Home / Privacy Policy

Privacy Policy

1.Purpose

Carers SA is committed to protecting and maintaining the privacy and confidentiality of Carers and their families. This commitment extends all individuals who interact with Carers SA, including Carers, their families, members, employees, volunteers, Board Directors, students and representatives of partner organisation and service providers.

Carers SA is also committed to preventing misuse of personal information and managing privacy risks, including avoiding acts or practices that may result in a serious invasion of privacy.

Carers SA complies with the Privacy Amendment (Notifiable Data Breaches) Act 2017, the Privacy Act 1988 and the Australian Privacy Principles.

2.Scope

This policy applies to all Carers SA’s Staff, which includes all workers (including full-time, part-time and casual), students on work experience placement, volunteers and Board Directors. Stakeholders include contractors, 3rd party providers and workplace participants. For the purposes of this policy, the above will collectively be referred to as Staff.

The Privacy and Confidentiality Policy applies to all personal, health or sensitive information about individuals, collected, used, stored, disclosed, shared and destroyed by Carers SA, regardless of the format of the information.

It also applies to organisational information which is not to be used or disclosed by Staff.

3.Policy

  • Carers SA protects the personal information of the people it supports.
  • Carers SA applies consistent safeguards when handling personal information, recognising individuals may have varying levels of vulnerability. This includes applying appropriate consent, safeguarding and information sharing practices in accordance with legal and duty of care obligations.
  • Where specific legal arrangements or safeguarding considerations are identified (such as court orders or child protection involvement), Carers SA will take additional steps as required, including confirming appropriate consent or authority before engaging with individuals or disclosing personal information.
  • Carers SA collects personal information that is reasonably necessary to provide its services and supports. Wherever practicable, Carers SA collects personal information directly from the person using its services (usually a Carer).
  • Carers SA may collect personal information about a person receiving care from a Carer. In these circumstances, Carers SA will take reasonable steps to ensure that the Carer has the appropriate authority or consent to provide that information. Where practicable, Carers SA may seek to confirm consent directly with the individual to whom the information relates.
  • Where appropriate, Carers SA seeks consent to collect, use or disclose personal information. In some circumstances, information may be collected, used or disclosed without consent where authorised or required by law.
  • Individuals have the option of not identifying themselves or using a pseudonym when interacting with Carers SA, where this is lawful and practicable. However, this may limit the services available.
  • Carers SA obtains consent from the Carer (and/or person being cared for) before referral to other service providers.
  • In some circumstances, where appropriate consent or lawful authority is not available, Carers SA may be limited in its ability to provide certain services or supports involving the person receiving care.
  • Carers SA uses secure systems and platforms to transmit personal and sensitive information when sharing information with third parties or government agencies, including the use of secure, access-controlled and government-approved methods where required. Where personal information is provided directly to the individual to whom it relates, Carers SA may use standard communication methods, taking reasonable steps to ensure the information is provided safely.
  • Carers SA only uses personal information for the purpose for which it was collected, for related purposes that would reasonably be expected, or as required or permitted by law.
  • Carers SA is committed to the Information Sharing Guidelines (ISG), which provide a framework for how personal information is shared. These Guidelines support Carers SA staff to explain privacy, confidentiality and duty of care obligations when handling personal information. Under the ISG framework, Carers SA will seek consent before sharing personal information whenever it is safe and practicable to do so. In certain circumstances, personal information may be shared with other agencies or organisations without consent where necessary to prevent or lessen a serious threat to health or safety or where required or authorised by law to do so.
  • Carers SA uses secure IT platforms and software to store confidential information.
  • Carers SA complies with the Notifiable Data Breaches scheme where it is obligated to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.
  • Staff should take appropriate care and actions to ensure that information is not able to be accessed by unauthorised persons. This includes ensuring relevant conversations are private, ensuring computers are locked, not leaving confidential information in public areas of the office and/or other sites.
  • All Staff are informed of their obligations under this, Carers SA Privacy and Confidentiality Policy, and must declare and abide by this policy by signing the Privacy and Confidentially Declaration (as part of a condition of employment at Carers SA).
  • Staff are expected to return materials containing confidential information at the time of separation from employment or expiration of service. The Staff member’s obligation of confidentiality will continue after the end of their employment or volunteering with Carers SA.
  • Carers SA implements internal policies, procedures and staff training to support compliance with privacy obligations and the secure handling of personal information. These measures are regularly reviewed and updated.

