Privacy and Confidentiality Policy
The Assisting Communities through Direct Connection (ACDC) Project is an initiative of Community Mental Health Australia (CMHA) and as such is governed by its policies and procedures.
Community Mental Health Australia (CMHA) is committed to protecting your privacy and the privacy of any personal information that is provided to the organisation. CMHA complies with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth), the Privacy Legislation Amendment Act and the Privacy Amendment (Notifiable Data Breaches) Act 2017.
CMHA will act responsibly in the collection, management, storage and use of personal information and will ensure that any data breaches will be managed effectively and efficiently.
CMHA may commission services, projects or programs whereby personal and sensitive information is collected from people engaged with projects or services or from the general public.
Collection of Personal Information
- Sensitive information about a person will only be collected when:
the person, or their legal guardian, has given informed consent to the collection, and
- CMHA is authorised by law to collect the information.
In the collection of personal information, CMHA and its people will:
- only seek to collect personal information that is necessary for its activities, projects and
- only collect information in a lawful, fair and not unreasonably intrusive way
- collect information in such a way as it is not identifiable, unless it is required to be identifiable for the purpose of the activity
When personal information is collected from a person, CMHA takes reasonable steps to ensure that the person and/or their legal guardian (as applicable):
- is aware of CMHA and how to contact it
- is aware of the CMHA Privacy and Confidentiality Policy and how to access it
- has given informed consent for the collection, management, storage, and use of their information
- is aware that they can withdraw this consent at any time and understands the process for doing so
- is aware that once information has been de-identified, withdrawal of consent cannot include data used in a de-identified way
- has information about the purpose for which the information is collected
- can access information collected about them and understands the process for doing so.
Security of Information
CMHA’s information systems and files are kept secure from unauthorised access and staff, contracted agents and service providers have been informed of the importance placed on protecting your privacy and their role in helping us to do so. Information will be stored and disposed of in a secure environment, which may only be accessed by authorised personnel.
Disclosure to external partner organisations
CMHA partners with external organisations to whom we disclose personal information. To protect this information, we:
- enter into an agreement which requires the external partners to have systems in place to ensure privacy and confidentiality of personal information.
- only use or disclose the information for the purposes of the agreement.
- include special privacy requirements in the agreement, where necessary.
Checking on own personal information
You are entitled to view what personal information we hold about you. This will be available unless there is a relevant exception under the Privacy Act that applies. If you believe there are errors in our records about you, please let us know and we will investigate and correct any inaccuracies
CMHA uses external providers to track visits to our website. This information is collected anonymously and website trends without identifying individual visitors. We use this information to track the effectiveness of our website. Types of data collected include visits, viewed pages and the technical capabilities of our visitors. These statistics will not identify you as an individual.
Apart from notifying you of any service offerings, CMHA does not without your consent, sell, rent, license or otherwise disclose your information to any party not contracted to CMHA for the purposes of direct marketing. An ‘opt out’ mechanism is provided to enable you to stop receiving any direct marketing material from CMHA.
Notifiable data breach
Where CMHA becomes aware that there are reasonable grounds to believe a notifiable data breach has occurred, individuals at risk of serious harm and the Office of the Australian Information Commissioner (OAIC) will be notified as soon as practicable.
If you have any complaints or concerns over the protection of the information you have given to the ACDC Project, or that we have collected from others, contact us at: https://acdc.org.au/contact-us/
If you are not satisfied with the outcome of an investigation into a complaint, you can refer your complaint to the Office of the Australian Information Commissioner at www.oaic.gov.au
This policy is to be reviewed in May 2024.