Privacy policy

Every effort is made to ensure that all contact with KYDS’ counselling service is secure and confidential. When you talk to someone at KYDS, nothing said or written down can be communicated to anyone outside KYDS without your permission. There are a few exceptions related to safety, as outlined in this Privacy Policy.

Protecting your privacy

This Privacy Policy sets out how we collect and manage personal information and the steps we take to protect it. We will handle your personal information in compliance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) in the Privacy Act.
We will also handle your personal information in compliance with relevant State and Territory health records laws, the Spam Act 2003 (Cth) in relation to emails and other electronic messages, and all other applicable privacy laws.

Definitions

1.  What is ‘personal information’?

‘Personal information’ means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable. Examples of personal information are an individual’s name, address, phone number and date of birth.

‘Sensitive information’ is a type of personal information that generally has greater privacy protections under the Privacy Act. It includes ‘health information’ (which is defined below), and information about an individual’s race or ethnic origin, political opinions, religious beliefs, sexual orientation or practices, and criminal record.

‘Health information’ includes information about the health or a disability of an individual, an individual’s wishes about the future provision of a health service to them or a health service provided to them, and other personal information collected to provide or in providing a health service to an individual.

References in this Privacy Policy to personal information include sensitive information and health information.

2. What is a ‘health service’?

A ‘health service’ includes the following activities:

  • Assessing, maintaining or improving an individual’s physical or psychological health;
  • Diagnosing an individual’s illness or disability;
  • Treating an individual’s illness or disability or suspected illness or disability; and
  • Recording an individual’s physical or psychological health for the purposes of assessing, maintaining, improving or managing the individual’s health.

Collection of personal information

1. Why do we collect personal information?

We may collect personal information from you so that we can provide services to you if you are a client, to manage our relationship with you, or where this is otherwise necessary for our functions or activities.

If you are a client, we may collect your personal information to provide you with health services and other services, or to provide you with information regarding our services.

2. What types of personal information do we collect?

The type of personal information we collect about you depends on the type of dealings we have with you. You provide most of your personal information directly to us and for a specific purpose.

If you are a client, to provide you with health services and other services, the information we collect from you may include your name, date of birth, contact details, medical history and other health information, gender identity, sexual identity, and whether you are of Aboriginal or Torres Strait Islander origin. The information we collect will depend on the type of services you are seeking.

If you are a person other than a client, such as a service provider, job applicant, emergency contact, or other person interacting with us, the personal information we collect from you will depend on the way in which you are engaging with us, and we will only collect the information needed for you to engage with us.

3. How do we collect personal information?

When we collect your personal information, we will whenever practical collect the information directly from you. We may collect personal information from you face-to-face, when you interact with us online, or when we speak with you over the phone. We will also take reasonable steps to notify you (through this Privacy Policy and otherwise) of the details of the collection, such as the purposes for which the information was collected, any organisations that we may share the information with, and that this Privacy Policy contains information on how you may access and correct your personal information and make a privacy complaint.

We will only collect and record personal information when you:

  • Send us a message (e.g. where you contact us through the KYDS website);
  • Ask us to provide you with services – including as a client, online or by phone;
  • Make a comment on a KYDS webpage or social media account;
  • Make a donation;
  • Ask to receive newsletters/updates;
  • Ask to obtain resources such as promotional materials;
  • Complete a feedback form;
  • Provide a specific submission to KYDS (e.g. stories, tips, art work, questions etc.);
  • Participate in a publicity photo shoot or other audio-visual activity;
  • Apply for a job with us;
  • Supply goods / services to us.

We sometimes collect your personal information from people or sources other than you. For example:

a. If you are a client, to provide you with health services, we may need to collect your personal information from your family or guardian, or your other health service providers. We will only do this with your consent or where it is otherwise permitted under the privacy laws. One such permitted circumstance where we would not seek your consent, is where it was unreasonable or impracticable to obtain your consent, and we needed to collect your personal information from someone else to prevent a serious threat to your life or safety, or that of any other person.

b. We may collect information from third parties if you are a potential supplier or service provider to KYDS.

c. When you apply for a job with us, we collect information about your qualifications and we may ask you to undertake certain tests and provide certain consents for further information collection, as part of our recruitment process.

