This policy applies to all personal information collected, received, used and held by BlueCHP, relating to tenants, household members, former tenants and applicants. It excludes information relating to current or former employees.
Personal Information – According to the Privacy Act 1988 (Cth), personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- Whether the information or opinion is true or not; and
- Whether the information or opinion is recorded in material form or not.
Personal information includes information such as:
- An individual’s name and address
- Bank account details or credit card information
- Information about an individuals opinion or what they like.
Sensitive Information – According to the Privacy Act 1988 (Cth), sensitive information means:
- Information or an opinion about an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual preferences or practices; or
- criminal record;
- that is also personal information; or
- health information about an individual; or
- generic information about an individual that is not otherwise health information;
- biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
- biometric templates.
4. Policy Statement
BlueCHP is committed to ensuring information about tenants, household members, former tenants and applicants is kept and stored under the obligations under the Privacy Act 1988 (Cth)(including the Australian Privacy Principles) and the Health Records and Information Privacy Act 2002 (NSW). This policy aims to ensure that:
- Privacy and confidentiality is respected
- Personal and sensitive information is handled appropriately
5. Privacy Management
BlueCHP needs to collect personal information from individuals in order to:
- undertake our housing management functions
- assess tenancy applications
- allocate appropriate properties
- provide tenancy- related services
- complete mandatory reporting
- improve the quality of the services we provide; and
- contact individuals;
This can include, but is not limited to, their name; postal, residential and email address; gender; date of birth; nationality; languages spoken; education and qualifications; bank account details; proof of identity; photographs and emergency contact details We may also collect sensitive information about you, including health or medical information, criminal record and race information where this information is relevant to the services we supply to you. Additionally, BlueCHP may also collect, use or disclose government related identifiers, such as an individual drivers licence or Centrelink Reference Number (CRN), where it is reasonably necessary for the purposes of BlueCHP’s functions or activities.
We collect information directly from you, from publically available sources of information and from third parties:
- by using written forms
- through contact in person or over the telephone, mobile or other messaging technology
- via the internet (including via email or through our website); and
- through MOU’s with relevant organisations; including NSW Police, Facs – Housing NSW and Centrelink
5.2 Use and Disclosure
BlueCHP may use and disclose information it collects for a wide range of purposes; in line with the reason, it was collected. We may also use your personal information for a secondary purpose, where you would reasonably expect us to use or disclose your personal information for that purpose. For example:
- to seek feedback and improve our services;
- to better understand our client base;
- to engage in marketing (where individuals have provided their prior written consent); and
- to issue payment reminders
There may be other instances where your personal information is disclosed, including where:
- you have consented the use or disclosure
- it is reasonably necessary for the purposes of law enforcement activities or if the information is requested under the Record of Understanding
- we are required or authorised by law to disclose your personal information, for example, to a court in response to a subpoena
- BlueCHP reasonably believes that use or disclosure is necessary to lessen or prevent a serious threat to life, health or safety of an individual, or to public health or safety.
5.3 Storage and protection of personal information
BlueCHP stores personal information in both hard copy and electronic form. Electronic files may be managed or administered:
- internally by BlueCHP
- by a third party storage provider with whom we have a contractual relationship, with information being held locally in Australia and in the cloud overseas. Where information is stored in the cloud, BlueCHP will comply with the Privacy Act 1988 (Cth),
BlueCHP will take all reasonable steps to ensure that personal information is stored securely and is protected from misuse, interference or loss and unauthorised access, modification or disclosure. The ways we do this include:
- limiting physical access to our premises
- limiting access to the information we collect about you
- putting in place physical, electronic and procedural safeguards in line with industry standards (such as passwords and physical locks on cabinets)
If BlueCHP holds personal information about an individual and no longer needs the information or BlueCHP is no longer required or authorised by Australian law or a court/tribunal order to hold the information, we will take all reasonable steps to ensure that the information is destroyed or de-identified.
5.4 Access and correction
Individuals have the right to request access to the personal information we hold about them and request us to correct any inaccurate, out-of-date, incomplete, irrelevant or misleading personal information.
If you would like to request access to, or the correction of, the personal information we hold about you, please contact us. You will be required to provide some proof of identification so that we can verify that it is you making the request.
In some instances, access to personal information may be refused. These circumstances include when:
- BlueCHP believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
- giving access would have an unreasonable impact upon the privacy of other individuals
- the request for information is frivolous or vexatious
- the information relates to existing or anticipated legal proceedings between BlueCHP and the individual, and would not be accessible by the process of discovery in those proceedings
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of an enforcement body
BlueCHP will take all reasonable steps to ensure that the personal information that we collect, use and disclose is accurate, up to date, complete and relevant.
If BlueCHP believes that that the personal information that we collect use and disclose is not accurate, up to date, complete and relevant, we will take all reasonable steps to ensure the information is corrected in a reasonable period. Changes to the information will only be made when BlueCHP can be satisfied that the change is accurate.
If a request to correct an individual’s personal information is refused, BlueCHP will provide the individual with a written notice outlining the reason for our decision and the mechanisms available to make a complaint.
5.5 Legislative and Regulatory Framework
- Privacy Act 1988 (including the Australian Privacy Principles)
- Health Records and Information Privacy Act 2002 (NSW)
- NSW Police Record of Understanding for Community Housing providers
5.6 Complaints and Appeals
If you are concerned that we have not complied with your legal rights or applicable privacy laws you can make a complaint through our internal complaints process, or you may decide to make a formal complaint with the Office of the Information Commissioner. To make a complaint using BlueCHPs complaint process please refer to our Complaints Policy for further information.
To make a complaint to the Office of the Australian Information Commissioner (OAIC), write to:
Director of Compliance
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001