Disability Services Australia (ABN 35 002 507 655) is a wholly owned subsidiary of Scope Australia.
1.1 What kind of personal information do we collect and hold?
a. The amount and type of personal information we collect from you and hold about you will vary
depending on how you deal with us.
b. If you are a member or supporter of Scope Group, the personal information that we hold about
you may include:
• your name, address, telephone and email contact details;
• your gender and date of birth; and
• records relating to your membership including renewal and billing information.
c. If you are a person we support or are connected to a person we support (eg family member,
carer, advocate or nominated representative), the personal information that we hold about you
may include:
• your name, address, telephone and email contact details;
• your gender, date of birth and marital status;
• information about your disability and support needs (see Section 1.2 below);
• health and medical information (see Section 1.2 below);
• things that are important to you, e.g., your likes and dislikes;
• your living arrangements and accommodation needs;
• your learning and educational needs;
• details concerning your daily life and routine;
• details concerning your employment goals and other life goals;
• details concerning your social and community activities;
• your visual image, via photograph or otherwise;
• any other information obtained from you when you use the National Disability Insurance
Scheme Planning Tool (NDIS Planning Tool) which will enable us to provide you with a report
of your needs and provide you with our disability support services;
e. If you are a donor, or a corporate partner, or are connected with us through our fundraising,
marketing or community access activities, the personal information we hold about you may
include:
• your name, address, telephone and email contact details;
• details of the donations, bequests and contributions you have made to us;
• events and activities you have participated in;
• publications and services you have received from us; and
• your billing details
f. If you use our websites, the personal information we hold about you may include:
• your name, address, telephone and email contact details;
• any details you provide to us through your use of the website – for example, if you register to
be on our mailing list or use the website to send us messages or comments; and
• any details you provide to us as part of a payment or donation process via the website.
g. If you do not fall into one of these categories, we generally do not hold your personal
information.
1.2 Do we collect sensitive information?
a. We understand that protecting your privacy in relation to sensitive information is particularly
important.
b. To provide our services or to respond to inquiries about our services, we may be required to
collect and hold your sensitive information including health and medical information and
information relating to your disability and support requirements where you have consented to
provide such information.
c. You can ask us to withdraw or amend your prior consent at any time. Simply contact us (our
contact details are listed below in Section 5.1) to make your request.
d. We will limit the collection of sensitive information to the minimum amount required in the
circumstances to provide you with, or a person with whom you are connected with, our services.
1.3 Your health information
a. The privacy and security of your health information is a key priority for us.
b. When we collect and store your health information, we will ensure:
• that you are aware that we have this information, the full scope of the information we have, and the purpose for which we hold it
• that you are aware that you can access the information and correct errors in it at any time
• that you have the opportunity to require us to provide this information to another health provider upon your instruction to do so
1.4 How do we collect personal information?
a. We may collect personal information from you in a range of ways including:
• when you inquire about services or supports;
• when you apply to receive services or supports from us;
• when you apply for or are successful in obtaining employment or a volunteer role with us;
• when you apply to become a member or supporter of Scope Group;
• when you contact us in person, by phone, via mail, email or online (or when we contact you
through any means);
• when you use the NDIS Planning Tool via our website;
• when you receive services and supports from us (this may include images of you, such as
those taken on a mobile phone camera);
• when you donate to us or participate in any of our fundraising activities;
• through our direct marketing activities; and
• through our contracted service providers
b. Where possible, we will collect your personal information directly from you or your nominated
representatives. However, there may be circumstances in which we need to collect your
information from other people or organisations.
• For example, if you have asked us to manage and co-ordinate the supports you receive from
Scope Group and other organisations, we may collect information about you from your other
service providers. If you are receiving funding for your Scope Group supports, we may also
collect information about you from the funding agency.
c. If we collect personal information about you from a third party and it is unclear that you have
consented to the disclosure of your personal information to us, we will take reasonable steps to
contact you and ensure that you are aware of the circumstances surrounding the collection and
purposes for which we have collected your personal information.
d. If you have provided us with information about another person, then you need to tell that other
person that you have done so, that they have a right to access their information and that they can
refer to the Privacy Policy for information on how Scope Group will handle their personal
information.
