Foundations Care respects the privacy of all Foundations Care people including members, employees, volunteers, our clients/beneficiaries, donors, business partners, contractors and online users, and is committed to safeguarding the personal information that is provided to us.

Purpose 

The purpose of this statement is to:

  • clearly communicate the personal information handling practices of Foundations Care
  • enhance the transparency of Foundations Care operations, and
  • give individuals a better and more complete understanding of the sort of personal information that Foundations Care holds, and the way we handle that information.

Scope 

This applies to all Foundations Care members, volunteers, employees, clients/beneficiaries, donors, business partners, contractors and online users.

The Privacy Act and this Position Statement do not apply to acts or practices which directly relate to employee records of Foundations Cares current and former employees.

Definitions 

Online users refers to anyone that accesses the Foundations Care domain.

Personal information as defined by the Privacy Act 1988 (as amended) is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.

Sensitive information as defined by the Privacy Act 1988 (as amended) is information or opinion (that is also personal information) about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record or health, genetic, biometric information or biometric templates, that is also personal information.

Overview of Foundations Care 

Programs and Services 

Foundations Care belongs to a family of organisations (Community Services Group) that are committed to supporting and enhancing the quality of life for some of Australia’s most vulnerable. We adapt an innovative, flexible, collaborative and strengths-based approach to service provision. Community Services Group provides services through:

  • Ability Care – Disability Services
  • Flexible Living – Aged Care and Volunteering Services
  • Foundations Care – Out-of-Home Care, Relationship and Therapeutic Services
  • Community Services Australia – Business Consultancy enabling smaller community organisations to compete in the market place

In carrying out this mission Foundations Care engages volunteers and employees, and receives donations, funding and support from members of the community, corporations, groups and governments.

In addition to the services which we provide from services and funds donated by the public, Foundations Care also holds contracts to deliver State and Commonwealth government programs. In providing such services, we comply with the relevant state or national privacy principles and any additional obligations under the contract.

Part A — Our Personal Information Handling Practices 

This section explains our general information handling practices across Foundations Care including information about how we collect, use, disclose and store your personal information.

Our obligations under the Privacy Act 

This position statement sets out how we comply with our obligations under the Privacy Act 1988 (Privacy Act). We are bound by the Australian Privacy Principles (APPs) in the Privacy Act which regulate how organisations may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them. We will obtain your consent as applicable prior to collecting, using and/or sharing your information. If you do not provide consent and/or you withdraw your consent at a later date, we may not be able to provide the services you require.

Collection of Personal and Sensitive Information 

If you would like to access any Foundations Care Services on an anonymous basis or using a pseudonym, please tell us. If this is possible and lawful, we will take all reasonable steps to comply with your request. However, we may not be able to provide the services in question if we are not provided with the personal information requested.

The nature and extent of personal and sensitive information collected by Foundations Care varies depending on your particular interaction with Foundations Care.

Foundations Care collects personal and sensitive information from clients/ beneficiaries, donors, business partners, Foundations Care people and online users. Further information about the kind of information collected from each of these groups and the usage of such information is detailed below.

Foundations Care – Clients and Beneficiaries 

Kind of information collected:

  • contact details (name, address, email etc.)
  • personal details including: date of birth, gender, income
  • information on personal issues and experiences, relationships,
  • family background, supports clients may have in the community
  • areas of interest • health information and/or medical history
  • credit card numbers or bank account details
  • photographs/film/video

How the information is collected:

  • service applications
  • online registration
  • telephone
  • during service induction/consultations/meetings/activities

Purpose for which Foundations Care uses the information:

  • to provide Foundations Care services
  • to provide clients/beneficiaries with the most appropriate services for their needs
  • to meet any requirements of government funding for programs
  • to monitor and evaluate existing services and plan for future services
  • to produce annual reports and for research purposes which may involve contracted organisations
  • to comply with legal obligations
  • To produce promotional materials

Foundations Care – Business Partners 

Type of information collected:

  • contact person’s name, the name of the organisation which employs the person, telephone numbers, fax number, street and postal address, email address and position title
  • areas of interest by category and industry
  • bank details (if Foundations Care is to receive payment or make payment for services received)
  • Australian Business Number (ABN)
  • type of support (e.g. workplace giving, goods in kind, program support, volunteering)

How the information is collected:

  • communications, email, flyers
  • online registration
  • telephone

Purpose for which Foundations Care uses the information:

