Overview

COMMITMENT TO PRIVACY

STEPS Group Australia (STEPS) respects the privacy of all people including employees, volunteers, clients/beneficiaries, donors, members, business partners and online users, and is committed to safeguarding the personal information that is provided to us.

The purpose of this Policy is to:

  • Clearly communicate how STEPS handles personal information.
  • Enhance the transparency of STEPS’ operations.
  • Give individuals a better and more complete understanding of the sort of personal information that STEPS holds and the way we handle that information.

DEFINITIONS

Online Users
Refers to any person that accesses the STEPS Website

www.stepsgroup.com.au
www.stepsemploymentsolutions.com.au
www.stepstraining.edu.au
www.stepscharity.com.au
www.careforcarers.com.au
www.ndco.stepscs.net.au

Personal Information
Personal Information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not as defined by the Privacy Act 1988 (as amended).

Sensitive Information
Sensitive Information is information or an opinion (that is also personal information) about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record or health, biometric information or biometric templates, that is also personal information as defined by the Privacy Act 1988 (as amended).

The website
The STEPS website. www.stepsgroup.com.au

STEPS delivers a range of services including programs funded under State and Commonwealth contracts. In providing such services, we comply with the relevant state or national privacy principles and any additional obligations under the contract.

Part A – Personal Information Handling Practices

This section of the Procedure explains our general information handling practices across STEPS, including information about how we collect, use, disclose and store personal information.

Part B – Public Relations Files

Offers further details explaining personal information handling practices in relation to STEPS’ functions and activities such as web-based enquiries, educational material, promotional information and surveys.

Part A – Personal Information

OUR OBLIGATIONS UNDER THE PRIVACY ACT

This Policy sets out how we must comply with our obligations under the Privacy Act 1988 (Privacy Act). We are bound by the Australian Privacy Principles (APPs) in the Privacy Act which regulate how organisations may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them.

COLLECTION OF PERSONAL AND SENSITIVE INFORMATION

If you would like to access STEPS’ services on an anonymous basis or using a pseudonym, please tell us. If this is possible and lawful, we will take all reasonable steps to comply with your request. However, we may not be able to provide the services in question if we are not provided with the personal information requested.

The nature and extent of your personal and sensitive information collected by STEPS varies depending on your particular interaction with STEPS.

STEPS collects personal and sensitive information from clients/beneficiaries, donors, business partners, employees, volunteers and online users. Further information about the kind of information collected from each of these groups and the usage of such information is detailed below.

STEPS Clients and Beneficiaries

Kind of information collected:

  • Contact details (name, address, email etc).
  • Personal details including date of birth, place of birth, gender, income.
  • Government Identifiers (e.g. Job Seeker Identification Number, Customer Reference Number).
  • Work history and educational qualifications.
  • Languages (both written and spoken).
  • Information on personal issues and experiences, relationships.
  • Family and/or cultural background, supports clients may have in the community.
  • Areas of interest.
  • Health information and/or medical history.
  • Credit card numbers or bank account details.
  • Course details and results.
  • A Police Check may be required for some student placements (particularly those placements that work with children, young people and other vulnerable individuals.) Individuals will be required to provide certain information for a Police Check.

How the information is collected:

  • Forms.
  • Online registration.
  • Telephone.
  • Email.

Purpose for which STEPS uses the information:

  • To provide STEPS’ services.
  • To provide clients/beneficiaries with the most appropriate services for their needs.
  • To meet any requirements of government funding for our programs.
  • To meet any government reporting requirements.
  • To monitor and evaluate existing services and plan for future services.
  • To produce annual reports and for research purposes which may involve contracted organisations.
  • To comply with legal obligations.

STEPS Donors

Kind of information collected:

  • Contact details (name, address, email etc.)
  • Personal details including date of birth, gender, income.
  • Donation history.

How the information is collected:

  • Communications, email, flyers.
  • Telephone.
  • Functions or events.

Purpose for which STEPS uses the information:

  • To provide STEPS’ services.
  • To process donations and provide accurate receipts.
  • To facilitate ongoing fundraising and marketing activities.
  • To comply with legal obligations.
  • To provide transparency relating to donated funds, particularly for appeals and public donations.
  • To recognise support of STEPS.

