Privacy Policy

This Policy governs how members of the Bolton Clarke Group, being RSL Care RDNS Limited ABN 90 010 488 454, Royal District Nursing Service Limited ABN 49 052 188 717, RDNS HomeCare Limited ABN 13 152 438 153, Acacia Living Group Limited ABN 44 121 436 162, McKenzie Aged Care Group Pty Ltd ACN 006 276 124 and Cabool Retirement Villages Pty Ltd ACN 603 066 208 (we, us, our) collect, store, use, disclose and manage personal information. This Policy also outlines and explains the types of personal information we collect, the purposes for which it is collected, how you can request access to and correct personal information that we hold about you and how you can make a privacy complaint or contact us with your enquiries or concerns.

We take your privacy seriously and are committed to open and transparent management of personal information. When dealing with personal information, we comply with the Privacy Act 
1988 (Cth) (Act), the Australian Privacy Principles in the Act, and all other applicable legislation, including State and Territory health records legislation. 

Our suppliers and contractors are required to enter into written contracts ensuring their strict compliance with privacy laws. 

This Policy does not apply to personal information that is exempt under the Act, including the employment records of our employees relating to their former or current employment with us.

This document applies to all:
• Board members
• Executive Leadership Team
• Leaders of functions, areas and teams
• Workers.

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable:

a) whether the information or opinion is true or not; and
b) whether the information or opinion is recorded in a material form or not.

Sensitive information is a subset of personal information and includes:

a) health information about an individual;
b) genetic information (that is not otherwise health information); 
c) information or opinion (that is also personal information) about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or 
affiliations, philosophical beliefs, membership of a professional or trade association, sexual preferences or practices or criminal record; and
d) biometric information that is to be used for the purpose of automated biometric verification, biometric identification, or biometric templates.

What constitutes personal information will vary, depending on whether any individual can be identified or is reasonably identifiable in the particular circumstances.

The personal information that we collect and hold will depend on your relationship with us, the nature of the product or service we are providing or activity you are involved in and the legal obligations we may have. 

We collect your personal information to provide retirement, aged care and health services to you. We also use the information for training and the management of our services. 

For contractors and suppliers, we collect your personal information to assess your suitability, qualifications, licences and insurance details and, if applicable, subsequently administering and managing our engagement of you. For prospective employees, we collect your personal information to assess your suitability for the position for which you have applied.

We generally collect and hold both personal and sensitive information, including:
a) For customers:
(i) contact details including name, occupation, address, postcode, telephone and facsimile numbers, email addresses and family information;
(ii) demographic information including age, date of birth and gender;
(iii) health information including medical and family history, medications, vaccination status, diagnostic imaging and reports, pathology results, diagnoses (including mental 
health or disability), observations and reported symptoms;
(iv) government related identifiers, including Medicare, Centrelink and Department of Health numbers;
(v) financial details and billing information including to comply with our legal obligations;
(vi) legal information including details of powers of attorney, advanced health directives and similar documents, court or tribunal orders and wills; and
(vii) treating clinicians’ contact details.

b) For employees, including prospective employees:
(i) contact details including name, address, postcode, telephone and facsimile numbers and email addresses and family information;
(ii) demographic information including age, date of birth and gender;
(iii) financial details such as salary, taxation, superannuation and payment details; 
(iv) sensitive information such as health and psychometric information; 
(v) qualifications and experience; 
(vi) licensing and registration with professional bodies; 
(vii) information contained in references obtained from third parties; and
(viii) national police certificates and /or NDIS worker screening checks. 

c) For contractors and consultants:
(i) contact details including name, address, postcode, telephone and facsimile numbers and email addresses;
(ii) financial details and billing information including to comply with our legal obligations;
(iii) qualifications, licences and insurance details; 
(iv) information contained in references or referrals obtained from third parties; 
(v) sensitive information such as vaccination status; and 
(vi) national police certificates and /or NDIS worker screening checks. 

d) For donors: 
(i) contact details including name, address, postcode, telephone and facsimile numbers and email addresses;
(ii) demographic information including age, date of birth and gender; 
(iii) financial details and billing information to comply with our legal obligations; and
(iv) testamentary intentions as they affect us (for example, details of any gifts left or intended to be left to us in the donor’s Will). 

If lawful and reasonable to do so, we will destroy and de-identify all unsolicited personal information we receive if we would not normally collect this information to perform one of our 
functions or activities or if the information is sensitive and no consent has been given.

We will not collect personal information unless it is reasonably necessary for one of our functions or activities. Personal and sensitive information will only be collected through lawful and fair means. Collection of personal or sensitive information will primarily be collected with your consent. However, such information may also be collected in a manner that is required or authorised by law (for example, where it is necessary to prevent or minimise a serious or imminent threat to a person’s life or health). 

