Privacy Policy

Privacy Policy

  1. Introduction
    • From time to time Fairfield Dental Practice (“Practice“) is required to collect, hold, use and/or disclose personal information relating to individuals (including, but not limited to, its clients, contractors, suppliers and employees) in the performance of its business activities.
    • The information collected by the Practice will, from time to time, be accessible to certain individuals employed or engaged by the Practice who may be required to use the information in the course of their duties.
    • This document sets out the Practice’s policy in relation to the protection of personal information, as under the Privacy Act 1988 (Cth) the (“Act“), which includes the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), and the Australian Privacy Principles (“APP“).
    • The APPs regulate the handling of personal information.
    • The obligations imposed on the Practice under this policy are also imposed on any individual employed or engaged by the Practice.
    • This Policy outlines the Practice’s requirements and expectations in relation to the handling of personal information.
  2. Scope
    • This policy applies to all employees, independent contractors, consultants and other workers engaged by the Practice and who have access to personal information in the course of performing their duties.
  3. What is Personal Information?
    • Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
  4. Employee Records
    • This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record as they are exempt from the APPs.
    • An employee record is a record of personal information relating to the employment of an employee. Examples of personal information relating to the employment of the employee include, but are not limited to, health information and information about the engagement, training, disciplining, resignation, termination, terms and conditions of employment of the employee. Please see the Act for further examples of employee records.
    • Employees (such as Practice Managers) will have access to employee records. Employees who have access to employee records must ensure that the information is handled confidentially and for a proper purpose only. Employee records are only permitted to be collected, used and disclosed where the act of doing so is directly related to a current or former employment relationship.
    • Employees who have access to employee records and who may have a question about the use or disclosure of employee records, should contact the Practice.
  5. Kinds of Information that the Practice Collects and Holds
    • The Practice collects personal information that is reasonably necessary for one or more of its functions or activities or if the Practice has received consent to collect the information. If the Practice collects sensitive information (as defined below), the Practice must also have obtained consent in addition to the collection being reasonably necessary..
    • The type of information that the Practice collects and holds may depend on an individual’s relationship with the Practice. For example:
  6. Candidate: if you are a candidate seeking employment with the Practice, the Practice may collect and hold information including your name, address, email address, contact telephone number, gender, age, employment history, references, resume, medical history, emergency contact, taxation details, qualifications and payment details.
  7. Client: if you are a client of the Practice, the Practice may collect and hold information including your name, address, email address, contact telephone number, gender and age.
  • Supplier: if you are a supplier of the Practice, the Practice may collect and hold information includingyour name, address, email address, contact telephone number, business records, billing information, information about goods and services supplied by you.
  1. Referee: if you are a referee of a candidate being considered for employment by the Practice, the Practice may collect and hold information including your name, contact details, current employmentinformation and professional opinion of candidate.
  2. Sensitive information: the Practice will only collect sensitive information where you consent to the collection of the information and the information is reasonably necessary for one or more of the Practice’s functions or activities. Sensitive information includes, but is not limited to, information or an opinion about racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preferences, criminal record, health information or genetic information.
  3. How the Practice Collects and Holds Personal Information
    • The Practice (and the employees acting on the Practice’s behalf) must collect personal information only by lawful and fair means. The Practice will collect personal information directly from you if it is reasonable or practicable to do so.
    • The Practice may collect personal information in a number of ways, including without limitation:
  4. through application forms (eg. Job applications);
  5. by email or other written mechanisms;
  • over a telephone call;
  1. in person;
  2. through transactions;
  3. through our website;
  • through lawful surveillance means such as surveillance camera;
  • by technology that is used to support communications between us;
  1. through publicly available information sources (which may include telephone directories, the internet and social media sites);
  2. direct marketing database providers;
    • When the Practice collects personal information about you through publicly available information sources, it will manage such information in accordance with the APPs.
    • At or before the time or, if it is not reasonably practicable, as soon as practicable after, the Practice collects personal information, the Practice must take such steps as are reasonable in the circumstances to either notify you or otherwise ensure that you are made aware of the following:
  3. the identity and contact details of the Practice;
  4. that the Practice has collected personal information from someone other than you if you are unaware that such information has been collected;
  • that collection of personal information is required by Australian law, if it is;
  1. the purpose for which the Practice collects the personal information;
  2. the consequences if the Practice does not collect some or all of the personal information;
  3. any other third party to which the Practice may disclose the personal information;
  • the Practice’s privacy policy contains information about how you may access and seek correction of personal information held by the Practice and how you may complain about a breach of the APPs; and
  • whether the Practice is likely to disclose personal information to overseas recipients, and the countries in which those recipients are likely to be located.
    • Unsolicited personal information is personal information that the Practice receives which it did not solicit. Unless the Practice determines that it could have collected the personal information in line with the APPs or the information is contained within a Commonwealth record, it must destroy the information to ensure it is de-identified.
  1. Purposes for which the Practice Collects, Holds, Uses and/or Discloses Personal Information
    • The Practice will collect personal information if it is reasonably necessary for one or more of its functions or activities.
    • The main purposes for which the Practice may collect, hold, use and/or disclose personal information may include but are not limited to:
  2. recruitment functions;
  3. client service management;
  • training and events;
  1. surveys and general research; and
  2. business relationship management.
    • The Practice may also collect, hold, use and/or disclose personal information if you consent or if required or authorised under law.

