Australian Emergency Care Providers Ltd is committed to maintaining the confidentiality and privacy of its personnel and member records. Australian Emergency Care Providers Ltd complies with all aspects of the Commonwealth Privacy Act 1988 including the 13 Australian Privacy Principles (APPs) as outlined in the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
This will cover details and information collected via our website, fax, phone, mail or electronic media. This policy focuses on Australian Emergency Care Provider’s commitment to protecting the privacy of its personnel and members, and outlines the various ways in which it ensures this protection.
Staff Personal Information
To meet employment, legal and taxation obligations, Australian Emergency Care Providers Ltd will collect personal information from staff as information is required. Information collected includes general personal details as well as emergency contact details.
Australian Emergency Care Providers Ltd uses personal information of its staff for the purposes of meeting employment requirements including payroll, superannuation and taxation. Staff may access their personnel file at any time by submitting their written application to the Accounts Department. All records are securely stored and AECP will make all reasonable efforts to protect confidential information.
In all cases where access is requested, Australian Emergency Care Providers Ltd will ensure that:
- Parties requesting access to personal information are correctly vetted and identified
- Where legally possible, the individual to whom the information relates will be contacted to confirm consent (if consent not previously provided for the matter)
- Only appropriately authorised parties, for valid purposes, will be provided access to the information.
Australian Emergency Care Providers Ltd will maintain the privacy and security of personal information by all reasonable ways possible. Information is stored electronically using secure, password protected systems, such as financial system, learning/student management systems which are kept on a secure server. Access is restricted to authorised employees per system. The server is regularly backed up and kept in a secure location.
Australian Emergency Care Providers Ltd has taken strong measures to protect the security of your personal information and to ensure that your choices for its intended use are honoured. We take strong precautions to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction.
We guarantee your e-commerce transactions to be 100% safe and secure. When you place orders or access your personal account information, you’re utilising secure server software SSL, which encrypts your personal information before it’s sent over the Internet. SSL is one of the safest encryption technologies available.
Australian Emergency Care Providers Ltd strictly protects the security of your personal information and honours your choices for its intended use. We carefully protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction.
Application of Australian Privacy Principles
APP 1 — Open and transparent management of personal information
Australian Emergency Care Providers Ltd manages personal information in an open and transparent way. Refer to Staff Personal Information above.
APP 2 — Anonymity and pseudonymity
Australian Emergency Care Providers Ltd allows individuals the option of not identifying themselves, or of using a pseudonym when making enquiries or in dealings that don’t require an individual’s actual details. Limited exceptions apply where Australian Emergency Care Providers Ltd requires and must confirm identification such as information covered in Staff Personal Information above.
APP 3 — Collection of solicited personal information
Australian Emergency Care Providers Ltd collects personal information that is reasonably necessary for our business operations. Sensitive information is collected in cases where the individual consents to the sensitive information being collected, except in cases where Australian Emergency Care Providers Ltd is required to collect this information by law, such as outlined earlier in Staff Personal Information.
All information collected is obtained only through lawful and fair means.
APP 4 — Dealing with unsolicited personal information
Australian Emergency Care Providers Ltd may occasionally receive unsolicited personal information. Australian Emergency Care Providers Ltd must, within a reasonable period after receiving the information, determine whether or not that it could have collected the information under Australian Privacy Principle 3 as if Australian Emergency Care Providers Ltd had solicited the information.
Where Australian Emergency Care Providers Ltd could not have collected this information (by law or for a valid business purpose) Australian Emergency Care Providers Ltd will immediately destroy or de-identify the information (unless it would be unlawful to do so).
APP 5 — Notification of the collection of personal information
Every time Australian Emergency Care Providers Ltd collects personal information about an individual or student, we take every care to inform the individual of the details of the information collected or otherwise ensure the individual is aware of those matters at the point of collection. Notifications to individuals/students on personal data collection include:
- Australian Emergency Care Providers Ltd’s identity and contact details, including the position title, telephone number and email address of a contact who handles enquiries and requests relating to privacy matters
- The facts and circumstances of collection such as the date, time, place and method of collection, and whether the information was collected from a third party, including the name of that party
- If the data is required or authorised by law, including the name of the Australian law or other legal agreement requiring the collection
- The purpose of collection of data
- The main consequences (if any) for the individual if all or some of the personal information is not collected by Australian Emergency Care Providers Ltd
- A student may access and seek correction of their personal information held by Australian Emergency Care Providers Ltd, refer to Accessing Files
- If an individual/student has a reason to complain about a breach of the APPs, or any registered APP code, they can submit a formal complaint to the Privacy Officer. Internal procedures for dealing with complaints will be initiated and a reply will be provided within 7 working days
- Australian Emergency Care Providers Ltd is not likely to disclose the personal information to overseas recipients
Where possible, Australian Emergency Care Providers Ltd will make sure that the individual confirms their understanding of these details, via signed declarations, website form acceptance of details or in person through questioning.
