This text is taken from our privacy policy and is correct as of the 16/04/2020. It is typically updated annually. Any more recent updates will be reflected in the ‘full privacy policy’ linked above.
Policy wording
- Adventure Works ensures that all information collected from persons will be considered private and confidential and not disclosed without the prior knowledge or consent from the individual or legal representative.
- Adventure works will inform participants, employees, and volunteers, of the purpose that the information is collected.
- Adventure Works will only collect information that is relevant and necessary to Adventure Works’ association with each individual. Adventure Works requires accurate information to be provided by the individual.
- Individuals will be required to update their personal information with Adventure Works at regular intervals appropriate to the type of information. This information will be promptly added and updated to the confidential database. In doing so, Adventure Works is taking steps to ensure that information is correct, relevant, and not misleading. Individuals are also informed that they may request a correction be made to their information at any time.
- If Adventure Works refuses to make a correction to personal information following a request from the individual, individual will be provided with reasons for refusal and the available complaint mechanisms. A statement will be associated with the personal information, describing the refusal of a correction. Individuals will not be charged for making a request to correct personal information.
- Information will be collected from the individual directly, or their legal representative. Information will not be sourced from external sources unless individual is aware and consenting to this practice. For example, an individual’s caseworker, medical practitioner, or supporter.
- Efforts will be made to notify an individual about information that is collected from someone other than himself or herself.
- Adventure Works uses a secure AAP’s compliant online database and cloud-based storage to access store information. Access is available only through restricted logins with two-factor authentication. File storage and access is predominantly via Microsoft Business Suite (Office 365) and infrastructure as well as our website platform that is maintained by a contractor DevApp.
- Microsoft privacy policy can be found here: https://www.microsoft.com/en-us/licensing/product-licensing/products#OST
- DevApp Privacy Policy here: https://www.devapp.com.au/about-us/privacy-policy/
- If unsolicited information is encountered, Adventure Works will assess whether this information is reasonably necessary to be aware of and confirm with the person it relates to that they consent to the information being kept on file. If consent is not granted, or information is not necessary, this information will be destroyed or de-identified.
- When collecting information from individuals for research, participants to the research will remain anonymous with any information provided being de-identified prior to any sharing of the information.
- Information will only be used for the purpose for which it was collected, or for another additional purpose if it is reasonably expected that the information be used or disclosed for another purpose, or the individual consents to the use of the information for another purpose (for example, data collection for a program evaluation). Exceptions to this: If the person were reported missing, Adventure Works may assist in locating them if they hold potentially relevant information; suspicion (with reason) of unlawful or serious misconduct relating to the person, and disclosing of information is necessary to take appropriate action; use or disclosure of information is necessary to lessen/prevent the threat of a serious life, health, safety risk to any individual or public health.
- Adventure Works will inform persons, prior to collecting information:
- Who Adventure Works is and provide contact details.
- The circumstances when information will be disclosed to other parties. This will include program facilitators and directors, who will necessarily have access to confidential information. Information may need to be made available in cases of mandatory – or otherwise – reporting to social services, or when working with a partner organisation.
- How and why information is collected, and what details this information may include.
- When and why disclosure of information will occur.
- That information is stored on a database that is accessible only to administrators (directors), who will pass on relevant information to necessary program coordinators. In the case of hard copies of notes / forms etc, information will be scanned onto participant files then original notes destroyed either by shredding or incineration.
- Information will be stored for 7 years after contact with the person has ceased, or, in the case of participants below the age of 18, for 7 years after the participant turns 18.
- Each person has the right to view his or her personal information. This information will be made available within 30 days of the request to view personal information.
- Each person has the right to request a correction be made to his or her personal information. If a decision is made that the correction is not made, a statement will be associated with the personal information explaining both the correction request and reason for denying request.
- At the closure of the required information storage period, information stored on the database will be permanently deleted.
- In the case of research being conducted, no identifying information will be recorded or provided.
- Individuals will be informed of the complaint handling process.
- Individuals will be informed of the consequences if personal information requested is not collected.
- It is understood by all parties involved with Adventure Works that Privacy is accepted as high priority, with procedures and actions that reflect this including training in privacy practices and evaluating and enhancing these privacy practices.
- All employees and volunteers who may come into contact with personal information (e.g. through spending time with a participant) will read this Privacy Policy, and sign to demonstrate an understanding and acceptance of it, prior to working with participants or accessing any form of personal information.
- Individuals will only receive direct marketing about, for example, training or programs that Adventure Works anticipates may be a suitable fit for that individual. Any such correspondence will come with a prominent statement providing a simple option for the individual to opt out of receiving any further marketing. Sensitive information will not be used for any such marketing.
- Adventure Works will collect some forms of government related identifiers from participants, volunteers, students and employees. For example, a Medicare number in case of injury, or driver’s license details so an employee will be legally permitted to drive with program participants. These details will not be shared, unless required by law to do so.
- Adventure Works does not anticipate that any personal information will be sent overseas. However, were such an occurrence to arise, this information would only be sent on condition that the other party enters into an enforceable contractual arrangement with the overseas recipient, requiring them to handle the information in accordance with the Australian Privacy Act. OR, if information is being received by a recipient who is already governed by Privacy laws that are substantially similar to those of Australia. OR if an individual gives explicit consent to the sharing of their personal information. OR if Adventure Works is ordered by law or court/tribunal order to share the information.
- Adventure Works’ Privacy police is aligned with the Commonwealth Privacy Act 1988.
Definitions
‘Personal information’ and/ or ‘sensitive information’ may refer to, but is not limited to, any individual’s contact details, employment details, health records, external agency or contacts information, medication records, accident or injury records, custodial arrangements. Also included as examples of personal and/ or sensitive information are observations of participants made by staff, details of personal conversations, staff employment records and reviews, and more.