QSA is committed to respecting and protecting the privacy and the confidentiality of personal information we collect from our service users, and to being honest and transparent in the way that we collect, store, use and disclosure personal information. QSA is also committed to meeting the requirements of The Privacy Act 1988 and the Australian Privacy Principles (APP).

The purpose of this privacy policy is to set out the principles that the Queensland Stoma Association Ltd  (ABN 82 438 903 230) (QSA or we, us, our) adopts in relation to the collection and handling of personal and sensitive information.

QSA provides support, assistance, information and medical supplies to individuals who have undergone stoma surgery. As part of its services, QSA facilitates access to the Stoma Appliance Scheme (SAS). Members of QSA can order SAS products through QSA to assist with their health needs (Services). By becoming a member of QSA (Member), by interacting with our website and online portal, or by requesting we provide you with information or other services by email, by phone or in person, you indicate that you accept this Privacy Policy.

QSA acknowledges that its Services meets the definition of health services under the Privacy Act 1984 (Cth) (Act), and as a health service provider, QSA is required to comply with the Act. QSA further acknowledges that all personal information collected to provide health services is considered sensitive information under the Act. QSA therefore regards and handles all personal information it receives from its Members as sensitive information (Information).

In order to perform the Services, QSA is required to collect, use and disclose your Information to facilitate your acquisition of stoma products from the SAS, and other directly related purposes. QSA is committed to maintaining your privacy and will only handle your Information in accordance with this Privacy Policy. By signing our New Member Application Form, you give your express consent to our collection, use and disclosure of your Information in accordance with this Privacy Policy.

This policy also applies to all our service users including our Member’s authorised representatives, non-member clients, health care practitioners, and other Scheme stakeholders. We reserve the right to make minor amendments to this Privacy Policy from time to time. We will seek your consent for any change effecting your rights.

Definitions

Personal information, sensitive information, health information and health service have the meaning given to them in the Act.  To assist you in understanding this policy, at the time of this version’s publication, these terms are defined in the Act as follows:

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Responsible Person means a person who can act on a person’s behalf, when that that person is a minor or lacks physical or mental capacity. A responsible includes:

  • a parent,
  • a child or sibling (who is at least 18 years old),
  • a spouse or de facto partner,
  • a person’s relative (if the relative is over 18 years old and part of the patient’s household),
  • a legal guardian,
  • a person exercising an enduring power of attorney,
  • a person who has an intimate personal relationship with a patient, or
  • a person nominated to be contacted in the case of emergency.

“Responsible person’ includes step relationships, in-laws, adopted relationships, foster relationships and half-brothers and sisters.

Sensitive information is defined in the Privacy Act as information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association;  religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices or criminal record that is also personal information. Sensitive information also includes health information about an individual, genetic information about an individual that is not otherwise health information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification and biometric templates.

Health information includes personal information that is also information or an opinion about the health, including an illness, disability or injury, (at any time) of an individual; or an individual’s expressed wishes about the future provision of health services to the individual; or a health service provided, or to be provided, to an individual. Health information also includes other personal information collected to provide, or in providing, a health service to an individual; other personal information collected in connection with the donation, or intended donation, by an individual of his or her body parts, organs or body substances; and genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.

Health service is an activity that is intended or claimed (expressly or otherwise) by the individual or the person performing it to assess, maintain or improve the individual’s health; or where the individual’s health cannot be maintained or improved—to manage the individual’s health; or to diagnose the individual’s illness, disability or injury; or to treat the individual’s illness, disability or injury or suspected illness, disability or injury; or to record the individual’s health for the purposes of assessing, maintaining, improving or managing the individual’s health. Health services also include the dispensing or prescription of a drug or medicinal preparation by a pharmacist. To avoid doubt: a reference in this section to an individual’s health includes the individual’s physical or psychological health; and the activities mentioned within this paragraph that take place in the course of providing aged care, palliative care or care for a person with a disability is also considered a health service.

Permitted health situation has the meaning given to it in the Act.

What Information do we collect?

QSA is required by the Australian Government to collect Information about you when you apply for participation in the Stoma Appliance Scheme. We may also collect Information about you which is reasonably necessary to deliver our support services to you.

Examples of Information collected by QSA may include your:

  • name;
  • address;
  • email address;
  • phone number;
  • IP address;
  • Medicare Card details;
  • gender; and
  • information related to your stoma including your type of stoma and the circumstances of your operation.