Types of personal information Carers SA collects and holds

Carers SA only collects information from Carers (or their legal Guardian and where relevant, the person receiving care) that is necessary for the work undertaken by Carers SA and to support the provision of services to Carers. Some examples of information collected and held are:

  • Personal details, like name and date of birth (of the Carer and/or the person receiving care)
  • Address and contact details
  • Details about health, family, care supports and/or other issues relating to Carer needs
  • Information to determine eligibility for Carers SA services to support fair and equitable access to services
  • Information to help measure a Carer’s progress
  • Closed circuit television (CCTV) images for security purposes.
  • Other information to assist in carrying out services and activities or requested as part of funding agreements and guidelines.

In some circumstances, Carers SA may collect personal information about a person receiving care from a Carer. in accordance with this policy.

At or before the time of collection, or as soon as practicable afterwards, Carers SA takes reasonable steps to inform individuals about the purpose of collection, how their information will be used and disclosed, and how they can access or correct their information.

Carers SA also collects personal information about current, former and prospective Staff for employment and organisational purposes. This may include, but is not limited to: recruitment information (such as resumes, applications and reference checks), contact details, required clearances, bank details, emergency contacts and driver’s licence information.

How Carers SA collects information

Carers SA only collects personal information by lawful and fair means. Carers SA usually collects personal information from:

  • Online registration forms, either via the website or sent directly via secure communication methods;
  • Telephone calls;
  • Face-to-face meetings and interviews;
  • Membership information;
  • Application forms: such as application forms for government assistance programs and services administered by Carers SA, application forms to join or participate in programs provided by Carers SA;
  • Consent forms: such as a consent form to use a person’s name and photo in Carers SA publications;
  • Fundraising events: for example, from donations and fundraising event registrations;
  • Electronic communications: for example, e-mails and attachments (including CVs); forms filled out by people, including as part of acquiring a product or service from Carers SA;
  • Third parties: for example, from a Carers parents or guardians, recruitment agencies, referees, subcontractors, representatives or agents of service providers and government agencies;
  • Website interactions, including registering, engaging in discussion forums, providing feedback or making a donation; and
  • CCTV security cameras, where visible signage will be displayed.

Use of personal information

Carers SA will only use sensitive information for the purpose for which it was initially collected or for a directly related purpose, as required or permitted by law, or where consent has been given.

Carers SA does not use personal information for marketing purposes without consent. Individuals may opt out of receiving marketing or communications from Carers SA at any time by contacting Carers SA at: info@carerssa.com.au or by calling the Customer Service team on (08) 8291 5600 or 1800 422 737.

Carers SA provides information to its grant funding bodies for reporting and accountability purposes. This is done through secure Government reporting platforms (such as the Australian Government Data Exchange (DEX) and R2D2).

Some information provided may include identifiable personal details at the time of submission. This information is handled securely and is de-identified or aggregated by the receiving system for reporting, statistical and service improvement purposes.

Carers SA may use and share de-identified information for purposes such as internal research, service evaluation, planning, and to support external research, policy development and service improvement. This information does not identify individuals, and Carers SA takes reasonable steps to ensure that individuals are not reasonably identifiable before it is used or disclosed.

Disclosure of personal information

Carers SA may share personal information with partner organisations, service providers (such as counsellors), and other organisations involved in delivering services and supports on behalf of Carers SA, including as part of consortia or funded program arrangements. This sharing occurs as part of providing services and supports.

Carers SA may also make referrals to external organisations that are not part of Carers SA’s service delivery. In these cases, Carers SA will obtain consent before sharing personal information, unless otherwise authorised or required by law.

Carers SA will seek consent for the use or disclosure of personal information for purposes not directly related to service delivery, such as publicity or marketing activities, or where personal information is used for research.

Carers SA will not otherwise disclose personal information unless consent has been provided or where required or authorised under law.

