This policy describes how St Ives Group manages the collection, use and disclosure of personal information in an open and transparent way and protects the privacy of individuals regarding the personal information held.
The St Ives Group is committed to protecting the personal information it collects in accordance with the requirements of the APPs.
This policy allocates responsibilities for:
- St Ives Group
- St Ives staff
- St Ives Group Privacy Officer
4. Policy Statement
St Ives Group is committed to ensuring that:
- any personal information collected is professionally managed in accordance with the Privacy Act 1988, the APPs and all relevant state legislation
- St Ives Group staff utilise documented quality processes and procedures in their day to day duties to protect the privacy of St Ives Group staff and external contacts.
The Policy Collection Statement can be found in the St Ives Group Privacy brochure or by contacting the St Ives Group as per Section 5.14.
5.1 Collection of personal information
5.1.1 Purpose of collecting personal information
St Ives Group will only collect and hold personal information about an individual that is reasonably necessary for our business functions, activities and the provision of services and advice related to that individual, or where the collection and storage is required or authorised by or under an Australian law or a court/tribunal order.
Our functions and activities include, but are not limited to:
- building retirement villages
- operating and managing retirement villages
- providing services and facilities to residents of retirement villages
- assisting with the sale or rental of properties
5.1.2 What personal information is collected?
The personal information collected and held will depend upon the nature of the services being provided by St Ives Group.
The types of personal information collected and held, having regard to the nature of the services provided by St Ives Group, include but are not limited to:
- name, gender, address, telephone number, date of birth
- details of personal representative, guardian, next of kin, power of attorney
- financial and banking details
- health fund and Medicare details
- current and past health information
- preferred hospital
- individual photograph
- social history covering family, work and general interests
- any other personal information that may be required to facilitate your dealings with us or which may be reasonably necessary to pursue our functions and activities.
In the course of carrying out recruitment activities in respect of employees we may collect a wide range of information, including information regarding an applicant’s educational qualifications, career history, interests, hobbies and job interests and such other information as may be routinely included within a curriculum vitae.
5.1.3 How is personal information collected?
St Ives Group will only collect personal information by lawful and fair means and not in an unreasonably intrusive way. Personal information will usually be collected directly from the individual (or their personal representative) unless St Ives Group receives authority from that person to obtain information from another source or other exceptional circumstances exist.
St Ives Group will only collect personal information from third parties if:
- we are required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual concerned; or
- it is unreasonable or impracticable to collect the information directly from the individual concerned; or
- it is provided to us in the course of providing at least one of our functions and activities.
St Ives Group will take all reasonable steps to ensure that personal information collected is secure, accurate, complete and up-to-date and that the individual is aware:
- that their information has been collected
- how it will be used
- that they may access information held about them
- of the likely consequences of failing to provide the information.
5.1.4 What sensitive information is collected?
Sensitive personal information includes information, or an opinion about matters like an individual’s health, criminal history or racial or ethnic origin. In limited circumstances, St Ives Group may need to collect this information from individuals where the collection is reasonably necessary for one or more of our activities or functions.
St Ives Group will not collect sensitive information about an individual unless the individual has consented, or such collection is required or authorised by law. In the case of health information, specific requirements are complied with, as outlined in the APPs.
5.2 Use and disclosure of personal information
Generally, we will only use or disclose personal information for the purpose for which it was collected (the primary purpose), including the purposes set out above.
However, we may use or disclose personal information for secondary purposes if we receive your consent to do so, or without your consent if you would reasonably expect us to use your information for the secondary purpose, or otherwise when the APPs permit us to do so.
For example, the APPs permit us to use and disclose personal information for a secondary purpose without an individual’s consent if the individual would reasonably expect us to use or disclose the information for a certain secondary purpose and the secondary purpose is:
- if the information is sensitive – directly related to the primary purpose; or
- if the information is not sensitive – related to the primary purpose; or
- the use or disclosure of the information is permitted or authorised by or under an Australian law or a court/tribunal order (for example where disclosure of your information will reduce or prevent a serious threat to life, health or safety or where our disclosure is in response to any unlawful activity).
We may collect, hold, use and disclose your personal information for the following purposes (amongst others):
- to assess your residency application;
- to provide you with goods or services as a resident of one of our retirement villages;
- to operate and manage our retirement villages;
- to provide real estate agency services;
- to provide or allow third parties to provide you with healthcare services, first aid and/or medical treatment;
- to investigate complaints and manage insurance claims;
- to send you messages, reminders, notices, updates, security alerts, and information requested by you;
- to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our related organisations that we think you may find interesting;
- to comply with our legal obligations, resolve any disputes that we may have with any of our website users, and enforce our agreements with third parties;
- to consider your employment application; and
- to provide security through the use of closed circuit television cameras.
