Privacy Policy

In order to meet Keen Care’s obligations under the Aged Care Act 1997 as an employer and to ensure the optimal delivery of care and support services, it is necessary that Keen Care collect personal information (e.g. name, signature, address, telephone number, date of birth, medical records, bank account details, employment details and commentary or opinion) and sensitive information (e.g. health information including health assessments, professional reports, health notes and test results that comprise the health record).

Keen Care is committed to ensuring that the privacy of information held with respect to customers, volunteers and staff is maintained and protected. All personal information held by Keen Care will be collected and managed in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles and the Privacy Amendment (Notifiable Data Breaches) Bill 2016.

• Management of personal information - Personal information is held electronically and in hard copy form both at Keen Care premises and for electronic records, at the premises of Keen Care’s service provider. Measures to maintain the security of that personal information are maintained at all times. Personal information is disposed of in accordance with the State Records Act 1997 (SA). Information that is no longer required and able to be destroyed will be destroyed.
• Consent – Customers consent will be sought prior to the use and disclosure of their personal information.
• Access by an individual to their personal information – The personal information held in respect of an individual will remain accessible to the individual and the Privacy Officer will facilitate access when requested, subject to evaluation of the requirements and conditions of the Privacy Act 1988
• Collection and recording of personal information – Personal information is only collected to the extent to which it is necessary consistent with Keen Care’s obligations as an employer and Aged Care Service Provider.
• Collection and recording of sensitive personal information – Sensitive personal information is only recorded subject to:
  1. The information being reasonably necessary consistent with Keen Care’s obligation as an employer and provider of services to older people; and
  2. The individual consents to the collection of sensitive information or the collection of the information is required or authorised by/or under an Australian law or a court/ tribunal; or The information is necessary to provide a health service to a person and either;
     1. the collection is required or authorised by or under an Australian law; or
     2. the information is collected in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind Keen Care.
• The manner in which personal information is collected – Personal information will be collected only by lawful and fair means and will be collected from the individual concerned unless they have given consent to the collection of information from someone other than the individual or it is unreasonable or impractical to do so.
• Receipt of unsolicited personal information – If Keen Care receives unsolicited personal information, a determination will be made whether or not Keen Care could have collected the information consistent with Australian Privacy Principles. If collecting the information would not have been consistent with the Australian Privacy Principles and the information is not contained in a Commonwealth record, the information will not be used/ recorded by Keen Care and will be destroyed or de-identified, if lawful and reasonable to do so.
• Confidentiality – It is a condition of employment that Keen Care employees agree to uphold the organisation’s confidentiality requirements as defined within their employment agreement.
• Disclosure of personal information – Keen Care will not disclose personal information to other entities unless it is required under law (e.g. Aged Care Act 1997), it is necessary that the recipient receives the information to enable Keen Care to fulfil its commitment to providing outstanding care and support and Keen Care reasonably believes that the recipient of the information will not disclose that information derived from Keen Care. In specific instances, it is necessary that Keen Care provides personal information to other entities including where
  • Keen Care is authorised to do so or for legal reasons Keen Care is obliged to (e.g. Court Order, emergency services Keen Care provides de-identified information to funding agencies and government departments
  • Aged care specialists are engaged to work on Keen Care’s behalf
  • The individual is incapable of giving consent to the disclosure and consent is required to be given by their substitute decision maker or responsible person for the necessary provision of appropriate care and treatment for compassionate reasons.
• Data Breach If Keen Care is subject to, or suspects that it has been subject to, a data breach, Keen Care will act immediately to:
  1. Contain the breach and undertake a preliminary assessment
  2. Evaluate the risks associated with the breach
  3. Determine whether the data breach is a notifiable data breach
  4. Prevent future breaches
• Notifiable Data Breach A Data Breach will arise where there has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals, or where such information is lost in circumstances that are likely to give rise to unauthorised access or unauthorised disclosure (for example, leaving information on the bus, in a waiting room, shopping centre. Sending an email with personal information to an incorrect recipient). Where a reasonable person would conclude that there is a likely risk of serious harm as a result of the unauthorised access or unauthorised disclosure (i.e. where it is more probable than not that serious physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation to any of the affected individuals), a statement containing the prescribed information about the data breach will be prepared and provided to the Office of the Australian Information Commissioner. Keen Care will then take steps to notify all affected individuals.
• Direct marketing – Personal Information will not be used or disclosed for the purpose of direct marketing.
• Disclosure of personal information to an overseas recipient – No information will be disclosed to an overseas recipient without the consent of the individual.
• Adoption, use or disclosure of government related identifiers – A government related identifier will not be adopted unless required or authorised under an Australian government law. A government related identifier will not be disclosed unless:
  1. It is reasonable necessary to verify an individual’s identity; or
  2. It is necessary for Keen Care to fulfil its obligations to an agency or state or territory authority; or
  3. The use of the identifier is required or authorised under an Australian law.
• Accuracy of personal information – Keen Care endeavours to maintain reliable and accurate information and will take necessary steps to correct information where it is inaccurate, out of date, incomplete, irrelevant or misleading.
• The type of personal information collected, the means of collection, storage and purpose
  1. Keen Care will only collect information, including sensitive information that is reasonable necessary for the administration of its services or required by legislation.
  2. All personal information will be stored securely.
  3. Keen Care will only collect personal information that is necessary to enable it to fulfil its obligations as an employer and provider of services to older people.