Last updated: December 2020
Women’s Health Victoria (“WHV”, “we”, “us”, “our”) is committed to protecting your privacy of the personal information you disclose to us or which we acquire about you. We recognise and value your trust in us to maintain your personal information and to only use and disclose the information for the purposes for which we collected the information and otherwise in accordance with applicable legislation.
This policy explains:
We reserve the right (at our discretion) to modify, amend or replace this policy from time to time. A new version of this policy will be posted to our website when this happens.
Please note that we also have policies that specifically deal with the privacy of personal information we collect and hold in relation to specific services that we provide. For further information about these policies, please visit the website of the relevant specific service.
Personal information may be collected from any individual with whom we may have contact. This includes women contacting us seeking a referral to a service provider, a service provider that has submitted information for inclusion in our database, job applicants, representatives from current and prospective suppliers, individuals purchsing training and information sourced from our research activities.
For the purposes of this policy, ‘personal information’ is information or opinion that identifies an individual or which could reasonably identify an individual. It may include (but not necessarily be limited to) an individual’s name, contact details and records of the individual’s dealings with us or with our staff.
We may collect a range of personal information about you, including your name, address, telephone number, email address, age and date and place of birth.
We may also collect information relevant to your personal situation, including information about your current health and services which you seek. Except as otherwise permitted or required by law, we will only collect sensitive information about you with your consent.
We may also collect personal information in other situations and in other circumstances. For example, we may collect personal information from an individual in the course of completing our research activities. Information may be provided to us when an individual submits a job application to us or when an individual contacts us for the purpose of providing goods and/or services to us.
We may also collect information about you when you visit our website. We may use third party tools to track visits to our website and to provide analytical services concerning those visits. The information we collect from visits to our website is generally de-identified, unless you specifically complete and submit a form that we make available online via our website. We generally do not use such information to identify specific individuals except where it relates to the ourchase of goods or services.
However, due to the Internet’s nature, such information may contain details which could identify a particular individual. Such information includes the IP address of the computer accessing our website, the Internet service provider used to access the Internet and our website, the webpage directing the individual to our website and the individual’s activity on our website.
We collect personal information using lawful and fair means and generally only when relevant to our operations and activities.
We may collect personal information about an individual from a variety of sources using a variety of means, including:
Subject to the foregoing, we generally collect personal information about an individual directly from that individual and only collect their personal information with the individual’s consent, unless it is unreasonable or impracticable for us to do so. Additionally, we generally only collect personal information when we specifically request that information.
From time to time, we may receive unsolicited personal information about an individual. In accordance with our statutory obligations, we will determine whether or not we could lawfully have collected such information had we solicited the information. If we determine that we could not lawfully have collected the information then we will take steps to destroy or de-identify that information, except to the extent we are required or authorised to keep the information by law or court order.
Subject to the following, you may interact and deal with us on an anonymous or pseudonymous basis in relation to a particular matter.
However, if you choose to interact and to deal with us in this fashion, or you do not provide us with personal information when requested, then we may be unable to provide you with all the services and information that you seek from us or otherwise handle the particular matter to your satisfaction.
Further, we may need to verify your identity as part of our response to a request to access and/or correct personal information that we hold about you, or as part of our complaints-handling process. If we are unable to verify your identity, or you continue to engage with us in an anonymous or pseudonymous manner, then we may be unable to satisfy your request.
As a general principle, and in accordance with our statutory obligations, personal information is only used for the primary purpose(s) for which the information was collected or any secondary purpose that is related to the primary purpose for which you would reasonably expect us to use the collected information (and to the extent the information in question comprises sensitive information, including health information, directly related to the primary purpose for which the information was collected), or as otherwise permitted or required by law.
We will take reasonable steps to make you aware of the purpose(s) for which the personal information collected may be used at or before the time of collection.
We may use personal information collected about an individual for one or more of the following purposes:
We may also use personal information collected about an individual to assist us in complying with our regulatory and statutory obligations in relation to the research we undertake and the services we provide.
We may use the information we collect to mark, on a publicly accessible map online, the locations of service providers and health practitioners who have agreed to provide their address details to us.
We may disclose personal information we collect from and about individuals to third parties but only on an as-needs basis and in order to help fulfil the purpose(s) for which we collected the personal information, or any secondary purpose related to the primary purpose for which we may be permitted or required to disclose such information by law.
