NextSense complies with the Australian Privacy Principles (APP) and ensures we meet legislative responsibilities to protect the personal information of our clients, website visitors, staff, donors and volunteers. This policy applies to the whole of NextSense.
Data collection
We are transparent about what information we collect and how it is used. NextSense only collects client information that is necessary for the services we provide. We store all personal information securely.
We need to collect some personal and sensitive health information so we can provide services to our clients. We obtain written consent from clients when they access our services. Our ‘consent to collect and use personal information’ form, is part of the NextSense Privacy Notice. The Privacy Notice details how we collect, store, provide access to, use and disclose that personal information. The NextSense Privacy Notice is emailed to our clients after their first appointment.
Policy
NextSense sometimes needs to disclose information to do our job. Sometimes this will be because of legal or funding requirements such as disclosure. Sometimes it is because the welfare of the client demands it.
NextSense is regulated by legislation and government-imposed rules of practice, which impacts the personal information we collect and what we do with it. We seek to protect privacy within the parameters of those laws and requirements.
If at any time a client, donor, or staff member requests further information regarding our Privacy Policy, we will provide them with a copy of the Australian Privacy Principles (APPs) which is the basis of our Privacy and Confidentiality Policy.
We provide our clients and donors with the opportunity to lodge a complaint or concern regarding privacy issues within the organisation through our feedback procedure.
Complaints or concerns about privacy issues are addressed promptly. Clients may request to make changes to their privacy consent form, which is stored in their client file.
Staff can lodge a complaint or concern that relates to another staff member. Complaints or concerns should initially be addressed to their manager. If the matter is escalated, it will be investigated.
Collection
Personal information collected must be kept for at least the minimum period necessary for service provision and legal accountability.
Personal information will only be collected by fair and lawful means and consent will be sought at the point of collection.
NextSense only collects client information that is necessary in relation to the services we provide.
Verbal consent from clients is gained at the enquiry point of data collection.
Written consent from clients is gained when clients come onto Services, through the ‘consent to collect and use personal information’ form, which is part of the NextSense privacy notice given to clients.
If any collection or usage practices change, NextSense will notify clients as soon as possible.
Use and disclosure
NextSense collects clients’ personal information for the primary purpose of providing them with NextSense services.
Personal information from clients, donors and staff will only be used and disclosed for the primary purpose it was collected. This may include improvement of services, statistics and/or reports.
Communicating with medical practitioners and other health service providers is often essential and necessary to provide clients with NextSense services. These cases of disclosure are considered to be a primary purpose.
NextSense clients may also consent to disclosures for secondary purposes. These instances are clearly explained to clients, who may choose not to consent.
The client, donor or staff member's consent will be obtained before personal information is given to a third party, except when other legal obligations take priority
Data quality
NextSense will take reasonable steps to ensure the personal information we collect, use or disclose is accurate, complete, and up to date.
Clients may update the information they have provided, which includes the information recorded in the ‘consent to collect and use personal information’ form.
Data security
NextSense ensures that personal information is protected from misuse, loss, unauthorised access, modification or inappropriate disclosure.
Client files are stored securely. Information about a client is only accessible by relevant staff who have been trained in best practice for privacy and information handling.
Client files are password protected.
Openness, access and correction
NextSense policies and procedures for the management of personal information will be openly available.
Clients, donors and staff have a right to access personal information held about themselves.
If it is found that personal information is inaccurate, incomplete or out of date, steps will be taken to correct the information. Clients may contact us at any time to make changes to the information held on file, including changes to their 'consent to collect and use personal information' form.
Identifiers and anonymity
Codes that identify an individual and are assigned by another agency won’t be adopted for our clients, donors or employees.
Trans‐border data flows
Personal information can only be transmitted outside of Australia when consent has been obtained from the individual. NextSense does not routinely provide client data outside of Australia.
The recipient must be subject to laws or binding schemes which are similar to the Australian Privacy Principles.
External website links
NextSense is not responsible for the content of other websites accessed via links from its own website and you are advised to comply with any copyright restrictions applicable to material downloaded from websites accessed via links from this site.
NextSense tries to maintain up-to-date links to other relevant websites but is not responsible for the accuracy of these links which may change without our knowledge.
Web analytics
NextSense collects statistical information about visitors to our websites using web analytics, which use cookies to assist us in understanding how visitors access and use our website and information about our services.
Generally, this information does not contain personally identifiable information such as your name or email address and therefore cannot be used to identify you.
In some circumstances it may include a visitor’s internet protocol (IP) address, which could be linked to an individual.
This consolidated information provides a more accurate picture of visitor journeys and use of our services and website.
Information that can directly identify an online visitor is collected only when offered by the visitor voluntarily via our online forms.
Key aspects
NextSense staff will be told about clients’ rights to privacy and confidentiality, and how to protect these, through induction and training programs.
All new clients are told about their rights to privacy and confidentiality, and how these will be protected.
The Privacy policy must be applied to all forms of information. This includes, but is not limited to, all information in written and electronic files, information obtained by word of mouth, from photographs and from recordings.
Specific written consent must be obtained from each client, donor or staff member before any information is released or requested from other sources. This must be maintained according to the Management of Client Record Policy.
Clients, donors and staff must be accurately informed about who will have access to the information and why it is being requested/released.
Clients and staff have the right to access to their own files.
Staff must not intrude into areas of clients’ lives that are not relevant to the services provided.
Consent that protects privacy and confidentiality will be obtained when requesting clients’, donors’ and employees’ cooperation in any fundraising or public relations activities. They will always be free to refuse if they don’t want to be involved.
Breach of policy
There are consequences for breaches of this policy depending on the nature and seriousness of the matter. Should any breach be identified, NextSense complies with the requirements for data breaches as defined by the Office of the Australian Information Commissioner.
Responsibility
NextSense will be responsible for ensuring that all clients, donors and staff are aware of their rights and responsibilities about privacy.
NextSense staff are expected to be aware of and understand their responsibilities with regards to privacy and to act as required.
Complaint handling process
If you would like to make a complaint about a breach of the Australian Privacy Principles, please get in touch with us via our contact form.
We address complaints within a reasonable time. If you are unhappy with the outcome of your complaint, you may take your complaint to the Office of the Australian Information Commissioner (OAIC).