2. Aim
This policy seeks to explain:
- how we protect, collect, retain, use and disclose personal information
- an individual’s rights in relation to personal information we hold
- how we will manage any identified data breach.
Scope
This policy applies to all staff (employees, volunteers and contractors) and to:
- any person who receives services and/or goods from us
- information provided by or to a third party relating to a person who receives services and/or goods from us
- any other person who may interact with us where the collection of personal information is required.
At Aspire Recovery Connection, we deeply value the trust you place in us. We’re not just about policies and procedures; we’re about people. This Privacy Policy is our way of being open and honest about how we care for your personal information, because your journey with us is both precious and private.
Our Commitment to You
We believe in the power of lived experience and the strength it brings to our community. Our commitment to you is rooted in compassion, respect, and transparency. This Privacy Policy is designed to outline how we handle and protect your information, ensuring that your journey with us is both empowering and secure.
Information We Collect
Think of the information we collect as the building blocks of your personalised support. This might include:
- Personal details: Your name, how to get in touch, your date of birth, and details about your NDIS plan.
- Health-related information: We’ll only ask about the things that directly relate to your health and the support you need.
- Other information: Anything else that helps us understand you better and provide the best possible care.
How We Use Your Information
We use your information to:
- Provide the support and services you deserve, and always look for ways to make them even better.
- Keep you in the loop about your support journey.
- Create a truly personalised experience, just for you.
- Make sure we’re always doing things the right way, according to the rules and regulations.
Information Sharing
We understand that sharing information is crucial for providing you with truly personalised support. But don’t worry, we’ll always ask for your consent first (unless it’s required by law). Here’s how we might share your information:
- With your consent: We may share information with others involved in your care, such as support coordinators, therapists, or family members, but only with your permission.
- To provide quality services: We might share information with our trusted partners who help us deliver our services, like those who process payments or manage our IT systems.
- To comply with the law: Sometimes, we might need to share information with government agencies or authorities, like the NDIA or the OAIC, if we’re required to do so by law.
We only share information that is relevant to your care and support. This may include personal details, health-related information, and any other details necessary for the provision of quality services. Rest assured, we keep our sharing focused and strictly needs-based.
Data Security
We take the security of your information very seriously. We have strong measures in place to protect it, like:
- Physical security: Keeping physical records safe and sound.
- Technical safeguards: Using technology like access controls, encryption, and firewalls to protect your data.
- Administrative controls: Having clear policies and procedures about who can access your information and how it can be used.
Data Breach Response
In the unlikely event of a data breach, we’ll be right there with you, taking these steps:
- Contain the breach: We’ll act quickly to stop any further unauthorised access.
- Investigate and assess: We’ll figure out what happened, who might be affected, and how serious it is. This will be managed through our internal ‘incident management’ system, where the breach will be logged and managed according to our Incident Management Policy.
- Notify affected parties: If there’s any risk to you, we’ll let you know straight away. Our Privacy Officer will assess the severity of the breach and, if necessary, escalate the matter to the relevant authorities, including the Office of the Australian Information Commissioner (OAIC) in accordance with the requirements of the Privacy Act.
- Communicate and support: We’ll keep you updated and offer support every step of the way. We understand the impact such incidents can have and are committed to communicating openly and transparently, offering support and resources to those affected.
- Remediate and prevent: We’ll fix the problem, reduce any further risks, and make sure it doesn’t happen again. We are dedicated to continuous improvement in our security practices to safeguard your information.
Your Rights
You’re in control of your information. You have the right to:
- Access your information: See what information we have about you.
- Update your information: Make sure your information is always correct and up-to-date.
- Make a complaint: If you think we’ve done something wrong, you can let the OAIC know.
Contact Us
We’re always here to listen. If you have any questions or worries about this Privacy Policy, please don’t hesitate to contact our Privacy Officer at hello@aspirerecoveryconnection.com.
Policy Review
We regularly check this policy to make sure it’s the best it can be and follows all the latest rules. We’ll let you know about any changes, and we’re always happy to hear your thoughts.
Privacy and Information Management Policy Version 2 .0
