INTRODUCTION & OVERVIEW
Here at Day Hospitals Australia Ltd ABN 37 054 719 050 (DHA, we, us or our) protecting the privacy of our members and treating member’s personal data in accordance with Australian privacy laws with care is of paramount importance to us. This Privacy Policy also applies to our related bodies corporate. This Privacy Policy explains what personal data we collect, why we collect personal data and how we collect, use, disclose, store and protect your personal data when you visit our website, use our services or products, provide us with information yourself (such as when you sign up to our service or use our services) or when you accept services from us. We collect and process your personal data for specific purposes including: to provide and improve our services, to communicate with you, to personalise your experience, for analytics and research, and to comply with legal obligations.
It also explains how to contact us to correct, update or delete any personal data provided to us, or make a complaint if you have concerns.
We are compliant with the Privacy Act 1988 Australia. In the event of a data breach, we have a clear and actionable response plan in place. This includes promptly notifying affected individuals and relevant authorities, containing the breach, assessing its impact, and implementing measures to prevent future occurrences. If you have any questions or concerns about our data handling practices, please contact our Data Protection Officer at privacy@dayhospitalsaustralia.net.au
We will only collect and process personal data about you where we have a lawful basis to do so. Lawful basis includes consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you), legal obligation (where processing is necessary for compliance with a legal obligation we have), legitimate interests (including security threats or fraud, risk of harm to self or others, compliance with applicable laws, and enabling us to administer our service), or when it is required or authorised by or under an Australian law or a court/tribunal order.
If you choose to withdraw your consent, we will stop processing your personal data for the purposes you initially agreed to, unless we have another lawful basis for doing so. This may result in limited access to certain features or services that require the processing of your personal data. We will retain your data only as necessary to comply with legal obligations or resolve disputes.
We maintain secure records of all user consents and withdrawals to ensure compliance with data protection regulations and to respect your privacy choices. These records are kept for the duration of our relationship with you and for a reasonable period thereafter as required by applicable laws.
Unless otherwise indicated by the context words importing the singular include the plural and vice versa.
CHANGES THAT WE MAKE TO OUR PRIVACY POLICY
We will notify you about any changes to our Privacy Policy by updating the “Last Updated” date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates. We will seek your explicit consent for any changes in our Privacy Policy that affect how we process your personal data. If you do not agree with the changes, you may choose to stop using our services.
COLLECTION OF YOUR PERSONAL DATA BY THIRD PARTIES
This Privacy Policy does not apply to any third-party service or website which we connect to, and which may also collect and use information about you. We are not responsible for the privacy practices of any third party. However we take reasonable steps to ensure that third parties who are required to access your personal information as part of the services we provide to you have at least the same level of security we employ to protect your personal data.
IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OUR WEBSITE, USE OUR SERVICES OR PROVIDE ANY INFORMATION ABOUT YOURSELF TO US.
WHICH ENTITIES DOES THIS PRIVACY POLICY COVER?
This Privacy Policy applies to us with respect to content on our websites, our services and information you provide to us about yourself.
WHAT IS PERSONAL DATA?
Personal data is defined as data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access. Personal data may include sensitive information such as health information about you.
WHEN AND HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect most personal data directly from you when you consent to use our services or receive communications from us, or information we receive from third parties (for instance if you use your Google Account to log into our website or services). Your consent may be express (e.g. you apply to become a member of DHA or you agree to the use of your information by ticking a box) or implied by an action you take or do not take (i.e. because you have agreed to terms and conditions that contain information about the use or disclosure of your information).
You provide us your information when you use our products, services or you use our website generally or you deal with us.
WHAT PERSONAL DATA DO WE COLLECT?
We collect demographic and personally identifiable information either directly from you or as provided to us through third parties that you have consented to disclose such information. That personally identifiable information, collected in compliance with the Privacy Act, may include (but not be limited to):
We may collect these types of personal data either directly from you, or from third parties or from third party applications you control and give us access to. We may collect this information when you:
You can choose not to provide us with your personal data. However, please note that if you do not provide this information, you may not be able to take full advantage of some of the features of our services or our website. It is important to note that the provision of personal data is voluntary. You have the right to withdraw your consent at any time, in which case you should contact us using the contact details provided in this policy.
WHY DO WE COLLECT YOUR PERSONAL DATA?
We may collect your personal data when required by law but generally we collect personal data from you (or about you) to allow us to:
Personal data collected or received by us will only be used for the stated purpose for which it was provided.
WHEN DO WE DISCLOSE YOUR PERSONAL DATA?
