (including training staff in these practices, procedures and systems) integrated into the Quality Management System.
  • Implementing protocols that ensure personal information is collected and recorded in a consistent format. All information collected should be dated and relates to the purpose and point of time it was collected.
  • Ensuring updated or new personal information is promptly added to relevant existing records
  • Providing the owner of the information with a simple means or instruments to review and update their personal information on an on-going basis.
  • Reminding individuals to update their personal information each time the entity engages with the individual
  • Contacting the individual to verify the quality of personal information when it is used or disclosed, particularly if there has been a lengthy period since the collection
  • Checking that a third party, from whom personal information is collected, has implemented appropriate practices, procedures and systems to ensure the quality of personal information through an enforceable contractual arrangement and thorough audit of the privacy standards applied by the third party organisation.
  • If personal information is to be used or disclosed for a new purpose that is not the primary purpose of collection, assessing the quality of the personal information having regard to that new purpose before the use or disclosure.

TOTALCARE SERVICES does not need to take reasonable steps where:

  • We collect personal information from a source known to be reliable (such as the individual concerned) it may be reasonable to take no steps to ensure the quality of personal information. However, the onus is on TOTALCARE SERVICES to prove that our actions qualify as reasonable in each individual circumstance.

Security of personal information

TOTALCARE SERVICES is committed to maintaining the trust of the person they deal with by protecting and securing personal information. We employ appropriate technical, administrative and physical procedures to protect personal information from:

  • Unauthorised disclosure
  • Unauthorised access
  • Unauthorised modification
  • Interference
  • loss
  • Misuse, or
  • Alteration.

We limit access to personal information to individuals with a business need consistent with the reason the information was provided.

Where we amend a personal record or information or add new personal information to a record any redundant information or information history will be assessed for either destruction or de-identify the information, with the exception where the information is contained in a Commonwealth record or the entity is required by or under an Australian law, or a court/tribunal order, consideration for archiving as per the Archival legislation for records within the jurisdiction.

Reasonable steps could include taking steps and implementing strategies to manage:

  • governance
  • IS security
  • data breaches
  • physical security
  • personnel security and training
  • workplace policies
  • the information life cycle
  • standards
  • regular monitoring and review.

Where TOTALCARE SERVICES has identified information that is to be destroyed or de-identified, we will take reasonable steps to destroy or de-identify all copies of that personal information, including copies that have been archived or are held as back-ups.

Where TOTALCARE SERVICES has recorded in hard copy, disposal through garbage or recycling collection would not ordinarily constitute taking reasonable steps to destroy the personal information, unless the personal information had already been destroyed through a process such as pulping, burning, pulverizing, disintegrating or shredding.

Where information is held in electronic form, reasonable step to dispose or destroy will vary depending on the kind of hardware used to store the personal information. In some cases, it may be possible to ‘sanitise’ the hardware to completely remove stored personal information with the use of Drive Scrubbers.

For hardware that cannot be sanitised, reasonable steps must be taken to destroy the personal information in another way, such as by irretrievably destroying it the drive or disk the information is stored on and may include secure shredding of the hard drive or other storage devices.

Where it is not possible for TOTALCARE SERVICES to irretrievably destroy personal information held in electronic format, we will take reasonable steps to de-identify the personal information or disable the application or put the information beyond use by taking but not limited to the following steps:

  • Ensuring the information is not able to, and TOTALCARE SERVICES will not attempt, to use or disclose the personal information
  • Will not give any other entity access to the personal information
  • Isolates personal information with appropriate technical and organisational security.
  • This should include, at a minimum, access controls together with log and audit trails, and
  • Take reasonable steps to irretrievably destroy the personal information if, or when, this becomes possible.

Where such information is on a third party’s hardware, such as cloud storage, where the organisation has instructed the third party to irretrievably destroy the personal information, reasonable steps would include taking steps to verify that this has occurred.

Remember the AC-ESIMS Hierarchy of controls, if you cannot “Eliminate” the electronic information (irretrievably destroy the information), then you must:

“Substitute” – the information by writing over the information with text e.g. X

“Isolate” – physically or electronically remove the information and store in a secure area.

“Modify” – de-identify the information by deleting personal descriptors and information.

“Shield” – use both physical (masking) and electronic security protocols to restrict access.

One of more of the controls can be implemented.

De-identification of personal information may be more appropriate than destruction as de-identified information could provide further value or utility to TOTALCARE SERVICES or a third party as part of its business analysis.