Direct marketing:

  • The Practice may use or disclose personal information (other than sensitive information) about you for the purpose of direct marketing (for example, advising you of new goods and/or services being offered by the Practice).
  • The Practice may use or disclose sensitive information about you for the purpose of direct marketing if you have consented to the use or disclosure of the information for that purpose.
  • You can opt out of receiving direct marketing communications from the Practice by contacting the Privacy Officer in writing or if permissible accessing the Practice’s website and unsubscribing appropriately.
  1. Disclosure of Personal Information
    • The Practice may disclose your personal information for any of the purposes for which it is was collected, as indicated under clause 7 of this policy, or where it is under a legal duty to do so.
    • Disclosure will usually be internally and to related entities or to third parties such as contracted service suppliers.
    • Before the Practice discloses personal information about you to a third party, the Practice will take steps as are reasonable in the circumstances to ensure that the third party does not breach the APPs in relation to the information.
  2. Access to Personal Information
    • If the Practice holds personal information about you, you may request access to that information by putting the request in writing and sending it to the Practice Manager. The Practice will respond to any request within a reasonable period, and a charge may apply for giving access to the personal information where the Practice incurs any unreasonable costs in providing the personal information.
    • There are certain circumstances in which the Practice may refuse to grant you access to the personal information. In such situations the Practice will give you written notice that sets out:
  3. the reasons for the refusal; and
  4. the mechanisms available to you to make a complaint.
  5. Correction of Personal Information
    • If the Practice holds personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading, it must take steps as are reasonable to correct the information.
    • If the Practice holds personal information and you make a request in writing addressed to the Privacy Officer to correct the information, the Practice must take steps as are reasonable to correct the information and the Practice will respond to any request within a reasonable period.
    • There are certain circumstances in which the Practice may refuse to correct the personal information. In such situations the Practice will give you written notice that sets out:
  6. the reasons for the refusal; and
  7. the mechanisms available to you to make a complaint.
    • If the Practice corrects personal information that it has previously supplied to a third party and you request us to notify the third party of the correction, the Practice will take such steps as are reasonable to give that notification unless impracticable or unlawful to do so.
  8. Integrity and Security of Personal Information
    • The Practice will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that it:
  9. collects is accurate, up-to-date and complete; and
  10. uses or discloses is, having regard to the purpose of the use or disclose, accurate, up-to-date and complete.
    • The Practice will take steps as are reasonable in the circumstances to protect the personal information from misuse, interference, loss and form unauthorised access, modification or disclosure.
    • If the Practice holds personal information and it no longer needs the information for any purpose for which the information may be used or disclosed and the information is not contained in any Commonwealth record and the Practice is not required by law to retain the information, it will take such steps as are reasonable in the circumstances to destroy the information or to ensure it is de-identified.
  11. Data Breaches and Notifiable Data Breaches
    • A “Data Breach” occurs  where personal information held by the Practice is accessed by, or is disclosed to, an unauthorised person, or is lost. An example of a Data Breach may include:
  12. lost or stolen laptops or tablets;
  13. lost or stolen mobile phone devices;
  • lost or stolen paper records or documents containing personal information relating to the Practice’s clients or employees;
  1. employee’s mistakenly providing personal information to the wrong recipient (i.e. payroll details to wrong address);
  2. unauthorised access to personal information by an employee;
  3. employees providing confidential information to the Practice’s competitors;
  • credit card information lost from insecure files;
  • where a database has been ‘hacked’ to illegally obtain personal information; and
  1. any incident or suspected incident where there is a risk that personal information may be misused or obtained without authority.
    • If you are aware of or reasonably suspect a Data Breach, you must report the actual or suspected Data Breach to the Practice Manager as soon as reasonably practicable and not later than 24 hours after becoming aware of the actual or suspected Data Breach.
    • A “Notifiable Data Breach” occurs where there is an actual Data Breach, and:
  2. a reasonable person would conclude that the unauthorised access or disclosure would likely result in serious harm to the relevant individual (including harm to their physical or mental well-being, financial loss, or damage to their reputation); or