4. What happens if I do not provide my personal information?

If you do not provide the personal information requested, we may not be able to provide you with the information or services you require, or a receipt for your tax-deductible donation. Similarly, you may not have the opportunity to provide us with your goods or services.

Use and disclosure

1. How do we use and disclose your personal information?

We will generally only use or disclose your personal information for the main purposes for which it was collected. For example, if you are a client who has provided your information to receive health services from us, we will generally only use your personal information to provide you with health services.

We will only use or disclose your personal information for other purposes where:

  • You have consented;
  • We use or disclose it for purposes which are related (or if the information is sensitive information, directly related) to the main purpose for which the information was collected, in circumstances where you would reasonably expect this to occur; or
  • It is permitted or required by law.

If you are a client, with your consent, we may use or disclose your personal information in the following ways:

  • The information you provide will be used by staff at the KYDS centre(s) you visit and other KYDS programs and services (including digital services) you engage with, to help them provide you with an appropriate service;
  • We will use the information you provide to evaluate and report on how well KYDS is providing health services to young people;
  • We are required to provide our funding bodies (such as Government Departments and Primary Health Networks) with information about KYDS’ clients and services for their monitoring, evaluation and service planning purposes. The information provided to these funding bodies will include your date of birth, gender and details about the types of services you used, however it will not include your name, address or Medicare number.

We will not otherwise disclose your personal information to any third parties without your consent unless this is permitted or required by law.

For example, we are permitted under law to disclose your information where it is unreasonable or impracticable to obtain your consent and we reasonably believe disclosure is necessary to lessen or prevent a serious threat to your or any other person’s life, health or safety, or to public health or safety. If your communication with us raises safety concerns, we will try to contact you to check that you and/or others are safe. If necessary, we may need to pass on your contact information (if you have supplied it) to authorities who can help protect you and/or others, such as a crisis service or the police. Where possible we will work with you openly, letting you know if our concerns reach the point where we need to involve other services. We are obliged to try to protect you and/or others if the information you submit tells us that:

  • You are being seriously hurt by someone else;
  • You are thinking of seriously harming yourself;
  • Someone else is being, or is likely to be, seriously hurt by you or another person.

We sometimes undertake and/or engage partners to conduct evaluation, research and reporting activities using information we provide. The information disclosed by KYDS to these partners for their evaluation, research and reporting purposes will be de-identified – this means the information provided will not include your name and will not identify you as an individual.

Dealing with us anonymously or using a pseudonym

In some circumstances you can deal with us anonymously or by using a pseudonym (a fictitious/made-up name), for example, if you are enquiring about our services generally.

Where lawful and practical, KYDS will offer the option for anonymity when providing personal information in the process of delivering services and transacting KYDS’ business.

Quality and security of personal information

1. General

We hold personal information in a number of ways including electronically and in hard copy paper files.

2. Data quality

We take reasonable steps to ensure that the personal information we collect and handle is accurate, current, complete, relevant and not misleading. You can help us keep your information up to date by letting us know about any changes to your contact details.

3. Protection of personal information

We take steps as are reasonable in the circumstances to ensure that personal information we hold is protected from misuse, interference, loss, and from unauthorised access, modification and disclosure.

4. Retention of personal information

Your personal information is only kept while it is required for the purpose for which it was collected, for a permitted secondary purpose or as required by law. For example, as a health service provider, we are required to keep health information for minimum time periods under certain State and Territory health records laws. After we have kept personal information for the required time periods according to these laws, we will securely dispose of your personal information.

5. Credit card information

We do not store any credit card information on our servers.

6. Overseas disclosure

We will comply with the requirements of the Privacy Act and APPs when disclosing personal information overseas.