STEPS Business Partners

Kind of information collected:

  • Contact person’s name, the organisation which employs the person.
  • Telephone numbers, fax number.
  • Street and postal address and position title.
  • Number of employees, structure, position description etc.
  • Areas of interest by category and industry.
  • Bank details (if STEPS is to receive payment or make payment for services received).
  • Australian Business Number (ABN).
  • Type of support or process (e.g. employment vacancy, employment incentives, industry placement, goods in kind, program support, volunteering, payment of invoices).
  • For Auspice Partners STEPS will collect information on students, clients, employers and employees.

How the information is collected:

  • Communications, emails, flyers.
  • Online registration.
  • Telephone.
  • Invoices.
  • Contracts.

Purpose for which STEPS uses the information:

  • To provide STEPS’ services.
  • To establish and manage partnerships to receive services from you or the organisation which employs you.
  • To manage STEPS’ relationship with the business partner.
  • To provide information about STEPS’ services.
  • To update the company on STEPS’ programs and services.
  • To meet any requirements of government funding for our programs.
  • To meet any government reporting requirements.

 STEPS employees, volunteers and prospective employees and volunteers

Kind of information collected:

  • Contact details (name, address, telephone numbers, email etc).
  • Personal details including personal details of emergency contact person (s).
  • Date of birth.
  • Country of birth, citizenship, residency and/or visa details.
  • Languages spoken and written
  • Bank account and superannuation details
  • Details of current/ previous employment or volunteer involvement.
  • Skills and experience.
  • Qualifications and drivers licence details.
  • Information and opinions from referees for prospective employees and candidates for volunteer work.
  • A Police Check may be required for some of the roles within STEPS (particularly those involving children, young people and other vulnerable individuals). Individuals will be required to provide certain information for a Police Check.
  • In some situations it is necessary for STEPS to collect or receive information about a workers health. In this circumstance, STEPS will advise why the information is being collected and whether and to whom it will be released.

Purpose for which STEPS uses this information

  • To provide STEPS’ services.
  • To process an application to be become a volunteer or employee of STEPS.
  • To facilitate a placement in an appropriate service or position.
  • To assist with services
  • To provide feedback on performance as a volunteer or employee.
  • To meet legislative responsibilities to all volunteers and employees.
  • To obtain feedback from individuals about their experiences.
  • To assist STEPS to review and improve its programs and services to keep individuals informed about STEPS’ development and opportunities.
  • To provide information about STEPS’ services.
  • To facilitate further involvement with STEPS (e.g. disability support, membership, donor).
  • To meet any government reporting requirements.
  • To ensure STEPS is able to contact employees/ volunteers as required.

STEPS Members

Kind of information collected:

  • Contact details (name, address, telephone numbers, email etc).
  • Date of birth.

Purpose for which STEPS uses this information:

  • To provide STEPS’ services.
  • To provide communication updates and ensure transparency.
  • Relating to donated funds, particularly appeals for public donations and STEPS operations.
  • To provide information about STEPS.
  • For invitations to upcoming events and activities.
  • To recognise support of STEPS.

 Online Users

To the extent that this Policy applies to online privacy issues, it is to be read as forming part of the terms and conditions for use for STEPS’ website. STEPS will not knowingly share any personal information with any third party other than our service providers who assist STEPS in providing the information and/or services we are providing to you.

Kind of information collected:

  • Contact details (name, address, telephone numbers, email etc).
  • Non personal information (e.g. visitor navigation and statistics).
  • Server address, browser type, date and time of visit.
  • Personal information (e.g. news campaigns).

Purpose for which STEPS uses this information:

  • To provide updates regarding our website.
  • To analyse website usage and make improvements to the website, identify user demands.
  • STEPS does not match personal information collected with the non-personal information.
  • Provide direct marketing material.
  • Information in the form of newsletters.

ADDITIONAL INFORMATION

The website from time to time contains links to other websites. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. STEPS stresses that when an online user accesses a website that is not STEPS’ website, it may have a different privacy policy. To verify how the website collects and uses the information, the user should check that particular website’s policy.

HOW STEPS COLLECTS INFORMATION

Where possible STEPS collects personal and sensitive information directly from you. STEPS collects information through various means, including telephone and in person interviews, emails, appointments, forms and questionnaires. If you feel that the information STEPS is requesting, either on our forms or in our discussions with you, is not information you wish to provide, please feel free to raise this with us.