The sources from which we collect personal information will depend on the circumstances of the collection and may include the following:

We will try to collect your personal information directly from you, or alternatively, with your consent. We will collect personal information from you:
a) if you provide us with information about yourself and, if necessary, your medical condition;
b) if you complete relevant agreements, applications, forms, surveys, competitions, questionnaires or you communicate with us by taking part in a discussion or forum or by 
email, telephone, in writing, in person or by audio visual means;
c) if you are providing services or goods to us or our customers; 
d) if you apply for employment or engagement with us; or
e) if you make a donation to us.

Where it is unreasonable or impracticable to collect information directly from you, we may obtain personal information about you from a third party. For example, we may collect personal 
information about you: 
a) from your general practitioner or another healthcare provider who has information about you to assist us in providing services to you;
b) from a member of your family, a carer, a close friend, your authorised representative or responsible person, next of kin, your nominated emergency contact person or the police;
c) from any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team; 
d) from relevant government departments such as Medicare, the Department of Health, the Department of Social Services or your health insurer to assist us in providing services or 
processing billing for services provided to you; 
e) from third parties who you have asked to provide your personal information to us; or
f) from a reference or referral identified in your application for employment or engagement with us.

When you visit our website, our web server may download a cookie to your computer. A cookie is a small piece of information sent by our server to your browser. Cookies do not contain personal information about you but can identify a user's browser. We use cookies to capture information about a user's browser. If you do not wish to receive cookies, you may set your browser to refuse them.

We automatically gather anonymous information to monitor use. For example, the numbers and frequency of visitors to our website. This collective data helps us determine how our audiences use parts of our website, so we can improve our services. We may publish or provide this aggregate data to other people or organisations.

If you are receiving aged care or health services from us, it is not practical for you to remain anonymous because we need to keep a record of the care and services provided to you. 
We may be able to accommodate you using a pseudonym. However, if you choose not to provide your real identity this may impact the quality of the services provided to you and relevant billing and claiming.

If you wish to use a pseudonym that is linked confidentially to your real identity, please let us know and we will discuss with you any arrangements that can be made.

We may use and disclose personal information for the particular purpose for which it was collected (Primary Purpose). 

For customers, this will include the use and disclosure necessary to provide retirement and aged care services including accommodation, and where relevant, health care or wellness services. We may also use or disclose your personal information:

a) to staff or other service or healthcare providers involved in providing services to you or your care (including your general practitioner, nurses, physiotherapists, occupational 
therapists) or administrative staff (involved in preparation of documentation, billing and other administrative and management duties);
b) in assessing whether you are eligible to be admitted to one of our retirement living, home care or residential aged care services;
c) to Medicare, the Department of Health, the Department of Social Services or your private health insurer for the purposes of billing;
d) to government authorities for the purposes of providing aged care or health services; 
e) to funding bodies and government agencies; 
f) to a member of your family, a carer, a close friend, your authorised representative or responsible person, next of kin, your nominated emergency contact person or the police; or 
g) any third party that you request or authorise us to.

For prospective employees, contractors and suppliers, we may disclose your information to third parties to assist us in considering you for a position (including suitability) and if applicable, for subsequently administering and managing your engagement or employment. 

We will only generally use or disclose personal information collected for a Primary Purpose. However, it may be necessary in some cases to disclose personal information for a secondary 
purpose, including:

a) if we have your consent;
b) if required for the management of our services. For example:
(i) billing or debt-recovery, service-monitoring, funding, complaint-handling, incident reporting, developing and planning services, evaluation and improvement, quality 
assurance or audit activities, and accreditation activities;
(ii) education and training of our staff (who may not be our employees), where de-identified information is not sufficient for this purpose; and
(iii) disclosure to our advisors and contractors who provide services to us, for example IT and database management service providers;
c) for research, compilation or analysis of statistics;
d) if use or disclosure is necessary to lessen or prevent a serious or imminent threat to someone's life, health or safety or a serious threat to public health and safety; or 
e) if we are required or authorised by or under an Australian law or a court or tribunal order. 

We effectively and securely destroy and de-identify personal information which is no longer required to be retained by us to satisfy any legal, financial and other requirement in accordance with our information management framework and document retention schedule. 

We will take reasonable steps to ensure that the personal information we collect is accurate, complete, up to date and relevant to the purpose for which it is to be used, both at the time of 
collection and use.

All personal information collected is securely stored on our electronic databases. In some instances, it may also be held in hard copy files in secure and locked facilities in Australia. 

