19 April 2018
Our Privacy Commitment
At Multiple Sclerosis Limited (MSL) and its related entities we are committed to protecting your privacy and ensuring that any data we have on you is safe and secure.
We know we have legal and ethical responsibilities relating to the management of personal, health and sensitive information generated during fundraising or during any of our services delivered.
We are bound by the Australian Privacy Principles in the Privacy Act 1988 (Cth), and by relevant State and Territory privacy laws; and remain ready and committed to complying with these requirements at all times.
Our Privacy Statement
This statement explains how we collect, use and protect your information. It is our current policy for dealing with the control, processing and use of personal information. The policy is available from our website.
How do we collect your information?
We collect personal information in a number of ways, including:
- directly from you or (when relevant) your carers, for example when you provide information by phone, in contact forms or any other agreements, or when you submit your personal details through our website or contact email addresses
- from our own records when you use our services
What information do we collect?
Depending on how you are interacting with us, this information may include your contact details, your health history, occupation or other information relevant to your situation.
We also collect information on your communication preferences, such as whether you wish to receive information and publications about multiple sclerosis, MSL services, or events and fundraising activities.
How do we use your personal information?
If you receive a service or services from MSL, we will collect and hold your personal information to gain an understanding of your needs so that we can:
- conduct appropriate assessments and provide effective treatment plans
- provide appropriate advice and information
- provide a range of services and work to improve the quality of our service
- administer billing services and comply with legal or regulatory requirements and funding agreements
If you participate in a fundraising event or have previously donated to MSL, we collect and hold your personal information so that we can:
- engage with you in an appropriate way to optimise fundraising to benefit people affected by multiple sclerosis
- provide relevant information in line with your wishes
- administer fundraising financial services
How do we store your information?
The security of your information is important to us and we take all reasonable steps to protect it from misuse, loss, unauthorised access, modification or disclosure.
All personal and health information is stored securely in paper and/or electronic form. This includes:
- requiring our MSL team members to maintain confidentiality
- document storage security measures including password protection, locked cabinets, key security
- imposing computer access security measures including password protection
- secure transportation of files in vehicles, by registered post and secure fax methods
- providing discrete environments for confidential discussions
- only allowing access to health records when the individual seeking access to their own information has satisfied our identification requirements
All financial information pertaining to customers of MSL is stored securely in line with the Payment Card Industry Data Security Standards (PCI DSS), with no complete bank details retained. Wherever possible MSL use Westpac merchant facilities.
If you would like further detail regarding the way such specialists assist us to manage any financial transactions, or which (limited) data is kept on the fundraising platforms, please contact our Privacy Officer who can direct you to the privacy policies that apply to you and your information.
All information is retained for the period of time determined by law and disposed of in a secure manner. For further information around our data retention and disposal policy, please contact our Privacy Officer.
How do we keep your information accurate?
We take all reasonable steps to ensure that the personal, health information and customer choices we collect, use and disclose is accurate, complete and up-to-date. You can amend any information in your records that you consider to be incorrect, incomplete or misleading.
We request that you let us know if there are any errors in the information, any changes to personal details e.g. name or address or any changes in your communication preferences.
When do we share your information?
In order for MSL to provide a comprehensive and effective service it may be required to share your information with other service providers, e.g. your doctors or health centre. In this situation, prior to taking any action, we will ask you to give consent for us to disclose any information from your record to the other party.
We will only provide personal and health information to a third party with your consent, however there are occasions where we must provide information (without individual consent) if bound by legislation or regulatory compliance to do so.
Signed consent will be required on a ‘Consent to release personal information’ form. Copies of all paperwork related to the release of the information will be placed in your file (paper and electronic version). If you are unable to give consent about the release of your information due to age, physical or cognitive limitations, a decision will be sought from your authorised representative.
There is a process to enable you to withdraw your consent to release information at any stage.
We are most unlikely to disclose personal information that we hold on you to any overseas recipients. However, in the unlikely event that we do, this policy will be updated to clearly indicate those countries in which such recipients are likely to be located.
How can you access or correct your own personal information?
All records dealing with personal information for recipients of MSL services remain the property of MSL.
However, you have a right to access your own personal information on request and to be provided with copies of documents. There is no charge to submit a request to seek access to your personal information but we may charge for a small administrative fee to cover any of our costs.
You also have the right to seek a correction of any personal information that we hold about you so as to ensure that is accurate, up-to-date and complete.
You or your authorised representative can make a written request to the MSL Privacy Officer to access personal and health information in your record. Viewing of records will occur under supervision.
An authorised representative is defined under the Health Records Act 2001 (Vic) as:
- • Guardian or Parents (in the case of a child or a minor);
- • Attorneys under Enduring Power of Attorney
- • Agents under the Medical Treatment Act 1988 (Vic)
- • Administrators under the Guardianship and Administration Act 1986 (Vic)
- • A person otherwise empowered to act or make decisions in the best interest of the person
Making a privacy complaint
If you have a concern or complaint about your privacy, please contact us and we will seek to address it within 30 days of receiving it. If you are not satisfied with the way we handle your complaint, there are other options available to you.
While we are confident that we can resolve your complaint promptly without needing to involve third parties, if you are still unhappy then you may also be able to lodge a complaint with the Office of the Australian Information Commissioner (www.oaic.gov.au)
How to contact us
If you have any questions in relation to this Privacy Statement, our management of your personal information or any other records, or would like a copy of this statement sent to you, please use the contact details below.
Notifiable Data Breaches Scheme – 22 February 2018
We are aware of the Notifiable Data Breaches (NDB) scheme which took effect in Australia from 22 February 2018. This scheme applies to us as an organisation with existing personal information security obligations under the Privacy Act 1988 (Cth).
The NDB scheme creates an obligation on MSL under law to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. In this unlikely event, we will also notify you of any breach and include recommendations that you should take in response to the breach. We are also obligated to notify the Australian Information Commissioner of any eligible data breaches.
For further information on the NDB scheme please visit www.oaic.gov.au.
For more information on any of these areas please call MS Connect on 1800 042 138, or contact the MSL Privacy Officer via firstname.lastname@example.org