We keep personal information only for as long as it is required for business purposes or by the law. TOTALCARE SERVICES protects your personal information by complying with Information Security Standards, Industry Schemes and Statutory obligations. We regularly conduct targeted internal and external audits on our security systems to validate the currency of our security practices.

Access to personal information

A person who is able to confirm their identity has the right to request access to the personal information we hold about them. This right is subject to certain exceptions allowed by law.

TOTALCARE SERVICES will, upon your request, and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, we ask that you identify, as clearly as possible, the type (or types) of information requested. TOTALCARE SERVICES will deal with your request in a reasonable time – usually within 30 days.

Depending on the breadth of your request, we may recover from you our reasonable costs incurred in supplying you with access to this information.

Exceptions – Your right to access your personal information is not absolute. In some circumstances, the law permits us to refuse your request to provide you with access to your personal information, such as circumstances where:

  • Access would pose a serious threat to the life or health of any individual
  • Access would have an unreasonable impact on the privacy of others
  • The request is frivolous
  • The information relates to a commercially-sensitive decision-making process
  • Access would be unlawful
  • Access may prejudice enforcement activities, a security function or commercial negotiations.

Freedom of information laws – In addition to privacy laws, you may have rights to access your personal information contained in certain TOTALCARE SERVICES documents. Details on how to apply for access to these documents are contained in the Freedom of Information Act 1982 (FOI Act).

Correction of personal information

It is inevitable that some personal information which we hold will become out of date. We will take reasonable steps to ensure that the personal information which we hold remains accurate. Where the owner of the information advises us of a change of details, we will amend our records accordingly.

Agency personnel records that have been inactive for a period of excess of 12 months will not be actively checked or audited to ascertain their accuracy. The records will be frozen in time as at their last update. When an Agency Worker has not been engaged in a contract for in excess of 12, a fresh application or update of details will be required prior to recommencing agency work.

Personnel Records held in the Booking System that has been inactive for periods of 7 years are archived in the Booking System with the records tagged as hidden. Where an agency worker recommences casual work with TOTALCARE SERVICES after the 12 month period, the record can be reactivated and updated upon receipt of a fresh application.

For clients, with whom TOTALCARE SERVICES has an ongoing relationship with, personal information will be checked (and updated accordingly) at least annually on reviews, or when prompted by the client. Where your information has been disclosed to a third party, TOTALCARE SERVICES will take reasonable steps to notify the third party of the correction.

Where we are unable to update your information, we will provide an explanation in writing as to why the information cannot be corrected.

General Considerations when applying the Australian Privacy Principles.

Taking reasonable steps – When considering what are the reasonable steps when applying the APP’s, TOTALCARE SERVICES considers the following criteria:

  • The sensitivity of personal information. More rigorous steps may be required if the information collected, used or disclosed is ‘sensitive information or other personal information of a sensitive nature
  • The nature and size of TOTALCARE SERVICES’ business.
  • The possible adverse consequences for an individual if the quality of personal information is not ensured.
  • The practicability, including time and cost involved.

TOTALCARE SERVICES is cognizant that it will not be excused from taking particular steps by reason only that it would be inconvenient, time-consuming or impose some cost to do so. Whether these factors make it unreasonable to take particular steps will depend on whether the burden is excessive in all the circumstances.

Loss of personal information

Despite our every effort to protect your personal information, there remains the possibility that a breach of our security could occur. In the event of loss of personal information TOTALCARE SERVICES will:

  • Seek to rapidly identify and secure the breach to prevent any further breaches
  • Engage the appropriate authorities where criminal activity is suspected
  • Assess the nature and severity of the breach including the type of personal information involved and the risk of harm to affected individuals
  • Notify the affected individuals directly if appropriate and where possible
  • If appropriate, put a notice on our website advising our customers of the breach
  • Notify the Privacy Commissioner (at the OAIC) if the breach is significant.

The Complaint Process

If you have a complaint about the way TOTALCARE SERVICES has managed your private information, contact TOTALCARE SERVICES’s Authorised Privacy Officer to lodge the complaint.

TOTALCARE SERVICES will investigate the complaint and consult with you to find a resolution to the mater. The lodgment of the complaint does not restrict you at any time to lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

Totalcare Services –

Phone: 0432161933

Under the Privacy Act 1988 (Privacy Act) you can make a complaint to the OAIC about the handling of your personal information by TOTALCARE SERVICES.

