Privacy Policy

Privacy Policy

Privacy commitment

At Regis, our purpose is to provide personalised and respectful care that embraces the experience of ageing. We do this with a relentless customer focus. Keeping your information safe is important to us. The purpose of this policy is to:

  • a. set out the Privacy Collection Notice;
  • b. ensure personal information is managed in a fair and reasonable way;
  • c. protect the privacy of personal information including health information of clients, care recipients and workers;
  • d. provide for the fair collection and handling of personal information;
  • e. ensure that personal information we collect is used and disclosed for legally permitted purposes only;
  • f. regulate the access to, correction of, or deletion of, personal information; and
  • g. ensure the confidentiality of personal information through appropriate storage and security.

In handling your personal information, we will comply with the Privacy Act 1988 (Cth) (Privacy Act) and with the Australian Privacy Principles (APPs), as well as this policy. This policy may be updated from time to time.

Who this policy applies to

This policy applies to:

  • “the Company”- Regis Healthcare Limited (ACN 125 203 054) together with its subsidiaries including Regis Aged Care Pty Ltd (ACN 125 223 645) (together, We, Us, Our, Regis Group)
  • direct employee (Employee) employed via an employment contract with a Regis Group entity; or
  • indirect employee (Worker) such as a contractor, sub-contractor, student, trainee or unpaid volunteer in a Regis Group entity workplace.

‘You’ or ‘Your’ in this policy refers to the person or entity that is using our services, engaging with our services (including worker candidates) or visiting our website. By interacting with Us, You agree that we can use information about You in accordance with this policy. Please contact us if You have any questions or concerns, or if you need help understanding this policy. We may also be able to help You to find support in making decisions that impact Your privacy.

Policy

The type of information we collect about You

Personal information is any information that relates to an individual or any information from which an individual could become reasonably identifiable. This includes technical information obtained from Your online behaviour which is unique to You. We may also need to collect personal information about other individuals from You (such as family members linked to your care). We rely on You to get their consent before You provide us with this personal information.

Sensitive information (a sub-set of personal information) includes information or an opinion about race or ethnic origin, political beliefs, religious beliefs or affiliations, sexual orientation, criminal record, health information, financial information including bank account details and genetic information. Due to the intimate nature of care and services We provide, We do need to collect, use and store sensitive information to help Us meet Your care needs. When You accept care and services from Us, You accept that We may collect, use and store Your sensitive information.

In limited circumstances We may also need to collect, use or store sensitive information such as facial recognition or biometric information. If this occurs, We would treat this as a high privacy risk activity, and We won’t undertake that activity without obtaining your express consent, or completing a Privacy Impact Assessment. An exception to this would be the emergency use of a geolocation tracking device (for example, to assist in locating a cognitively impaired resident at risk of harm during unexplained absence). We are likely to only undertake high risk privacy activity if it was in the public interest, or had a significant health or safety benefit.

We may collect Your personal information, including sensitive information:

  1. if You make an enquiry regarding our services;
  2. if You access Our website;
  3. during the recruitment process;
  4. during provision of Our services.; and
  5. during the discharge process.

We generally collect five kinds of information:

  1. Personal Information provided by You, including your name, address, telephone number and email address;
  2. Sensitive Information comprising health and financial information including both personally identifiable information and aggregated statistical information:
    a.when assessing Your application to receive Our services; and
    b.if You enter Our care;
  3. government identifiers such as Medicare, Pension or Veteran’s Affairs numbers;
  4. information that We obtain about You when You visit our website including Your internet protocol (IP) address, the date and time of Your visit to Our website, the pages You have accessed, the links on which You have clicked and the type of browser that You were using; and
  5. aggregated statistical data which is information relating to Your use of Our website and Our services, such as traffic flow and demographics.

We conduct internal quality assurance activities that involve using information about You that We collect as part of usual care. Quality assurance activity outcomes are primarily used for internal purposes, such as to identify trends, to identify what We are doing well and to identify areas for improvement. Generally, We consider aggregate data that does not identify You by Your name or date of birth. Sometimes, We determine that quality assurance activity outcomes are beneficial to share in the wider health care community. We do not report identifiable information such as Your name or date of birth when sharing quality assurance activity outcomes.

Sometimes We conduct research and collaborate with recognised research providers to research issues of benefit to Us and/or the aged care sector generally. Our research collaborations typically have a clinical or service delivery purpose, which is a necessary and core part of our business activities. Such research governance is supported by a multidisciplinary research committee and an ethics committee, which considers impacts on Your privacy. Such research is usually anonymised, however, if it becomes possible for Your identity to be ascertained in such activity (for example if a case study were to be published), We will seek Your express consent. In all other cases by receiving care and services from Us, You agree that Your personal information could be used to identify you as a potential participant of research, and that this activity is in the public interest, and that specific consent is not required from You. Let us know at any time if You remove Your consent to this usage.