Your Information is collected in many ways including via our Membership Application, your SAS registration form, by telephone, by email, via our website, through order placement, through your online portal account and via third parties such as through organisations that work collaboratively with us (for example: a referring hospital or another stoma association).

From time to time, we may also receive unsolicited information, being information that we have not taken active steps to collect. Examples include misdirected mail, unsolicited employment applications and promotional flyers containing personal information.

When we receive such information, we will decide within a reasonable period whether we could have collected it pursuant to the requirements under the Act. If we determine that we could not have collected the information, we will destroy or de-identify it as soon as practicable.

How we use your Information

We use Information for the primary purposes of providing our Services to you (including the issuing of orders for ostomy products supported through the SAS) and for delivering information and support to you (Primary Purpose). We may also use your Information for secondary purposes directly related to the Primary Purpose in circumstances where you would reasonably expect such use.

Examples of such secondary use include but are not limited to:

  • providing your Information to you or your verified representatives when using our services;
  • renewing your membership to QSA;
  • facilitating donations to QSA;
  • responding to you contacting us via the general enquiries page on our website; and
  • responding to your communications with us through correspondence, chats, email, or when you share information with us over the telephone or in person.

We do not use your Information for direct marketing however we may use your Information to communicate to you information about your Membership with QSA and/or about matters relating to your participation in the SAS. Communication may be sent by email to the email address provided by you (or your representative) or by mail to your postal address.

You may unsubscribe from our mailing lists at any time by contacting QSA by telephone to 07 3359 7570, by email to admin@qldstoma.asn.au, or by letter to PO Box 370, CHERMSIDE SOUTH.

Disclosure of Information

QSA will not disclose your Information except where you have provided your consent to share information with a responsible person, where you would reasonably expect us to do so for the delivery of our services to you, or where we are required or authorised to disclose your personal information by law.

Examples of when we may disclose your personal information include when:

  • a permitted health situation exists in relation to the use or disclosure of the Information by QSA to your Stomal Therapy Nurse or Medical Professional;
  • we are required to disclose your Information for purposes related directly to your eligibility to receive stoma products funded by the SAS. For example, we are required to disclose your Information to Services Australia when claiming reimbursement for the cost of products issued to you through the Stoma Appliance Scheme. We may also be required at times to disclose your Information to another Australian stoma association authorised to distribute products through the SAS;
  • we are required to resolve processing issues related to the supply of products to you through the SAS. For example: if our software claiming system is unable to process your order transaction, we may be required to disclose details related to that transaction to our IT support provider (The Australian Council of Stoma Associations) to help resolve the issue;
  • you ask us to communicate with another organisation on your behalf (eg: Centrelink to establish a Centrepay arrangement);
  • you ask us to assess your eligibility for Department of Veterans Affairs support; or
  • you ask us to contact an ostomy product supplier on your behalf to arrange for a direct delivery order, a product sample, or any other ostomy product matter that can only be dealt with directly with the supplier.

QSA will only disclose your Information to overseas recipients with your express consent and for any use that is not directly related to facilitating your connection with the SAS.

What if you don’t provide us with your Information?

Depending on the circumstances, if you do not provide us with your Information, or if you withdraw your consent, we may not be able to deliver certain Services to you. For example, should you wish to remain anonymous, we may be able to provide you with general stoma related information however we would not be able to register you as a Member with the SAS.

Cookies

Cookies are small data files stored in your device’s memory that do not, of themselves, identify individuals personally. We do not use cookies on our website but cannot guarantee the policies of websites linked to our website or the policy of authorised third parties.

We do collect your IP address and device information when you access your online portal account. The purpose for this collection is to assist us with operational difficulties or to support issues with our services. This information does not identify you personally.

Third Parties

Where reasonable and practicable to do so, we will collect your Information only from you. However, in some circumstances we may be provided with Information by third parties such as your nominated responsible person. In such a case we will take all reasonable steps to verify the authority and authenticity of the third party, and ensure that you are made aware of the Information provided to us by the third party.