We may collect, hold, use and disclose your personal data for the following purposes:
TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
We may disclose personal data for the purposes described in this privacy policy to:
If personal data is disclosed to a third party, we commit to taking reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to that information. We may disclose your personal data to a trusted third party who also holds other information about you. This third party may combine that information to enable it and us to develop anonymised consumer insights, with the aim of better understanding your preferences and interests, personalising your experience, and improving the products and services that you receive as member of DHA, provided we have obtained your explicit consent beforehand.
AGGREGATED INFORMATION & DIRECT MARKETING
We do not sell your personal data. However, we may aggregate the information you and others provide to us and share this anonymised and aggregated information with third parties.
We may use and share this aggregated information with third parties for research purposes or to enhance our services and provide our partners with a better understanding of the users of our services. We will not sell or license this aggregated information.
We and/or our carefully selected business partners may send you direct marketing communications and information about our services and products and their products and services. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the laws of Australia. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g., an unsubscribe link).
You can object to us using your information for these purposes.
WHAT IF YOU DON’T WANT US TO COLLECT YOUR PERSONAL DATA?
You are not obligated to provide us with your personal data. You may choose whether you receive communications from us. Whilst it is your choice not to provide your personal data to us this may impede our ability to provide you with all the functionality of our services and website.
WHAT IF YOU DON’T WANT TO RECEIVE FURTHER COMMUNCATIONS FROM US?
Should you wish to remove yourself from our database you may do so at any time by contacting us by emailing us at info@dayhospitalsaustralia.net.au
HOW CAN I ACCESS, CORRECT AND/ OR UPDATE PERSONAL DATA YOU HAVE COLLECTED?
At any time, you may contact us to request your personal data be modified. We will make all efforts to correct data once we have proved your identity. Once any corrections are made to your personal data, we will notify you via email or your preferred method of communication to confirm that the changes have been implemented. We do not charge any fees for processing access or correction requests or submit corrections.
To submit corrections to your personal data, please email our Privacy Officer at privacy@dayhospitalsaustralia.net.au with the subject line “Personal Data Correction Request”. In your email, please include your full name, contact information, the specific data you wish to correct, and the accurate information. We will verify your identity and process your correction request as quickly as possible, making all efforts to correct the data once we have confirmed your identity and the accuracy of the new information.
We will deal with all requests for access to personal data as quickly as possible, but no later than the prescribed time required by law (unless any complexities arise). Requests for a large amount of information, or information which is not currently in use, may require further time before a response can be given.
We will provide you your personal data in a structured, commonly used, machine-readable format.
In certain circumstances, we may refuse to provide you with access to the personal data we hold about you. Such circumstances include, but are not limited to situations where providing access would be:
We will also refuse access where the personal data relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. Further, we reserve the right to refuse access if we find that your request is frivolous or vexatious, or if we have a reasonable belief that there is an ongoing or potential unlawful activity or serious misconduct that could be impacted detrimentally by granting access.
If we refuse to give you access, we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also take reasonable steps to give you access in a way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide details of how you may make a complaint about our decision.
Please note that the access and correction requirements under this Privacy Policy operates alongside and do not replace other informal or legal procedures by which an individual can be provided access to, or correction of, their personal data. We maintain a record of all access and correction requests received, along with their outcomes, for internal audit and compliance purposes.
We may ask you to verify your identity before acting on any of your requests. We will not charge a fee for the exercise of your rights under the Act. However, we may charge a reasonable fee if your request involves a significant amount of work. Unless permitted by the Privacy Act, we will not refuse to comply with your request.
HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA?
For us to provide excellent service we are required to store some personal data and take the greatest of care to ensure this information is treated as private and confidential. Transmitting personal data via the internet does have inherent risks associated with it. We will take all reasonable steps, including but not limited to the use of encryption, secure servers, and two-factor authentication, to ensure the security of this data.
We have taken the necessary measures to ensure the personal data we hold is not compromised. In accordance with and as permitted by the Act and the APPs we will retain your information as long necessary to serve you, to maintain your account or as otherwise required to operate our service.
We have established agreements with these third parties that require them to maintain adequate security measures. However, we cannot be held liable for events outside our control.
Our website is protected by SSL security certificates and is built considering all modern security standards, including the use of encryption and secure servers where possible. We will take reasonable steps to maintain the integrity and security of any personal data we have stored, including taking reasonable steps to prevent interference and loss, misuse, unauthorised access, modification or disclosure of such personal data.
Note that no information transmitted over the Internet can be guaranteed to be completely secure. While we will endeavour to protect your personal data as best as possible, we cannot guarantee the security of any information that you transmit to us or receive from us. The transmission and exchange of information is carried out at your own risk.
