This document sets out the policy of 24/7 Nursing and Medical Services ACN 88 104 310 670 ("24/7 NMS") relating to the protection of the privacy of personal information.
24/7 NMS is a business which is involved in the collection of personal data in the course of its business activities and on behalf of its clients.
1.1 What is personal information?
Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is either identified or reasonably identifiable.
Examples include an individual's name, address, contact number and email address.
1.2 Our obligations
24/7 NMS is required to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act). The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection/receipt to use and disclosure, storage, accessibility and disposal.
We are also required to comply with other, including more specific privacy legislation in some circumstances, such as:
- • applicable legislation of the other national jurisdictions in which 24/7 CRS operates;
- • applicable Australian State and Territory health privacy legislation (including the NSW Health Records and Information Privacy Act 2002) when we collect and handle certain health information; and
- • the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
1.3 Employee records
24/7 NMS's policy is to protect the personal information of its employees as it does other personal information.
2. The purposes for which we collect, hold, use and disclose personal information
To the extent required by the Privacy Act:
- • 24/7 NMS will not collect personal information about you unless that information is necessary for one or more of ours or our clients' functions or activities
- • 24/7 NMS will collect personal information only by lawful and fair means and not in an unreasonably intrusive manner
24/7 NMS will collect your personal information directly from you and your legal representatives where it is reasonable and practicable to do so. Where 24/7 NMS collects information about you from a third party, we will still take reasonable steps to ensure that you are made aware of the details set out above.
2.2 Use and disclosure of personal information by 247 NMS
If 24/7 NMS uses or discloses your personal information for a purpose (secondary purpose) other than the main reason for which it was originally collected (primary purpose), to the extent required by the Privacy Act, we will ensure that:
- • the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that 24/7 NMS would use or disclose your information in that way;
- • you have consented to the use or disclosure of your personal information for the secondary purpose:
- o the use or disclosure is required or authorised by or under law; or o the information has been requested by parties and or their legal representatives,
- o the use or disclosure is otherwise permitted by the Privacy Act (for example, as a necessary part of an investigation of suspected unlawful activity)
The information received by 24/7 NMS is stored and secured on a dedicated server with restricted access by 24/7 NMS management.
2.3 Why does 24/7 NMS collect personal information?
24/7 NMS collects personal information for a range of purposes on behalf of their clients, including to:
- • provide information on services and benefits.
- • conduct surveys and market research for product and service improvement purposes and to compile statistics and analyse trends.
- • recruiting staff and contractors;
- • provision of information to customers and clients for the purpose of clinical trials
- • processing payments;
- • answering queries and resolving complaints; and
- • using aggregated information for business analysis We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or which are:
- • required or authorised by or under law (including, without limitation, privacy legislation); and
- • for which the individual has provided their consent
2.4 How might we contact you?
We may contact you in a variety of ways, including by email and via your Facebook account.
We will not send you any commercial electronic messages such as SMSs or emails unless this is permitted by the Spam Act (for example, if we have your express or inferred consent to do so). Any commercial electronic message that we send will identify 247 NMS as the sender and will include our contact details. The message will also provide an unsubscribe facility. If you do not wish to receive commercial electronic messages from us, please let us know (our contact details are provided at the end of this policy).
2.6 Do Not Call Register
We will not call you on a number listed on the Do Not Call Register unless this is permitted under the Do Not Call Register Act and related instruments (for example, if we have your express or inferred consent to do so). If you do not wish us to call you on a particular number, please let us know (our contact details are provided at the end of this policy).
2.7 Direct marketing
We may use personal information, specifically your name and relevant address details, to let you know about our services, facilities and benefits and those of third party partners/contractors/suppliers/customers of 24/7 NMS, where we have your consent. We are not permitted to do so unless we have your consent. We and/or our partners/contractors/suppliers may contact you for direct marketing purposes in a variety of ways, including by mail, email, SMS, telephone, online advertising or facsimile.
For example, where we have your consent, we will send you:
- o information of ours and our clients offerings and advertising of the availability of goods, facilities and services in the classes of personal and business products and services,; and
- o if you have provided consent, we may use your personal information to contact you with information about 24/7 NMS and our current and future benefits, events and opportunities in terms of clinical trials.
