Can Speak Canberra Speech Pathology ABN: 161 552 645 36 (“us”, “we”, or “our”) recognises the importance of your privacy and respects your right to control how your personal information is collected and used. Can Speak Canberra Speech Pathology is committed to safeguarding the confidentiality of any personal or health information of individuals by:
- Creating procedures that protect privacy with regards to the collection, storage and disclosure of Personal Information; and
- Complying with the Australian Privacy Principles and the Privacy Act 1988 (Cth).
In this policy “Personal Information” means any information that may identify you, or by which your identity might be reasonably determined. The information you provide us may include, amongst other things, your name, address, email address, and phone number.
“Sensitive Information” means any information about an individual’s racial or ethnic origin, political opinions, memberships of a political organisation, religious belief or affiliation, philosophical belief, membership of a professional or trade association, membership of a trade union, sexual preference or practices, criminal record or health information.
Collection of Personal and Sensitive Information
Can Speak speech therapy collects Personal Information on individuals only with their consent. Generally, we collect your Personal Information and Sensitive Information directly from you. We collect information through various means. We will not collect information unless it is necessary for the functions or activities of Can Speak speech therapy.
There are situations where we may also obtain Personal Information about you from a third party source (for example a GP). If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purpose for which we are collecting your Personal Information and the organisations to which we may disclose your information, subject to any exceptions under the Privacy Act.
Use and disclosure of Personal and Sensitive Information
We only use Personal Information for the purposes for which it is given to us, or for the purposes which are related to one of our functions or activities. Identifying personal information will not be disclosed for marketing purposes.
The Personal Information we collect from you will be used primarily to render services related to Can Speak speech therapy services and business. We may also disclose your Personal Information to other external organisations including:
- government departments/agencies who provide funding for Can Speak services;
- doctors and health care professionals, who assist us to deliver our services; and
- our professional advisors, including our accountants, auditors and lawyers.
Except as set out above, Can Speak will not disclose an individual’s Personal Information to a third party unless one of the following applies:
- the individual has consented;
- the individual would reasonably expect us to use that information for another purpose related to the purpose for which it was collected (or in the case of sensitive information – directly related to the purpose for which it was collected);
- it is otherwise required or authorised by law;
- it will prevent or lessen a serious threat to somebody’s life, health or safety or to the public health or safety;
- it is reasonably necessary for us to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature that relates to our functions or activities;
- it is reasonably necessary to assist in locating a missing person;
- it is reasonably necessary to establish, exercise or defend a claim at law;
- it is reasonably necessary for a confidential dispute resolution process;
- it is necessary to provide health services;
- it is necessary for the management, funding or monitoring of a health service relevant to public health or public safety;
- it is necessary for research or the compilation or analysis of statistics relevant to public health or public safety;
- it is reasonably necessary for the enforcement of a law conducted by an enforcement body, in this case Can Speak will make a written note of the disclosure;
- a permitted general situation exists, as defined in s16A of the Privacy Amendment (Enhancing Personal Privacy) Act 2012; or
- a permitted health situation exists as outlined by s16B of the Privacy Amendment (Enhancing Personal Privacy) Act 2012.
From time to time our therapists may use email as a communication method to provide clients with items such as: newsletters, invoices, general business updates, progress notes and clinical reports etc. These items may contain your personal or sensitive information. Whilst your information will only be provided to you and other approved (by you) parties in this manner, clients need to be aware that there is a risk that this information may be accessed by other parties without authorisation (for example, if our email system is ‘hacked’ or a virus is received). Can Speak will take all reasonable steps to mitigate this risk, including regularly changing software passwords, not accessing software/emails from unauthorised computers, following a strict Information Technology policy etc.
Security of Personal and Sensitive Information
Can Speak speech therapy takes reasonable steps to protect the Personal Information and Sensitive Information we hold against misuse, interference, loss, unauthorised access, modification and disclosure. These steps include password protection for accessing our electronic IT systems, securing paper files in locked cabinets and applying physical access restrictions. Only authorised personnel are permitted to access our systems and controlled premises.
When Personal Information is no longer required, it is destroyed in a secure manner, or will be de-identified.
Can Speak uses cloud-based technology, which may be located offshore, to store client records such as photos, reports, file notes, and videos, and will take all reasonable measures to protect your Personal Information by:
- gaining your consent to the disclosure; or
- ensuring that the country of destination has similar protections in relation to privacy, and does not breach the Australian Privacy Principles; or
- entering into contractual arrangements with the recipient of your Personal Information that safeguards your privacy.
Alternatively if the information is required under Australian law, or if the information is required or authorised under international agreement to which Australia is a party to, or if is reasonably necessary by an enforcement body it may be shared.
Note: All our staff are bound by confidentiality and privacy policies, procedures and agreements, which apply both during and following employment with Can Speak. This includes the provision that if any staff comes into contact with a client of Can Speak outside of the clinic they will not acknowledge or approach the client – in order to safeguard the clients’ confidentiality rights.