In some situations STEPS may also obtain personal information from a third party source. If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of any purposes for which STEPS is collecting your personal information and the organisations to which we may disclose your information, subject to any exceptions under the Act.

HEALTH INFORMATION

As part of administering services STEPS may collect health information. For example STEPS collects health information (such as medical history) from some clients/beneficiaries participating in STEPS’ programs. When collecting health information, STEPS will obtain your consent to such collection and explain how the information will be used and collected.

If your health information is collected from a third party (such as your doctor) STEPS will inform you that your information has been collected and will explain how this information will be used and disclosed.

STEPS will not use health information beyond the consent provided by you, unless further consent is obtained or in accordance with one of the exceptions under the Privacy Act or in compliance with another law. If STEPS uses your health information for research or statistical purposes, it will be de-identified if practicable to do so.

USE AND DISCLOSURE OF PERSONAL INFORMATION

STEPS only uses personal information for the purposes for which it was given to STEPS or for purposes which are related to STEPS’  functions or activities.

STEPS may share personal information with associated operational divisions such as Quality or Finance.

For the purposes referred to in this Policy (discussed above under Collection of Personal and Sensitive Information), STEPS may also disclose personal information to other external organisations including:

  • Government Departments/agencies who provide funding for STEPS’ services.
  • Contractors who manage some of the services offered to you, such as File Archiving Providers who securely store records. Steps are taken to ensure they comply with the APPs when they handle personal information and are authorised only to use personal information in order to provide the services or to perform the functions required by STEPS.
  • Doctors and health care professionals, who assist STEPS to deliver our services.
  • Other regulatory bodies
  • Referees, employees and volunteers, former employees of STEPS and prospective candidates for STEPS employee and volunteer positions.
  • Our professional advisors, including STEPS’ accountants, auditors and lawyers.
  • Auditors as required by Government Contracts/Certifications and Registrations.

Except as set out above, STEPS will not disclose an individual’s personal information to a third party unless one of the following applies:

  • The individual has consented.
  • The individual would reasonably expect STEPS to use or give that information for another purpose related to the purpose for which it was collected (or in the case of sensitive information – directly related to the purpose for which it was collected).
  • It is otherwise required or authorised by law.
  • It will prevent or lessen a serious threat to somebody’s life, health or safety or to public health or safety.
  • It is reasonably necessary for STEPS to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature that relates to STEPS’ functions or activities.
  • It is reasonably necessary to assist in the location of a missing person.
  • It is reasonably necessary to establish, exercise or defend a claim at law.
  • It is reasonably necessary for a confidential dispute resolution process.
  • It is necessary to provide a health service.
  • It is necessary for the management, funding or monitoring of a health service relevant to public health or public safety.
  • It is necessary for research or the compilation or analysis of statistics relevant to public health or public safety.
  • It is reasonably necessary for the enforcement of a law conducted by an enforcement body.

STEPS does not usually send personal information out of Australia. Some data services have storage centres offshore. Where this occurs STEPS will take all measures to protect your personal information. STEPS will protect your personal information either by ensuring that the country of destination has similar protections in relation to privacy or that STEPS enters into a contractual arrangements with the recipient of personal information that safeguards your privacy.

SECURITY OF PERSONAL AND SENSITIVE INFORMATION

STEPS takes reasonable steps to protect the personal and sensitive information STEPS hold against misuse, interference, loss, un-authorised access, modification and disclosure.

These steps include password protection for accessing our electronic IT system, securing paper files in locked cabinets and physical access restrictions. Only authorised workers are permitted to access these details.

When the personal information is no longer required, it is destroyed in a secure manner, or archived according to our Records Management Procedure (i020300)

ACCESS TO AND CORRECTION OF PERSONAL INFORMATION

If an individual requests release of information we hold about them, or requests that STEPS changes personal information, STEPS will allow access or make the changes unless STEPS considers that there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes.

Requests for access and/or correction should be made to the Quality and Customer Services Manager (details of which are in subsection How to Contact Us). For security reasons you will be required to put your request in writing and provide proof of identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is not undermined.

STEPS will provide access by allowing you to inspect, take notes or print outs of personal information that we hold about you. If personal information (for example, your name and account details) is duplicated across different databases, STEPS will generally provide one printout of this information, rather than multiple printouts.

