PRIVACY POLICY

Can Speak Canberra Speech Pathology ABN: 161 552 645 36 (“us”, “we”, or “our”) recognises the importance of your privacy and respects your right to control how your personal information is collected and used. Can Speak Canberra Speech Pathology is committed to safeguarding the confidentiality of any personal or health information of individuals by:

  • Creating procedures that protect privacy with regards to the collection, storage and disclosure of Personal Information; and
  • Complying with the Australian Privacy Principles and the Privacy Act 1988 (Cth).

In this policy “Personal Information” means any information that may identify you, or by which your identity might be reasonably determined. The information you provide us may include, amongst other things, your name, address, email address, and phone number. 

“Sensitive Information” means any information about an individual’s racial or ethnic origin, political opinions, memberships of a political organisation, religious belief or affiliation, philosophical belief, membership of a professional or trade association, membership of a trade union, sexual preference or practices, criminal record or health information.

Collection of Personal and Sensitive Information

Can Speak speech therapy collects Personal Information on individuals only with their consent. Generally, we collect your Personal Information and Sensitive Information directly from you. We collect information through various means. We will not collect information unless it is necessary for the functions or activities of Can Speak speech therapy.

There are situations where we may also obtain Personal Information about you from a third party source (for example a GP). If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purpose for which we are collecting your Personal Information and the organisations to which we may disclose your information, subject to any exceptions under the Privacy Act.

Use and disclosure of Personal and Sensitive Information

We only use Personal Information for the purposes for which it is given to us, or for the purposes which are related to one of our functions or activities. Identifying personal information will not be disclosed for marketing purposes.

The Personal Information we collect from you will be used primarily to render services related to Can Speak speech therapy services and business. We may also disclose your Personal Information to other external organisations including:

  • government departments/agencies who provide funding for Can Speak services;
  • doctors and health care professionals, who assist us to deliver our services; and
  • our professional advisors, including our accountants, auditors and lawyers.

Except as set out above, Can Speak will not disclose an individual’s Personal Information to a third party unless one of the following applies:

  • the individual has consented;
  • the individual would reasonably expect us to use that information for another purpose related to the purpose for which it was collected (or in the case of sensitive information – directly related to the purpose for which it was collected);
  • it is otherwise required or authorised by law;
  • it will prevent or lessen a serious threat to somebody’s life, health or safety or to the public health or safety;
  • it is reasonably necessary for us to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature that relates to our functions or activities;
  • it is reasonably necessary to assist in locating a missing person;
  • it is reasonably necessary to establish, exercise or defend a claim at law;
  • it is reasonably necessary for a confidential dispute resolution process;
  • it is necessary to provide health services;
  • it is necessary for the management, funding or monitoring of a health service relevant to public health or public safety;
  • it is necessary for research or the compilation or analysis of statistics relevant to public health or public safety;
  • it is reasonably necessary for the enforcement of a law conducted by an enforcement body, in this case Can Speak will make a written note of the disclosure;
  • a permitted general situation exists, as defined in s16A of the Privacy Amendment (Enhancing Personal Privacy) Act 2012; or
  • a permitted health situation exists as outlined by s16B of the Privacy Amendment (Enhancing Personal Privacy) Act 2012.

From time to time our therapists may use email as a communication method to provide clients with items such as: newsletters, invoices, general business updates, progress notes and clinical reports etc. These items may contain your personal or sensitive information. Whilst your information will only be provided to you and other approved (by you) parties in this manner, clients need to be aware that there is a risk that this information may be accessed by other parties without authorisation (for example, if our email system is ‘hacked’ or a virus is received). Can Speak will take all reasonable steps to mitigate this risk, including regularly changing software passwords, not accessing software/emails from unauthorised computers, following a strict Information Technology policy etc.

Security of Personal and Sensitive Information

Can Speak speech therapy takes reasonable steps to protect the Personal Information and Sensitive Information we hold against misuse, interference, loss, unauthorised access, modification and disclosure. These steps include password protection for accessing our electronic IT systems, securing paper files in locked cabinets and applying physical access restrictions. Only authorised personnel are permitted to access our systems and controlled premises.

When Personal Information is no longer required, it is destroyed in a secure manner, or will be de-identified.

Can Speak uses cloud-based technology, which may be located offshore, to store client records such as photos, reports, file notes, and videos, and will take all reasonable measures to protect your Personal Information by:

  • gaining your consent to the disclosure; or
  • ensuring that the country of destination has similar protections in relation to privacy, and does not breach the Australian Privacy Principles; or
  • entering into contractual arrangements with the recipient of your Personal Information that safeguards your privacy.

Alternatively if the information is required under Australian law, or if the information is required or authorised under international agreement to which Australia is a party to, or if is reasonably necessary by an enforcement body it may be shared.

Note: All our staff are bound by confidentiality and privacy policies, procedures and agreements, which apply both during and following employment with Can Speak. This includes the provision that if any staff comes into contact with a client of Can Speak outside of the clinic they will not acknowledge or approach the client – in order to safeguard the clients’ confidentiality rights.

Access to and correction of Personal Information

If an individual requests access to the Personal Information we hold about them, or seeks to change that Personal Information, upon this request we will give the individual access, unless:

  • the request does not relate to the Personal Information of the person making the request;
  • the request would have an unreasonable impact on the privacy of other individuals;
  • providing access would pose a serious threat to the life, health or safety of a person or to public health or public safety;
  • providing access would create an unreasonable impact on the privacy of others;
  • the request is frivolous and vexatious;
  • the request relates to existing or anticipated legal proceedings;
  • providing access would prejudice negotiations with the individuals making the request;
  • access would be unlawful;
  • denial of access is authorised or required by law;
  • access would prejudice an action in relation to suspected unlawful activity, or misconduct of a serious nature relating to the functions or activities of Can Speak speech therapy;
  • access discloses a ‘commercially sensitive’ decision making process or information; or
  • any other reason that is provided for in the APPs or in the Privacy Act.