1.5 Unsolicited personal information
a. Sometimes we may receive personal information that we did not request. This is known as unsolicited personal information.
b. If the information is such that we could have lawfully collected it for an allowed purpose (see Section 2 below), then we will deal with the information in the same way as solicited information.
c. If the information is such that we could not have lawfully collected it, we will destroy or de-identify it as soon as practicable if it is lawful and reasonable to do so.
d. Personal information provided to us that is additional to the information that we requested will be treated as unsolicited personal information. For example, if an individual completes an application form but attaches financial records that we did not ask for, these are treated as unsolicited personal information.
1.6 If you do not provide us with your personal information.
a. If you do not provide us with the personal information we reasonably request, we may be unable to provide you with the information, services or supports that you are requesting.
2.1 Why does Scope Group need your personal information?
a. The purposes for which we collect, hold, use, or disclose your personal information depends on
how you deal with our organisation.
b. If you are a member or supporter of Scope Group, we may collect, hold, use, and disclose your
personal information to:
• process your membership application and manage your membership;
• comply with laws and regulations and to meet Scope Group’s corporate governance
requirements;
• send you information about our organisation, services and supports;
• send you information about our events, community activities, research, fundraising appeals
and donor activities;
• conduct surveys, research and analysis;
• invite you to participate in research projects and activities; and
• encourage further involvement with Scope Group, to seek and process donations, and for
direct marketing and telemarketing.
c. If you are a person we support or are connected to a person we support (eg, family member,
advocate or nominated representative), we may collect, hold, use, or disclose your personal
information to:
• provide you with information about our services and supports;
• provide you with a consolidated report of your (or the person you provide support to)
personal information for the purposes of the NDIS Planning Tool;
• administer our services and supports;
• process payments;
• answer your inquiries and deliver customer service to you;
• conduct quality assurance activities;
• carry out internal functions including administration, training, accounting, audit and
information technology;
• resolve complaints;
• comply with laws and regulations and to report to funding and government agencies;
• send you information about our organisation, services and supports;
• send you information about our events, community activities, research, fundraising appeals
and donor activities;
• conduct surveys, research and analysis;
• enable third parties, such as the National Disability Insurance Agency, to conduct audits;
• invite you to participate in research projects and activities; and
• encourage further involvement with Scope Group, to seek and process donations, and for
direct marketing and telemarketing.
d. Also, information collected about you that does not identify you may be used for research,
evaluation of services, quality assurance activities, and education. If you do not wish for your de-identified data to be used this way, please contact us. Our contact details are at the end of this
Privacy Policy
e. If you are an employee, job applicant or volunteer, we may collect, hold, use, or disclose your
information to:
• process your recruitment application and manage your recruitment as an employee.
• comply with laws and regulations and to meet Scope Group’s corporate governance
requirements;
• send you information about our organisation, services and supports;
• send you information about our events, community activities, research, fundraising appeals
and donor activities;
• conduct surveys, research and analysis;
• invite you to participate in research projects and activities; and
• encourage further involvement with Scope Group, to seek and process donations, and for
direct marketing and telemarketing.
f. If you are a donor, or a corporate partner, or are connected with us through our fundraising,
marketing or community access activities we may collect, hold, use, or disclose your information
to:
• process donations and payments;
• manage our relationship with you including (if applicable) to provide services to you;
• answer your inquiries;
• conduct quality assurance activities;
• carry out internal functions including administration, training, accounting, audit and
information technology;
• resolve complaints;
• comply with laws and regulations and to report to applicable government agencies;
• send you information about our organisation, services and supports;
• send you information about our events, community activities, research, fundraising appeals
and donor activities;
• conduct surveys, research and analysis;
• invite you to participate in research projects and activities; and
• encourage further involvement with Scope, to seek and process donations, and for direct
marketing and telemarketing.
2.1.6 Also, information collected about you that does not identify you may be used for research, evaluation of services, quality assurance activities, and education. If you do not wish for your de-identified data to be used this way, please contact us. Our contact details are set out in Section 5.1 of this Privacy Policy.
h. If you use our websites, we may collect, hold, use, or disclose your information to:
• personalise your website visit or to enable remarketing website functionality;
• enable you to use the NDIS Planning Tool;
• answer your inquiries;
• process donations and payments;
• provide you with the goods and services you have asked us for;
• resolve complaints; and
• conduct research, market research and analysis.
i. We may use your personal information for the purposes we collect it for. We may also use it for
purposes related to (or in the case of health or sensitive information, directly related to) the
purpose of collection where you would reasonably expect us to. For example, if we have
collected your personal information in connection with one fundraising appeal, we may use that
information to contact you about future appeals.