The OAIC complaints process:

  • It is free to lodge a complaint.
  • You do not need a lawyer. However, if you do decide to hire a lawyer, you must pay for the lawyer yourself.
  • The OAIC investigates privacy complaints from individuals about Australian, ACT and Norfolk Island government agencies, and private sector organisations covered by the Privacy Act. The Privacy Act does not cover the State and Northern Territory government agencies.
  • The OAIC aims to resolve complaints as quickly as possible. Some complaints are resolved within weeks, but more complex complaints may take longer. You can find more information about what you can expect in our Client Service Charter.
  • Complaints are generally resolved through conciliation.
  • You can choose to withdraw your complaint at any time.

If you are looking for information about how to manage a privacy complaint against TOTALCARE SERVICES, you should access the Office of the Australian Information Commissioner to access the following information:

  • Privacy fact sheet 9: Guide to internal investigations
  • Privacy fact sheet 11: How will the OAIC handle a complaint against my organisation?
  • How to make a complaint – Information about how you can make a privacy complaint to the OAIC, what you can complain about, who you can complain about, possible outcomes and what you should include with your complaint can be found on the Making a complaint page.

If you are unsure that the Commissioner will deal with your complaint, access to the Privacy Complaint Checker to assess whether the OAIC can deal with your complaint by answering a series of simple questions.

What happens to your complaint – OAIC will deal with your complaint as quickly as possible and keep you informed of its progress. The OAIC is independent and impartial in dealing with your complaint. More information about the OAIC complaints process can be found on the “What happens to your complaint” page.

Privacy appeal rights – If you are not satisfied with a decision the OAIC has made, you can ask the OAIC to review the decision. More information about your rights can be found on the Privacy appeal rights page.

Office of the Australian Information Commissioner

Phone: 1300 363 992

Teletypewriter (TTY) 133 677 then ask for 1300 363 992.

Medical Records and Information

TOTALCARE SERVICES collects medical “sensitive” information about its employees where it is lawful to do so. The information may relate to compulsory and or elective inoculations, medical restrictions, medical reports, sick leave absenteeism, and workers compensation reports from medical practitioners and or agents of the respective regulator.

TOTALCARE SERVICES collects medical “sensitive” information about its clients directly related to TOTALCARE SERVICES’s function or activities (e.g. direct care – medical, allied, personal care). This information may relate to current and past medical history, medications, past surgeries/operations, medical reports, the current level of functioning and support/assistance required.

In concert with TOTALCARE SERVICES general standards that apply to Private Information, more rigorous controls of the collection, holding and disclosure of sensitive medical information is required.

Medical Information Collected and Retained

The information collected and held includes, but not limited to:

  1. Identifying information
  2. Residential information
  3. Medical history/records
  4. Medications and regimes
  5. Medical certificates
  6. Certificates of Capacity
  7. Medical Reports and Assessments
  8. Summaries of claim information
  9. Claim reports

What is not collected is the individuals Medicare number.

How TOTALCARE SERVICES collects and holds personal medical information

For employees – The information is in the first instance provided by the employee through an application for employment, as part of the ongoing certification and through an application for compensation.

For Clients – The information is in the first instance provided via a referral and directly from the client through an initial consultation. If further information is required from other sources (e.g. the client’s General Practitioner), with the client’s consent, this information is sought. Records that relate to their employee’s employment are maintained in personnel records, with physical or electronic.

Sources of Medical Information

TOTALCARE SERVICES sources and or receives medical information from, but not limited to

  • the owner of the information
  • insurers
  • regulators
  • business partners and clients
  • medical practitioners
  • hospital records
  • courts and tribunals

Collection, Retention and Disclosure of Medical Information (Purpose)

For Employees – Information obtained and retained generally relates to the individuals

  • professional requirement in the declaring of certain medical information e.g. inoculations
  • Notifiable diseases
  • Where the individual has a permanent medical restriction that impacts on their employment
  • A claim for compensation of injury at work
  • A claim of bullying and harassment

Only that information that is required for the individual employment and or managing a claim of injury is disclosed to those who the information was intended for and the release of the information is authorised by the individual. In respect to workers compensation claims the application for workers compensation has the declaration and authorisation to exchange information between TOTALCARE SERVICES, the individual, their medical practitioners, rehabilitation providers, the insurers and the regulators.