We may use a third-party software services provider who will have access to personal information for the limited purposes of diagnosing and resolving software issues. These disclosures will only be to the extent necessary for these purposes, and we will take all reasonable steps to ensure that the third-party services provider handles your personal information in accordance with the APPs.

If you are a client, it may also be necessary to disclose your personal information to an overseas recipient in certain circumstances, for example, if you have moved overseas and would like to seek ongoing health services from an overseas provider.

We will only disclose your personal information overseas if we would be lawfully permitted to disclose it to a recipient in Australia, and:

  • We have taken reasonable steps to ensure that the overseas recipient of your personal information does not breach the APPs; or
  • The overseas recipient is subject to a law, binding scheme or binding contract that provides substantially similar protection to the APPs which you can access and enforce; or
  • If the disclosure overseas is otherwise required or authorised by law.

Marketing communications

If we intend to provide you with any marketing communications, for example, to provide you with information about KYDS’ services and resources you may wish to access, we will only send you such communications if you have previously consented to this, and in accordance with any marketing communication preferences that you have notified to us.

All marketing communications will include our contact details and the option for you to opt-out of receiving these communications.

Access and correction

You generally have a right to have access to your personal information, and to seek its correction, if it is inaccurate, out of date, incomplete, irrelevant or misleading, subject to some exceptions permitted by law. If you wish to have access to your personal information or ask that it be corrected or deleted, please contact us using the contact details provided in this Privacy Policy. We will generally respond to access and correction requests within 30 days.

We may deny your request in some circumstances, but only if we are legally entitled to do so. We will give you a written explanation for any denial of an access or correction request. We will also explain how you can complain if you are not satisfied with our explanation.

Website privacy

If you provide your personal information through our website, or if you contact us through the website, this Privacy Policy will apply to the handling of any personal information you provide.

We use “cookies” on the KYDS website. Cookies identify traffic coming into and out of our website, but do not identify individual users. Cookies enable our web server to collect information back from your device’s browser each time you visit our website.

When you visit our website Google Analytics uses cookies to record and log your visit with the following information collected for strictly statistical purposes only:

  • the user’s server address;
  • the user’s top level domain name (for example, .com, .gov, .au, .uk etc);
  • the date and time of the visit to the site;
  • the pages accessed and documents downloaded;
  • the search words and referral sites used;
  • the type of browser used.

KYDS will only use statistics obtained from cookies to ascertain and follow website usage to enable improvements, updates and maintenance of pages of the website.

No attempt will be made by us to identify individual website users except:

  • where we have obtained consent from the individual user to do so; or
  • where we have a legal obligation to do so, for example if a law enforcement agency executes a warrant to inspect Google Analytics logs.

Complaints

If you have a complaint about how we have collected or handled your personal information, please contact our Privacy Officer (see contact details below). We will investigate your complaint and communicate the outcome of our investigation within a reasonable time.

If you are not satisfied with the outcome of our investigation, or if you do not wish to contact us directly, you can refer your complaint to the Office of the Australian Information Commissioner (OAIC) using the following details:

  • Website: www.oaic.gov.au
  • Telephone: 1300 363 992
  • In writing: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001

In some instances, you may also be able to refer your complaint to another applicable regulator such as the statutory body in your State or Territory responsible for health complaints.

Contact us

If you wish to access or correct your personal information, or if you have a privacy related complaint or any questions about our Privacy Policy, please contact info@kyds.org.au or phone (02) 9416 0900 and ask for the Privacy Officer.

KYDS employee records

The Privacy Act does not apply to KYDS’ handling of employee records where it is directly related to a current or former employment relationship, and this Privacy Policy will not apply in those circumstances. Instead, workplace laws prescribe the personal information to be held in employee records and the way in which employees may access their personal employee records.

Where State or Territory health privacy legislation applies, KYDS is still required to protect the privacy of employee health information. This Privacy Policy will apply in those circumstances.

Review of this Privacy Policy

The Privacy Policy is reviewed every three years or as changes are required. This Privacy Policy and any amendments to this Privacy Policy will require approval of the Executive and Management Committee of KYDS Youth Development Service Incorporated.