PRIVACY COLLECTION STATEMENT
Overview
The Scope Group (“Scope”, “we” or "us”) collects, stores, uses and discloses personal information, sensitive information and health information to conduct its business and provide its services. This policy explains how we collect, store, use and disclose your information and how you can access and correct that information. We recognise the importance of respecting and protecting the privacy of individuals and our handling of your information is done in accordance with the Privacy Act 1988 (Cth), National Disability Insurance Scheme Act 2013 (Cth), Health Records Act 2001 (Vic) and Health Records and Information Privacy Act (NSW) (as applicable).
We may change or update our Privacy Policy from time to time. If we do, we will post the amended or updated version on our website. We encourage you to visit our website regularly so that you are familiar with the most recent version. Any updates or changes will apply from the time they are posted on our website.
This policy applies to anyone who provides us with personal information, including our clients and their families, prospective clients sending us enquiries, supporters and workers (subject to any exemptions under relevant laws).
| Summary: Here is our privacy policy. This policy sets out how Scope collects, uses and protects your information. This policy also explains the choices that you can make about the way we use your information and how you can access and correct your information. |
Our approach to privacy
Scope recognises that privacy is a fundamental human right. Scope also recognises that individuals with a disability have a right to exercise control and agency over their personal information in a way that works best for them. Scope is committed to upholding the principles of Indigenous Data Sovereignty in all aspects of data collection, storage, use and governance.
When it comes to handling personal information, we will:
- only collect personal information when it is lawful and necessary to do so and respecting the dignity and autonomy of all individuals whose data we collect,
- use personal information for the purpose for which it was collected (or related purposes where permitted),
- promptly correct errors as they are identified,
- securely store personal information that we hold,
- respond to privacy complaints in a fair, timely and transparent manner, and
- ensure all workers are aware of their obligations under this policy.
| Summary: You can expect us to handle all personal information we hold in a lawful way that respects your right to privacy. |
Responsibilities
| Role | Responsible for |
|---|---|
Role Accountable Executive (or delegate) |
Responsible for ensuring the effective implementation of this policy; and ensuring it remains current and accurate in line with business, contractual, legal or regulatory requirements in alignment with the Policy Governance Framework. |
Role Managers |
Responsible for ensuring that this policy is being adhered to. |
Role Workers |
Responsible for adhering to this policy and ensuring the requirements within the policy are applied within their daily work. |
Definitions
| Term | Definition |
|---|---|
Term Health information |
Definition means: information or an opinion about: the health, including an illness, disability or injury, (at any time) of an individual; or an individual’s expressed wishes about the future provision of health services to the individual; or a health service provided, or to be provided, to an individual, that is also personal information; other personal information collected to provide, or in providing, a health service to an individual; other personal information collected in connection with the donation, or intended donation, by an individual of his or her body parts, organs or body substances; genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual. |
Term Personal Information |
Definition means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not. |
Term Sensitive Information |
Definition means: information or an opinion about an individual’s: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual orientation or practices; or criminal record that is also personal information; or health information about an individual; genetic information about an individual that is not otherwise health information; biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or biometric templates. |
Term Scope Group, we or us |
Definition means Scope (Aust) Ltd (Scope) and its subsidiaries and associated entities (being Home@Scope Pty Ltd, Disability Services Australia Ltd, DSA Mentoring Services Ltd and Macquarie Employment Training Service Ltd). |
Term Worker |
Definition means all people undertaking work for or engaged by Scope in either a paid or unpaid capacity, collectively referred to as ‘workers’ for the purpose of this policy. This includes all employees, Directors, Officers (including Executives, Company Secretary, and Board Committee Members), Volunteers, Students, Contractors including Agency Workers and Consultants. |
1. Information we collect
1.1 How we collect personal information
a. Information you provide us directly. We may ask you for certain information, including personal information, when you interact with us. For example, when you:
• enquire about our services
• receive our services
• participate in Scope projects or research
• apply for a role at Scope
• apply to become a member of support or make a donation
• use the NDIS Planning Tool on our website
Where possible, we collect any required personal information from you directly or from a person who is authorised to represent you. In the case of children, we liaise with their parents or legal guardians rather than with the child directly.
Individuals have the option to interact with us anonymously where reasonably possible. For example, if a person contacts us with a general question, they will not be required to provide their name unless it is required to adequately handle the enquiry.
Before you disclose personal information to us about someone else, you should make sure that you are entitled to disclose that information. You should also refer the other person to our privacy policy. If you become aware of any breach or alleged breach of privacy laws concerning the information that you have disclosed to us, you must notify us immediately.
If you don’t provide your personal information to us, we may not be able to provide you with the information, services or supports that you are requesting.
| Summary: We collect information about you that you (or your legal guardian where applicable) choose to give us, for example when you send us an email. If you don’t provide your personal information to us, we may not be able to provide you with the information, services or supports that you are requesting. |
b. Information we receive from other people. Sometimes we collect your personal information from another person, such as a client’s support network, representative, other service providers or from third party government agencies such as the National Disability Insurance Agency. If personal information is collected from a third party and it is unclear if the person has consented to the disclosure of their personal information, we will take reasonable steps to contact the person and ensure that they are aware of the circumstances surrounding the collection and purposes for which their personal information is being collected.
| Summary: We may collect information about you from third party sources. We will try to confirm that your consent was obtained for this collection. |
c. Cookies and other technical information. When you access our websites, technical information may be collected about user activities on the website, including via Google Analytics. This may include information such as the type of browser used to access the website, the pages visited, and geographical location. We use this information to make decisions about maintaining and improving our websites and online services.
Our websites may also use ‘cookies’ to manage and improve your experience on our website. A cookie is a small text file that our website may place on your computer as a tool to remember your preferences. Most browsers allow an individual to choose whether to accept cookies or not. The information collected using cookies is not ordinarily personal information.
| Summary: We use cookies and collect technical information when you use our website to improve your experience of our website and for other business purposes. |
1.2 Types of personal information we collect
a. The amount and type of personal information we collect from you depends on your relationship with us.
b. If you are a client that we support, have registered your interest in becoming a client or are connected to a person we support or may support in the future (eg a family member, carer, advocate or nominated representative) we may collect information including:
- name, address, telephone and email contact details
- gender, date of birth and marital status
- information about a clients’ disability and support needs
- health and medical information required to support service delivery
- things that are important to a client, e.g., likes and dislikes
- living arrangements and accommodation needs
- learning and educational needs
- details concerning a clients’ daily life and routine
- details concerning a clients’ employment goals and other life goals
- details concerning a clients’ social and community activities
- a clients’ visual image, via photograph or otherwise
- any other information obtained from a client and/or their support network through the National Disability Insurance Scheme Planning Tool (NDIS Planning Tool)
- Medicare number and other identifiers used by Government agencies or other organisations
- financial information including billing details
- information about the services a client is funded to receive, whether under the National Disability Insurance Scheme or otherwise and the current supports being used
c. If you send us an enquiry, we may collect information including:
- name, telephone and email contact details
- details of the enquiry
d. If you apply for a job or volunteer role, we may collect information including:
- name, address, telephone and email contact details
- gender and date of birth
- health and medical information
- tax file number and other identifiers used by Government agencies or other organisations
- information about qualifications, training and work history
- information from NDIS worker screen, working with children checks (or similar), and information about right to work in Australia
e. If you register for a subscription to a Scope publication, we may collect information including:
- name, address, telephone and email contact details
- other information that you provide to us when interacting with us
f. If you are a member, supporter, donor, corporate partner or are otherwise connected with Scope through fundraising, marketing, training or community access activities, we may collect information including:
- name, address, telephone and email contact details
- gender, date of birth and marital status
- details of the donations, bequests and contributions you have made
- events and activities you have participated in
- renewal and billing information
- other information that you provide to us when interacting with us
g. If you are a visitor to our website, we may collect information including:
- any details you provide to us when sending us an enquiry, registering to be on our mailing list or making a donation
- ‘cookies’ and other technical information through your use of our website (see section 5.1c for more details)
h. If a person does not fall into one of the above categories, we generally do not collect or hold any of their personal information.
| Summary: The types of information we collect about you depends on how you interact with us. |
2. Unsolicited personal information
a. Sometimes we receive personal information that we did not request or that is additional to the information that we have requested. This is known as unsolicited personal information.
b. If the information is such that we could have lawfully collected it for an allowed purpose (see section 3 below), then we will handle the information in the same way as other personal information.
c. If the information is such that we could not have lawfully collected it, we will destroy, return or de-identify the information as soon as reasonably practicable, provided it is lawful and reasonable to do so.
| Summary: Unsolicited personal information will be treated in the same way as other personal information and we will only use it if we could have collected it lawfully |
3. How we use and share your personal information
3.1 Why do we collect your personal information?
a. The purposes for which we collect, hold, use, or disclose your personal information depends on your relationship with us and the type of information being handled.
b. The main purposes for which we collect, hold, use and disclose personal information are set out below. If we collect your personal information for one of the purposes below, we may use or disclose that personal information for any of the other purposes set out below. By providing us with your information, you are taken to consent to our use and disclosure of your personal information for the below purposes.
Provision of support services
- providing information about our organisation, services and supports and answering enquiries
- delivering services, information, advice and assistance to our clients and to their nominated decision-makers and others, including third party service providers involved in a client’s support, care or treatment
- conducting quality assurance and safeguarding activities including investigations, surveys, research and analysis and resolving complaints
- complying with laws and regulations and reporting to government agencies
Education and information
- providing disability-related resources
- undertaking policy work
- inviting a person to participate in research projects and activities
Fundraising and marketing
- promoting and advertising our services, events, community activities, research, fundraising appeals and donor activities
- seeking donations
- measuring how effective our marketing and fundraising activities are
Administration and internal business activities
- meeting our corporate governance requirements
- processing payments, salaries or wages, and donations
- managing our workforce, including employee records
- carrying out internal functions including administration, training, accounting, audit and information technology
- complying with laws and regulations
- receiving feedback and resolving complaints
c. We may also collect, hold, use and disclose personal information for other purposes not in the list above which are explained to you at the time of collection, purposes which are required or authorised by or under law or purposes for which you have provided your consent.
| Summary: We use information about you for different reasons, including to provide you with services. |
3.2 Use of de-identified information
a. We may aggregate or otherwise de-identify data we have collected about you of all personally identifying information. We may use and share that aggregated or anonymised data for quality assurance activities, education, marketing and fundraising activities and to evaluate our services
| Summary: We may use anonymised data for our own internal purposes such as improving our services. |
3.3 Direct marketing
a. Where you have consented or we are otherwise permitted by law to do so, we may use your personal information (other than sensitive information) to keep you informed and up to date about our work and to send you marketing material, supporter / donor communications, and invitations to participate in events and research (“marketing communications”). Where you have consented to receive these marketing communications from us, that consent will remain current until you advise us otherwise. Each use of personal information for these purposes will include a clear and easy to use ‘opt-out’ option should you wish to opt-out of receiving marketing communications in the future.
b. In addition to using the opt-out function, if you no longer want to receive marketing communications from us, you can also contact us directly (details in section 6 below).
| Summary: Where permitted by law, we may send you marketing communications. You can always opt out of receiving these communications. |
3.4 Who do we disclose your information to?
a. We may disclose your personal information to third parties for the purposes listed in the section above. This includes disclosure to:
- related and affiliated companies and organisations including joint venture partners and industry affiliate organisations,
- service providers and suppliers engaged by us or acting on our behalf in relation to our business, including information technology service providers, research agencies, invoice processing service providers, fundraising and marketing agencies, communications service providers and external business advisers (such as recruitment advisers, auditors and lawyers),
- Government and regulatory bodies, including the National Disability Insurance Agency, NDIS Quality and Safeguards Commission, Medicare, the Department of Social Services, the Department of Families, Fairness and Housing and the Australian Taxation Office,
- people acting on your behalf including your nominated representatives, legal guardians, executors, trustees and legal representatives,
- clinicians and other service providers where you have given your consent,
- financial institutions for payment processing, and
- where disclosure is required by law, including to the police, or to the Disability Services Commissioner, or to comply with compulsory notices from courts of law, tribunals or government agencies.
b. We take reasonable steps to make sure that third parties will protect the privacy of your personal information, in accordance with this Privacy Policy. We will not sell your personal information to any third party.
| Summary: We will only disclose information about you if it is necessary for our business or if the disclosure is required or authorised by law. |
4. How we transfer, store and protect your information
4.1 Will your personal information be transferred overseas?
a. Our technology infrastructure primarily uses cloud infrastructure or servers located within Australia, but we may on occasion use a platform or service located overseas. Other than our use of these platforms and services, we do not typically transfer personal information overseas. By providing your personal information to us or using our services and supports, you are taken to have consented to the transfer of your personal information to platforms and services located overseas.
b. We may transfer your personal information to platforms and services located in a country and jurisdiction that does not have the same data protection laws as Australia. However, we always take steps to ensure that an overseas recipient of your personal information complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme.
| Summary: We mainly use IT infrastructure that is located in Australia. However, sometimes we may transfer your information to platforms or services located overseas. When we do this, we will do it in accordance with Australia’s privacy laws. |
4.2 How do we store your personal information?
a. We take all reasonable steps to ensure that your personal information is securely stored and protected. These steps include password protection for accessing our electronic IT systems, securing paper files in locked cabinets and physical access restrictions to buildings where information is held. In addition, access to your personal information is restricted to those properly authorised to have access. Scope workers must only access and use personal information for a valid work purpose.
b. We store your personal information for as long as it is needed for the purposes for which it was collected and to comply with our legal requirements.
c. We take reasonable steps to:
- ensure that the personal information we collect, use and disclose is accurate, up to date, complete and (in the case of use and disclosure) relevant,
- protect the personal information we hold from misuse, interference and loss and from unauthorised access, modification or disclosure, and
- destroy or permanently de-identify personal information that is no longer needed for any purpose permitted by the Australian Privacy Principles, subject to other legal obligations and retention requirements applicable to us.
d. Unfortunately, there are inherent risks in the management of personal information, and we cannot and do not guarantee that unauthorised access to your personal information will not occur. Scope has a Data Breach Response Procedure that we follow in the event of a data breach affecting the data we hold. If a data breach meets the Privacy Act definition of an “eligible data breach”, we will contact you to let you know what has happened and try to minimise the impact on you.
| Summary: We take care to store your information securely. Unfortunately, we can’t guarantee that nothing bad will ever happen to it. We will work with you if something does happen. |
5. Accessing and correcting your personal information
a. You can request access to and correction of the personal information we hold about you by contacting us (details in section 10 below).
b. We may ask an individual to verify their identity before giving access to the personal information or correcting it.
c. We do not typically charge you for access to your personal information.
d. Generally (but subject to our legal obligations), we will provide you with access to your personal information, or take reasonable steps to correct the information, within a reasonable time and in the manner requested by you. However, there may be some circumstances when this is not possible, including where:
- we no longer hold or use the information,
- providing access would have an unreasonable impact on the privacy of others,
- the request is frivolous or vexatious,
- providing access would be unlawful, or
- for any other permitted reason set out in Australian legislation that is applicable to us.
e. If we do not provide you with access to all of your personal information, we will tell you the reason why we have not done so.
| Summary: Scope will give you access to your personal information. We will also help you correct any of your personal information that we hold and will explain any reasons as to why we can’t correct it if applicable. |
6. Contact us
a. Requests for access or correction of your personal information and any other queries relating to privacy can be made to our Privacy Officer:
- via telephone on 1300 472 673, or
- in writing via email on privacyofficer@scopeaust.org.au or by post to Level 2, 109 Burwood Rd, Hawthorn VIC 3122.
b. If we are unable to resolve your request, you also have the option to report the issue or make a complaint (details in section 7).
| Summary: You can contact us at any time with any privacy-related questions. |
7. Privacy Complaints
a. If you have a complaint about how we have collected or handled your personal information, please contact our Privacy Officer (details in section 6). We will ask you to explain the circumstances of the matter you are complaining about and how you believe your privacy has been interfered with.
b. We will complete a review of the complaint and try to resolve it in a fair and reasonable way. At all times, any privacy complaints received will be treated seriously and dealt with promptly. We aim to investigate complaints and provide a response within 30 days of receipt of the complaint. If the matter is more complex and the investigation may take longer, we will write and let you know. You will be informed of the outcome of our review once it has been completed.
c. If you are unhappy with our response, you can refer your complaint to the NDIS Quality and Safeguards Commission, the Office of the Australian Information Commissioner or in some cases the Victorian Health Complaints Commissioner or the New South Wales Health Care Complaints Commission.
| Summary: If we can’t resolve your complaint, you have the right to refer your complaint. The relevant body to refer your complaint to will depend on the nature of the complaint and where you live. |
Supporting Policy Information
| Legislative and Regulatory Compliance | This policy supports Scope’s compliance with the following legislation and/or Standards: Privacy Act 1988 (Cth) NDIS Act 2013 (Cth) Australian Privacy Principles Health Records Act 2001 (Vic) Health Records and Information Privacy Policy Act 2002 (NSW) National Standards for Disability Services Privacy and Data Protection Act 2014 (Vic) |
| Parent Scope Document | |
| Supporting Scope Documents | Scope Group Data Breach Response Procedure Scope Group Information Request and Release Procedure Scope’s Privacy Policy for Clients - Easy English Information Sheet |
| Related Scope Documents | Scope Group Information Management Policy Scope Group Human Rights Policy Scope Group Worker Screening Protocol Scope Group IT Acceptable Use Policy Scope Group Client Safeguarding Policy Scope Group Quality and Safeguarding Framework |
Version 6 Effective Date 4/02/2025