Carers SA does not routinely disclose personal information to overseas recipients. If personal information is disclosed outside Australia, this will only occur in limited circumstances and with appropriate safeguards, including where consent has been obtained or where required by law, and where reasonable steps have been taken to ensure the recipient complies with Australian privacy laws or equivalent protections.

How Carers SA keeps personal information secure

Carers SA takes reasonable steps to ensure that personal information it holds is accurate, up to date and complete.

Carers SA takes reasonable and proportionate steps to protect personal information, including through the use of secure systems, access controls, staff training, and secure data transfer methods. Carers SA actively ensures that all personal information it holds is protected from misuse, interference and loss, and from unauthorised access, modification or disclosure. This is achieved through ICT protection, Carers SA’s CRM protocols, staff filing frameworks, secure data transmission protocols and electronic data transmission procedures. Further communications made online through the Carers SA website are secure. 

Carers SA Staff are trained in relation to their obligations related to this policy and have signed a declaration to follow the policy as part of their employment.

Where Carers SA engages third-party service providers, it takes reasonable steps to ensure those providers handle personal information in accordance with privacy laws and appropriate security standards. Carers SA retains personal information for only as long as necessary to fulfil its functions or as required by law, after which it is securely destroyed or de-identified.

Carers SA regularly reviews the personal information it holds to ensure it is not retained longer than necessary.

Integration of Generative AI Across Services and Operations

Introduction to Use of Generative AI Tools:

  • Carers SA embraces the power of generative AI to enhance services for Carers, the people that they support, service providers, Government Funders and other stakeholders. These technologies are used to support customer service interactions, optimise internal administrative functions, and streamline communications, contributing to efficiency, responsiveness, and data integrity across Carers SA’s operations.
  • Carers SA recognises that artificial intelligence technologies are rapidly evolving and increasingly integrated into many systems and services. Carers SA is committed to continuing to adapt to these developments and to promoting their responsible, safe and ethical use within its operations. This includes a continued focus on privacy, data security and maintaining the integrity of services delivered to Carers.

Comprehensive Application of AI Tools:

  • Application of approved generative AI tools spans various facets of the organisation. For Carers and the people they support, it translates into more efficient and personalised assistance. For Government funders and service providers, it ensures clear and concise communication, facilitating better collaboration. Internally, these tools enable Carers SA’s staff to minimise the time allocated to routine administrative tasks, reallocating that time to focus on Carers SA’s core mission of supporting Carers.

Data Protection and Ethical Use:

  • The approved generative AI tools employed are selected with a stringent focus on data security, ensuring that no personal or sensitive information is used to enhance AI models or retained beyond the necessary period. Carers SA upholds the privacy of Carers and the people they support, maintaining strict adherence to the Privacy Act 1988 and Australian Privacy Principles.

Transparency and Data Management:

  • Carers SA recognises the importance of transparency in the deployment of AI technologies. For Carers and the people they support, the use of AI is designed to complement and enhance the support offered, never to replace the personal touch that is central to Carers SA’s work. Carers SA Staff are instructed in the responsible use of AI, with internal guidelines to ensure the safeguarding of all data.
  • Carers SA does not use automated decision-making processes that make decisions which significantly affect individuals without human involvement. Where AI tools are used, they are designed to support staff decision-making, not replace it.
  • Information about the use of generative AI tools is outlined  in this policy. Carers SA is committed to transparency and welcomes any queries regarding their application.

Continual Review and Adaptation:

  • Carers SA’s policies and practices related to the use of generative AI are subject to continuous review and improvement. Carers SA commits to adapt strategies to align with evolving technologies, regulatory updates, and the feedback from the community. Any significant changes to Carers SA’s policies will be communicated to all parties involved, ensuring clarity and compliance.

Notifiable Data Breaches

Carers SA has processes in place to assess and respond to data breaches, including taking steps to contain the breach and prevent recurrence.

In the unlikely event of a data breach, Carers SA will notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner must also be notified of eligible data breaches via the Notifiable Data Breach Statement – Form.

Note: an eligible data breach is one which is likely to result in serious harm to any individual affected.