The personal information collected is used to identify individuals within St Ives Group Information Technology (IT) systems and forms the basis for contracts entered into by St Ives Group external contacts.
Selected information is used to assess the suitability of individuals for admission to St Ives Group facilities and provision of services as appropriate.
St Ives Staff may access personal information, when necessary, during the course of their duties as do external health professionals such as the individual’s nominated General Practitioner (GP) and pharmacists.
St Ives Group will take all reasonable steps to ensure that personal information used or disclosed is accurate, up to date, complete and relevant, having regard to the purpose of its use and disclosure.
5.2.1 Disclosing personal information to third parties
- our employees and related entities;
- third party suppliers and service providers (including providers in connection with providing our products and services to you);
- professional advisors, dealers and agents;
- payment system operators;
- our existing or potential agents, business partners or partners;
- anyone to whom our assets or divisions (or any part of them) are transferred;
- specified third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies, healthcare providers and law enforcement agencies, or as required, authorised or permitted by law.
All organisations that St Ives Group may disclose personal information to are subject to strict guidelines on how they use the personal information.
5.3 Notification of collection
At or before the time we collect personal information about an individual (or, if that is not practicable, as soon as practicable after), we will take such steps as are reasonable in the circumstances to notify the individual of the following information (“Collection Information”):
- our identity and contact details;
- that we have collected the personal information;
- if the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order – the fact that the collection is so required or authorised;
- the purpose for collecting the personal information;
- the main consequences (if any) for the individual if we do not collect all or some of the personal information;
- the organisations, or types of organisations, to which we usually disclose personal information of that kind;
- whether we are likely to disclose the personal information to overseas recipients, and if so, the countries in which such recipients are likely to be located (if practicable to do so).
Circumstances may arise where it would be reasonable for us not to provide the individual about whom the information relates with notice of all or some of the Collection Information. This will often be the case when we are providing emergency ambulance services or similar.
5.4 Quality of personal information
We will endeavour to take reasonable steps to ensure that the personal information that we collect is accurate, up to-date and complete.
The reasonable steps described above that we may undertake include:
- ensuring that updated and new personal information is promptly added to relevant existing records;
- reminding individuals to update their personal information when we engage with them;
- with respect to personal information in the form of an opinion, we may take the following steps to verify the accuracy of the opinion:
- checking that the opinion is from a reliable source;
- providing the opinion to individuals before we use or disclose it;
- clearly indicating on our record that the information is an opinion and identifying the individual who formed that opinion.
5.5 Access to and correction of personal information
An individual may request access to their personal information that is held by St Ives Group by contacting us.
Individuals can request that their information is corrected if they are able to establish that the personal information held is not accurate, complete or up to date.
Individuals are only able to view and correct their own information. The privacy of others will not be compromised to facilitate this.
5.5.1 How to request personal information held
A request to view or receive a verified copy of the personal information held by St Ives Group can be obtained by submitting the request, in writing to the St Ives Group Privacy Officer (refer Section 5.14).
Individuals will be required to provide St Ives Group with appropriate identification before a request for personal information will be attended to. A reasonable charge may apply to gain access to information, which will be advised upon receipt of a request.
St Ives Group will respond to all requests within ten working days. However, this is dependent on the nature of the request and the accessibility of the information (for example, information may be held in off- site storage premises). Individuals will be informed if there is a delay in providing the requested information and the reason for the delay.
5.5.2 Correction of personal information
If, with regard to the purpose for which it is held, we are satisfied that personal information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, or if the individual about whom the information relates makes a request, we will take reasonable steps to correct the information. However, as a matter of practice, when we receive personal information, we will hold the information for a period of time before we consider whether it is inaccurate, out-of-date, incomplete, irrelevant or misleading (unless we are informed otherwise).
If we correct personal information, we will take reasonable steps to notify any third party to whom we had previously disclosed the information, if the individual about whom the information relates requests as such and it is not unlawful or impracticable for us to do so.
5.5.3 When personal information will not be provided or corrected
In limited circumstances, St Ives Group may not allow an individual access to their personal information or may decline requests to correct some of their personal information held. If this occurs, St Ives Group will provide an explanation in writing setting out:
- the reasons for denying access to personal information (except where it would be unreasonable to provide the reasons);
- the mechanisms available to complain about the refusal; and
- any other matters prescribed by the regulations.