Non-identifiable Information

Non-identifiable information is information about people but the identity of the people is not known and their identity cannot be found out. De-identification involves removing or altering information that identifies an individual or is reasonably likely to enable their identification. Where Information is non-identifiable, it is no longer personal or sensitive information and can therefore be used or shared in ways that might not otherwise be permitted under the Act. The benefit of sharing non-identifiable information is that it can help to provide insight into health related trends which may help to inform health policy and to improve healthcare planning.

QSA may share non-identifiable information about the Services we provide to you to third parties but only where the purpose of the disclosure is to assist the wellbeing of persons living with a stoma, where the requesting third party is a reputable organisation, and where the use of the data is transparent and appropriate. Typically non-identifiable information may be amalgamated and used for research into ostomy related matters with details provided under such headings as age range, gender, geographical location and types of products used in the stoma management of those concerned. Non-identifiable information shared will be limited to only that data that has been deemed necessary to achieve the intended purpose. QSA will assess and manage re-identification risk prior to sharing non-identifiable information and will only share non-identifiable information using a secure file transfer process. QSA will always comply with relevant Privacy Laws and any other statutory requirements of State and Federal legislation.

More information about how and why we may share non-identifiable information can be found in the QSA Policy- QSA RP1 Participation in a Research Project which is available by contacting QSA

Security and Storage of Information

We hold Information in both hard copy and electronic formats. Paper files are stored securely onsite in a manner that reasonably protects it from misuse, interference, loss, unauthorised access, modification or unauthorised disclosure. You are entitled to withdraw your consent for us to hold and use your Information at any time. In order to withdraw consent, you must communicate your request to QSA per our contact details provided at section 12 of this Privacy Policy.

The steps we take to ensure Information that we collect and hold electronically is protected from misuse, interference, and loss, as well as unauthorised access, modification and disclosure include:

  • Website protection measures such as encryption, firewalls and anti-virus software;
  • Access restrictions to our computer systems including the mandatory use of multifactor authentication where available;
  • Staff training and implementation of workplace policies and procedures that cover confidentiality and privacy, and access, storage and security of information

We actively discourage the sending of Information including orders which contain your Information via email and encourage you to register to use our secure online portal.  If you are unable to use our portal we encourage you to post communication which contains your Information (including orders) to our postal address.

When your Information is no longer needed for the purpose for which it was collected, we will take all reasonable steps to destroy it or to permanently de-identify it. However, some Information is required to be kept by law and will be stored in our files in a secure facility and kept by us for varying mandatory retention periods. Under section 55.5(2) of the Australian Charities and Not-for-profits Commission Act 2012 (Cth), QSA as a registered entity must keep written records that correctly records its operations for seven (7) years, to enable any recognised assessment activity to be carried out by the Commissioner. Accordingly, depending on the substance of the information, we may retain information for up to 7 years, or longer if we are still required to use it.

If we become aware of unauthorised access to or loss of your Information, we will promptly:

  • notify you;
  • investigate the cause;
  • do our best to remedy any consequences; and
  • tell you what steps we have taken to prevent a reoccurrence.

We will concurrently notify the OAIC of any eligible breach and inform you of the outcome of their investigation.

Third Party Websites

Links to third party websites that are not controlled by QSA and are provided on our own website for your convenience. We are not responsible for the security or privacy practices of those websites.

Accessing or Amending Personal Information and Making Complaints

Please contact us using the details set out below if you have any queries or concerns about your privacy or wish to access or correct any Information we may hold about you. It is important that we keep your details up to date so that we can continue to provide you with our Services. In order to protect your Information you will be required to provide whatever reasonable identification that we require before we can release or amend such Information.

If you are making an access or correction request, please provide details of the particular Information you seek, to help us locate it. If we deny any request for access or correction, we will provide our reasons. Where we decide not to make a requested correction to your Information and you disagree, you may ask us to make a note of your requested correction with the Information. Please note that we are required to de-identify or destroy your Information unless we anticipate a future need for it, unless a mandatory retention period applies. Unless your Information is still in use, it will be de-identified or destroyed 7 years from the date we collected it.

QSA takes your privacy concerns very seriously. Where you express any concerns that we have interfered with your privacy, we will respond to let you know who will be handling your matter and when you can expect a further response.

Contact:

The Secretary

Queensland Stoma Association Ltd
PO Box 370
CHERMSIDE SOUTH QLD 4032

Email: admin@qldstoma.asn.au

Phone: 07 3359 7570

For information about privacy generally, or if your concerns are not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au and on 1300 363 992.