STEPS will take all reasonable steps to provide access of the information requested within 14 days of request. In situations where the request is complicated or requires access to a large volume of information, STEPS will take all reasonable steps to provide access to the information requested within 30 days.

STEPS may charge you a reasonable fee to reimburse STEPS for the cost we incur relating to the request for access to information, including in relation to photocopying and delivery cost of information stored off site. Any fees will be advised at the time of the request.

If an individual is able to establish that personal information STEPS holds about him/her is not accurate, complete or up to date, STEPS will take reasonable steps to correct our records.

Access will be denied if:

  • The request does not relate to the personal information of the person making the request.
  • Providing access would pose a serious threat to the life, health or safety of a person or to public health or public safety.
  • Providing access would create an unreasonable impact on the privacy of others.
  • The request is frivolous and vexatious.
  • The request relates to existing or anticipated legal proceedings.
  • Providing access would prejudice negotiations with the individual making the request.
  • Access would be unlawful.
  • Denial of access is authorised or required by law.
  • Access would prejudice law enforcement activities.
  • Access would prejudice an action in relation to suspected unlawful activity, or misconduct of a serious nature relating to the functions or activities of STEPS.
  • Access discloses a ‘commercially sensitive’ decision making process or information.
  • Any other reason that is provided for in the APP’s or in the Privacy Act.

If STEPS denies access to information STEPS will set out our reasons for denying access. Where there is a dispute about your right of access to information or forms of access, this will be dealt with in accordance with the complaints procedure set out below.

COMPLAINTS PROCEDURE

If you have provided us with personal and sensitive information, or we have collected and hold your personal and sensitive information, you have the right to make a complaint and have it investigated and dealt with under the complaints procedure.

If you have a complaint about STEPS’ privacy practices or STEPS’ handling of your personal and sensitive information please contact our Quality and Customer Service Manager (details of which are set out below).

All complaints will be logged on our Organisational System Improvement (OSI) System.

A privacy complaint relates to any concern regarding STEPS’ privacy practices or STEPS’ handling of your personal and sensitive information. This could include matters such as how information is collected and stored, how information is used or disclosed or how access is provided to personal and sensitive information.

The goal of this complaints procedure is to achieve an effective resolution of your complaint within a reasonable timeframe, usually within 20 days or as soon as practicable. However, in some cases, particularly if the matter is complex, the resolution may take longer.

Once the complaint has been made, STEPS will try and resolve that matter in a number of ways such as:

  • Request for Further Information: STEPS may request further information from you. You should be prepared to provide us with as much information as possible, including the details of any relevant dates and documentation. This will enable STEPS to investigate the complaint and determine an appropriate solution. All details provided will be kept private and confidential.
  • Discuss Options: STEPS will discuss the options for a resolution with you and if you have any suggestions about how the matter might be resolved you should raise these with our Quality and Customer Services Manager.
  • Investigation: Where necessary, the complaint will be investigated. STEPS will try to do so within a reasonable timeframe. It may be necessary to contact others in order to proceed with the investigation. This may be necessary in order to progress your complaint.
  • Conduct of our Employees: If your complaint involves the conduct of our employees we will raise the matter with the employee concerned and seek their comment and input in the resolution of the complaint.
  • The Complaint is substantiated: If your complaint is found to be substantiated, you will be informed of the finding. STEPS will then take appropriate agreed steps to resolve the complaint, address your concerns and prevent this problem from reoccurring.
  • If the complaint is not substantiated, or cannot be resolved to your satisfaction, but this complaints procedure has been followed, STEPS may decide to refer the issue to an appropriate intermediary. For example this may mean an appropriately qualified lawyer or an agreed third party to act as a mediator.
  • At the conclusion of the complaint, if you are still not satisfied with the outcome you are free to take your complaint to the Office of the Australian Information Commissioner at oaic.gov.au.

STEPS will keep a record of your complaint and the outcome.

STEPS is unable to deal with anonymous complaints. This is because STEPS are unable to investigate and follow up such complaints. However, in the event that an anonymous complaint is received STEPS will note the issues raised and, where appropriate, try and investigate and resolve them appropriately.

CHANGES TO THIS POLICY

STEPS reserves the right to view, amend and/or update this Policy from time to time.

STEPS aims to comply with the APP’s and other privacy requirements required to be observed under the State or Commonwealth Government contracts.

