Macquarie Privacy & Confidentiality Agreement

This policy outlines and provides information on Macquarie Centres of Excellence’s (MCOE)’s commitment to privacy and confidentiality within the Practice and thus, MCOE recognises that it has an obligation to protect the privacy of the information it collects, receives, processes and retains for its patients, staff and suppliers.

MCOE shall adhere to the requirements of legislative bodies and guidelines, including any/all amendments to the Privacy Act 1988 and the Australian Privacy Principles included in the Privacy Act (Attachment-4).  MCOE recognises the importance of maintaining employee, patient and client confidentiality and is committed to protecting the privacy of all persons interacting with the Practice.

MCOE shall comply with the 13 Australian Privacy Principles (APP) in its dealings with personal information relevant to all activities conducted by the Practice. The following schedule sets out an overview of the five parts of the APP:

1 – Consideration of Personal Information Privacy
AAP 1 – Open and transparent management of personal information.
AAP 2 – Anonymity and pseudonymity.

 

2 – Collection of Personal Information
AAP 3 – Collection of solicited personal information.
AAP 4 – Dealing with unsolicited personal information.
AAP 5 – Notification of the collection of personal information.

 

3 – Dealing with Personal Information
AAP 6 – Use or disclosure of personal information.
AAP 7 – Direct marketing.
AAP 8 – Cross-border disclosure of personal information.
AAP 9 – Adoption, use or disclosure of government related identifiers.

 

4 – Integrity of Personal Information
AAP 10 – Quality of personal information.
AAP 11 – Security of personal information.

 

5 – Access to, and Correction of, Personal Information
AAP 12 – Access to personal information.
AAP 13 – Correction of personal information.

 

In addition to the legislative requirements of the Privacy Act, human resources management shall keep confidential information and personal information in locked in cabinets and all documents on computers shall include a password or passcode.

 

Requirements

All staff (including volunteers) that enters into employment or voluntary engagement with MCOE (long or short term) must sign and comply with the organisation’s Confidentiality Agreements (Attachment-1-2-3).

All staff and volunteers who enter into employment or voluntary engagement with MCOE must read the organisation’s Code of Conduct Policy and make sure that it is adhered to at all times.

Any information that an employee or a volunteer learns about MCOE, its staff members, patients and its clients as a result of working for/with the Practice, and which is not otherwise publicly available, constitutes confidential information.

Employees or volunteers may not disclose confidential information to anyone who is not employed by MCOE who do not need to know such information to assist in rendering services.

The disclosure, distribution, electronic transmission or copying of MCOE confidential information/records and forms is strictly prohibited. Any employee, patient or volunteer who discloses confidential information will be subject to disciplinary action, even if he or she does not actually benefit from the disclosure of such information.

Discussions involving sensitive information should always be held in confidential settings to safeguard the confidentiality of the information. Conversations regarding confidential information generally should not be conducted on cellular phones, or in elevators, rest-rooms, restaurants, or other places where conversations might be overheard.

MCOE shall take steps as are reasonable in the circumstances to implement practices and procedures, relating to MCOE’s functions and activities that:

  • Will ensure that the Practice complies with the APP
  • Will enable the Practice to deal with inquiries or complaints from individuals about the organisation’s compliance with the APP.
    1 – Consideration of Personal information Privacy

