MANDATORY POLICY: National Quality Standard, Quality Area 7: Leadership and Service
About this policy
We appreciate that the success of our service is in no small part, dependent upon a relationship of trust being established and maintained with past, current and future families and the importance to manage collected personal information with a high degree of diligence and care.
We are committed to ensuring the continued integrity and security of the personal information you have entrusted to us and of complying at all times with the privacy laws (incorporating the Australian Privacy Principles) that apply to the service we provide. If you have a comment, query or complaint regarding a privacy matter, please don’t hesitate to discuss it with us.
What information do we collect?
We collect personal information directly from you through our enrolment and application processes and sometimes we collect or confirm this information from a third party such as funding agencies of health practitioners.
The private information we are required to collect includes but is not limited to:
- your name, address, date of birth and full name, date of birth and address of the child
- name, address and contact details for:
- each known parent
- any emergency contacts
- any authorised nominee
- any person who is authorised to consent to medical treatment or administration of medication
- any person who is authorised to give permission to an educator to remove the child from the education and care service premises
- details of any court orders, parenting orders or parenting plans
- gender of the child
- language used in the child’s home
- cultural background of the child and parents
- any special considerations for the child, such as any cultural, religious or dietary requirements or additional needs
- authorisations for:
- the approved provider, nominated supervisor or an educator (including family day care educator) to seek medical treatment for the child and/or ambulance transportation
- the service to take the child on regular outings
- name, address and telephone number of the child’s registered medical practitioner or medical service
- child’s Medicare number (if available)
- details of any specific healthcare needs of the child, including any medical condition, allergies or a diagnosis that the child is at risk of anaphylaxis
- any medical management plan, anaphylaxis management plan or risk minimisation plan for the child
- any dietary requirements of the child
- immunisation status of the child
- if the approved provider or staff member has sighted a health record for that child, a notation of that fact
- certificates of immunisation or exemption as required depending on the applicable state or territory jurisdiction.
- Residential status and proof of identity
You need to also be aware that when you visit our website, apps or other web-based content and services (“Websites”), either we or our service provider may record information (such as your computer’s IP address and top-level domain name, the type of browser you are using, the date, time and pages accessed) in relation to your visit.
Use and disclosure
We only collect personal information where it is reasonably necessary for one or more of our functions or activities, such as:
- the administering and management of early childhood education and care
- assessing your eligibility for funding support or other benefits.
- complying with any legal or regulatory obligations imposed on us
- performing our necessary business functions.
To do this, some of your private information will be shared with government agencies or funding organisations as required in order to entitle you to access various support if any.
We may also disclose your personal information to organisations that carry out functions on our behalf. This may include for example education software or information technology service providers, professional advisers, regulators and government authorities. Our agreements with these entities ensure this information is only used to carry out functions on our behalf and use your private information for the purpose it was disclosed.
We may also disclose your personal information to an individual or an organisation (a ‘third party’) if:
- You direct us to do so;
- You consent to the third party obtaining the information from us; or
- You consent to the third party accessing the information on our systems, and/or do anything which enables the third party to obtain access.
Your consent to a third party obtaining or accessing information may be implied from:
- Your use of any service or application which a third party provides to you, or makes available to you, which involves the third party obtaining or accessing personal information held by us or organisations like us; or
- You doing anything else which enables the third party to obtain access to the information.
There are limited circumstances where you may be able to deal with us anonymously or by using a pseudonym if you request to do so. Examples include where you are seeking only general information about our services or indicative pricing. In most cases it will not be possible for you to deal with us in this way, or to commence or complete an enrolment application due to the information and identifiers required by regulators and government agencies.
Access and correction
You may request access to your personal information that we hold at any time and request a correction of any errors in that information.
We will also take reasonable steps to amend or correct your personal information to keep it accurate and up-to-date.
Please contact us if you would like to access or request a correction of your personal information.
Storage and security of your personal information
We will take reasonable steps to keep the personal information that we hold about you secure to ensure that it is protected from loss, unauthorised access, use, modification or disclosure.
Your personal information is stored within secure systems that are protected in controlled facilities. Our employees and authorised agents are obliged to respect the confidentiality of any personal information held by us.
You can also help to keep the personal information that we hold about you secure by taking care before you authorise or otherwise assist any third party to obtain or gain access to that information.
We use our best efforts to ensure that information received via our Websites remains secured within our systems. We are regularly reviewing developments in online security; however, users should be aware that there are inherent risks in transmitting information across the internet.
Sometimes Cookies are used by a third-party service provider with whom we have an agreement to monitor the success of our marketing campaigns. The third-party service provider uses the Cookies to collect information such as when you visited our site, your browser type and the server that your computer is logged in to.
The information is used in an aggregate form and generally no personal information is collected by the third-party service provider. Our agreements with these third parties ensure this information is only used to carry out functions on our behalf, and if any personal information is collected the confidentiality of that information is maintained.
Most internet web browsers are pre-set to accept Cookies to enable full use of websites that employ them. However, if you do not wish to receive any Cookies on an internet web browser you may configure your browser to reject them or receive a warning when Cookies are being used. In some instances, this may mean that you will not be able to use some or all of the services provided on our websites. However, you may still be able to access information-only pages.
How we manage a data breach
A data breach occurs when personal information is lost or subjected to unauthorised access, modification, use or disclosure or other misuse.
Data breaches can be caused or exacerbated by a variety of factors and give rise to a range of actual or potential harms to individuals, agencies and organisations.
In the event of any suspected data breach, the matter will be investigated to determine:
- The nature of the breach
- The number of people impacted
- The nature of the breach and extent to which an individual or group may be harmed by the breach
- Remedial action to minimise or prevent impact
- Review of systems to minimise the possibility of future similar breach
De identification and destruction of records
When your child/children leave our service, the following documents and records must be retained by law for the periods of time listed. At the conclusion of that period, the documents and record will be de identified and destroyed.
All other documents and records that are not listed above will be DE identified and destroyed within 30 days of your departure from the service.
The following is from GUIDE TO THE NQF pages, 462-464