The Secret Keeper is committed to protecting and upholding the right to privacy of clients, workers, Board members and representatives of agencies we deal with. This statement outlines how The Secret Keeper collects, stores, uses, and discloses personal information.
Our commitment to protecting your privacy
This privacy statement applies to the collection·, storage, use and disclosure of personal information by or on behalf of the The Secret Keeper (ABN 61 284911594) (referred to in this statement as “The Secret Keeper”, “our”, “we” or “us”). Please read it carefully.
We intend to protect your personal information, and ensure its privacy, accuracy, and security. We handle your personal information in a responsible manner in accordance with the Privacy Act 1988, including the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NOB) scheme.
By using any of our services or products, visiting our website (www.The Secret Keeper.com.au) or giving us your personal information, you agree to your information being collected, stored, used and disclosed as set out in this privacy statement.
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form.
Sensitive information, a type of personal information, means information or an opinion about an individual’s race or ethnic origins, political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices, trade or professional associations and memberships, union membership, criminal record, health or genetic information or biometric information.
Data breach is what occurs when personal information that we hold is subject to unauthorised access or disclosure or is lost.
Unauthorised access/disclosure occurs if The Secret Keeper, whether intentionally or unintentionally, makes personal information accessible or visible to others outside the organisation and releases that information from its effective control in a way that is not permitted by the Privacy Act. This includes an unauthorised disclosure by a The Secret Keeper worker.
Loss refers to the accidental or inadvertent loss of personal information held by The Secret Keeper, in circumstances where it is likely to result in unauthorised access or disclosure.
Serious harm to an individual may include physical, psychological, emotional, financial, or reputational harm. Assessment of whether harm is serious will depend on the likelihood of the harm eventuating for individuals whose personal information was part of the data breach and the consequences of the harm.
Whose personal information do we collect?
We may collect your personal information from a range of sources, including from you, recruitment agencies, contractors, business partners and government agencies. For example, we may collect your personal information when you request or acquire a service or product from us, provide a service or product to us, apply for employment with us or communicate with us via our website or social media sites, by e-mail, telephone or in writing.
Wherever reasonable and practicable, we collect personal information from the individual to whom the information relates. If you provide personal information about someone other than yourself, you agree that you have that person’s consent to provide the information for the purpose for which you provide it to us. You also agree that you have told the person about this privacy statement and where to find it.
What types of personal information do we collect and hold?
The personal information we collect includes:
Names, addresses, e-mail addresses, phone numbers, payment details, occupation, and other information to assist us in conducting our operations, providing and marketing our services and products.
Information about workers and directors, as required in the normal course of human resource management and the operation of a not-for-profit organisation.
Information about current and previous The Secret Keeper suppliers, clients and supporters with whom The Secret Keeper has dealings.
We will only collect your sensitive information if you have consented to us doing so – for example, as part of information collected about directors and workers for company and human resource management purposes; as part of health information collected about individuals for health assessments or other health promotion programs; as part of racial and ethnic origin information collected about individuals for government reporting requirements; or where required or permitted by law.
How do we collect personal information?
We only collect personal information by lawful and fair means. We usually collect personal information from:
Face-to-face meetings, interviews, telephone calls and The Secret Keeper online programs
Electronic communications – for example, e-mails and attachments; forms filled out by people, including as part of acquiring a service or product from us
Subscriptions to our e-newsletters; third parties – for example, from recruitment agencies and your representatives or agents
Our website, our Facebook page, and other social media sites, including if you use it to contact us, donate to us, register for training or an event organised by us, or when you download our apps.
We may collect personal information from entities that provide or resell our services.
Why do we collect personal information?
We collect the personal information:
Necessary for us to provide you with the services and products you have requested from us, including to provide mental health services and training programs
For marketing purposes and to provide you with information about services and products that may be of interest to you
To improve the services and products we provide
So that we can meet our reporting obligations.
To enable us to conduct our operations, including meeting our legal and regulatory obligations.
If you do not provide your personal information, we may not be able to supply the requested service or product, employ you or otherwise deal with you.
How we deal with unsolicited personal information
If we receive personal information about you that we have not requested, and we determine that we could not have lawfully collected that information under the APPs had we asked for it, we will destroy or de-identify the information if it is lawful and reasonable to do so.
Do you have to disclose your identity when dealing with us?
Where lawful and practicable, we will give you the option of interacting with us anonymously or using a pseudonym.
Use of personal information
We only use your personal information for the purpose for which it was provided to us, for related purposes or as required or permitted by law. Such purposes include:
In the ordinary course of conducting our operations. For example, supplying services such as our mental and physical health programs, acquiring products and services, responding to your enquiries and feedback, preparing publications, and providing information about our events, news, publications and services and products that may be of interest to you
Market research and product and service development, so that we can better understand our customers’, clients’ and supporters’ needs and tailor our future products and services accordingly
Performing general administration, reporting and management functions. For example, invoicing and account management, payment processing, risk management, training, quality assurance and managing suppliers
Reporting to our funding bodies
Employment-related purposes, such as recruiting and providing services to workers
As part of a merger or transfer (or proposed merger or transfer) of all or part of our not-for-profit organisation or operations
Other purposes related to or in connection with our operations, including meeting our legal and contractual obligations to third parties and for internal corporate governance purposes.
Disclosure of personal information
We may disclose, and you consent to us disclosing, your personal information to third parties:
Engaged by us to provide products or services, or to undertake functions or activities, on our behalf. For example, processing payment information, managing databases, marketing, research and advertising;
That are authorised by you to receive information we hold;
That are our business or not-for-profit partners, joint venturers, partners, or agents;
As part of a merger or transfer (or proposed merger or transfer) of all or part of our not-for-profit organisation or operations. For example, we may disclose information to our external advisers;
Where necessary to meet our reporting obligations;
Such as our external advisers, and government agencies. For example, where disclosure is reasonably required to obtain advice, prepare legal proceedings, or investigate suspected unlawful activity or serious misconduct; and/or
As required or permitted by law.
We may disclose, and you consent to us disclosing, your personal information to any of our related bodies corporate whether located in Australia or overseas. If we disclose your personal information to a related body corporate, your information will be collected, stored, used and disclosed in accordance with this Privacy Statement and the APPs.
Marketing use and disclosure
We may use and disclose your personal information (other than sensitive information) to provide you with information about our services and products that we consider may be of interest to you. You may opt out at any time if you do not, or no longer, wish to receive marketing and promotional material. You may do this by contacting us via e-mail or in writing at the address below and requesting that we no longer send you marketing or promotional material; or where applicable, clicking the “Unsubscribe” button.
Use or disclosure
We will only use or disclose personal information:
For the primary purpose of providing a health and medical service
When we have your or your representative’s consent
To other health professionals (in an emergency, this may be done without notice or express consent)
When legally required (for example, mandatory reporting of certain diseases, abuse, warrant or subpoena)
Unlawful activity or to prevent a serious and imminent threat to life, health or safety (to an individual or the public)
i. research, compilation of statistics, and public health
ii. formal quality review
iii. our grant providers.
We will only use or disclose your sensitive information for the purpose for which it was initially collected or for a directly related purpose, as required or permitted by law, or where you consent to the use or disclosure.
Disclosure of personal information overseas
We do not disclose personal information to third parties outside Australia, unless required or permitted by law.
How is my personal information kept secure?
We take reasonable steps to protect your personal information from misuse, interference, loss and unauthorised access, modification, and disclosure. Such steps include:
Physical security over paper-based and electronic data storage and premises; computer and network security measures, including use of firewalls, password access and secure servers;
Restricting access to your personal information to workers and those acting on our behalf who are authorised and on a ‘need to know’ basis;
Retaining your personal information for no longer than it is reasonably required in accordance with the applicable legislation; and
entering into confidentiality agreements with workers and third parties.
Where we no longer require your personal information, including where we are no longer required by law to keep records relating to you, we will ensure that it is de-identified or destroyed.
Any personal information recorded in paper-based form is only for temporary purposes when direct data entry into our secure database is not possible. These records are physically secured and securely destroyed as soon as practicable following being entered into our database.
We take reasonable steps to ensure that your personal information is accurate, complete, and up to date. However, we rely on you to advise us of any changes or corrections to the information we hold about you. If you consider that the information we hold about you is not accurate, complete, or up-to-date, or if your information has changed, please let us know as soon as possible.
You may request access to the personal information we hold about you by contacting us. We will respond to your request within a reasonable time. We will provide you with access to the information we hold about you unless otherwise permitted or required by law. If we deny you access to the information, we will notify you of the basis for the denial unless an exception applies. Where reasonable and practicable, we will provide access to the information we hold about you in the manner you request. No fee applies for requesting access to information we hold about you. However, we reserve the right to charge a reasonable fee where we do provide access.
If you believe that personal information we hold about you is incorrect, incomplete, or not current, you may request that we update or correct your information by contacting us. We will deal with your request within a reasonable time. If we do not agree with the corrections you have requested (for example, because we consider that the information is already accurate, up-to-date, complete, relevant, and not misleading), we are not required to make the corrections. However, where we refuse to do so, we will give you a written notice setting out the reasons.
Notification of data breaches
The Secret Keeper shall notify the individual to whom the data relates and the Australian Privacy Commissioner if:
There is unauthorised access to or disclosure of personal information held by The Secret Keeper (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).
This is likely to result in serious harm to any of the individuals to whom the information relates.
The Secret Keeper has been unable to prevent the likely risk of serious harm with remedial action.
If it is not clear if a suspected data breach meets the above criteria, The Secret Keeper shall conduct an assessment to determine whether the breach is an ‘eligible data breach’ that triggers notification obligations under the NOB scheme. This assessment shall be conducted within 30 days of the suspected data breach. If assessed to be an ‘eligible data breach’ The Secret Keeper shall notify the individual to whom the data relates and the Australian Privacy Commissioner.
We do not adopt, use, or disclose government related identifiers except as required or permitted by law.
If you have a complaint in relation to the collection, storage, use or disclosure of your personal information, please contact our Privacy Officer using the details below. You will need to provide us with details of your complaint, as well as any supporting evidence and information. We will review all complaints received and our Privacy Officer will respond to you. If you are not satisfied with our response, you may discuss your concerns with or complain to the Australian Privacy Commissioner via www.oaic.gov.au.
Changes to this Privacy Statement
We reserve the right to revise this privacy statement or any part of it from time to time. Please review this Statement periodically for changes. Any revised statement will be placed on our website at www.The Secret Keeper.com.au/site/privacy. Your continued use of our website, services, or products, requesting our assistance, or the provision of further personal information to us after this privacy statement has been revised, constitutes your acceptance of the revised privacy statement.
How to contact us
If you have any questions about this privacy statement, please contact The Secret Keeper’s Privacy Officer:
Email: email@example.com (subject: Privacy)
Telephone: 0484 112 720