Management of Personal Information

  • MCOE will collect and hold personal information with regards to the:
  • Company (such as; Company and Not-for-Profit Organisation registration, charity, taxation and superannuation and banking details)
  • Personal information which is completed by the employee, volunteer, patient, client, and/or the client’s authorised representative. Any required information unavailable at the time of completing the form may be collected via an alternative written medium submitted by the individual.
  • Personal information is mainly held in a computer database, which is accessible by applying a password granted to only authorised individuals. Personal information is also held in a locked steel filing cabinet, and the keys opening that cabinet are held by the Practice Manager, the CEO or Manager(s) who are all authorised to access those files.
  • MCOE will collect, hold, use, and disclose the kind of personal information required for the purpose of enabling the Practice to carry out its stated mission and to conduct interactions with or on behalf of its employees, volunteers, patients and clients effectively and efficiently in accordance with written statements/forms signed by individual employees, volunteers, patients or clients.
  • An individual may access their own personal information and may seek the correction of such information by contacting the Practice Manager and/or the CEO requesting access to the personal information held about that individual, and by providing corrected information in writing whenever this is appropriate.
  • An individual may not obtain or copy any documentation from their files without the permission of the Practice Manager and/or the CEO.
  • An individual may complain about a breach of the APP verbally or in writing to the Practice Manager and/or CEO. If the Practice Manager or Supervisor is unable to resolve the complaint, it will be referred to the Chief Executive Officer (CEO). If the CEO is unable to resolve the complaint, it will be referred to the Director.
  • MCOE will not disclose personal information to overseas or interstate recipients.
  • The Practice’s Confidentiality and Privacy Policy is available free of charge to all individuals who may currently be, or who may consider entering into interactions with the Practice and thus become, affected by the organisation’s compliance with the APP. Details of the Practice’s open and transparent management of personal information are also made available on Company’s website(s).
  • If a person or body requests a copy of MCOE’s policy on management of personal information, MCOE will take such steps as are reasonable and practicable in the circumstances to give the person(s) or body a copy in that requested form.

 

Anonymity and Pseudonymity

  • Individuals will have the option of not identifying themselves, or of using a pseudonym, when dealing with the Practice in relation to a particular matter, unless:
    – The Practice is required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves in relation to that matter; or
    – It is impracticable for the Practice to deal with individuals who have not identified themselves or who have used a pseudonym in relation to that matter.

 

2 – Collection of Personal Information
  • MCOE will only collect solicited personal information which is necessary for, or related to, one or more of the organisation’s functions or activities.
  • If any personal information collected is of a sensitive nature, the individual has consented to the collection of the information; and/or the collection of the information is required or authorised by or under an Australian law or a court/tribunal order; or a permitted general situation applies to the collection of the information by MCOE or the information relates solely to individuals who have regular contact with MCOE in connection with the organisation’s activities.
  • If the Practice receives unsolicited personal information about an individual and determines that the Practice could not have collected the personal information under Australian Privacy Principle 3 and that the information is not contained in a Commonwealth record, MCOE will destroy the information, provided it is lawful and reasonable to do so.
  • If MCOE receives unsolicited personal information about an individual which the organisation could have collected under Australian Privacy Principle 3, the Practice will:
    – Take such steps as are reasonable in the circumstances to ensure that the individual is aware of the fact that the organisation has collected the information and the circumstances of that collection;
    – Notify the individual of all matters relevant to the purpose for which the Practice collects the personal information received.
3 – Dealing with Personal Information

Use and/or Disclosure

  • MCOE does not use or disclose personal information held about an individual for any purpose other than the primary purpose for which the information was collected, unless:
  1. The individual has consented to the use or disclosure of the personal information for a secondary purpose; or
  2. The individual would reasonably expect the Practice to use or disclose the information for the secondary purpose and the secondary purpose is related to the primary purpose. In the case of sensitive information, the secondary purpose would be directly related to the primary purpose; or
  3. The use of disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
  4. One or more of the below relevant permitted general situations exist:
  • Lessening or preventing a serious threat to the life, health or safety of any individual, or to public health or safety
  • Taking appropriate action in relation to suspected unlawful activity or serious misconduct
  • Locating a person reported as missing
  • Asserting a legal or equitable claim
  • Conducting an alternative dispute resolution process
  • The existence of any of those 5 (five) situations would cause the use or disclosure of the information

MCOE reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body. The Practice will make a written note of the use or disclosure under such circumstance(s).

 

Direct Marketing

  • MCOE may use or disclose personal information (other than sensitive information) held about an individual for the purpose of direct marketing, if:
    1. The Practice collected the information from the individual; and
    2. The individual would reasonably expect the Practice to use or disclose the information for that purpose; and
    3. The Practice provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and
    4. The individual has not made such a request to the Practice.
  • MCOE may use or disclose personal information (other than sensitive information) held about an individual for the purpose of direct marketing, if:
  1. The Practice collected the information from the individual, who may not reasonably expect the Practice to use or disclose the information for that purpose, or from someone other than the individual; and
  2. The individual has consented to the use or disclosure of the information for that purpose, or it is impracticable to obtain that consent; and
  3. The Practice provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and
  4. In each direct marketing communication with the individual, the Practice draws the individual’s attention to the fact that the individual may make such a request; and
  5. The individual has not made such a request to the Practice.