Where Australian Emergency Care Providers Ltd collects personal information from another organisation, we:
- Confirm whether the other organisation has provided the relevant notice above to the individual
- Whether the individual was otherwise aware of these details at the time of collection
- If this has not occurred, we will undertake this notice to ensure the individual is fully informed of the information collection
APP 6 — Use or disclosure of personal information
Australian Emergency Care Providers Ltd only uses or discloses personal information it holds about an individual for the particular primary purposes for which the information was collected, or secondary purposes in cases where:
- An individual consented to a secondary use or disclosure
- An individual would reasonably expect the secondary use or disclosure, and that is directly related to the primary purpose of collection
- Using or disclosing the information is required or authorised by law
Requirement to make a written note of use or disclosure for this secondary purpose
If Australian Emergency Care Providers Ltd uses or discloses personal information in accordance with an ‘enforcement related activity’ we will make a written note of the use or disclosure, including the following details:
- The date of the use or disclosure
- Details of the personal information that was used or disclosed
- The enforcement body conducting the enforcement related activity
- If the organisation used the information, how the information was used by the organisation
- The basis for our reasonable belief that we were required to disclose the information
APP 7 — Direct marketing
Australian Emergency Care Providers Ltd does not use or disclose the personal information that it holds about an individual/student for the purpose of direct marketing, unless:
- The personal information has been collected directly from an individual, and the individual would reasonably expect their personal information to be used for the purpose of direct marketing
- The personal information has been collected from a third party, or from the individual directly, but the individual does not have a reasonable expectation that their personal information will be used for the purpose of direct marketing; and
- We provide a simple method for the individual to request not to receive direct marketing communications (also known as ‘opting out’)
On each of our direct marketing communications, Australian Emergency Care Providers Ltd provides a prominent statement that the individual may request to opt out of future communications, and how to do so.
An individual may also request us at any stage not to use or disclose their personal information for the purpose of direct marketing, or to facilitate direct marketing by other organisations. We comply with any request by an individual promptly and undertake any required actions for free.
We also, on request, notify an individual of our source of their personal information used or disclosed for the purpose of direct marketing unless it is unreasonable or impracticable to do so.
APP 8 — Cross-border disclosure of personal information
Australian Emergency Care Providers Ltd does not disclose personal information about an individual to any overseas recipient
APP 9 — Adoption, use or disclosure of government related identifiers
Australian Emergency Care Providers Ltd does not adopt, use or disclose a government related identifier related to an individual except:
- In situations required by Australian law or other legal requirements
- Where reasonably necessary to verify the identity of the individual
- Where reasonably necessary to fulfil obligations to an agency or a State or Territory authority
- As prescribed by regulations
APP 10 — Quality of personal information
Australian Emergency Care Providers Ltd takes reasonable steps to ensure that the personal information it collects is accurate, up-to-date and complete. We also take reasonable steps to ensure that the personal information we use or disclose is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.
This is particularly important:
- When we initially collect the personal information
- When we use or disclose personal information
We take steps to ensure personal information is factually correct. In cases of an opinion, we ensure information takes into account competing facts and views and makes an informed assessment, providing it is clear this is an opinion. Information is confirmed up-to-date at the point in time to which the personal information relates. Quality measures in place supporting these requirements include:
- Internal practices, procedures and systems to audit, monitor, identify and correct poor quality personal information (including training staff in these practices, procedures and systems)
- Protocols that ensure personal information is collected and recorded in a consistent format, from a primary information source when possible
- Ensuring updated or new personal information is promptly added to relevant existing records
- Providing individuals with a simple means to review and update their information on an on-going basis through our online portal
- Reminding individuals to update their personal information at critical service delivery points (such as completion) when we engage with the individual
- Contacting individuals to verify the quality of personal information where appropriate when it is about to used or disclosed, particularly if there has been a lengthy period since collection
- Checking that a third party, from whom personal information is collected, has implemented appropriate data quality practices, procedures and systems
APP 11 — Security of personal information
Australian Emergency Care Providers Ltd takes active measures to consider whether we are able to retain personal information we hold, and also to ensure the security of personal information we hold. This includes reasonable steps to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
We destroy or de-identify personal information held once the information is no longer needed for any purpose for which the information may be legally used or disclosed.
Access to Australian Emergency Care Providers Ltd offices and work areas is limited to our personnel only – visitors to our premises must be authorised by relevant personnel and are accompanied at all times. With regard to any information in a paper based form, we maintain storage of records in an appropriately secure place to which only authorised individuals have access.
Regular staff training and information bulletins are conducted with Australian Emergency Care Providers Ltd personnel on privacy issues, and how the APPs apply to our practices, procedures and systems. Training is also included in our personnel induction practices.
We conduct ongoing internal audits (at least annually and as needed) of the adequacy and currency of security and access practices, procedures and systems implemented
APP 12 — Access to personal information
Where Australian Emergency Care Providers Ltd holds personal information about an individual, we provide that individual access to the information on their request. In processing requests, we:
- Ensure through confirmation of identity that the request is made by the individual concerned, or by another person who is authorised to make a request on their behalf (refer to Accessing Files)
- Respond to a request for access within 14 calendar days, when notifying our refusal to give access, including providing reasons for refusal in writing, and the complaint mechanisms available to the individual; or within 30 calendar days, by giving access to the personal information that is requested in the manner in which it was requested.
- Provide information access free of charge
APP 13 — Correction of personal information
Australian Emergency Care Providers Ltd takes reasonable steps to correct personal information we hold, to ensure it is accurate, up-to-date, complete, relevant and not misleading, having regard to the purpose for which it is held.
On an individual’s request, we:
- Correct personal information held; and (refer to Accessing Files)
- Notify any third parties of corrections made to personal information, if this information was previously provided to these parties.
In cases where we refuse to update personal information, we:
- Give a written notice to the individual, including the reasons for the refusal and the complaint mechanisms available to the individual
- Upon request by the individual whose correction request has been refused, take reasonable steps to associate a statement with the personal information that the individual believes it to be inaccurate, out-of-date, incomplete, irrelevant or misleading
- Respond within 14 calendar days to these requests; and
- Complete all actions free of charge