Examples of when St Ives group may decline access to personal information is if:
- access will pose a threat to the life or health of someone
- access would have an unreasonable impact on another person’s privacy
- information relates to anticipated or existing legal proceedings
- the request is frivolous or vexatious
- giving access would be unlawful
- there is another legal requirement for denying access as specified in the APPs.
If we refuse to give access to the personal information in accordance with the APPs, or if we refuse to give access in the manner requested, we will take such steps (if any) that are reasonable in the circumstances to give access in a way that meets our needs and the needs of the individual. The individual may also request that we associate the information with a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. Where such a request is made, we will take reasonable steps to associate the statement so that it is apparent to the users of the personal information.
5.6 Anonymity and pseudonymity
Where practical, individuals will have the option of remaining anonymous or using a pseudonym when dealing with St Ives Group, such us when making initial enquires into St Ives Group operations and the services provided.
However, we may elect not to deal with the individual anonymously or pseudonymously if:
(a) we are required or authorised by or under an Australian law, or a court/tribunal order, to deal with them in accordance with their identity; or
(b) it is impracticable for us to deal with them in this way.
Operational and legal obligations require that individuals identify themselves to St Ives Group once contractual discussions commence.
St Ives Group will advise if failure to provide personal information may jeopardise the delivery services to an individual.
5.7 Security of personal information
St Ives Group may hold your information in either electronic or hard copy form. We will take all reasonable steps to ensure that any personal information collected is held securely and protected from misuse, interference and loss, unauthorised access, modification or disclosure, by ensuring the following are in place:
- controls for the physical access to information
- passwords and other electronic protection for computer and network security
- secure off-site storage and disaster recovery practices which may include the use of reputable third party IT services, such as ‘cloud’ based data storage and Microsoft Office 365
- St Ives Staff respect the confidentiality of all information that is collected and held
- St Ives Staff are trained on information handling
5.7.1 Retention of personal information
St Ives Group will only retain information that is necessary and relevant to our business operations.
As a general rule, personal information will be retained for at least seven years in order to meet legal and business requirements. Once the information is no longer required, personal information held by St Ives Group will be either destroyed in a secure manner or permanently de-identified so that the information cannot be linked to an individual (unless our compliance with the APPs or a law requires us to avoid taking such steps).
We may need to maintain records of health information in order to assist in providing medical and related services or ensuring that third parties can provide such services. Therefore, we may need to hold health information for longer periods of time than other kinds of personal information in order to carry out some of our functions and activities.
5.7.2 Dealing with unsolicited personal information
Unsolicited Personal Information is when St Ives Group receives personal information without taking any active steps to collect it.
If we receive personal information that we did not solicit, we will, within a reasonable period of receiving the information, determine whether we would have been permitted to collect the information to the APPs.
If we determine that we have received personal information that we would not have been permitted to collect pursuant to the APPs (and the information is not contained in a Commonwealth record), we will as soon as practicable and where it is lawful and reasonable to do so, destroy the information or ensure that it is de-identified. If the above cannot be determined, St Ives Group will destroy or de-identify the unsolicited personal information as soon as practicable, if it is lawful and reasonable to do so.
If we determine that we would have been permitted to collect the personal information pursuant to the APPs, we will ensure that the information is dealt with in a manner that complies with the APPs.
St Ives Group will not pass on unsolicited personal information received without the prior consent of the sender.
5.8 Transferring personal information overseas
St Ives Group may transfer personal information between countries, if required, for a relevant purpose in circumstances where St Ives Group suppliers, contractors or agents are based overseas, or otherwise have data storage facilities overseas where personal information will be stored.
In some cases, a third party may utilise data storage facilities located in Australia in the ordinary course of business, but reserve the right to transfer data offshore, whether for data safety, or maintenance reasons, or due to available space or data link speeds, or otherwise. In such circumstances, St Ives Group will not necessarily have control over the third party’s movement of data.
In all cases, St Ives Group will take such steps as are reasonable in the circumstances to ensure that the overseas recipient complies with the Privacy Act in relation to that information, unless the APPs do not require us to do so.