Without limiting the foregoing, we may disclose personal information (including sensitive information) to any of the following third parties in any of the following situations:
Where we engage third parties to provide products and/or services to us or to users of our services on our behalf, those third parties may have access to personal information (including sensitive information) that we hold about individuals. We generally do not authorise those third parties to use any personal information we may disclose or allow the third parties to access to use or disclose such personal information for any purpose other than to facilitate the completion of their obligations they owe to us.
In addition, we may disclose de-identified statistics regarding the users of our services to reputable third parties and to the Government primarily for the purpose of assisting us to improve our service offering and to meet our contractual obligations owed to the Government.
We may use offshore-based services to assist us to collect personal information which is used to facilitate our provision of services. By using our online forms to submit personal information to us, you agree to our use of such services to collect personal information from you.
We will comply with our statutory obligations regarding the use of your personal information for the purpose of direct marketing. We may directly market ourselves and our services to you if we collected information directly from you in circumstances where you would reasonably expect us to use your information to market ourselves or our services to you.
Where we collect your personal information from a third party, we will not use that information to directly market to you unless you consent to receive such communications from us.
All direct marketing communications which we send will include an easy opt-out procedure if at any time you wish for us to stop sending you marketing communications.
We strive to ensure the security of personal information we collect and hold. We take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.
We regularly review and update our physical and data security measures in light of current technologies. Unfortunately, no data transmission over the Internet or over mobile data and communications services can be guaranteed to be totally secure.
In addition, our employees and contractors who provide services related to our information systems and who have access to personal information we collect and hold are required, as a condition of their employment or engagement, to respect the confidentiality and privacy of any personal information we hold.
We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up to date. However, the accuracy of the information we hold largely depends on the accuracy of the information supplied to us or which we collect. If at any time you discover that any information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please contact us to correct the information or update it yourself through your own secure log in to your information.
Where we hold personal information about an individual, that individual is entitled at any time (upon request or via accessing through your own secure log in) to access the personal information we hold about that individual.
Where we receive a request to access the personal information we hold about an individual, we will respond within a reasonable period of time (generally within 5 business days of receipt). Unless it is unlawful or impracticable for us to do so, we will generally provide access to the requested information in the manner requested.
Please note that we are entitled, under the relevant law, to charge a reasonable administrative fee to cover our costs incurred in providing access to the personal information we hold about an individual.
Please also note that we reserve the right to verify the identity of the person making an access request, to ensure that we are not inadvertently disclosing personal information to an individual not entitled to access such information.
Further, we reserve the right to redact the information we make available in response to an access request, to protect the privacy of other individuals.
We may from time to time refuse to provide access to the information we hold about an individual, in accordance with the relevant law. Where we refuse access, we will explain the reasons for refusal in writing and provide details in relation to the relevant complaint process.
As noted above, we take reasonable steps to ensure that the information we collect, hold, use and disclose about an individual is complete, up-to-date and accurate. However, if at any time you believe that personal information we hold about you is incorrect, incomplete, outdated or inaccurate, you have the right to request that we amend such personal information or amend such information yourself via your personal secure log in. If we refuse the correction requestion, we will provide written reasons and information about the complaint process should you not be satisfied with our reasons.
Where information about you is incorrect and the information has previously been disclosed to third parties, we will take reasonable steps to notify third parties of the correction.
If you wish to complain about an alleged breach of the privacy of your personal information, the complaint should be made in writing to us and addressed to the attention of our privacy officer. The details of our privacy officer are set out below.
We will promptly acknowledge receipt of your complaint and we will endeavour to deal with your complaint and to provide you with a response within a reasonable period of time following receipt of your complaint (generally within 20 business days of receipt).
Where a complaint requires a more detailed investigation, it may take longer to resolve. If this is the case, then we will provide you with progress reports.
We will verify your identity and seek (where appropriate) further information from you in connection with your complaint.
Where required by law, we will provide our determination on your complaint to you in writing.
Please note that we may refuse to investigate or to otherwise deal with a complaint if we consider your complaint to be vexatious or frivolous.
If you are not satisfied with the outcome of your complaint, you may write to us seeking an internal review of our decision. Such internal review will be completed by an officer not previously involved in your complaint.
If you still remain dissatisfied following the outcome of our internal review, you may escalate the complaint to the Office of the Australian Information Commissioner.
In relation to any query, concern or complaint about how we comply with our privacy obligations, please direct such communications to the following:
The Privacy Officer
Women’s Health Victoria
T: +61 3 9664 9305