The purpose of why the information collected is to manage the individuals: –

  • recruitment processes
  • employment
  • managing a claim of injury
  • managing adverse actions
  • required by law

For clients – Information obtained and retained generally relates to the individuals

  • Health, medical and functional status
  • Level of impairments and impact
  • A claim for compensation or allowance (e.g. Lifetime Support Authority, Workers Compensation, National Disability Advisory Scheme)
  • Notifiable or communicable diseases
  • Functional status and level of impairment

Only information necessary for the direct delivery of services is disclosed to those who the information was intended for and the release of the information is authorised by the individual (e.g. personal care workers to undertake necessary care).

The purpose of why the information collected is to manage the individuals:

  • direct delivery of services
  • manage and support overall health and wellbeing
  • monitor clients’ wellbeing and heath and identify any areas for concern/follow-up
  • determine the impact of service delivery of client outcomes
  • required by law

 

 

 

Electronic Media and Communication Privacy Statements

Totalcare Services Australia has developed the following Statement to be included in our External websites. The application of the Act and the APP’s is specific to the operations of website and the way information is handled by such sites. The following statement guideline should be amended to reflect how each web site manages information and how TOTALCARE SERVICES deals with such information.

Privacy Statement

Totalcare Services Australia (TOTALCARE SERVICES) understands the importance of protecting clients’ and staff members’ privacy. We are committed to complying with the Privacy Act 1988 and the Australian Privacy

How and why we collect your personal information

TOTALCARE SERVICES collects personal information when and individual accesses our online intranet and web sites. Accordingly, we have systems in place to ensure our online dealings with the individual are as secure as dealings with TOTALCARE SERVICES in person, or on the telephone.

In those instances where we secure your personal information in transit to us and upon receipt, we  use the industry standard encryption software, Secured Socket Layer (SSL) 128 bit encryption. The URL in your browser will change to “HTTPS” instead of “HTTP” when this security feature is invoked.

Your browser may also display a lock symbol on its bottom task bar line to indicate this secure transmission is in place. For site security purposes and to ensure this service remains available to all users, we employ software programs to monitor network traffic in order to identify unauthorised attempts to upload or change information, or otherwise cause us damage. Except for authorised law enforcement investigations, no other attempts are made to identify individual users or their usage habits other than those uses identified in this policy. Unauthorised modification or misuse of information stored in this system will be investigated and may result in criminal prosecution.

We collect personal information from you when you use our products and services. We collect it so we can:

  • Give you information to which you are entitled as a client or staff member
  • Supply to you, and administer, the products and services you require, and
  • Conform to various legislative and government reporting requirements

We also collect it so that we can provide you marketing information, with your consent (see below).

If your personal information is not provided

If you do not provide us with all of the information we request we may be unable to supply to you the product or service that you require.

Marketing information

Under no circumstances will information be sold to external agencies for marketing purposes. We may, with your consent, use your personal details to give you information that may be of interest to you, about the other products and services that are available from us, from our related entities, and from other businesses with which we or our related entities have relationships. Your consent will be implied unless you notify us that you do not consent to your information being used for this purpose. You can elect to alter your consent at any time.

When we may give personal information to other Organisations.

Sometimes we may need to give some personal information about you to other organisations that provide services that assist us in supplying to you, or in administering, the products and services you require or assist us in giving you the information that you are entitled to.

Personal information collected by TOTALCARE SERVICES is treated as confidential and is protected by the Privacy Act 1988. Personal information is information relating to an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion provided.

This site is operated by TOTALCARE SERVICES without the use of an external service provider. When visiting this site, a record of your visit is logged. The following information is recorded for statistical purposes and is used by TOTALCARE SERVICES to help improve the site. The following information is supplied by your browser:

  • the user’s server address
  • the user’s operating system (for example Windows, Mac etc)
  • the user’s top-level domain name (for example .com, .gov, .au, .uk etc)
  • the date and time of the visit to the site
  • the pages accessed and the documents downloaded
  • the previous site visited
  • the type of browser used.

No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the Internet Service Provider’s logs.

Collection of Personal Information

When you e-mail us:

  • we will record your e-mail address
  • we will only use your e-mail address for the purpose for which you provided it
  • it will not be added to a mailing list
  • we will not use your e-mail address for any other purpose
  • we will not disclose it without your consent except where TOTALCARE SERVICES may be required by law to disclose certain information.