We will not be required to take the steps described above if:
- We reasonable believe that:
- the recipient of the information is subject to a law or a binding scheme that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information; and
- there are mechanisms that could be taken to enforce the law or binding scheme; or
- both of the following apply:
- we expressly inform the individual about whom the information relates that if they consent to the disclosure of the information, we will not be required to take the steps described above; and
- after being so informed, the individual consents to the disclosure; or
- the disclosure of the information is required or authorised pursuant to an Australian law or a court/tribunal order; or
- the APPs otherwise allow us to refrain from taking the steps described above.
5.9 Direct marketing
St Ives Group may use personal information collected for market research to better understand the needs of individuals with the aim to provide access to a relevant range of St Ives Group products and services.
We may use or disclose personal information (other than sensitive information) for direct marketing if:
(a) we collected the information from the individual concerned;
(b) the individual has consented to, or would reasonably expect us to, use or disclose the information for that purpose; and
(c) we provide the individual with a simple means by which they may easily request not to receive direct marketing communications from us and they have not made such a request to us.
St Ives Group will not:
- sell, trade, lease or rent any personally identifiable information obtained from an individual without their prior express consent
- undertake any marketing activities which would amount to a breach of any legislation including the
Do Not Call Register Act 2006 (Cth) and the Spam Act 2003.
Individuals may choose to opt out of St Ives Group marketing activities at any time by contacting St Ives Group directly or via the unsubscribe function or other contact information provided in any marketing you receive.
5.10 Our website and cookies
We may collect personal information about you when you use and access our website, including any additional website features such as a ‘live chat’ function.
While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our websites may not work as intended for you if you do so.
5.11 Adoption, use or disclosure of government related identifiers
St Ives Group will not use any personal identifiers issued by a state or Commonwealth agency (e.g. Medicare number or tax file number) as a means of identification within the St Ives Group records systems. Where necessary, a unique code will be used to identify external contacts of St Ives Group.
5.12 Complaints of a breach of privacy
5.12.1 If an individual has a complaint
An individual may make a complaint if they believe that there has been a breach of privacy or if they do not agree with a decision made by St Ives Group regarding access to their personal information.
Complaints can be made either verbally or in writing and St Ives Group will endeavour to resolve the complaint by following the St Ives Group Compliments and Complaints policy and procedure relevant to the Business Area providing the St Ives Group service.
5.12.2 Unresolved complaints
If an individual is not satisfied with St Ives Group’s decision regarding a complaint, a formal written complaint can be directed to the Australian Information Commissioner at:
Office of the Australian Information Commissioner:
Mail: GPO Box 5218
SYDNEY NSW 2001
Telephone: 1300 363 992
TTY: 133 677 then ask for 1300 363 992
5.13 Policy amendments
5.14 St Ives Group privacy contact
St Ives Group Privacy Officer:
Mail: PO Box 4014, WEMBLEY WA 6913
Telephone: 9287 8701
Facsimile: (08) 9284 0888
Personal information, including sensitive information, will be ‘collected’ if it is included in a record or generally available publication.
You can give consent either:
- expressly – express consent is given explicitly either in writing or orally; or
- impliedly – your consent will be implied where your consent can be inferred from your conduct and our conduct.
Includes stakeholders, competitors, visitors, residents, clients, guests, customers or partners of St Ives Group.
Personal information is defined in the Privacy Act. In summary, personal information is information or an opinion about an identifiable person, or a reasonably identifiable person no matter whether:
- the information or opinion is true or false; and
- the information or opinion is recorded in a material form or not.
Some examples of personal information include a person’s name, address and date of birth.
Sensitive information refers to additional personal information that includes details about an individual’s racial or ethnic origin, political opinions, membership of political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, or health information.
St Ives Group
St Ives Villages Pty Ltd (trading as St Ives Retirement Living), Blaxland Pty Ltd (trading as St Ives Realty) and our related bodies corporate.
St Ives Staff
Includes St Ives Staff, contractors or sub-contractors, consultants, labour hire employees, apprentices or trainees and volunteers involved with the activities of St Ives Group. It also includes St Ives Board Members, Directors and any person serving St Ives Group on a committee or advisory capacity.
Unsolicited Personal Information
Personal information that St Ives Group receives but has taken no active steps to collect:
- misdirected mail received by St Ives Group
- correspondence to Ministers and Government departments from members of the community
- a petition sent to St Ives Group that contains names and addresses
- an employment application sent to St Ives Group on an individual’s own initiative and not in response to an advertised vacancy
- a promotional flyer containing personal information sent to St
- St Ives Group by an individual promoting the individual’s business or services.
We will review this policy from time to time to make sure it’s up-to-date. If we make changes, we’ll post the latest version here.
This Policy was last updated on: 19th December 2018