MCOE will not use or disclose sensitive information about an individual for the purpose of facilitating direct marketing by other organisations.

 

Cross-border Disclosure of Personal Information

MCOE does not disclose personal information about an individual to an overseas recipient; nor does it disclose personal information about an individual to an Australian interstate recipient.

Adoption, Use or Disclosure of Government Related Identifiers

  • MCOE does not adopt a government related identifier of an individual as its own identifier of the individual.
  • MCOE will not use or disclose a government related identifier of an individual, unless:

– The use or disclosure of the identifier is reasonably necessary for the organisation to fulfil its obligations to a government agency like Centrelink; or
– The use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order; or
– The Practice reasonably believes that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

 

4 – Integrity of Personal Information
  • MCOE will take any reasonable steps to ensure that the personal information collected by the organisation is accurate, up-to-date and complete, and that the information being used or disclosed by the Practice is accurate, up-to-date, complete and relevant, having regard to the purpose of the use or disclosure.
  • The Practice will take any reasonable steps to ensure that the personal information held is:
  1. Protected from misuse, interference and loss; and
  2. Protected from unauthorised access, modification or disclosure.
  • The Practice will take any reasonable steps to destroy the personal information held or to ensure that the information is de-identified, if:

– MCOE no longer needs the information for any purpose for which the information may be used or disclosed by the Practice under this policy; and
– The Practice is not required by or under an Australian law, or a court/tribunal order, to retain the information.

 

5 – Access to, and Correction of, Personal Information

Access to Personal Information

  • MCOE will, on request by the individual, give the individual access to their personal information, unless:
  1. The Practice reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
  2. Giving access would have an unreasonable impact on the privacy of other individuals; or
  3. The request for access is deemed to be frivolous or vexatious; or
  4. The information relates to existing or anticipated legal proceedings between the Practice and the individual, and would not be accessible by the process of discovery in those proceedings; or
  5. Giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
  6. Giving access would be unlawful; or
  7. Denying access is required or authorised by or under an Australian law or a court/tribunal order; or
  8. MCOE has reason to suspect that unlawful activity, or a serious breach of the spirit or the stated requirements of the Practice’s Code of Conduct has been, is being or may be engaged in; and giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
  9. Giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
  10. Giving access would reveal evaluative information generated within the Practice in connection with a commercially sensitive decision-making process.

The Practice will respond to the request for access to the individual’s personal information within a reasonable time after the request is made and give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so. The Practice will take any steps as are reasonable in the circumstances to give access in a way that meets the needs of the organisation and the individual.

 

Correction of Personal Information

  • If MCOE holds personal information about an individual and is satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; or the individual requests the Practice to correct the information, the organisation will take any steps that are reasonable in the circumstances to update and correct the information.
  • If the Practice corrects personal information about an individual that the organisation previously disclosed to another APP entity, and the individual requests the Practice to notify the other APP entity of the correction, the Practice will take such steps as are reasonable in the circumstances to give that notification, unless it is impracticable or unlawful to do so.
  • If the Practice refuses to correct the personal information as requested by the individual, the Practice will give the individual a written notice that sets out:

– The reason(s) for the refusal except to the extent that it would be unreasonable to do so; and
– The mechanisms available to complain about the refusal.

 

Relevant Legislation/Guidelines

Privacy Act 1988 (ComLaw), as amended, which includes the Australian Privacy Principles

  • Privacy Regulation 2013 (ComLaw)
  • NSW Privacy and Personal Information Protection Act 1998

Our Treatments Include:

Liposuction

,

Blepharoplasty

,

Otoplasty

,

Vaserlipo

,

Sclerotherapy

,

Thread Lift

,

Anti Wrinkle Treatment

,

Areas We Service:

Sydney

,

Liverpool