  • to provide Foundations Care services
  • to process donations and provide accurate receipts
  • to pay for services
  • to establish and manage partnerships
  • to receive services from you or the organisation which employs you
  • to manage Foundations Care ‘s relationship with the business partner
  • to provide information about Foundations Care ‘s services
  • to update the company on Foundations Care appeals for public donations, programs and services

Foundations Care – People (volunteers, employees, delegates) and candidates for volunteer work and prospective employees 

Type of information collected:

  • contact details (name, address, telephone numbers, email etc.)
  • personal details including personal details of emergency contact person(s)
  • date of birth
  • country of birth, citizenship, residency and/or visa details
  • details of current/previous employment or volunteer involvement
  • skills and experience
  • languages spoken and written
  • qualifications, drivers licence details
  • information and opinions from referees for prospective employees and candidates for volunteer work
  • a screening check such as Blue Card/ Yellow Card/ WWC card/ Police Check may be required for some roles in Foundations Care (particularly those involving children, young people and other vulnerable individuals). Individuals will be required to provide certain information for a Police Check. There are different arrangements for screening checks in each state and territory of Australia. In some cases the Screening check will be received directly by Foundations Care and then stored securely or destroyed.
  • in some situations it is necessary for Foundations Care to collect or receive information about an individual’s health. In this circumstance, Foundations Care will advise why the information is being collected and whether and to whom it will be released.

Purpose for which Foundations Care uses the information:

  • to provide Foundations Care services
  • to process an application to become a member, volunteer or employee of our organisation
  • to facilitate a placement in an appropriate service or position
  • to assist with services whilst an individual is employed or engaged as a volunteer with Foundations Care
  • to provide feedback on performance as a volunteer or employee
  • to meet legislative responsibilities to all volunteers and employees • to obtain feedback from individuals about their experiences
  • to assist Foundations Care to review and improve its programs and services to keep individuals informed about Foundations Care developments and opportunities
  • to provide information about Foundations Care services
  • to facilitate further involvements with Foundations Care (e.g. Disability supports, membership, donor)

Online Users 

To the extent that this Privacy Statement applies to online privacy issues, it is to be read as forming part of the terms and conditions of use for the Foundations Care website.
Type of information collected:

  • contact details (name, address, telephone numbers, email etc.)
  • non-personal information e.g. visitor navigation and statistics
  • server address, browser type, date and time of visit
  • personal information

Purpose for which Foundations Care uses the information:

  • to analyse website usage and make improvements to the website
  • Foundations Care does not match the personal information collected with the non-personal information

Additional Information 

The website may from time to time contain links to other websites. Foundations Care stresses that when an online user accesses a website that is not the Foundations Care website, it may have a different privacy statement. To verify how that website collects and uses information, the user should check that particular website’s privacy statement.

How We Collect Information 

Where possible, we collect your personal and sensitive information directly from you. We collect information through various means, including telephone and in-person interviews, appointments, forms and questionnaires. If you feel that the information that we are requesting, either on our forms or in our discussions with you, is not information that you wish to provide, please feel free to raise this with us.

In some situations we may also obtain personal information about you from a third party source. If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purposes for which we are collecting your personal information and the organisations to which we may disclose your information, subject to any exceptions under the Act. For example, we may collect information about you from a health care professional, such as your doctor.

Health Information 

As part of administering Foundations Care services, Foundations Care may collect health information. For example, Foundations Care collects health information (such as medical history) from some clients/beneficiaries participating in Foundations Care programs. When collecting health information from you, Foundations Care will obtain your consent to such collection and explain how the information will be used and disclosed.

If health information is collected from a third party (such as your doctor), Foundations Care will inform you that this information has been collected and will explain how this information will be used and disclosed.

Foundations Care will not use health information beyond the consent provided by you, unless your further consent is obtained or in accordance with one of the exceptions under the Privacy Act or in compliance with another law. If Foundations Care uses your health information for research or statistical purposes, it will be de-identified if practicable to do so.

Use and disclosure of Personal Information 

We only use personal information for the purposes for which it was given to us, or for purposes which are related to one of our functions or activities.