2.2 Direct marketing, support communications, and invitations to participate in research
a. Where we use your personal information that we have collected directly from you to send you
marketing material, supporter communications, and invitations to participate in research by post,
email or telephone, we will provide you with an opportunity to opt-out of receiving such
information.
b. By electing not to opt-out, we will assume we have your consent to receive similar information
and communications in the future. We will always ensure that our opt-out notices are clear,
conspicuous and easy to activate.
c. If you do not wish to receive direct marketing communications or research invitations from us,
please contact us. Our contact details are in Section 5.1 of this Privacy Policy.
2.3 Who does Scope Group disclose your information to?
a. In order to operate an efficient and sustainable organisation and to enable us to carry out our
activities and provide our services and supports, we may be required to disclose your personal
information to third parties. This may include disclosure to:
b. In the event of unauthorised access, unauthorised disclosure or loss of your personal information,
we will investigate and may notify you and the Office of the Australian Information Commissioner
in accordance with the Privacy Act.
c. We take reasonable steps to make sure that external organisations will protect the privacy of your
personal information, in accordance with this Privacy Policy.
d. We will not sell your personal information.
2.4 Will your personal information be transferred offshore?
a. Our technology infrastructure primarily uses cloud infrastructure or servers located within
Australia, but we may on occasion use a platform or service located offshore. Apart from this, we do not typically transfer personal information offshore. By providing your personal information to
us or using our services and supports, you are taken to have consented to this transfer.
b. You can ask us to withdraw or amend your prior consent at any time. Simply contact us (our
contact details are listed below in Section 5.1) to make your request.
c. If we transfer information offshore for other purposes, we will only do so with your consent or otherwise in accordance with Australian law.
d. Overseas recipients may have different privacy and data protection standards. However, before disclosing any personal information to an overseas recipient, we will take steps reasonable in the
circumstances to ensure the overseas recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme unless you consent to the overseas disclosure
or it is otherwise required or permitted by law.
e. If you have any queries or objections to such disclosures, please contact us via the details set out
in Section 5.1.
2.5 How do we store personal information and for how long?
a. We take all reasonable steps to ensure that your personal information is securely stored and protected. These steps include password protection for accessing our electronic IT systems, securing paper files in locked cabinets and physical access restrictions to buildings where
information is held. In addition, access to your personal information is restricted to those properly authorised to have access.
b. Unfortunately, there are inherent risks in the management of personal information, and we cannot and do not guarantee that unauthorised access to your personal information will not
occur.
c. We keep your personal information for as long as it is needed for the purposes for which it was
collected and to comply with legal requirements.
d. There may be instances where some personal information about you is collected on a mobile device that is not owned by Scope Group (eg. photographs taken on a staff member’s personal mobile phone while out doing an activity). In such instances, Scope will reinforce to all staff the
importance of removing the information or images from the personal device as soon as the
content has been transferred into Scope’s systems for appropriate management.
e. When personal information we hold is no longer needed for any purpose, including legal purposes, and subject to our legal obligations, our information management policy and data retention schedule, we will take reasonable steps to destroy or alter that information so that it no
longer identifies you.
f. In relation to health information, we take reasonable steps to destroy or permanently de-identify health information if it is no longer needed for the purpose for which it was collected or any other purpose authorised by the Health Records Act, the regulations made under the Health Records Act, or any other law.
3.1 How can we keep your personal information up to date?
a. We take steps as are reasonable in the circumstances to correct personal information we hold. If any changes to your personal information are required, please let us know by contacting us using
the details set out below in Section 5.1.
3.2 Can you access your personal information?
a. You can ask us for access to the personal information that we hold about you at any time. Simply contact us (our contact details are listed below in Section 5.1) to make your request. For security
reasons we may ask you to put your request in writing.
b. We will not typically charge you for access to your personal information.
c. Generally (but subject to Australian law), we will provide you with access to your personal information within a reasonable time and in the manner requested by you. However, there maybe some circumstances when this is not possible, including where:
• the request is frivolous or vexatious;
• providing access would be unlawful; or
• for any other permitted reason set out in the Privacy Act 1988 (Cth).
d. If we do not provide you with access to all of your personal information, we will tell you the
reason why we have not done so.