We will take reasonable steps to ensure that the personal information we hold is protected from misuse, loss, interference, unauthorised access, modification or disclosure.

If we find that there has been any unauthorised access, disclosure or loss of your personal information that is likely to result in serious harm to you, we will: 
a) take remedial action (where reasonably possible) to minimise risk of harm to you; and
b) notify you and the Office of the Australian Information Commissioner, as soon as reasonably practicable.

If requested, we will let you know what kind of personal information of yours we hold, for what purpose, and how we handle that information. We will also make this Policy available to anyone who requests a copy of it.

You can request access to your personal information held by us, upon written request to our Privacy Officer (see Section 15 below for details). We may charge reasonable costs for carrying out your request. 

To obtain access to personal information, we must be satisfied that you are legally authorised to make the request. We will ask you to verify your identification or authority. This is necessary to ensure that your personal information is provided only to the correct individuals and that the privacy of others is protected.

If, upon receiving access to your personal information or at any other time, you believe your personal information is inaccurate, incomplete or out of date, you can notify our Privacy Officer to correct your personal information. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.

We may decline a request for personal information in circumstances prescribed in the Act, including where: 
a) access would pose a serious threat to life or health of an individual, or to public health or safety; 
b) access would unreasonably impact the privacy of other individuals; 
c) the request is frivolous or vexatious; 
d) the information relates to existing or anticipated legal proceedings; 
e) access would be unlawful; or
f) we are prohibited by Australian law, a court or tribunal.

If we decline to provide access, we will give you a written notice setting out the reasons for refusal and the complaint mechanisms available to you.

We may disclose personal information to entities outside of Australia, in which case we will take all steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles, unless we reasonably believe the disclosure is necessary or authorised by Australian law. We have engaged contractors and consultants who operate in New Zealand, the United Kingdom, Philippines, Israel, Canada, the United States of America and Brazil and may disclose personal information to those overseas entities.

We will only disclose personal information to persons or entities outside of Australia where: 
a) the recipient is subject to privacy laws similar to the Privacy Act; 
b) we reasonably believe the disclosure is necessary or authorised by Australian law; or
c) you have provided your express consent to such disclosure. 

There may be occasions where personal information is used for direct marketing purposes including direct contact, telephone enquiries, email, SMS, letters, internet and web interactions, surveys and other forms of communication. Any such use will be limited to circumstances where you would reasonably expect us to use or disclose your personal information for that purpose and it has been collected from you, or if you have otherwise consented or requested this information.

You have the right:
a) to contact us to ‘opt-out’ of receiving direct marketing communications; or
b) to request that we provide the source of your personal information where reasonable and practicable.

If you have consented to us providing direct marketing to you and you wish to stop receiving such marketing, please contact us on the details set out in this Policy or provided in the marketing communication.

If you believe we have at any time breached this Policy, you may lodge a written complaint with our Privacy Officer on the contact details in this Policy.

We will endeavour to acknowledge your complaint within 14 days of its receipt, and to make a determination on the complaint within 30 days of its receipt.

If you are not happy with our response, you may lodge a written complaint with the Office of the Australian Information Commissioner using the following link: 
https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us/

For all residential aged care homes, please contact:

Allity Privacy Officer
Level 7, 601 Pacific Highway
St Leonards NSW 2065
Phone: (02) 9431 1000
Email: privacy.officer@allity.com.au

For all other enquiries please contact: 

The Privacy Officer
Level 3, 44 Musk Avenue Kelvin Grove QLD 4059
Phone: (07) 3251 6200
Email: privacy@boltonclarke.com.au

Further information about the Australian Privacy Principles and the application of the Act to us can be found at the website of the Office of the Australian Information Commissioner at 
http://www.oaic.gov.au.

Term Definition
Nil

This policy document supports Bolton Clarke’s compliance with the following legislation:
Privacy Act 1988 (Cth) (Act)

You may also need to refer to the following related policy documents:
Privacy Collection Notice

Version 2.2, Date published - 29 July 2022, Summary of changes - Addition of Allity entities in the description of the Group, as well as contact details for Allity Privacy Officer.
Approver - Chief Executive Officer

Version 3.0, Date published-  17 January 2024, Summary of changes - Scheduled review. Approver - Chief Executive Officer

This document will be reviewed by the Owner in line with the scheduled review cycle, depending on the level of risk and in line with the Bolton Clarke Policy Governance Framework.

Changes to legislation and regulation that may impact this document are monitored by the Owner.

Owner: General Counsel and Company Secretary
Last scheduled review: 17 January 2024
Next scheduled review: 17 January 2026