This policy sets out how BlueCHP Limited (“BlueCHP”) collects, uses, discloses and manages your personal information and how BlueCHP complies with the Privacy Act 1988 (Cth) and the thirteen Australian Privacy Principles (“APP”) (refer Appendix 1).
Any personal information outside Australia, will be treated in accordance with the applicable law. Privacy is important because the people we deal with at BlueCHP expect us to handle their personal information properly and we have a legal obligation to do so.
The Australian Privacy Principles set out the standards, rights and obligations we hold in relation to collecting, storing, accessing and correcting personal information.
- WHAT IS PERSONAL INFORMATION?
This may include your name, address, telephone number, email address and profession or
occupation. If the information BlueCHP collects personally identifies you, or you are reasonably identifiable from it, the information will be considered to be personal information.
- Personal Information including names, addresses and other contact details; dates of birth; next of kin details; financial information, photographic images and attendance records.
- Sensitive Information (particularly in relation to providing appropriate housing services and our work health and safety obligations) including where relevant religious beliefs, government identifiers, nationality, country of birth, languages spoken at home, family court orders and criminal records.
- Health Information (particularly in relation to providing appropriate housing services and complying with our work health and safety obligations) including medical records, disabilities, individual health care plans, and counselling reports.
- WHAT PERSONAL INFORMATION DO WE COLLECT?
BlueCHP may collect but not limited to information including email address, physical address, contact details and name.
BlueCHP will collect your personal information directly from you unless it is unreasonable or
impracticable to do so. When collecting personal information from you, we may collect it in ways including:
- through your access and use of our website;
- through your enrolment and participation in feedback or surveys;
- during conversations between you and our representatives.
Where possible we have standardised the collection of personal information by using specifically designed forms. However, given the nature of our operations, we often also receive personal
information by email, letters, notes, over the telephone, in face to face meetings, through financial transactions and through surveillance activities such as the use of CCTV security cameras or email monitoring.
We may also collect personal information from other people for example, referring agencies, sub-contractors, service providers including health service providers and partner agencies publicly available sources such as social media. However we will only do so where it is not reasonable and practical to collect the information from you directly and will take reasonable steps to notify the individual, or otherwise ensure that the individual is aware that BlueCHP collects or has collected the information, and of the circumstances of that collection.
- WHAT HAPPENS IF BLUECHP CANNOT COLLECT YOUR PERSONAL INFORMATION?
If you decide not to provide BlueCHP with the personal information described above, some or all of the following may happen:
- BlueCHP may not be able to provide a requested response to your feedback or comment; or
- BlueCHP may not be able to provide you with information about the products and services that you may want.
- FOR WHAT PURPOSES DOES BLUECHP COLLECT, HOLD, USE AND DISCLOSE YOUR PERSONAL INFORMATION?
BlueCHP is a developer of affordable and specialist disability accommodation and we are a registered charity under the Australian Charity & Not-for-profit Commission. We are also registered as a Tier 1 community housing provider under the National Regulatory Scheme for Community Housing (“NRSCH”). We retain most of the properties we build and outsource the tenancy management to other community housing providers. In 2019 BlueCHP was registered with the NDIS as a Specialist Disability Accommodation Provider.
BlueCHP collects personal information in order to carry on its business, to provide
property-related products and services, to improve our products and services and to communicate with our customers and investors.
Personal information may be disclosed between related bodies corporate of BlueCHP and used by those entities for the same purposes for which the collecting company is entitled to use it.
Your personal information will not be shared, sold, rented or disclosed other than as described in this policy.
- DIRECT MARKETING COMMUNICATIONS
BlueCHP may send you direct marketing communications and information about products and services that we consider may be of interest to you, if you so desire.
These communications may be sent in various forms, including by telephone, text message, post and email. You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will try to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from BlueCHP by contacting us.
- HOW CAN YOU OPT-OUT OF OTHER MARKETING COMMUNICATIONS?
You can opt out if you prefer to not receive direct marketing communications about our products
and services. In order to opt-out, please contact our Privacy Officer at BlueCHP.
Please note that, if BlueCHP is currently providing you with services or products, BlueCHP will still need to send you essential information about your application, the relevant services or products and other information required by law.
- TO WHOM DOES BLUECHP DISCLOSE PERSONAL INFORMATION?
BlueCHP may disclose your personal information to government agencies, our service providers, agents, contractors, partner support agencies, business partners and other recipients from time to time, only if one or more of the following apply:
- you have consented;
- you would reasonably expect us to use or disclose your personal information in this way;
- we are authorised or required to do so by law;
- disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety;
- where another permitted general situation or permitted health situation exception applies;
- disclosure is reasonably necessary for a law enforcement related activity.
- CONFIDENTIALITY AND SECURITY OF INFORMATION
BlueCHP is committed to:
- safeguarding all personal information provided to BlueCHP;
- ensuring that personal information remains confidential and secure; and
- taking all reasonable steps to ensure that personal privacy is respected.
BlueCHP maintains physical, electronic and procedural safeguards to protect personal information from misuse, interference, unauthorised access, modification or disclosure, and loss or corruption by computer viruses and other sources of harm. Access to personal information is restricted to those employees, joint venture partners, subsidiary companies and third–parties who need to know that information.
- ACCESS AND CORRECTION OF PERSONAL INFORMATION
Where we hold information that you are entitled to access, we will try to provide you with a
suitable means of accessing it (for example, by mailing or emailing it to you). There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or it would result in a breach of confidentiality. If that happens, we will give you written reasons for the refusal.
If you believe that personal information, we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. If you wish to update the personal information that BlueCHP
may hold, please advise the BlueCHP Privacy Officer. In some unusual cases, we may not agree that there are grounds for amending your personal information. If that happens, we will add a note to the personal information stating that you disagree with it. Depending on the nature of the request, we may ask you to verify your identity, put your request in writing.
You may contact our Privacy Officer by telephone, email or send via post:
PO BOX 315X
Leumeah, NSW 2560
Phone: (02) 4621 8600
- WHAT IS THE PROCESS FOR COMPLAINING ABOUT A BREACH OF PRIVACY?
If you wish to make a complaint about a breach by us of your privacy (that includes the Australian National Privacy Principles) you may do so by providing your written complaint by email, letter or by personal delivery to any one of our contact details as noted below.
We will respond to your complaint within a reasonable time (usually no longer than 30 days) and we may seek further information from you to provide a full and complete response.
If an individual is not satisfied with BlueCHP’s response, the complaint can be referred to the Office of the Australian Information Commissioner (“OAIC”). The OAIC will generally only consider a complaint if the individual has first written to BlueCHP and given BlueCHP a reasonable opportunity to resolve the complaint (usually 30 days).
|Version||Policy name||Date approved||Approved by||Next review date|
Australian Privacy Principles (APP)
|APP 2 — Anonymity and pseudonymity||Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.|
|APP 3 — Collection of solicited personal information||Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.|
|APP 4 — Dealing with unsolicited personal information
|Outlines how APP entities must deal with unsolicited personal information.|
|APP 5 — Notification of the collection of personal information
|Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.|
|APP 6 — Use or disclosure of personal information
|Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.|
|APP 7 — Direct marketing
|An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.|
|APP 8 — Cross-border disclosure of personal information
|Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.|
|APP 9 — Adoption, use or disclosure of government related identifiers
|Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.|
|APP 10 — Quality of personal information
|An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.|
|APP 11 — Security of personal information
|An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy
or de-identify personal information in certain circumstances.
|APP 12 — Access to personal information
|Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.|
|APP 13 — Correction of personal information||Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.|