Access to and correction of Personal Information
If an individual requests access to the Personal Information we hold about them, or seeks to change that Personal Information, upon this request we will give the individual access, unless:
- the request does not relate to the Personal Information of the person making the request;
- the request would have an unreasonable impact on the privacy of other individuals;
- providing access would pose a serious threat to the life, health or safety of a person or to public health or public safety;
- providing access would create an unreasonable impact on the privacy of others;
- the request is frivolous and vexatious;
- the request relates to existing or anticipated legal proceedings;
- providing access would prejudice negotiations with the individuals making the request;
- access would be unlawful;
- denial of access is authorised or required by law;
- access would prejudice an action in relation to suspected unlawful activity, or misconduct of a serious nature relating to the functions or activities of Can Speak speech therapy;
- access discloses a ‘commercially sensitive’ decision making process or information; or
- any other reason that is provided for in the APPs or in the Privacy Act.
Requests for access and/or correction should be made to the Practice Director. For security reasons, any request must be made in writing with proof of identity. This is necessary to ensure that Personal Information is provided only to the correct individuals and that the privacy of other persons is preserved.
In the first instance, Can Speak will assume (unless otherwise informed) that any request relates to current records. These current records will include Personal Information which is included in Can Speak’s databases and in paper files which may be used on a day-to-day basis.
If we deny access to information, we will set out our reasons for denying access in writing. Where there is a dispute about the right to access information or forms of access, this will be dealt with in accordance with our complaints procedure. More information about this process can be obtained from the Practice Director.
If an individual is able to establish that Personal Information Can Speak holds about her/him/their child is not accurate, complete or up to date, Can Speak will take reasonable steps to correct our records unless it is impracticable or unlawful to do so. In the event a request for change is refused Can Speak will set out, in writing, the reasons for refusal and the mechanism by which you can complain. We will not charge an individual for making the request or correcting the information.
Storage & Security
We will take reasonable steps to protect your personal information from misuse, loss, unauthorised access and modification or disclosure. We use commercially reasonable physical, technical and administrative measures to protect Personal Information that we hold, including, where appropriate, password protection, encryption, and SSL to protect our Site.
Despite taking appropriate measure to protect personal information used and collected by us, please be aware that no data security measures can guarantee 100% security all of the time. We cannot guarantee the security of any information transmitted to us via the internet and such transmission is at your risk.
If we no longer require the use of your personal information, we will take reasonable steps to destroy or permanently de-identify it.
Personal information may be stored electronically through third party data centres, which may be located overseas, or in physical storage at our premises or third-party secure storage facilities.
You are solely responsible for the maintaining the secrecy of any passwords and other account information pertaining to our Platform, apps or services.
Data Breach Notification Scheme
If we have reason to suspect a data breach has occurred, we will undertake an assessment in accordance with the Notifiable Data Breach Scheme. If we determine there has been an eligible data breach, we will notify you as soon as reasonably practicable.
If the breach relates to the My Health Records Act, we may disclose your personal information to the My Health Records System Operator under s 73A of that Act.
An identifier is a unique number assigned to an individual to identify them. Identifiers include Medicare Numbers and Tax File numbers. We will not adopt as our own any identifier of you or use or disclose an identifier of you which has been assigned by a government agency, unless permitted under the Act.
Employment applications and resumes collected by us are safely and securely stored and only used for the purposes for which they were collected.
Cookies, web beacons and analytics
We may send you direct marketing emails and information about products and services that we consider may be of interest to you. These communications will only be sent via email and in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth). If, at any time, you would like to stop receiving these promotional emails, you may follow the opt-out instructions contained in any such email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails or promotions from us, we still may send you email about your account, your account or any Services you have requested or received from us, or for other customer service purposes. We do not provide your personal information to other organisations for the purposes of direct marketing.
Consent to international transfer
We may transfer your Personal Information to organisations in other countries. Recipients may include our related entities or employees, external service providers such as administration providers or information technology providers such as cloud storage and data processing. We only transfer information where we reasonably believe that the recipient is legally or contractually bound to principles that are substantially similar to the Australian Privacy Principles.
Changes to this policy
Complaints and Enquiries
If you have a complaint about our privacy practices or our handling of your Personal Information or Sensitive Information, please notify our Practice Director and/or complete a Client Feedback Form (link located on our website). All efforts will be made to address complaints and achieve an effective resolution of your complaint within a reasonable timeframe. In most cases this will be 30 days or as soon as practicable. However if the matter is complex, the resolution of the complaint may take longer. All complaints and outcomes will be recorded. In the event that an anonymous complaint is received we will note the issues raised and where appropriate, investigate and resolve them appropriately. Details for the practice director are as follows;
Can Speak Canberra Speech Pathology
22 Thynne St
BRUCE, ACT, 2617
If you are not satisfied with our response you are entitled to contact the Office of the Australian Information Commissioner, by phoning 1300 363 992 or writing to the Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 1042.