This policy also ensures that we comply with the Convention on the Rights of Persons With Disabilities – Article 22 – Respect For Privacy, and, insofar as they relate to privacy, the National Standards for Disability Services.
Our obligations under the Privacy Act exist in respect of our dealings with “personal information” of “individuals”.
What is personal information?
Personal information is defined in the Privacy Act as:
information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.
Why do we collect personal information?
There are few, if any, organisations that can function without personal information. We are no exception. We collect personal information where it is reasonably necessary for our functions or activities. Our functions and activities include:
- our primary services are:
- providing disability services to affected individuals including services relating to:
- accommodation and supported living
- respite services for people with disability
- community and social activities
- providing employment services to employees and employers
- providing support and coordination in relation to the National Disability Insurance Scheme (NDIS)
- providing disability services to affected individuals including services relating to:
- marketing our services;
- undertaking research to improve our services;
- obtaining goods and services from other businesses;
- employing staff; and
- complying with legal and regulatory obligations.
Some common examples of personal information that we may collect include an individual’s name, contact details, and details of services that they obtain from us.
The Privacy Act recognises certain types of personal information as sensitive information. Examples of sensitive information about an individual include information about the individual’s:
- racial or ethnic origin;
- political opinions;
- membership of a political association, professional or trade association or trade union;
- religious beliefs or affiliations;
- philosophical beliefs;
- sexual orientation or practices; and
- criminal record.
It is in the nature of the services we provide that we may collect sensitive information from our clients and other individuals with whom we deal. Any sensitive information which we do collect will either be collected with the consent of the relevant individual or as permitted by law.
How do we collect and keep personal information?
We receive personal information in different ways and through a number of different media including:
- via online sources (including email and other electronic communication channels, Facebook, Instagram, Twitter and other social media and technology platforms);
- by telephone;
- through face to face communications; and
- by hard copy correspondence and documentation.
We keep different types of records that include personal information. These include records stored electronically on databases, information stored in the cloud, and also hard copy files. The computer servers on which we store personal information are located in Australia and hosted by [insert]. Your personal information will be routed through, and stored on, those servers in the course of the services that we provide.
We take reasonable steps to protect personal information we hold from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
When do we use or disclose or transfer personal information?
If we collect personal information for a particular purpose, we may use or disclose that personal information for that purpose. For example, if a customer obtains a product or service from us, we may use and/or disclose their personal information for the purpose of providing the product or service to them.
We may also use or disclose personal information for other secondary purposes including the following:
- where the individual has consented to the use or disclosure for the secondary purpose;
- where the secondary purpose is related to (or in the case of sensitive information directly related to) the purpose for which the personal information was collected and the individual concerned would reasonably expect us to use or disclose the information – for example providing marketing information to existing customers (unless the customer has requested not to receive marketing information from us);
- the use or disclosure is required or authorised under a particular law or a court or tribunal order;
- a permitted general or health situation exists as defined in the Privacy Act; or
- we reasonably believe that the use or disclosure of the personal information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
We may disclose your personal information to third parties, such as our service providers (including IT services including cloud storage services, insurers, financial institutions, mailing houses), member organisations and other business partners, our professional advisers (including lawyers, accountants and auditors), and government, regulatory and law enforcement authorities.
We use the personal information that we collect for a variety of purposes related to the services that we provide. We only hold and process personal data when the law in your particular jurisdiction allows us to.
Security of your personal information
We have put in place appropriate technical and organisational measures to help keep the personal information that we collect safe from unauthorised access or disclosure as required by law and in accordance with good industry practice. For example, all information you provide to us is stored on our secure servers and our database is encrypted using only whitelisted IP addresses for access. Any payment transactions will be encrypted using SSL technology.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or websites or other parts of our information systems (”Site“), you are responsible for keeping this password confidential. You must not share your password with anyone.
The transmission of information via the internet is not completely secure. Although we implemented the measures described above to protect your personal information, we cannot guarantee the security of information that is transmitted to our Site and any transmission is at your own risk.
We will react swiftly upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorised persons or in any unauthorised manner.
Retention of your personal information
We are legally obliged to retain our business records (some of which are, or contain, personal information) for up to 7 years. The end-point of that obligation as it applies to specific information depends on a range of factors, including when the record was created and/or updated. We will only retain your personal information for as long as is necessary for the purposes described in this policy or as long as we are legally required to do so, whichever is longer. This means that retention periods will vary according to the type of personal information that we have collected in the first place. For example, we’ll hold on to your personal information for as long as you have your account, or as long as is needed to be able to provide the services to you but, in addition, we will also retain some of your personal information (even after you have closed your account) for fraud prevention and detection reasons and as long as necessary to comply with our statutory obligations.
Transferring personal information overseas
At all times we will ensure that wherever in the world your personal information is stored or processed, it will be done so in full adherence to prevailing law.
We will process your subject access request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why.
How can you access personal information relating to you that we hold?
You may request access to your personal information held by us by contacting our Privacy Officer (details below). We will provide access where we are required to do so under law. In other cases, we reserve our right not to provide access. We also reserve the right to recover our reasonable costs of providing you with access to your personal information held by us.
How to contact our Privacy Officer
Privacy Officer | Ability Options Ltd
Suite 1.14, 29 – 31 Lexington Drive
Bella Vista, NSW, 2153, Australia
- recognise your browser as a previous visitor and save any preferences that may have been set during your last visit to one of our sites;
- help your session load faster
- Keep you signed in
- Monitor how you use the website and platform
- track website analytics and carry out research and statistical analysis to help improve our content, products and services and to help us better understand our visitors’ or customers’ requirements and interests;
- customise and target our marketing and job-advertising campaigns and those of our partners more effectively;
- measure and research the effectiveness of our interactive online content, features, advertisements, and other communications;
- make your online experience more efficient and enjoyable.
What type of cookies do we use?
We use functional cookies to recognise you on our website and remember your previously selected preferences. These could include what language you prefer to use and your location. A mix of first-party and third-party cookies are used. The exception to functional cookies is where the cookies are strictly necessary in order for us to operate the Ability Options websites or any related application or site and/or to provide you with a service you have requested.
Further information about cookies, including how to see what cookies have been set on your computer or device and how to manage and delete them, visit www.allaboutcookies.org and www.allaboutcookies.org.
Third-party cookies are set by a third-party site separate from Ability Options Ltd. We work with third-party service providers who are authorised to place third-party cookies and may also set cookies on our site. These third-party service providers are responsible for the cookies they set on the site. If you want further information, please go to the website of the relevant third party. If you would like to opt-out of all other types of technologies we employ on this Site, you may do so by changing your browser settings to block, delete or disable these technologies as your browser or device permits.
In light of changes to cookies practices in the recent past, with respect to the disablement of third party cookies on some browsers, we include below an updated list of the more popular browser types with hyperlinks showing how to adapt their cookie settings accordingly: