EDVOS butterfly

EDVOS Privacy Policy Statement

EDVOS is committed to protecting your privacy and confidentiality as part of our normal operations.

EDVOS will comply with the Privacy Act 1988, Australian Privacy Principles, Privacy and Data Protection Act 2014 (Vic), the Health Privacy Principles in the Health Records Act 2001 (Vic), Family Violence Information Sharing Scheme, Child Information Sharing Scheme and Notifiable Data Breach Scheme which set clear standards for the collection, access, storage and use of personal Information which is obtained as part of normal operations.

What kinds of personal information do we collect?

The type of information that we collect and hold will depend on the nature of your involvement with us. 

Depending on the reason for collecting the personal information, the personal information that we collect may include (but is not limited to) name, age, residential address, date of birth, phone number, email address, bank account details, emergency contact details, Health information, reason for contacting EDVOS, income information, cultural information, language spoken and images. Our Specialist Family Violence Advocates will also collect information from clients describing their situation and their contact with you.

We may also collect sensitive information (including Health information) from a person including a working with children check, health information, family violence risk assessment, financial information, counselling information, prison records, government identifiers or a police check.

If you choose not to provide information when requested, we may not be able to service your needs. For example, if you want to remain anonymous or use a pseudonym.

We sometimes receive unsolicited personal information. When we do receive unsolicited personal information, we will usually securely destroy or de-identify the information if it is reasonable and lawful to do so, unless the unsolicited information is reasonably necessary for our functions or activities.

Health information will be securely destroyed or deleted in accordance with Health Privacy Principle 4. Consistent with the Surveillance Devices Act 1999 (Vic), EDVOS will not install surveillance devices in toilet, washroom and change room except:

  • in accordance with a warrant or emergency authorisation;
  • in accordance with a law of the Commonwealth; or
  • if required by a condition on a license granted under the Liquor Control Reform Act 1988 (Vic).
How do we collect personal information?

Personal information is collected:

  • by our teams and advocates when a person walks in to one of our offices with an enquiry;
  • via our assessment intake form;
  • via our website;
  • by email, post and phone; and
  • through referrals.

We will attempt wherever practicable to collect personal information directly from you.  Information is collected in a number of ways including from when you fill in a form, make an enquiry online, attend a face-to-face meeting, provide email correspondence, phone us, or make a payment.

We may collect personal information from individuals such as visitors, contractors, and suppliers.

We will endeavour to only ask for your personal information if it is reasonably necessary for the activities that you are looking to be involved in. We may also collect information, or be required to collect information in accordance with the Family Violence Information Sharing Scheme and/or Child Information Sharing Scheme.

For what purpose do we collect personal information?

Personal information will be collected only for the purpose of which are directly related to the functions or activities of EDVOS and securely destroyed or de-identified when it is no longer needed for the purpose that it was collected and all statutory obligations have been met.

We may collect, hold, use or disclose your personal information for the following general purposes:

  • to identify you;
  • for the purpose for which the personal information was originally collected;
  • for a purpose for which you have consented;
  • for information for direct marketing, and you will be given an opt-out in such communications;
  • for any other purpose authorised or required by an Australian law (some of which are detailed below); and
  • for any other purpose authorised or required by a court or tribunal.
How will we use and disclose your personal information? 

We will use and disclose your personal information for the purpose for which it was collected or a secondary purpose as permitted. Client files are stored in a secure environment and only authorised staff have access to files.

We may also share information, or be required to share information in accordance with the Family Violence Information Sharing Scheme and/or Child Information Sharing Scheme.

EDVOS upholds the right of individuals to have their privacy and confidentiality recognised and maintained. Relevant policy and/or legislation will be followed in circumstances where the right to privacy may be overridden by other considerations. These may include;

  • Consent has been provided by client, carer or an authorised person;
  • A related secondary purpose the individual would reasonably expect;
  • Where it is necessary for individual or public safety;
  • In compliance with a court order, subpoena, summons or as required by law;
  • For risk assessment or management purposes;
  • In compliance with the Notifiable Data Breach Scheme; or
  • It is required by law including but not limited to Family Violence Information Sharing Scheme and the Child Information Sharing Scheme.

EDVOS is classified as an Information Sharing Entity and a Risk Assessment Entity under the Family Violence Information Sharing Scheme and Child Information Sharing Scheme (together, the Schemes). Information may be collected, held, used or disclosed in accordance with our obligations under the Schemes. This may include using or disclosing your personal information for a secondary purpose, when EDVOS reasonably believes the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of an individual.

Personal information will be securely destroyed or de-identified when it is no longer needed for the purpose that it was collected and all statutory obligations have been met.

Department of Health and Human Services – Reporting Requirements 

EDVOS receives funding from the Department of Health and Human Services (DHHS). As part of that funding agreement, EDVOS is required to share personal information and sensitive information, including notifying the DHHS if there is a ‘privacy incident’.

Reporting to DHHS allows EDVOS to:

• Ensure timely and effective management of privacy incidents

• Address the concerns and develop actions to prevent future privacy breaches

• Assist in identifying systematic issues and improve how client information is handled; and

• Comply with its obligations under the funding agreement.

A ‘privacy incident’ may be a ‘Breach’, a ‘Possible Breach’ or a ‘Near Miss’. Breaches/Possible Breaches refer to breaches of this Policy and/or the funding agreement that EDVOS has with DHHS. EDVOS must also notify the DHHS if there are any allegations of privacy breaches that need to be investigated.

When sharing personal and/or sensitive information with the DHHS, EDVOS is required to complete a Privacy Incident Report Form which will detail:

• the privacy incident;

• the clients impacted;

• the immediate risks;

• how the incident is being managed and if a breach has occurred, how it is being contained; and

• information relating to security and breaches.

EDVOS will make this Report within one business day of becoming aware of, or being notified of a possible privacy incident, or within one business day of an allegation being made of a potential breach. Possible privacy breaches will be reported, as well as confirmed breaches.

How can you access and correct your information?

Individuals have the right to seek access to their personal information and to request that it be corrected if it is incorrect. The exceptions to this include if;

  • it would pose a serious threat to the life or health of any individual;
  • it would have an unreasonable impact on the privacy of other individuals;
  • the request is frivolous or vexatious; or
  • it would be unlawful.

Upon request, individuals are entitled to view and/or to obtain a copy of any information held by EDVOS about them.  A request can be made to our Privacy Officer at privacy@edvos.org.au.

Data Quality and Security

EDVOS will take reasonable measures to ensure that the personal information collected is accurate, complete and up-to-date.

Personal information held by EDVOS will be protected against loss, unauthorised access, use, or disclosure by means of reasonable technical, physical and administrative safeguards including:

• Using passwords to prevent unauthorised access and use of computers and relevant software;

• Establishing access levels to restrict access so that only relevant staff have access to certain information;

• Ensuring information is transferred securely;

• Installing virus protections and firewalls;

• Locking filing cabinets and other areas in which personal information is stored;

• Ensuring documentation containing personal or confidential information is securely destroyed;

• Not storing personal information in public areas; and

• Positioning computer terminals and fax machines so that they cannot be seen or accessed by unauthorised people or members of the public.

Breach of Privacy and Confidentiality
If you have any questions relating to this policy, or you would like to lodge a complaint you need to contact the EDVOS Privacy Officer at privacy@edvos.org.au.
In the event of a breach of this policy or a complaint, the matter will be reported to the line manager and/or Privacy Officer and an investigation conducted in accordance with EDVOS’ Incident Management Policy and Procedure and Data Breach Response Plan.

Please Click Here to view the EDVOS Privacy and Confidentiality Policy.

edvos privacy brochure
If you have any questions about this information, contact: 

The Privacy Officer on email: privacy@edvos.org.au

OR

EDVOS Privacy Officer
PO Box 698
Ringwood VIC 3134