Royal Flying Doctor Service of Australia’s policy for the collection, storage and disclosure of personal information.
The Royal Flying Doctor Service provides emergency and aeromedicine, primary health, dental services and medical chests to our patients. As a not-for-profit organisation, we also manage employee records, communicate with our stakeholders, conduct publicity campaigns with media and online, fundraise, handle feedback, and report to our funders. The RFDS collects personal information from our patients, their carers, representatives, family and friends; employees and volunteers including those applying to work with us; our supporters (donors); and others.
We are committed to meeting our legal requirements under the Privacy Act 1988 (the Act), Australian Privacy Principles (the Principles) and any other legislation.
We take all reasonable efforts to safeguard all personal information.
In general we:
- Ensure fair, open and transparent management of information;
- Collect information lawfully and through fair means;
- Collect, use and disclose only the information we need for its intended purpose or to comply with the law;
- Take reasonable steps to ensure accuracy of information;
- Collect information about a patient from them direct (although we may also need to collect from a representative, referee or other agency like a hospital or medical service, if the patient is unable to give us the information, or has given consent for someone else to do this for them);
- Regulate access and correction;
- Ensure appropriate storage and security;
- Destroy or de-identify information not needed for the intended purpose as soon as we can;
- Ensure all of our staff are aware of privacy expectations
- Acknowledge that people with vision or hearing impairments, and culturally and linguistically diverse people, may require special consideration.
What information do we collect, and why?
The RFDS collects personal and sensitive information only if an individual has consented to the information
being collected, if the information is reasonably necessary for one or more of our functions or activities, or
if one of the other exceptions applies under the Australian Privacy Principles. The RFDS will only collect information by lawful and fair means and may collect information in different ways, including:
- forms, such as the employment forms
- electronically, via email or website
- phone calls
- member and stakeholder lists
- organised meetings or conferences
- mailing lists
- direct personal contact.
The RFDS will always collect personal information directly from an individual unless it is unreasonable or
impractical for the RFDS to do so.
If the individual is an employee, the RFDS will collect personal information such as name, contact details (address, email, phone number), date of birth, citizenship or residency status, and details of an emergency
contact person. We also collect sensitive information about an employee such as bank details for direct credit of salary, tax file number, superannuation and reimbursement of work-related expenses.
If the individual is a candidate seeking employment with the RFDS we will collect information including name, contact details, employment history, references, résumé and qualifications.
We collect information from people applying to work with us, and during their employment for these purposes. This includes identity, contact, employment and education history, referee details and opinion, medical details, criminal history, finance (banking, tax and superannuation) and other details.
We usually collect identity, contact and financial information (such as credit card) when a donation is made. We are guided by the Fundraising Institute of Australia Code of Conduct and use contact details to let supporters know about events and other fundraising campaigns by mail, email and SMS/MMS (they can opt out at any time using our simple mechanism). If they choose not to provide identity or contact information, we cannot provide a receipt or details about upcoming events and opportunities.
Anyone attending an RFDS event or base may be filmed or photographed. For individuals, we seek to obtain written consent prior to using their images for promotional purposes. For crowd scenes, in a public place, it would be impractical to seek consent and we may use these images and not include any personal details (such as name, even if known). All RFDS bases have security CCTV cameras in external and public access areas.
We do not disclose personal information overseas unless:
- It is to the person themselves
- Consent has been provided
- Information is de-identified
- It’s a permitted general situation or authorised by Australian law (eg: offshore payment or data processing such as credit cards).
How can you access your personal information? Who else has access?
We disclose patient information:
- For the primary purpose of providing health and medical service
- When we have the patient’s, or their representative’s, consent
- To other health professionals (in an emergency, this may be done without notice or express consent)
- When legally required (eg: mandatory reporting of certain diseases, abuse, warrant or subpoena)
- Unlawful activity or to prevent a serious and imminent threat to life, health or safety (to an individual or the public);
- As de-identified data for research, a compilation of statistics, and public health;
- During a formal quality review;
- To our government funders.
You can access other personal information we hold about you by giving a written request which we will respond to within 10 business days. We will need to confirm your identity before providing access and we may charge a reasonable fee. There are some instances under the Act where we can deny a request such as impacting another person’s privacy. If we deny a request, we advise the reasons in writing. Please note that information is not provided over the phone unless we are certain the enquirer is the individual or the legal or nominated representative. If a detail we hold is incorrect or outdated, you can let us know at any time and we will change it. At times we may not agree to remove or change it (eg: medical opinion) but they can add separate information to the file.
Unsuccessful employment applications are held for a period of time in case they may be suitable for any similar opportunities that become available. We will destroy any application, and no longer consider it as part of the recruitment pool, on request from the Applicant. Whilst our employees do not have a legal right to access under the Privacy Act, they can make a written request to their manager and review their file contents. They cannot make any changes to their records but may add a note to their file if they wish.
Supporters and Others
Our website may contain links to other sites of interest. We cannot control, or be responsible for, their content or privacy practices. Certain sections of our websites (eg: donation payments) are secured using SSL technology to encrypt data between your browser and the website. We make every possible effort to make donations and transactions within our website as secure and safe as possible. However, everyone should be aware that there are inherent risks associated with the transmission of information over the internet including by email or by facsimile. While all reasonable efforts are made to secure information transmitted to this website, there is a possibility that the information you submit could be observed by a third party while in transit. By using our online system, you acknowledge that you do not hold the RFDS liable for any security breaches, viruses, or other malicious software that may infect your computer or any loss of data, revenue or otherwise that may occur.
From time to time, we contact our regular supporters directly to update or confirm their personal or credit card details. When we do this, we provide you with sufficient information from our existing database (including, where appropriate, the last four digits of your credit card) for you to be satisfied that the caller is our representative. If you receive a request for your full credit card number and CVV number, you should consider this a hoax, disregard and report the contact to www.scamwatch.gov.au or contact us at firstname.lastname@example.org as soon as possible.
- Phone: 02 6269 5500
- Email: email@example.com.
- Post: PO Box 4350
Kingston ACT 2604