 

  1. in the case of loss (i.e. leaving an unsecure laptop containing personal information on a bus), unauthorised access or disclosure of personal information is likely to occur as a result of the Data Breach, and a reasonable person would conclude that the unauthorised access or disclosure would likely result in serious harm to the relevant individual (including harm to their physical or mental well-being, financial loss, or damage to their reputation).
    • A Notifiable Data Breach does not include a Data Breach where the Practice has been successful in preventing the likely risk of serious harm by taking remedial action.
    • If the Practice is aware of any actual or suspected Data Breach, it will conduct a reasonable and expeditious assessment to determine if there are reasonable grounds to believe that the Data Breach is a Notifiable Data Breach or not.
    • Subject to any restriction under the Act, in the event that the Practice is aware of a Notifiable Data Breach, the Practice will, as soon as practicable, prepare a statement outlining details of the breach and notify:
  2. the individual whose personal information was part of the Data Breach ; and
  3. the Office of the Australian Information Commissioner.
  4. Anonymity and Pseudonymity
    • You have the option of not identifying yourself, or using a pseudonym, when dealing with the Practice in relation to a particular matter. This does not apply:
  5. where the Practice is required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
  6. where it is impracticable for the Practice to deal with individuals who have not identified themselves or who have used a pseudonym.
    • However, in some cases if you do not provide the Practice with your personal information when requested, the Practice may not be able to respond to your request or provide you with the goods or services that you are requesting.
  7. Complaints
    • You have a right to complain about the Practice’s handling of your personal information if you believe the Practice has breached the APPs.
    • If you wish to make such a complaint to the Practice, you should first contact the Privacy Officer in writing. Your complaint will be dealt with in accordance with the Practice’s complaints procedure and the Practice will provide a response within a reasonable period.
    • If you are unhappy with the Practice’s response to your complaint, you may refer your complaint to the Office of the Australian Information Commissioner.
  8. Privacy Officer Contact Details
    • The Practice’s Privacy Officer can be contacted in the following ways:
  9. Telephone number: 07 3846 6555
  10. Email address: reception.sfldental@gmail.com
  • Postal address: 174 Fairfield Road Fairfield Qld 4103
  1. Breach of this Policy
    • Any employee who is found to have breached this policy may be subject to disciplinary action, up to and including termination of employment.
  2. Variations
    • This policy does not form part of any Employee’s contract of employment. The Practice may vary, replace or terminate this policy from time to time.