For the purposes referred to in this Position Statement (discussed above under ‘Collection of Personal and Sensitive Information’), we may also disclose your personal information to other external organisations including:

  • Government departments/agencies who provide funding for Foundations Care services
  • Contractors who manage some of the services we offer to you. Steps are taken to ensure they comply with the APPs when they handle personal information and are authorised only to use personal information in order to provide the services or to perform the functions required by Foundations Care;
  • Doctors and health care professionals, who assist us to deliver our services;
  • Other regulatory bodies, such as WorkSafe;
  • Referees and former employers of Foundations Care employees and volunteers, and candidates for Foundations Care employee and volunteer positions; and
  • Our professional advisors, including our accountants, auditors and lawyers.

Except as set out above, Foundations Care will not disclose an individual’s personal information to a third party unless one of the following applies:

  • the individual has consented
  • the individual would reasonably expect us to use or give that information for another purpose related to the purpose for which it was collected (or in the case of sensitive information – directly related to the purpose for which it was collected)
  • it is otherwise required or authorised by law
  • it will prevent or lessen a serious threat to somebody’s life, health or safety or to public health or safety
  • it is reasonably necessary for us to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature that relates to our functions or activities
  • it is reasonably necessary to assist in locating a missing person
  • it is reasonably necessary to establish, exercise or defend a claim at law
  • it is reasonably necessary for a confidential dispute resolution process
  • it is necessary to provide a health service
  • it is necessary for the management, funding or monitoring of a health service relevant to public health or public safety
  • it is necessary for research or the compilation or analysis of statistics relevant to public health or public safety
  • it is reasonably necessary for the enforcement of a law conducted by an enforcement body.

We do not usually send personal information out of Australia. If we are otherwise required to send information overseas we will take measures to protect your personal information. We will protect your personal information either by ensuring that the country of destination has similar protections in relation to privacy or that we enter into contractual arrangements with the recipient of your personal information that safeguards your privacy.

Security of Personal and Sensitive Information 

Foundations Care takes reasonable steps to protect the personal and sensitive information we hold against misuse, interference, loss, unauthorised access, modification and disclosure.

These steps include password protection for accessing our electronic IT system, securing paper files in locked cabinets and physical access restrictions. Only authorised personnel are permitted to access these details.

When the personal information is no longer required, it is destroyed in a secure manner, or deleted according to legislative requirements.

Access to and correction of personal information 

If an individual requests access to the personal information we hold about them, or requests that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes.

Requests for access and/or correction should be made to the relevant service (details of which are set out below). For security reasons, you will be required to put your request in writing and provide proof of your identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is not undermined.

In the first instance, Foundations Care will generally provide a summary of the information held about the individual. It will be assumed (unless told otherwise) that the request relates to current records. These current records will include personal information which is included in Foundations Care databases and in paper files, and which may be used on a day to day basis.

We will provide access by allowing you to inspect, take notes or print outs of personal information that we hold about you. If personal information (for example, your name and address details) is duplicated across different databases, Foundations Care will generally provide one printout of this information, rather than multiple printouts.

We will take all reasonable steps to provide access or the information requested within 14 days of your request. In situations where the request is complicated or requires access to a large volume of information, we will take all reasonable steps to provide access to the information requested within 30 days.

Foundations Care may charge you reasonable fees to reimburse us for the cost we incur relating to your request for access to information, including in relation to photocopying and delivery cost of information stored off site.

If an individual is able to establish that personal information Foundations Care holds about her/him is not accurate, complete or up to date, Foundations Care will take reasonable steps to correct our records.

Access will be denied if:

  • the request does not relate to the personal information of the person making the request;
  • providing access would pose a serious threat to the life, health or safety of a person or to public health or public safety;
  • providing access would create an unreasonable impact on the privacy of others;
  • the request is frivolous and vexatious;
  • the request relates to existing or anticipated legal proceedings;
  • providing access would prejudice negotiations with the individual making the request;
  • access would be unlawful;
  • denial of access is authorised or required by law;
  • access would prejudice law enforcement activities;
  • access would prejudice an action in relation to suspected unlawful activity, or misconduct of a serious nature relating to the functions or activities of Foundations Care
  • access discloses a ‘commercially sensitive’ decision making process or information; or
  • any other reason that is provided for in the APP’s or in the Privacy Act.

If we deny access to information we will set our reasons for denying access. Where there is a dispute about your right of access to information or forms of access, this will be dealt with in accordance with the complaints procedure set out below.

Data Breach

Foundations Care encourages staff, volunteers, clients and beneficiaries and all other related parties to err on the side of caution and report early, or where there is suspicion of a data breach rather than wait for confirmation or certain proof of the breach.