We conduct training with our Employees and Workers. You agree that Your personal information may be used to upskill those persons to improve how We deliver clinical care and services. Sometimes We might not be able to de-identify Your information (for example, during on-the-job training). However, We will make reasonable efforts to prevent You from being reasonably identified in training materials (for example, if an image has been taken of Your skin, We will remove from the image any identifying features such as Your face, jewellery or tattoos).

Who we collect personal information from

Personal information (including sensitive information), may be collected from You or:

a. a client or care recipient;
b. any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;
c. the health practitioner of a client or care recipient;
d. other health providers or facilities;
e. family members, a responsible person or significant persons of a client or care recipient;
f. a legal advisor of a client or care recipient; and
g. from Your online behaviour when You interact with Our website.

We also collect personal information in the usual course of our business. This includes in forming business relationships or entering contractual arrangements, or when hiring an Employee or Worker.

We will collect personal information directly from You unless:

a. We have Your consent to collect the information from someone else; or
b. We are required or authorised by law to collect the information from someone else; or
c. it is unreasonable or impractical to do so; or
d. where such collection is fair and would reasonably be expected for Us to carry out Our usual functions and activities.

Once You have provided Your consent, You are able to withdraw it at any time by contacting us. However, clients or care recipients should understand that by withdrawing Your consent, We may not be able to provide You with the services You require.

How We use Your personal information

We will only use Your personal information in ways that a reasonable person would consider are fair and reasonable for a business of our type. For care recipients, We may use Your personal information:

a) to assess Your application to receive Our aged care services, or in response to enquiries about Our services to communicate with You in relation to those services;
b) to provide and manage the delivery of aged care services to You;
c) to enable allied health care providers and medical practitioners to provide care and services to You;
d) to enable Us to obtain the correct level of government funding in relation to Your care;
e) to complete Our quality, monitoring and assurance processes;
f) to enable contact with a nominated person regarding Your health status or relevant updates to Your service;
g) if You are the nominated contact person for a care recipient, to provide updates in relation to care and services being received;
h) to lawfully liaise with a nominated representative and to contact family if requested or needed;
I) to identify and inform You of any other services that may be of interest to You;
j) to fulfil any of Our legal requirements;
k) to assess an application for employment with Us;
l) where You have given Your express consent;
m) to improve Our care and services (for example, directly or indirectly in improving quality or clinical outcomes, or in research which is in the public interest);
n) for other purposes permitted or referred to under any terms and conditions You enter or otherwise agree to with respect to Our services.

You may object to Our collection, use or disclosure of Your personal information. If you do not wish to have your personal information used in any manner or purpose specified above, please contact our Privacy Officer at privacy@regis.com.au, and We will respond in writing with reasons for our decision.

We acknowledge the increasing use of artificial intelligence in business and health care. These technical tools assist Us to analyse data to improve the care and services We provide. We will not use such technology in automated decision making which would infringe a person’s rights.

We may use Your personal information for direct marketing, such as email and SMS communications. You may opt out at any time. We may also use your personal information (such as online behaviour) to deliver personalised content online. We consider that such use has benefits for people seeking access to care and services. We may also use Your personal information to create targeted online advertisements related to Our core business activities. We consider that this is socially beneficial content, and We may use Your personal information to effect targeted advertising. This use of personal information is proportionate to the benefit to You. We will always act fairly and reasonably.

We will never trade or sell your personal information to a third party.

For prospective care recipients (or prospective employees) who have engaged with Us, we may use Your personal information:

  • for administration or business operations;
  • during marketing activities (to market services We think might interest You);
  • undertaking analytics and reaching insights about our market (to identify market segments, to carry out market research, to analyse how You and others engage with our services and content);
  • in relevant advertising (to deliver targeted advertising or content which may interest You. We may choose technology partners who use algorithms or profiling to produce content more likely of relevance for You); and
  • to comply with the law.

Notification

We will at or before the time or as soon as practicable after we collect personal information from you, take all reasonable steps to ensure that You are made aware of:

a. Our identity and contact details;
b. the purpose for which We are collecting personal information;
c. entities or persons to whom We usually disclose personal information; and
d. Our privacy policy.

When We share information about a care recipient

We may disclose Your personal information to allied health professionals who assist Us in providing care and services, medical practitioners, pharmacies, external health agencies such as the ambulance service, hospitals, the Australian Department of Social Services, the Aged Care Quality and Safety Commission, Medicare and relevant organisations or Government Departments as necessary to carry out the purposes for which the information was collected.

