Privacy
Privacy Statement
This privacy statement applies to this website, which is maintained by the Health and Disability Services Complaints Office (HaDSCO). When following a link from this website to another website, it is recommended that viewers read and consider the privacy statement of that website.
Collection of personal information
HaDSCO will collect, use or disclose personal information to resolve your complaint or answer your enquiry. Please note that the complaint process is confidential and information relating to your complaint will not be disclosed to a third party without your consent.
HaDSCO only collects your personal information when you provide it to us over the phone or via our online forms including our:
- Complaints Form
- Feedback Form
- E-Newsletter Sign Up Form
Each of these forms features a specific collection notice which details the personal information we collect about you and the purpose we collect the information. You may choose not to provide us with your personal information. However, we may be unable to contact you or handle your complaint without the necessary information.
We do not collect personal information from any third parties, unless you authorise us to do so as part of your submitted complaint.
Use of your Personal Information
HaDSCO will use your personal information for the following purposes:
- To handle a complaint you have lodged with HaDSCO;
- To request access to your medical records pertaining to a complaint if you provide us with authorisation;
- To subscribe you to our e-newsletter upon your request; and
- To respond to any inquiries, feedback or complaints you submit to us.
We use information you voluntarily provide us, such as post code, gender and country of birth, for deidentified statistical use. This information is not required to investigate a complaint, and you may choose not to provide it. We may also use your contact information to seek consumer feedback.
In limited circumstances, we may be required to disclose personal information for other purposes. For example, where required by law such as responding to a subpoena.
We may disclose your personal information to the Australian Health Practitioner Regulation Agency (AHPRA) when complaints relate to a registered health professional due to our legal obligations under the Health and Disability Services (Complaints) Act 1995.
To assist with your complaint, HaDSCO may need to obtain information or records. A copy of the complaint will be sent to the service provider for a response and may also be sent to any other relevant organisation. As part of the complaint submission form, you will be required to provide authorisation.
We may also use or disclose your personal information for another purpose, and for a secondary purpose where permitted under the Australian Privacy Principles, for example where:
- you have consented
- you would reasonably expect us to use or disclose your personal information for the secondary purpose, and that purpose is related to the primary purpose, or, in the case of sensitive information, directly related to the primary purpose;
- required or authorised by or under a Western Australian or Australian law (including the Freedom of Information Act 1992 (WA)) or a court/tribunal order;
- we reasonably believe that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body;
- necessary to prevent or lessen a serious threat to the life, health or safety of any individual, or to public health or safety;
- taking appropriate action in relation to suspected unlawful activity or serious misconduct;
- asserting a legal or equitable claim or defence;
- conducting a confidential alternative dispute resolution process;
- required to take appropriate action in relation to a reported security incident;
- for marketing (including direct marketing) purposes; or
- for research or planning purpose.
Your personal information will at all times be managed in accordance with the applicable legislation in Western Australia and retained in accordance with any legal obligation (including the State Records Act 2000).
We may also provide your personal information to other entities including:
- Ministers and other government departments, agencies or entities;
- our internal and external auditors;
- law enforcement agencies (and their contractors) or regulators;
- research and marketing entities for the purposes of research, marketing and planning; and
- investigators and entities engaged to help identify and investigate improper activities or prevent fraud.
Collection and use of site visit data
When you visit our websites, some statistical information is collected about how you interact with the website. We use cookies to collect this type of information. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable us to recognise you across different websites, services, devices and/or browsing sessions. We use cookies to deliver content specific to your interests so you do not have to register each time you use the website. You can disable cookies through your internet browser but if you do so, some of the features on our websites may not function fully and your ability to browse, read and download information may be impaired.
We use online tools to gather information about visitors to our website and to help us improve our website and deliver services. We use software provided by third party vendors for this purpose.
How do we hold and store your Information?
We have taken all reasonable steps to implement the appropriate security policies, rules, measures and patches to protect your personal information that we have under our control from misuse, interference and loss and from unauthorised access, modification or disclosure. Personal information is securely stored by us and by third parties on our behalf. For example, fire walls and virus protection software are in place to protect our systems and data.
The retention and destruction of records of personal information held by the Western Australian Government is governed by the State Records Act 2000 and supporting policies and procedures. We take reasonable steps to destroy or de-identify all personal information that is no longer required to be retained.
Use of personal information for direct marketing
We may send you direct marketing communications and information about our services. This may take the form of email, or other forms of communication. We may also undertake direct marketing through our media service providers. By accessing this website or any social media platform, you acknowledge that you would reasonably expect us to use or disclose your information for direct marketing purposes and you consent to receiving such marketing communications. In addition, we will only use your information for marketing purposes when we have provided you with a simple means of opting out of receiving further direct marketing from us, and you have not requested that we cease sending you direct marketing communications.
Links
Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for, and do not endorse or otherwise approve, the content, privacy policies or practices of third party websites that are linked on the HADSCO website, and we have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from this Privacy Statement. If you follow a link to another website from the HADSCO website, we recommend that you read the privacy statement or policy of that other website to understand what it does with your information.
Unsolicited personal information
HaDSCO may receive your information as unsolicited personal information.
Unsolicited personal information is received by an organisation, where it took no active steps to collect that information.
When and where HADSCO receives unsolicited information, HADSCO will determine whether it could have collected the information under Australian Privacy Principle 3 (which governs the collection of solicited personal information). Where HADSCO could not have collected the information consistent with Australian Privacy Principle 3, HADSCO will destroy or de-identify the information as soon as practicable, so long as it is lawful and reasonable for it to do so.
How to Access or Amend Your Personal Information
Under the Freedom of Information Act 1992, an application can be made to request access to your personal information. An application can also be made for correction or amendment to any document/s which contain personal information. Applications must be made in writing and clearly demonstrate how or why the record/s are inaccurate, incomplete, out-of-date or misleading.
To make a request under the Freedom of Information Act 1992, please contact the FOI Coordinator at mail@hadsco.wa.gov.au.
For further information about the process to access or amend your personal information, please refer to HaDSCO’s Freedom of Information Statement.
How can I complain about a breach or give feedback on how HaDSCO deals with my Information?
- Please contact us to provide HaDSCO with feedback regarding the management of your personal information or to complain about a breach of HaDSCO’s privacy obligations.
- HaDSCO will take reasonable steps to respond to your complaint and/or feedback within 20 days of receipt.
- You can request a review of a decision refusing access to your Information and/or refusing to correct your personal information. To lodge a complaint about the management of your personal data, or request a review of a decision HaDSCO has made regarding access to or correction of personal information, please contact us.
Notifiable data breaches
Where we become aware of a potential data breach which is likely to result in serious harm to any individuals about whom we hold information, we will:
- investigate the suspected breach and determine the scope of any breach that has occurred and the risk of harm to affected individuals whose information may have been compromised;
- notify you of the potential breach; and
- take steps to minimise any harm caused to affected individuals as a result of the breach.