Where you have consented to receiving direct marketing communications from us, your consent will remain current until you advise us otherwise. However, you can opt out at any time, in the following ways:
- • Sending a letter to the 24/7 NMS Privacy Officer,
- • Or send an email to email@example.com
Notification of source
If we have collected the personal information you can ask us to notify you of our source of information, and 24/7 NMS's policy is to do so unless this is unreasonable or impracticable.
3. The kinds of personal information we collect and hold
The type of personal information that 24/7 NMS collects and holds about you includes the following:-
- • We collect information including your name, address, contact number, gender, date of birth, address and email address.
- • contact us with an enquiry, if you do not take advantage of the option to use anonymity or pseudonymity, depending on the nature of the enquiry, we will record details about you and relating to the enquiry;
- • are a supplier to 24/7 NMS, we collect contact address details, usually including but not limited to all forms of contact and address, billing information and information about the goods and/or services you supply;
- • apply for a job at 24/7 NMS, we will collect the information you include in your application for employment, including your cover letter, resume, contact details and referee reports;
- • are a media contact of 24/7 NMS;
- • are a member of the general public who contacts 24/7 NMS who elects not to rely on anonymity or pseudonymity, we collect contact address details, usually including but not limited to email addresses and phone numbers and details about the reason for the contact.
3.2 Sensitive information
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record and some types of biometric information.
24/7 NMS's policy is only to collect sensitive information where it is reasonably necessary for our functions or activities and either:
- • the individual has consented; or
- • the circumstances of the work we are required to undertake necessitates this;
- • we are required or authorised by or under law (including applicable privacy legislation) to do so
3.3 Collection of information other than personal information through our website
When you visit the forensicacctg.com.au website, some of the information that is collected about your visit is not personal information, because it does not reveal your identity. Cookies
A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies used by 24/7 NMS may identify individual users who log into the website.
Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website (such as preventing users from logging on and making purchases).
3.4 What if you don't want to provide your personal information to us?
24/7 NMS's policy is to provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual's actual name. For example, 24/7 NMS's policy is to enable you to access our website and make general phone queries without having to identify yourself and to enable you to respond to our surveys anonymously.
In some cases however, if you don't provide us with your personal information when requested, we may not be able to respond to your request or provide you with the product or service that you are seeking.
4. How we collect and hold personal information
4.1 Methods of collection
24/7 NMS is required by the Privacy Act also to collect personal information only by lawful and fair means. If it is reasonable and practicable, we will collect personal information we require directly from you.
We collect personal information in a number of ways, including:
- • by email;
- • over the telephone;
- • through written correspondence (such as letters, faxes and emails);
- • on hard copy forms (including event registration forms, network registration forms competition entry forms and surveys);
- • in person (for example, at job interviews and at events);
- • through our website
- • electronic systems such as Applications;
- • from third parties, including:
- o direct marketing database providers;
- o public sources, such as telephone directories
4.2 Collection notices
Where 24/7 NMS collects personal information directly from you, 24/7 NMS's policy is to take reasonable steps to notify you of certain matters. We will do this at or before the time of collection, or as soon as practicable afterwards. The matters include:
- • our identity and how to contact us;
- • the purposes for which we are collecting the information;
- • whether the collection is required or authorised by or under by or under an Australian law or a court or tribunal order;
- • the third parties (or types of third parties) to whom we would normally disclose information of that kind;
- • whether any of those third parties are located overseas and, if practicable to specify, the countries in which they are located; and
We will generally include these matters in a collection notice. For example, where personal information is collected on a paper or website form, we will generally include a collection notice, or a clear link to it, on the form.
Where 24/7 NMS collects information about you from a third party, 24/7 NMS's policy is to take reasonable steps to make sure that you are made aware of the collection details listed above and, if you may not be aware that that we have collected the information, of the fact and circumstances of the collection.
4.3 Unsolicited information
Unsolicited personal information is personal information we receive that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement).