Should a data breach occur, Carers SA will undertake a full assessment of the incident and take steps to mitigate the risk of a data breach happening again in the future.

Access

Individuals have the right to request access to and correction of their personal information held by Carers SA.

Carers SA takes special care to ensure that the personal information it holds is accurate and up to date. Access or updates to the personal information Carers SA holds about an individual can be requested. 

Carers SA will allow access or make the changes unless it is considered that there is a sound reason under the Privacy Act 1988, or other relevant law to withhold the information.

Personal Information may be updated by Carers and members by calling Carers SA on 1800 422 737 with any general enquiries. Personal information may also be updated when conducting Carer reviews or other service interactions to ensure data currency and accuracy.

Links to other websites

The Carers SA Privacy Policy does not apply to external links, social media or non-Carers SA web pages. Such third party websites may collect personal information. Carers SA encourages individuals to read the privacy policies of external websites. Carers SA does not accept responsibility for any content contained on websites other than its own.

Confidentiality statement re Government funding requirement to collect a Minimum Data Set

Carers SA is required under State and Commonwealth funding agreements to collect certain information (Minimum Data Set) about Carers, the person(s) they care for where relevant, and the services provided.

This information may be provided to government departments through secure data systems (such as the Australian Government Data Exchange (DEX), relevant State Government reporting systems (eg R2D2), and other approved secure reporting platforms. 

Some information provided may include identifiable personal details. This information is handled securely and is de-identified or aggregated by the receiving system for reporting, statistical and service improvement purposes.

Users of Carers SA services are advised that this will enable the collection of information about services and service users. This information is used to understand service delivery and outcomes and does not affect an individual’s entitlements to, or access to services.

How to contact Carers SA

If you wish to contact Carers SA about its services, obtain access to or change personal information, have any questions about this policy or make any other enquiries contact Carers SA’s Privacy Officer:

  • by email to: info@carerssa.com.au
  • by writing to: Privacy Officer, Carers SA, PO Box 422, Fulham Gardens SA 5024
  • by telephone: (08) 8291 5600 or 1800 422 737

Individuals may also make a complaint about how their personal information has been handled by contacting Carers SA using the details above. Carers SA will respond to privacy complaints within a reasonable timeframe and take appropriate steps to address any concerns.

4. Definitions

Privacy    Keeping certain personal information free from public knowledge and having control over its disclosure and use.
Personal information  Names, details and information relating to Carers; matters of a technical nature; trade secrets; technical data; marketing procedures and information; financial information; strategic and business plans; and other information which Carers SA informs a staff member or volunteer is confidential. Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form. This may include information provided by a third party, such as a Carer providing information about a person receiving care.
Confidential information Names, details and information relating to Carers; matters of a technical nature; trade secrets; technical data; marketing procedures and information; financial information; strategic and business plans; and other information which Carers SA informs a staff member or volunteer is confidential.
Sensitive information Type of personal information Information or an opinion about an individual’s race or ethnicity, political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences, trade or professional associations, union membership, criminal record, health or genetic information or biometric information.
Confidentiality Declaration A separate legal concept to privacy, confidentiality applies to information given to a person or organisation under an obligation not to disclose that information to others unless there is a statutory requirement or duty of care obligation to do so. Confidentiality also applies to organisational information which is not to be used or disclosed by Board Directors, staff or volunteers.
Consent Voluntary, informed, current and specific agreement by an individual to the collection, use or disclosure of their personal information.
De-identified Information Information that has been processed so that individuals are no longer reasonably identifiable.
Disclosure   Making personal information accessible or visible to others outside of Carers SA.
ISG (Information Sharing)   Information Sharing Guidelines prescribe a regulatory framework for Carers SA Guidelines to sharing personal information to other organisations.
Government Reporting Platforms  Secure systems used by government agencies to collect and manage information for program delivery, reporting and accountability purposes (such as the Australian Government Data Exchange (DEX) and relevant State Government systems ie R2D2).
Secure systems and platforms Systems, applications or platforms that use encryption, access controls and other security measures to protect personal and sensitive information from unauthorised access, disclosure or loss during storage or transmission.