Data Breaches may include, but are not limited to, the following:

  • Unauthorised and unlawful release of client information
  • Unauthorised and unlawful release of child or young person information, both personal and placement related – including the release of information which relates to children or young people formerly in care, who have left care, or who are deceased.
  • Unauthorised access, hacking and tampering of emails, files and system data by external agents (whether identifiable or not)
  • The unapproved release of child or young person information by a carer or someone within the carer household, including to the birth family of the child or young person.

Foundations Care shall ensure that appropriate action is taken in regards to a data breach once advised through the Notification.  The Privacy Officer shall be responsible for the management of the breach rectification process and necessary advice to affected persons and relevant authorities. Notifiable data breaches are reported to the Privacy Commissioner.

When a data breach occurs, Foundations Care may assess and employ the following as required and as is appropriate:

  • A formal report to be lodged with the Police
  • An internal investigation into system and technology.
  • Where reasonable and required, an external investigation by an independent investigator.
  • Ensure that all relevant stakeholders are informed, including; the person whose information was breached, the person who may have (whether intentionally or otherwise) released or breached information requirements, any third-parties who may have been accidentally or purposely involved, any nominated legal representatives, and where appropriate and required – any statutory bodies and agencies responsible for the care and protection of children and young people in out of home care.

 

Complaints Procedure 

If you have provided us with personal and sensitive information, or we have collected and hold your personal and sensitive information, you have a right to make a complaint and have it investigated and dealt with under this complaints procedure.

If you have a complaint about Foundations Care privacy practices or our handling of your personal and sensitive information please contact your relevant service provider (details of which are set out at the end of this document).

All complaints will be logged on our database.

A privacy complaint relates to any concern that you may have regarding Foundations Care privacy practices or our handling of your personal and sensitive information. This could include matters such as how your information is collected or stored, how your information is used or disclosed or how access is provided to your personal and sensitive information. The goal of this statement is to achieve an effective resolution of your complaint within a reasonable timeframe, usually 30 days or as soon as practicable.

However, in some cases, particularly if the matter is complex, the resolution may take longer. Once the complaint has been made, we will try to resolve the matter in a number of ways such as:

  • Request for further information: We may request further information from you. You should be prepared to provide us with as much information as possible, including details of any relevant dates and documentation. This will enable us to investigate the complaint and determine an appropriate solution. All details provided will be kept confidential.
  • Discuss options: We will discuss options for resolution with you and if you have suggestions about how the matter might be resolved you should raise these with your service provider.
  • Investigation: Where necessary, the complaint will be investigated. We will try to do so within a reasonable time frame. It may be necessary to contact others in order to proceed with the investigation. This may be necessary in order to progress your complaint.
  • Conduct of our employees: If your complaint involves the conduct of our employees we will raise the matter with the employee concerned and seek their comment and input in the resolution of the complaint.
  • The complaint is substantiated: If your complaint is found to be substantiated, you will be informed of this finding. We will then take appropriate agreed steps to resolve the complaint, address your concerns and prevent the problem from recurring.
  • If the complaint is not substantiated, or cannot be resolved to your satisfaction, but this Privacy Statement has been followed, Foundations Care may decide to refer the issue to an appropriate intermediary. For example, this may mean an appropriately qualified lawyer or an agreed third party, to act as a mediator.
  • At the conclusion of the complaint, if you are still not satisfied with the outcome you are free to take your complaint to the Office of the Australian Information Commissioner at oaic.gov.au.

We will keep a record of your complaint and the outcome.

We are unable to deal with anonymous complaints. This is because we are unable to investigate and follow-up such complaints. However, in the event that an anonymous complaint is received we will note the issues raised and, where appropriate, try and investigate and resolve them appropriately.

Changes to this Position Statement – Privacy 

Foundations Care reserves the right to review, amend and/or update this position statement from time to time.

We aim to comply with the APPs and other privacy requirements required to be observed under State or Commonwealth Government contracts.

If further privacy legislation and/or self-regulatory codes are introduced or our Position is updated.

How to contact us 

Individuals can obtain further information in relation to this privacy statement, or provide any comments, by contacting us. Matters referring or related to the Privacy Statement will be directed to the Privacy Officer:

Telephone: Foundations Care Out-of-Home Care Services – 1300 395 005

Email: feedback@fdc.csg.ngo

Lodge a Complaint: Click Here