This website has been developed and is managed by the Health Care Consumers’ Association (HCCA) of the ACT. This page outlines the approach HCCA takes to manage the privacy and confidentiality of information collected during the use of this website and the usual operation of our organisation.
HCCA is committed to handling personal information with openness, transparency and accountability. HCCA respects the right of privacy and protects personal information of any individual making contact with the organisation for any purpose.
HCCA has a Privacy and Confidentiality Policy. This policy has been based on the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and Australian Privacy Principles (APPs). It outlines how HCCA manages the personal information of staff, volunteers, members and consumer representatives and members of the public. It also describes the type of personal information held, for what purposes, and how that information is collected, held, used and disclosed.
The HCCA Privacy and Confidentiality Policy can be downloaded at HCCA Privacy and Confidentiality Policy.
This policy applies to the collection, storage, use and disclosure of personal information collected through your use of the Health Care Consumers’ website and any activity of the Health Care Consumers’ Association, such as events, consultations or forums.
We are committed to protecting your personal information, and ensuring its privacy, accuracy and security. We will handle your personal information in a responsible manner in accordance with the Privacy Act 1988 (Act), the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and the Australian Privacy Principles (APPs).
By using any of our products or services, visiting our website https://www.hcca.org.au or giving us your personal information, you agree to your information being collected, stored, used and disclosed as set out in the HCCA Privacy and Confidentiality Policy and as required under law.
Collection of Information
We may collect your personal information from a range of sources, including from you, when you communicate with us via our websites, by e-mail, telephone or in writing.
Wherever reasonable and practicable, we collect personal information from the individual to whom the information relates. If you provide personal information about someone other than yourself, you agree that you have that person’s consent to provide the information for the purpose for which you provide it to us.
The personal information we collect includes: names, addresses, e-mail addresses, phone numbers, payment details, occupation and other information to assist us in conducting our business, providing and promoting our products and services.
We only collect personal information by lawful and fair means. We usually collect personal information from:
- face-to-face meetings and telephone calls;
- electronic communications – for example, e-mails and attachments; forms filled out by you, including as part of acquiring a product or service from us; and
- our websites, including if you use it to contact us.
We collect the personal information necessary for us to:
- provide you with the products and services you have requested from us
- provide you with information about products and services that may be of interest to you
- improve the products and services we provide
- to enable us to meet our legal and regulatory obligations.
HCCA may also collect personal information about you in accordance with our obligations under the data retention provisions of the Commonwealth Telecommunications (Interception and Access) Act 1979.
Where lawful and practicable, we will give you the option of interacting with us anonymously or using a pseudonym.
Use of Information
We only use personal information for the purpose for which it was provided to us, for related purposes or as required or permitted by law. Such purposes include:
- in the ordinary course of conducting our business. For example, supplying or acquiring products and services, responding to your enquiries and feedback, and providing information about our events, news, publications and products and services that may be of interest to you;
- performing general administration, reporting and management functions. For example, invoicing and account management, payment processing, risk management, training, quality assurance and managing suppliers;
- as required or authorised by the Telecommunications (Interception and Access) Act 1979 (Cth) and the Telecommunications Act 1997 (Cth);
- as required by or in accordance with any mandatory industry code or standard registered under the Telecommunications Act 1997 (Cth); and
- other purposes related to or in connection with our business, including meeting our legal and contractual obligations to third parties and for internal corporate governance purposes.
Disclosure of Personal Information
We may disclose, and you consent to us disclosing, your personal information to third parties:
- engaged by us to provide products or services, or to undertake functions or activities, on our behalf. For example, processing payment information, managing databases, marketing, research and advertising;
- that are authorised by you to receive information we hold;
- that are our business partners, joint venturers, partners or agents, our external advisers, and government agencies. For example, where disclosure is reasonably required to obtain advice, prepare legal proceedings or investigate suspected unlawful activity or serious misconduct; or
- as required or permitted by law.
We may use and disclose your personal information to provide you with information about our products and services that we consider may be of interest to you. You may opt out at any time if you do not, or no longer, wish to receive marketing and promotional material. You may do this by: contacting us via e-mail or in writing at the address below and requesting that we no longer send you marketing or promotional material; or where applicable, clicking the “Unsubscribe” button.
You may request access to the personal information we hold about you by contacting us. We will respond to your request within a reasonable time. We will provide you with access to the information we hold about you unless otherwise permitted or required by law. If we deny you access to the information, we will notify you of the basis for the denial unless an exception applies. Where reasonable and practicable, we will provide access to the information we hold about you in the manner you request. No fee applies for requesting access to information we hold about you, however we reserve the right to charge a reasonable fee where a cost is incurred by us in the supply of the information.
We do not adopt, use or disclose government related identifiers except as required or permitted by law.
Storage of Information
We take all reasonable steps to protect your personal information from misuse, interference, loss and unauthorised access, modification and disclosure. Such steps include:
- physical security over paper-based and electronic data storage and premises
- computer and network security measures, including use of firewalls, password access and secure servers
- restricting access to your personal information to employees and those acting on our behalf who are authorised and on a ‘need to know’ basis
- retaining your personal information for no longer than it is reasonably required, unless we are required by law to retain it for longer
- entering into confidentiality agreements with staff and third parties.
Where we no longer require your personal information, including where we are no longer required by law to keep records relating to you, we will ensure that it is de-identified or destroyed.
In most cases we do not disclose information to overseas recipients. In the event we do disclose your personal information to overseas recipients – for example, when storing personal information online or in the ‘cloud’, overseas disclosure will be limited. We will make all reasonable efforts to ensure that data is stored on Australian servers and with Australian storage providers. We request you provide us with written confirmation if you do not consent to your information being disclosed overseas. We will not send your personal information overseas without obtaining your consent (this may be implied) or otherwise in compliance with the APPs.
When you browse through the Health Care Consumers website, we use Google Analytics software to gather and temporarily store a variety of information about your visit. However, this information cannot be used to identify you as an individual.
If you have a complaint in relation to the collection, storage, use or disclosure of your personal information, please contact our Privacy Officer using the details below. You will need to provide us with details of your complaint, as well as any supporting evidence and information. We will review and respond to all complaints received. If you are not satisfied with our response, you may discuss your concerns with or complain to the Australian Privacy Commissioner via www.oaic.gov.au.
Email to: [email protected]
Writing to: Executive Director, HCCA, 100 Maitland Street, Hackett, ACT 2602
Telephone: 02 6230 7800
Privacy Amendment (Enhancing Privacy Protection) Act 2012
Privacy Act 1988 (Act)
Telecommunications (Interception and Access) Act 1979 (Cth)
Telecommunications Act 1997 (Cth)
Version 1.0 – Updated 11 July 2022