If further privacy legislation and/or self-regulatory codes are introduced or our Privacy Policy is updated, STEPS will summarise any substantial modifications or enhancements in this section.

HOW TO CONTACT US

Individuals can obtain further information in relation to this Policy, or provide any comments, by contacting us:

Quality and Customer Services Manager

STEPS Group Australia

PO Box 1139
Caloundra, Qld, 4558
Ph: 1300 0 STEPS (1300 078 377)
PrivacyOfficer@stepsgroup.com.au

If you do not speak English, or English is your second language and you need assistance to communicate with us please email and we will identify a relevant translation service.

Note: These calls can be made for the cost of a local call from fixed residential landlines anywhere in Australia, but calls from mobile and pay phones may incur higher charges. Check with the service provider for costing from mobile or pay phones.

Part B - Handling Specific File Types

PUBLIC RELATIONS FILES

Purpose:

The purpose of public relations files is record details of public relations activities that may involve web-based interactions, educational material, promotional information, and other activities such as contact with the media, speeches, event management, surveys and publication preparation.

The limited personal information in public relations files relates to organisations, individuals, media representatives, event attendees, service providers and event calendar listings which appear on STEPS’ website.

Collection:

It is STEPS’ usual practice to collect personal information in public relations files directly from individuals.

Sometimes STEPS may collect personal information from an individual’s representative or from publicly available sources such as website and telephone directories.

Use and disclosure:

STEPS only uses the personal information in public relations files for the purposes of undertaking communication initiatives and managing public relations.

The personal information on public relations files is not disclosed to other organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those organisations or individuals, or the disclosure is otherwise required or authorised by law.

Data Quality:

STEPS maintains and updates personal information in our public relations files as necessary, or when advised by individuals that their personal information has changed.

Data Security:

Public relations files are stored in either password protected electronic media or in locked cabinets in paper form. When no longer required, personal information in public relations files is destroyed in a secure manner or archived according to our Records Management Procedure (i020300)

The following employees have access to public relations files on a need to know basis:

  • Officers of the Organisation
  • Marketing and Communications Staff
  • Staff included in Compliance and Performance Measurement

Access and Correction:

For information about how to access or correct personal information in public awareness and education files see ‘Access and Correction’ in Part A of this document.

CONTACTS LISTS

Purpose:

STEPS maintains contact lists which include contact information about individuals who may have an interest in the services provided by STEPS Group Australia. STEPS uses these contacts lists to distribute information about our activities and publications.

Collection:

It is STEPS’ usual practice to collect personal information in contacts lists directly from individuals, for example, where they have asked to be added to a contacts list.

Sometimes STEPS collects personal information from a third party or from a publicly available source such as a website or telephone directory. STEPS only usually collects personal information in this way if the individual would reasonably expect us to, or has given their consent. For instance, STEPS might collect this information if we thought that the individual (or the organisation they work for) would like to receive information about STEPS services, or that they might like to consider information about disability care useful to the work that they do. STEPS would only contact this individual in their work capacity.

Use and disclosure:

STEPS only uses personal information in contacts lists for the purpose of managing stakeholder relations.

STEPS does not give personal information about an individual to other organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to these organisations or individuals, or the disclosure is otherwise required or authorised by law

Data Quality:

STEPS maintains and updates personal information in our contacts lists when we are advised by individuals that their personal information has changed. STEPS will remove contact information of individuals who advise us that they no longer wish to be contacted.

Data Security:

The personal information in the contacts lists is stored in either password protected electronic media or in locked cabinets in paper form. When no longer required, personal information in contacts lists is destroyed in a secure manner or archived according to our Records Management Procedure (i020300)

Routine access to contacts lists is limited to the database operators and other authorised workers who have responsibility for maintaining the contact lists. Other employees  have access to the personal information in contacts lists on a need to know basis.

Access and Correction:

For information about how to access or correct personal information in STEPS contacts lists see ‘Access and Correction’ in Part A of this document.

RELATED DOCUMENTS

2.3 Records Management Procedure (i020300)

GOVERNANCE

Document Owner: Managing Director
Effective Date: 08 May 2017
Approval Date: 05 May 2017
Document Number:  i010106_v2_170508

Contact Us

We'd love to hear from you! Please fill out the form below and we will be in touch with you asap.

Not readable? Change text. captcha txt
X