4.1 Online data collection and use
a. When you access a Scope Group website, anonymous technical information may be collected about user activities on the website, including via Google Analytics. This may include information
such as the type of browser used to access the website, the pages visited, and geographical location.
b. This information is used by Scope Group to make decisions about maintaining and improving our websites and online services. This information remains anonymous and is not linked in any way to
personal identification details.
a. Like many websites, Scope Group’s websites may use cookies for various reasons, including to recognise a computer which has previously visited our websites and customise our websites according to previous preferences and site behaviour.
b. You can choose if and how a cookie will be accepted by configuring your preferences and options in your web browser. For example, you can set your browser to notify you when you receive a cookie or to reject cookies. However, if you decide not to accept cookies, then you may not be able to gain access to all the content and functionality of Scope Group’s websites.
a. We may keep the content of any email, or “Contact us” or other electronic message or form, that we receive. The message content may be monitored by our service providers or staff for purposes
including trouble shooting, compliance, auditing and maintenance, or where email abuse is suspected. Personal information will be handled in accordance with this Privacy Policy.
5.1 Contact details
a. If you have any questions in relation to privacy, please contact Scope Group’s Privacy Officer at privacy@scopeaust.org.au.
b. You can also seek further information and advice from the Office of the Australian Information Commissioner by calling 1300 363 992
a. Please direct all privacy complaints to Scope Group using the contact details set out above at Section 5.1.
b. At all times, privacy complaints:
• will be treated seriously;
• will be dealt with promptly;
• will be dealt with in a confidential manner; and
• will not affect your existing obligations or affect the commercial arrangements between you
and Scope Group.
c. Scope Group will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the
Australian Information Commissioner.
Supporting Information |
|
Legislative and Regulatory Compliance |
This Procedure supports Scope Group’s compliance with the following legislation and/or Standards: • Privacy Act 1988 (Cth) • National Disability Insurance Scheme Act 2013 (Cth) • Health Records Act 2001 (Vic) |
Parent Document (Policy and Protocol) | Nil |
Supporting Documents | Scope Group Privacy and Data Breach Response Plan Scope Group Information Request and Release Procedure Scope Group Information Management Protocol Scope Group Information Management Policy |
Related Documents | NDIS Practice Standards |
Definitions and Acronyms | |
Consent | Means your permission. Your consent can be express or implied. Express consent can be written (eg, when you sign a form) or verbal (eg, when you give us your permission over the phone or in a face to face conversation). Your consent will be implied where we can reasonably form a conclusion that you have given consent by taking action or deciding not to take action. For example, if you have received information about a fundraising appeal from us in the past and have not opted-out of receiving such communications, we have your implied consent to send you information about future fundraising campaigns. |
Health Information | Information or an opinion about: • the physical, mental or psychological health (at any time) of an individual; or • a disability (at any time) of an individual; or • an individual’s expressed wishes about the future provision of health services to him or her; or • a health service provided, or to be provided, to an individual Scope Group Privacy Policy Once downloaded or printed this document is no longer controlled. Refer to Scope’s Intranet for the current version. Title Scope Group Privacy Policy Document Number SCOAU-478054914-2329 Owner Chief Customer Experience, Risk and Compliance Officer Version 5.1 Policy Area Quality, Risk and Compliance Management Effective Date 23/3/2023 Approved by Executive Leadership Team Review Date 22/12/2024 Page 16 of 16 • that is also personal information; or • other personal information collected to provide, or in providing, a health service; or • other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or • other personal information that is genetic information about an individual in a form which is or could be predictive of the health (at any time) of the individual or of any of his or her descendants |
Person we support | Means a person who is currently receiving or has previously received services from us or has made inquiries to us about receiving services from us. |
Personal Information | Means information about you, where your identity is clear or identifiable from the information (for example, your name, address, phone number, date of birth). It does not include de-identified information (for example, information about the number of people using a service that you use, where your identity is not disclosed or otherwise identifiable). |
Sensitive Information | Is a category of personal information and includes your health or medical information. |
Scope Group, we or us | Means Scope (Aust) Ltd, Home@Scope Pty Ltd, Disability Services Australia Ltd and any other subsidiaries of Scope (Aust) Ltd. |
Unsolicited personal information | Unsolicited personal information is personal information that we receive but have taken no active steps to collect. Examples include: • misdirected mail • unsolicited correspondence • a petition that contains names and addresses • an employment application on an individual’s own initiative and not in response to an advertised vacancy • a promotional flyer containing personal information, sent by an individual promoting the individual’s business or services. |
Cookie | A cookie is a small text file placed on your computer by a web server when you access a website. Cookies in themselves do not identify the individual user, just the computer used. |
Subscribe to our newsletter and stay up-to-date with the latest news on DSA’s work.