What is privacy?
Diabetes Australia is covered by the Privacy Act 1988 (‘the Privacy Act’). Updated Privacy laws commenced on 12 March 2014 that introduced the new Australian Privacy Principles (‘APPs’). The APPs set out the way organisations and government agencies such as Diabetes Australia can collect, use, disclose and provide access to personal and sensitive information.
Personal information is any information that identifies or could identify a person, whether it is true or not. It includes, for example, your name, age, gender and contact details. Personal information can also include sensitive information, which is information about your health and health services provided to you.
Who is Diabetes Australia and what do we do?
Diabetes Australia is the national body for people affected by all types of diabetes and those at risk, and administers the National Diabetes Services Scheme (‘NDSS’) on behalf of the Australian Government.
The NDSS delivers diabetes-related products at subsidised prices and provides information and education support services to people with diabetes and their carers. Diabetes Australia contracts State and Territory diabetes organisations (‘NDSS Agents’) to provide NDSS services on its behalf.
Collection of your information
Diabetes Australia collects your personal and sensitive information only if you have consented to the information being collected, if the information is reasonably necessary for one or more of our functions or activities (which includes administering the NDSS) or if one of the other exceptions applies under the APPs.
We collect personal information about you, such as your name, contact details, gender, date of birth, Medicare or Department of Veterans’ Affairs number, country of birth, details of your parent or carer and details of your medical practitioner. We also collect sensitive information about you such as whether you are of Aboriginal or Torres Strait Islander origin, main language spoken at home, diabetes type, height, weight, whether your immediate relatives have had diabetes, treatment information and insulin status. We collect information about NDSS product sales, including the products purchased, date and location of purchase, and method of payment. We also collect your credit card details if you make an online donation to Diabetes Australia.
We only collect your information by lawful and fair means. We collect your information in a few different ways, including:
- forms, such as the NDSS registration form
- electronically, such as through our website
- phone calls
- information you provide while visiting NDSS Access Points, such as your local pharmacy, health centre and hospital
- information you provide while visiting NDSS Agent shop fronts or participating in diabetes support services provided by NDSS Agents
- other correspondence, such as email and mail.
We will always collect personal information from you directly unless it is unreasonable or impractical for us to do so. When a person with diabetes is under 15 years old, or is an adult receiving continuing care, the person’s primary carer or guardian must consent to the collection of the person’s information.
If we receive personal information about you that we did not request (for example, if you complete an NDSS registration form and you attach extra documents that we did not ask for) and we could not have collected this information as set out in the dot points above, we will destroy or de-identify the information (i.e. any information that could reasonably identify you as an individual is removed) as soon as practicable. This will apply except where the information is part of a Commonwealth record, or we are required by law or a court/tribunal order to retain the information.
When we collect your information, or as soon as practical after, we will take reasonable steps to let you know:
- that the information has been received by Diabetes Australia and how to contact us
- if we received your information from another source, details of the information we have received and why we received it
- why we are collecting the information
- the main consequences (if any) for you if you do not provide all or part of the information we have requested
- the organisations or types of organisations to which we normally pass on information
- whether we are likely to disclose information to overseas parties and if so, the countries in which those parties are located.
The Diabetes Australia website, NDSS website and sites administered by Diabetes Australia use software known as ‘cookies’ to record your visit to the website and collect some statistical information. We use this information to help administer and improve our websites. We do not use this information to personally identify you. Information we may collect includes:
- your server address
- your domain name
- the date and time of access to the website
- pages accessed and documents downloaded
- the previous site visited
- if you have visited the website before
- the type of browser software in use.
You may set your web browser to disable cookies when visiting our websites. However, some website functions may be unavailable if you choose to do so.
Can I remain anonymous?
It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself or to use a fictional name when interacting with us. You can remain anonymous when using some parts of the Diabetes Australia website, NDSS website or sites administered by Diabetes Australia. However, it may be necessary for us to collect your personal or sensitive information if you would like to access certain materials or services. If you choose to withhold the information we require, we may not be able to provide the services you have requested.
Security of your information
We take appropriate steps to protect your personal and sensitive information held by us from misuse, interference, unauthorised access, modification, loss or disclosure. This includes during storage, collection, processing, transfer and destruction of the information.
We take steps to ensure the security of the Diabetes Australia website, NDSS website and its related websites. However, users are advised that there is always some risk when transmitting information across the Internet, including a risk that information sent to or from a website may be intercepted, corrupted or modified by third parties.
The Diabetes Australia website, NDSS website and sites administered by Diabetes Australia contain links to external websites. We recommend that you review the privacy policies of those external websites as we are not responsible for their privacy practices.