We may keep records of unsolicited personal information if the Privacy Act permits it (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, 24/7 NMS's policy is to destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
5. Disclosure of personal information to third parties
Under 24/7 NMS's policy, personal information may be disclosed to the following third parties where appropriate:-
- • our clients partners and sponsors;
- • referees whose details are provided to us by job applicants;
- • 24/7 NMS's contracted service providers, including:
- o information technology service providers;
- o publishers of our newsletters,
- o conference organisers;
- o marketing and communications agencies;
- o call centres and call training centres
- o mailing houses, freight and courier services;
- o printers and distributors of direct marketing material; and
- o external business advisers (such as recruitment advisers, auditors and lawyers)
In the case of these contracted service providers, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
6. Cross border disclosure of personal information
24/7 NMS operates in Australia.
However 24/7 NMS may disclose personal information to third parties located overseas where certain work is required to be performed.
In each case, 24/7 NMS's policy is to comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information, as well as with any legal requirements applicable in the relevant jurisdiction.
7. Use of government related identifiers
24/7 NMS's policy is to not:
- • use a government related identifier of an individual (such as a Medicare number or driver's licence number) as our own identifier of individuals; or
- • otherwise use or disclose such a government related identifier,
unless this is permitted by the Privacy Act (for example, where the use or disclosure is required or authorised by or under an Australian law or a court/tribunal order). 8. Data quality and security
We hold personal information in a number of ways, including in electronic databases, email contact lists, and in paper files held in drawers and cabinets, locked where appropriate. Paper files may also be archived in boxes and stored offsite in secure facilities. 24/7 NMS's policy is to take reasonable steps to:
- • make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant; and
- • protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure
You can also help us keep your information up to date; by letting us know about any changes to your personal information, such as your email address or phone number.
The steps we take to secure the personal information we hold include ICT security (such as encryption, firewalls, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies. Website security
While 24/7 NMS strives to protect the personal information and privacy of website users, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact 24/7 NMS by post.
You can also help to protect the privacy of your personal information by keeping passwords secret and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.
Third party websites
9. Access and correction of your personal information
Individuals have a right to request access to the personal information that 24/7 NMS holds about them and to request its correction.
You can contact our Privacy Officer if you would like to access or correct the personal information that we hold about you. We may ask you to verify your identity before processing any access or correction requests, to ensure that the personal information we hold is properly protected.
24/7 NMS's policy is to provide you with access to your personal information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested (e.g. by providing photocopies or allowing a file to be viewed), provided it is reasonable and practicable for us to do so. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.
If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, 24/7 NMS's policy is to take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, upto- date, complete, relevant and not misleading.
If we correct personal information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Act, you may ask us to notify that other entity. If so, 24/7 NMS's policy is to take reasonable steps to do so, unless this would be impracticable or unlawful.
Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 60 days.
If we refuse your access or correction request, or if we refuse to give you access in the manner you requested, 24/7 NMS's policy is to provide you with a written notice setting out:
- • the reasons for our refusal (except to the extent that it would be unreasonable to do so); and
- • available complaint mechanisms
In addition, if we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to associate the statement in such a way that will make it apparent to users of the information.
If you have a complaint about how 24/7 NMS has collected or handled your personal information, please contact our Privacy Officer.
Our Privacy Officer will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week.
If your complaint can't be resolved at the first instance, we will ask you to complete a Privacy Complaint Form, which details (for example) the date, time and circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how would you like your complaint resolved.
We will endeavour to acknowledge receipt of the Privacy Complaint Form within five business days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the facts, locating and reviewing relevant documents and speaking to relevant individuals.
In most cases, we expect that complaints will be investigated and a response provided within 30 days of receipt of the Privacy Complaint Form. If the matter is more complex and our investigation may take longer, we will write and let you know, including letting you know when we expect to provide our response.
Our response will set out:
- • what action, if any, 24/7 NMS will take to rectify the situation
If you are unhappy with our response, you can refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies, such as the Victorian Health Services Commissioner or the Australian Communications and Media Authority
11. Further information
Please contact 24/7 NMS if you have any queries about the personal information that 24/7 NMS holds about you or the way we handle that personal information. Our contact details for privacy queries are set out below.
12. Changes to this policy