Requests for access and/or correction should be made to the Practice Director. For security reasons, any request must be made in writing with proof of identity. This is necessary to ensure that Personal Information is provided only to the correct individuals and that the privacy of other persons is preserved.

In the first instance, Can Speak will assume (unless otherwise informed) that any request relates to current records. These current records will include Personal Information which is included in Can Speak’s databases and in paper files which may be used on a day-to-day basis.

If we deny access to information, we will set out our reasons for denying access in writing. Where there is a dispute about the right to access information or forms of access, this will be dealt with in accordance with our complaints procedure. More information about this process can be obtained from the Practice Director.

If an individual is able to establish that Personal Information Can Speak holds about her/him/their child is not accurate, complete or up to date, Can Speak will take reasonable steps to correct our records unless it is impracticable or unlawful to do so. In the event a request for change is refused Can Speak will set out, in writing, the reasons for refusal and the mechanism by which you can complain. We will not charge an individual for making the request or correcting the information.

Storage & Security

We will take reasonable steps to protect your personal information from misuse, loss, unauthorised access and modification or disclosure.  We use commercially reasonable physical, technical and administrative measures to protect Personal Information that we hold, including, where appropriate, password protection, encryption, and SSL to protect our Site.

Despite taking appropriate measure to protect personal information used and collected by us, please be aware that no data security measures can guarantee 100% security all of the time. We cannot guarantee the security of any information transmitted to us via the internet and such transmission is at your risk. 

If we no longer require the use of your personal information, we will take reasonable steps to destroy or permanently de-identify it.

Personal information may be stored electronically through third party data centres, which may be located overseas, or in physical storage at our premises or third-party secure storage facilities.

You are solely responsible for the maintaining the secrecy of any passwords and other account information pertaining to our Platform, apps or services. 

Data Breach Notification Scheme

If we have reason to suspect a data breach has occurred, we will undertake an assessment in accordance with the Notifiable Data Breach Scheme.  If we determine there has been an eligible data breach, we will notify you as soon as reasonably practicable.

If the breach relates to the My Health Records Act, we may disclose your personal information to the My Health Records System Operator under s 73A of that Act.

Identifiers

An identifier is a unique number assigned to an individual to identify them.  Identifiers include Medicare Numbers and Tax File numbers. We will not adopt as our own any identifier of you or use or disclose an identifier of you which has been assigned by a government agency, unless permitted under the Act.

Career Applications

Employment applications and resumes collected by us are safely and securely stored and only used for the purposes for which they were collected.

Cookies, web beacons and analytics

When you interact with our Site, we strive to make your experience easy and meaningful. We, or our third-party service providers, may use cookies, web beacons (clear GIFs, web bugs) and similar technologies to track site visitor activity and collect site data. We may combine this data with the Personal Information we have collected from Customers. Examples of information that we may collect include technical information such as your computer’s IP address and your browser type, and information about your visit such as the products you viewed or searched for, the country you are in, what you clicked on and what links you visited to get to or from our site.  If we identify you with this information, any use or disclosure of that information will be in accordance with this Privacy Policy.

Third-party websites

At times, our Site may contain links to other, third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but, instead, is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

Marketing emails

We may send you direct marketing emails and information about products and services that we consider may be of interest to you. These communications will only be sent via email and in accordance with applicable marketing laws, such as the Spam Act 2004 (Cth).  If, at any time, you would like to stop receiving these promotional emails, you may follow the opt-out instructions contained in any such email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails or promotions from us, we still may send you email about your account, your account or any Services you have requested or received from us, or for other customer service purposes. We do not provide your personal information to other organisations for the purposes of direct marketing.

If you receive communications from us that you believe have been sent to you other than in accordance with this Privacy Policy, or in breach of any law, please contact us using the details provided below.

Consent to international transfer

We may transfer your Personal Information to organisations in other countries. Recipients may include our related entities or employees, external service providers such as administration providers or information technology providers such as cloud storage and data processing.  We only transfer information where we reasonably believe that the recipient is legally or contractually bound to principles that are substantially similar to the Australian Privacy Principles.

Changes to this policy

We may change this Privacy Policy from time to time. Any updated versions of this Privacy Policy will be posted on our Site – you should check periodically to review our current Privacy Policy, which is effective as of the effective date listed below. Your continued use of any of our Site and Services constitutes your acceptance and understanding of the Privacy Policy in effect at the time of your use. If we make any changes to this Privacy Policy that materially affect our practices with regard to the Personal Information we have previously collected from you, we will endeavour to provide you with notice in advance of such change by highlighting the change on the Site, or where practical, by emailing Customers. This policy current as of 7th March 2020.

Complaints and Enquiries

If you have a complaint about our privacy practices or our handling of your Personal Information or Sensitive Information, please notify our Practice Director and/or complete a Client Feedback Form (link located on our website). All efforts will be made to address complaints and achieve an effective resolution of your complaint within a reasonable timeframe. In most cases this will be 30 days or as soon as practicable. However if the matter is complex, the resolution of the complaint may take longer. All complaints and outcomes will be recorded. In the event that an anonymous complaint is received we will note the issues raised and where appropriate, investigate and resolve them appropriately. Details for the practice director are as follows;

Meagan Nicholls
Director
Can Speak Canberra Speech Pathology
Unit 9/37 Kesteven Street
Florey ACT 2615
meagan@canspeak.com.au

If you are not satisfied with our response you are entitled to contact the Office of the Australian Information Commissioner, by phoning 1300 363 992 or writing to the Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 1042.