We may not use or disclose personal information other than the primary purpose of collection, unless:

a. the secondary purpose is related to the primary purpose, and it would be reasonable to expect use or disclosure of the information for the secondary purpose; or
b. You have consented; or
c. the information is health information, and the collection, use or disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety, it is impractical to obtain consent, the use or disclosure is conducted within the privacy principles and guidelines, and we reasonably believe that the recipient will not disclose the health information; or
d. We believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety; or
e. We have reason to suspect unlawful activity and use or disclose the personal information as part of our investigation of the matter or in reporting our concerns to relevant persons or authorities; or
f. We reasonably believe that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct or prepare or conduct legal proceedings; or
g. the use or disclosure is otherwise required or authorised by law.

Managing health records of vulnerable people

Regis recognises that many in Our care experience vulnerability, such as cognitive impairment. We encourage supported decision making, and We will work with someone You have nominated to speak with Us on Your behalf. We may disclose personal information including health information about an individual to a person who is responsible for the individual if:

a. the individual is incapable of giving consent or communicating consent;
b. the service manager is satisfied that either the disclosure is necessary to provide appropriate care or treatment or is made for compassionate reasons or is necessary for the purposes of undertaking a quality review of Our services (and the disclosure is limited to the extent reasonable and necessary for this purpose); and
c. the disclosure is not contrary to any wish previously expressed by the individual of which the service manager is aware, or of which the service manager could reasonably be expected to be aware, and the disclosure is limited to the extent reasonable and necessary for providing care or treatment.

A ‘Person Responsible’ may, depending upon the circumstances, be a parent, a child or sibling, a spouse, a relative, a member of the individual’s household, a statutory decision maker, guardian, an enduring power of attorney, a person who has an intimate and enduring personal relationship with the individual, or a person nominated by the individual to be contacted in case of emergency, provided they are at least 18 years of age.

A ‘service manager’ is a person employed by Us in a management capacity and who is responsible for the provision of appropriate care and treatment of an individual.

How We secure Your personal information

We take the privacy of Your personal information seriously. We take all reasonable steps to ensure that the personal information we hold is protected against misuse, loss, unauthorised access, modification or disclosure. We hold personal information in both hard copy and electronic forms in secure databases on secure premises and in secure cloud-based technology, accessible only by our authorised personnel. Non-current information is archived in secure premises in accordance with our Record Keeping Policy. Sometimes we use technology to help protect Your personal information. For example, we may mask or replace sensitive personal information with non-sensitive information known as tokens. This activity aims to enhance the security of Your personal information.

However, We cannot guarantee the security of any personal information transmitted to us via the Internet.

Cloud based storage

Some personal information is stored in secure cloud-based technology. Where information is stored in cloud-based technology operated by third party service providers, We will take all reasonable steps to ensure that the third party service provider adheres to Privacy Laws.

Transfer of data overseas

We try to avoid sending your personal information overseas, and it is not something we commonly do. In most cases, Your personal information is held in Australia. In some cases We or third parties use services such as data cloud storage systems, where personal information is held overseas. If We transfer Your personal information to a third-party cloud-based storage provider based overseas, We will take all reasonable steps to ensure that Your personal information is protected against unauthorised access and loss. Where data has the potential to be sent overseas, it is our preference that any recipient country has substantially similar privacy protection laws as those in Australia.

Other times and ways We collect, use, and disclose information

Closed Circuit Television Surveillance (CCTV)

We use CCTV in the public areas at some of our residential aged care facilities and other business premises to maintain the safety and security of our care recipients, workers, visitors and all other people who enter our properties. Some of Our CCTV systems may collect and store personal information. On rare occasions this information may be shared with law enforcement officers, or to comply with government regulation (such as in incident management).

Employee Information

For regulatory and compliance reasons, Regis is required to keep records of current and past workers. These records are directly related to the employment relationship and are managed in accordance with workplace laws. Privacy laws may apply to employee personal information if the information is used for something that is not directly related to the employment relationship between the employer and Regis. We will maintain those records for a reasonable period, in accordance with our Record Keeping Policy, after which the information may be deleted.

Candidates

Regis will collect personal information from candidates. We may store information about unsuccessful applicants for the purposes of future recruitment for a reasonable period, after which the information may be deleted.

Contractors, Volunteer and Student Records

Personal information collected and held by us in relation to Our contractors, volunteers and students will be managed in accordance with this policy and the Privacy Act.

