The Health Records Act 2001, the Privacy Act 1988 (Cth), Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) and Privacy Data and Protection Act 2014 (Vic) have set the standards concerning the handling of client and staff personal information.
The Muscular Dystrophy Association Inc (MDA) is committed to protecting the privacy of its members, their carers and families, volunteers, donors and all members of the community who deal with MDA. MDA respects and upholds your rights to privacy protection by regulating the way in which we collect, use, disclose, hold and destroy your personal information.
This Policy addresses how Muscular Dystrophy Association Inc (MDA) complies with the:
- Privacy Act 1988 (Cth);
- Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)
- Privacy Data and Protection Act 2014 (Vic); and
- Health Records Act 2001 (Vic).
MDA also recognises the right to control your personal information as provided for in the Charter of Human Rights and Responsibilities Act 2006 (Vic).
Why we collect personal information
- For our research and surveys
- So we may provide information, support and resources
- To maintain our donor and sponsorship databases, to assist in income development
- So we may contact our volunteers and committee members
- To evaluate applications for employment
How we collect personal information
We collect your personal information when you provide it to MDA in a number of ways including:
- when you request a product or service from us
- by participating in an MDA fundraising event
- when you give consent to and take part in surveys etc
- when you become a member of MDA
In the event MDA received unsolicited information, it will decide if the information would have been sought from the individual, notify the individual of the received information and take such measures as required.
How we keep personal information secure
MDA takes reasonable steps to protect your personal information from loss, misuse, improper disclosure or unauthorised destruction.
If you provide us with your personal information, it is securely stored in our databases, which are accessed only by authorised staff at MDA.
All hard copy data is disposed of appropriately when no longer required.
How to access, correct or update your personal information
If you would like to access the information that we hold about you, you can contact MDA:
Phone: (03) 9320 9555
Address: PO Box 2200 North Melbourne VIC 3051
Who we share the information with
MDA will not sell, rent, or lease your personally identifiable information to others.
Unless we have your permission or are required by law, we will only share the personal data you provide with other MDA entities and/or business partners who are acting on our behalf.
MDA does not disclose information to overseas persons or bodies.
MDA is committed to ensuring the security of your information. To prevent unauthorized access or disclosure, maintain data accuracy, and ensure the appropriate use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. We use encryption when collecting or transferring sensitive data.
Summary of privacy principles
MDA has adopted the 13 Australian Privacy Principles as provided for in Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), which amends the Privacy Act 1988 (Cth).
Part 1—Consideration of personal information privacy
Australian Privacy Principle 1—open and transparent management of personal information
- The object of this principle is to ensure that APP entities manage personal information in an open and transparent way.
Australian Privacy Principle 2—anonymity and pseudonymity
2.1 Individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with an APP entity in relation to a particular matter.
Part 2—Collection of personal information
Australian Privacy Principle 3—collection of solicited personal information
Ensures that information collected from the individual is directly related to the functions, activities or services of the organisation.
Australian Privacy Principle 4—dealing with unsolicited personal information
This APP outlines what an organisation is to do in the event that it receives unsolicited personal information.
Australian Privacy Principle 5—notification of the collection of personal information
This APP provides for the notification steps an APP entity must take on the receipt of personal information about an individual.
Part 3—Dealing with personal information
Australian Privacy Principle 6—use or disclosure of personal information
Outlines the ways in which an APP entity can use or disclose personal information.
Australian Privacy Principle 7—direct marketing
This APP provides for instances of direct marketing when an APP entity can use or disclose personal information.
Australian Privacy Principle 8—cross-border disclosure of personal information
Outlines steps an APP entity is to undertake if they are to disclose personal information about an individual to an overseas recipient.
Australian Privacy Principle 9—adoption, use or disclosure of government related identifiers
Part 4—Integrity of personal information
Australian Privacy Principle 10—quality of personal information
APP entities are required to ensure that the held personal information that they hold is accurate, up to date and complete.
Australian Privacy Principle 11—security of personal information
Personal information about an individual held must be protected from misuse, loss, interference and unauthorised access. When information is no longer needed it must be destroyed or de-identified.
Part 5—Access to, and correction of, personal information
Australian Privacy Principle 12—access to personal information
On required by an individual, the personal information held about that individual must be made available to them
Australian Privacy Principle 13—correction of personal information
In the even a correction is required an APP entity is required to do so.