When we no longer need personal information for any purpose we will take reasonable steps to destroy the information or ensure that the information is de-identified. This will apply except where the information is part of a Commonwealth record, or we are required by law or a court/tribunal order to retain the information.
Use of your information
We only use your personal and sensitive information for purposes which are directly related to the reason you provided us with your information in the first place and where you would reasonably expect us to use your information. For example, we may send people who register with the NDSS information about the use of products and the effective self-management of diabetes.
We will not use your personal information for another purpose unless you have given consent (for example, in the NDSS registration form) or one of the exceptions under the Privacy Act applies. For example, if the use of the information is authorised by Australian law or is necessary for law enforcement by an enforcement body, such as the Australian Federal Police.
Disclosure of your information
When you provide us with your personal and sensitive information through the NDSS registration form, we seek your consent to disclose the information for the purposes identified in the form.
We only disclose your personal and sensitive information for purposes which are directly related to the reason you provided us with your information in the first place and where you would reasonably expect us to disclose your information.
For example, if you are registered with the NDSS, your information will be provided to the Department of Health, as required by the Commonwealth. NDSS information will also be provided to the AIHW for statistical analysis and research. NDSS information provided by you may also be disclosed to other third parties, including organisations that deliver services on our behalf or to us, government agencies, mailing houses and other organisations or government agencies for the purpose of administering the NDSS.
We do not currently disclose your personal information to overseas parties. If your personal information is transferred overseas, we will comply with our obligations under the APPs.
We will not disclose your personal information for another purpose unless you have given consent (for example, in the NDSS registration form) or one of the exceptions under the Privacy Act applies. For example, we may disclose your personal information if authorised by Australian law or if necessary for law enforcement.
Direct communications and promotional materials
From time to time, we may send out promotional materials for the purposes of Diabetes Australia or the NDSS. If you do not wish to receive these communications, please contact Diabetes Australia to unsubscribe (see contact details below). Your information may also be used by us to provide you with details of our services and events where permitted by the Privacy Act or where you have consented to the use or disclosure of your personal information for direct communications and promotional materials.
It is our policy that any direct communication or promotional material will include a statement advising that you may request not to receive further material by contacting us using the details provided. Even if you unsubscribe, if you are registered with the NDSS you will still receive important information about diabetes and NDSS product safety issues.
Requests to participate in research by third parties
We often receive requests from researchers and non-government bodies for data to assist them to write research papers or to plan for the emerging needs of people with diabetes. We assess all research requests on specific criteria, such as the value of the research and the protection of the privacy of the individuals who have consented to be involved. Individuals registered with the NDSS may receive information from Diabetes Australia about opportunities to participate in research unless they have chosen to unsubscribe. There is no obligation to participate in a study and individuals may at any time unsubscribe from receiving information about opportunities to participate in research.
How to access and correct your information
We will take reasonable steps to ensure that all personal information that we collect, use or disclose is accurate, up-to-date, complete, relevant and not misleading.
We will correct any personal information that we believe to be incorrect, out-of-date, incomplete, irrelevant or misleading. This includes taking reasonable steps to notify any organisation or government agency to which information was disclosed about the correction. You may request to access or correct your personal information at any time by contacting the Privacy Officer using the details below. We will give you access to the information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.
If you request to access or correct your information, we will respond within a reasonable time (usually within 30 days). If your request is refused, we will give you a written notice that sets out the reasons for refusal and how to complain about the decision.
The Spam Act 2003
The Spam Act prohibits sending unsolicited commercial emails, SMS and MMS messages for commercial purposes. Examples of unsolicited communications are ones that do not directly relate to a service you have previously signed up with or agreed to. While not-for-profit organisations such as Diabetes Australia do have some exemptions from the Spam Act, we are guided by the Code of Practice developed by the Australian Direct Marketing Association.
See www.adma.com.au/compliance/code-of-practice/ for further information.
It is our policy that all electronic communications will include an unsubscribe facility.
Notifiable Data Breaches
The Privacy Act Amendment Notifiable Data Breaches (NDB) Act 2017 requires Diabetes Australia to notify particular individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the personal or sensitive information relates. Diabetes Australia will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action according to its data breach response plan. See https://www.oaic.gov.au/ for further information.
Complaints and enquiries
See www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint for further information.
GPO Box 3156
Canberra, ACT 2601
Phone: 02 6232 3800
Australian Capital Territory and New South Wales
Diabetes NSW & ACT
Healthy Living NT
Diabetes Australia – Vic