New Technology

From time to time We may use new technology, such as new applications, to ease the way We interact with residents, families, staff and other people we do business with. Each platform has separate privacy settings. Where possible, We try to adopt (or request our business partners to set) ‘privacy by default’ settings. However, for some applications to work as intended, they may collect, use or store Your personal information. On occasion, an application may request Your sensitive personal information (such as a finger vein scan, in the case of staff log-in technologies). In any case, such activity will be brought to Your attention at the time of collection, and will not be done without Your knowledge or consent, and will be voluntary. Even after You provide consent, you can opt out at any time, and we will help You if You ask Us.

Unsolicited Personal Information

Unsolicited personal information is information provided to Regis in circumstances where We have not requested the personal information. If We receive Your personal information in this manner, We will consider whether or not We could have collected Your personal information under this policy and:

  1. if We determine that We could not have collected the personal information, or that the information was not obtained lawfully, We will destroy or de-identify the information; or
  2. if We could have collected the personal information under this policy, We will manage the information in accordance with this policy.

How to access, correct or delete your personal information (Your Rights)

You have a right to ask us for access to your personal information, and if you do ask Us We will:

  • provide access to Your personal information;
  • identify the source of Your personal information;
  • explain or summarise what has been done with Your personal information;
  • consult with You about the format of our response, aiming to ensure you are informed about what is being done with Your personal information (as far as is reasonable); and
  • apply a nominal fee for responding to Your request (at our discretion).

Details on how to contact Us are set out below. Alternatively, you may fill in The Request for Access to Personal Information or Request for Information Deceased Person Template or if You wish to access or update the personal information We hold about You. We will require proof of Your identity before We can respond to Your request.

We will acknowledge Your request within 7 days, and for simple requests can usually provide access to Your information within 30 days. More complex requests may take Us longer to locate, and We may charge You a reasonable administrative fee for the cost of providing access. If there is a charge, We’ll let You know beforehand, so that You can decide if You wish to go ahead.

If We can’t give You access to Your personal information, or if it is not appropriate to make the changes You have requested, We’ll provide You with Our reasons. If We agree that Your information needs to be corrected, We will do so in a reasonable amount of time.

In some cases, You may be able to request deletion of Your personal information held by Regis. Contact Us on the details below, or complete the same form. Please note that sometimes it might not be possible to delete Your personal information, especially if We are legally required to hold it. If We cannot delete it, We’ll explain why.

Privacy Breaches

Please quickly inform us if You become aware of an interference in Your privacy originating from Us. If your personal information is lost, stolen or subject to unauthorised access or disclosure, Regis will implement the Regis Aged Care Data Breach Response Plan. The faster You let us know of any privacy interference, the greater likelihood We may have in reducing any loss of privacy to You. Regis will also adhere to its obligations under the Privacy Act in relation to any required notifications to the Office of the Australian Information Commissioner (OAIC) and to those people whose personal information has been lost, stolen or subject to authorised access or disclosure.

How to contact us

For further information or for help taking steps about your personal information, please contact our Privacy Officer at privacy@regis.com.au

You can choose to deal with us anonymously or use a pseudonym (in so far as this does not contravene any legal requirement), however We may not be able to provide You with the best service or effectively deal with any issues raised, without all Your personal information.

Privacy Requests

If You have a privacy complaint, or would like to make a request about Your personal information, please contact our Privacy Officer at privacy@regis.com.au We will treat Your complaint or request seriously and confidentially, and a complaint will not alter our ongoing business relationship with You. We value your input, and appreciate the opportunity to try to resolve your concerns in the first instance.

We will:

a) acknowledge Your request within a reasonable time, and give You a timeframe for Our response;
b) provide reasonable assistance to You; and
c) take reasonable steps to respond in a reasonable timeframe (usually within 30 days).

Our Privacy Officer or their delegate will investigate complaints and respond in writing to privacy requests, and provide reasons for our decisions where We have refused Your request. If you are dissatisfied with the handling or outcome of Your complaint or request, You may directly contact the following:

Office of the Australia Information Commissioner
Phone: 1300 363 992
Online: OAIC Web Form
Post: GPO Box 5288
Sydney NSW 2001

Health Complaints Commissioner (Victoria only)
Phone: 1300 582 113
Online: hcc.vic.gov.au
Post: Level 26, 570 Bourke Street
Melbourne Victoria 3000

Aged Care Quality and Safety Commission
Phone: 1800 951 822
Email: info@agedcarequality.gov.au
Post: Aged Care Quality and Safety Commission
GPO Box 9819
(in your Capital City and State/Territory)

NDIS Commission
Phoning: 1800 035 544 (free call from landlines) or TTY 133 677. Interpreters can be arranged.
National Relay Service and ask for 1800 035 544.
Website: ndiscommission.gov.au/about/complaints/making-complaint-about-provider

top