It is important that you protect your privacy by ensuring that no one obtains your personal data, and you must contact us directly if your details change. Should your information be erroneously provided to us or no longer remain valid within the constraints of this Privacy Policy we will securely destroy or de-identify it as soon as practicable, as long as it is lawful to do so.
We have obligations to notify you if you are affected by a data breach. We will take all reasonable precautions to take remedial action to prevent such an event. However, as we cannot guarantee that remedial action will be sufficient to prevent all instances of a breach, we will take steps to notify you of an eligible data breach as soon as practicable, and provide recommendations as to what steps you should take to mitigate any serious issues.
HOW LONG DO WE KEEP YOUR PERSONAL DATA
We are committed to regularly reviewing and updating our data retention periods to ensure compliance with legal requirements and best practices in data protection. Personal data shall be processed and stored for as long as required by the purpose they have been collected for. We ensure that personal data is minimised to what is necessary during the retention period and securely deleted or anonymised when no longer needed.
Therefore:
We will retain personal data for a longer period if we are required to do so by law or by an order from a legal authority. Exceptions to our standard retention periods may apply in cases of ongoing legal disputes, investigations, or other legitimate business needs that require extended retention. In such cases, we will retain the relevant data only for as long as necessary to fulfill these specific purposes. Once the retention period expires, personal data shall be automatically deleted through our data management system. The right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
YOUR RIGHTS ABOUT YOUR PERSONAL DATA
You may exercise certain rights regarding their personal data which we process. In particular, you have the right to do the following:
LOG DATA
Whenever you use our website, or in a case of an error within the website, we collect data and information (through third party products) called Log Data. This Log Data may include information such as your device, Internet Protocol address, device name, operating system version, the configuration of the device when utilizing our website, the time and date of your use of our website and other statistics.
TRANSFER OUT
We may transfer data we receive about you, including all personal data, to our hosting service providers and data centres located overseas, such as an Amazon Web Services node in countries outside of Australia as an example, subject to compliance with the Australian Privacy Principles, specifically APP 8 – Cross-border Disclosure of Personal Information. You acknowledge that such transfers may occur, and that any data that we transfer may be subject to laws, regulations, and standards that are different from those in your country. We will comply with all applicable data localisation requirements in the jurisdictions where we operate. Where required by law, certain data may be stored locally in your country of residence. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.
We will notify you of any changes in the law that may affect our international data transfers. If such changes occur, we may need to implement additional safeguards or alter our data transfer practices to remain compliant with applicable laws and regulations. We will keep you informed of any significant changes that may impact the processing of your personal data.
You have the right to object to the international transfer of your personal data. If you wish to exercise this right, please contact us using the information provided in the “Contact Us” section of this Privacy Policy. In accordance with the Australian Privacy Principles, specifically APP 8, we will take reasonable steps to ensure that any overseas recipient does not breach these principles in relation to your personal data. However, please note that in some cases, we may need to transfer your data outside of Australia to provide our services effectively.
You acknowledge that personal data that you submit for publication through our website or products or services may be available, via the internet, around the world. We will take reasonable steps to prevent the use (or misuse) of such personal data by others.
CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify or amend this Privacy Policy at any time. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
If you object to any changes, you may cease using our website and/or our services. You acknowledge and agree that your continued use of our website means that the collection, use and sharing of your personal data is subject to the updated Privacy Policy.
COOKIES
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology. While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
Insofar as those cookies are not strictly necessary for the provision of our website and services, we will ask you to consent to our use of cookies when you first visit our website. We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
COOKIES THAT WE MAY USE
We use cookies for the following purposes:
COOKIES USED BY OUR SERVICE PROVIDERS
Our service providers use cookies and those cookies may be stored on your computer when you visit our website.
MANAGING COOKIES
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.
ENQUIRIES, REQUESTS & COMPLAINTS
Enquiries regarding this Privacy Policy or the personal data we may hold on you, should be addressed to the Privacy Officer at privacy@dayhospitalsaustralia.net.au
If you think your personal data, held by us, may have been compromised in any way or you have any other Privacy related complaints or issues, you should also raise the matter with the Privacy Officer.
We will ensure your claims are investigated and a formal response will be provided to you, within a reasonable time, considering the circumstances of your claims. If any corrective action is determined to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you of such, again within a reasonable time considering the circumstances.
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Privacy Commissioner Australia, whose contact details are below.
Office of the Australian information Commission
Telephone 1300 363 992
Email enquiries@oaic.gov.au
Office Address Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address GPO Box 5218, Sydney NSW 2001
Website www.oaic.gov.au
DATE OF CURRENT VERSION: 27 November 2024