Should you decide to use an online form, such as one used by TOTALCARE SERVICES Enquiries:

  • we will record your name, e-mail address, street address, telephone number, occupation, company, area of interest and other personal information provided
  • we will only use this information for the purpose for which you provided it
  • the information will not be added to a mailing list
  • we will not disclose this information without your consent except where TOTALCARE SERVICES may be required by law to disclose certain information.
  • We will, at your request, provide you with access to any information which we have collected about you through this website in accordance with Information Privacy Principle 6, Privacy Act 1988 (Cth). To gain access to this information you should contact us (see details below). If you believe that any information is inaccurate, incomplete or out of date, please contact us and we will revise the relevant information in accordance with Information Privacy Principle 7, Privacy Act 1988 (Cth).

Cookies

A cookie is a text string that is included with Hypertext Transfer Protocol (HTTP) requests and responses. Cookies are used to maintain state information as you navigate different pages on a web site or return to the web site at a later time. Cookies cannot be used to execute code (run programs) or deliver viruses to your computer.

Persistent vs. Session Cookies – Cookies are either stored in memory (session cookies) or placed on your hard disk (persistent cookies). TOTALCARE SERVICES does use a persistent cookie for saving the login id (if the user selects this option) on the login screen. All cookies, whether persistent or session based are encrypted using SSL.

  • Log-on and log-off administration – Persistent cookies help with the log-on and log-off processes for those users who have decided to register to use one of our online services. The cookies enable us to recognize your user ID when you log on so that you do not have to re-type your user ID each visit.
  • Transactions and site usability – We use session cookies to improve how you navigate through our website and conduct transactions. As examples, session cookies are used to maintain your online session as you browse over several pages; to store and prepopulate information so that you do not have to re-enter the same information twice.

How to Access Cookies Settings in your Browser – You have the ability to enable or disable cookies, or have Internet Explorer or Opera prompt you before accepting cookies. Note that disabling cookies may prevent some web services from working correctly, and disabling cookies does not make you anonymous or prevent web sites from tracking your browsing habits. HTTP requests still include information about where you came from (HTTP Referrer), your IP address, browser version, operating system, and other information (see Site Visit Data above).

You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent. Most browsers accept cookies by default. To learn more about cookies, including how to refuse cookies on your computer, click these links:

  • Microsoft Internet Explorer (External link)
  • Mozilla FireFox (External link)
  • Google Chrome (External link)
  • Apple Safari (External link)
  • Opera (External link)

Links to other sites

The TOTALCARE SERVICES site contains links to other sites. We are ultimately not responsible for the privacy practices or the content of such web sites. We encourage you to read and understand the privacy policies on those websites prior to providing any information to them.

Some of the content appearing on the TOTALCARE SERVICES website may be supplied by third parties, for example, by framing third party web sites or the incorporation through “framesets” of content supplied by third-party application service providers. In such cases, TOTALCARE SERVICES will ensure that our contractual arrangements with these third parties protect your personal information in compliance with privacy laws.

Searches

Search terms that you enter when using our search engine are collected but are not associated with any other information that we collect. We use these search terms for the purpose of aggregated statistical analyses so we can ascertain what people are looking for on our website, and to improve the services that we provide.

We may use external companies to provide us with detailed aggregate statistical analyses of our website traffic. At no time is any personal information made available to these companies, nor is the aggregate information ever merged with personal information such as your name, address, email address or other information you would consider sensitive or would compromise your privacy

Security of Information

Your personal information will not be released unless the law requires or permits it or your permission is given. We provide a secure environment and a reliable system but you should be aware that there may be inherent risks associated with the transmission of information via the Internet. For those who do not wish to use the Internet, TOTALCARE SERVICES provides alternative ways of obtaining and providing information.

Complaints

Where you believe that the security of your information has been managed inappropriately by TOTALCARE SERVICES, you may lodge a complaint with either with TOTALCARE SERVICES’s Authorised Office or the Office of the Australian Information Commissioner.

Totalcare Services Manager

Phone:  0432161933

Email: team@totalcareservices.com.au

Office of the Australian Information Commissioner

Phone: 1300 363 992

Teletypewriter (TTY): 133 677 then ask for 1300 363 992.

Speak and Listen users: 1300 555 727 then ask for 1300 363 992

National Health Practitioners Privacy Commissioner

Phone: +61 3 9674 0421

Email: complaints@nhpopc.com.au

NDIS

Phone: 1800800110

www.ndis.gov.au