Aboriginal and Torres Strait Islander Corporation Family Violence Prevention and Legal Service Victoria operates as Djirra.
Djirra will ensure that:
- it meets its legal and ethical obligations as an employer and service provider in relation to protecting the privacy of clients and others;
- clients are provided with information about their rights regarding privacy;
- clients, staff and others are provided with privacy when they are being interviewed or discussing matters of a personal or sensitive nature; and
- all staff, Board members and volunteers understand what is required in meeting these
Djirra is subject to the Australian Privacy Principles under the Privacy Act 1988 (Cth). Djirra will follow the guidelines of the Australian Privacy Principles in its information management practices.
What is personal information?
Personal information is information or an opinion from which it is possible to personally identify someone. It includes information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable. The information collected by Djirra about a particular person will vary depending on the circumstances of collection. It may include, but is not limited to, a person’s contact details (name, email and/or postal address, phone number), date of birth, gender, credit card details, driver’s licence number, passport number, insurance details, employment history, qualifications or communication history
Personal information does not include anonymous information, aggregated or de-identified information.
What is sensitive information?
Sensitive information is a subset of personal information and is given a higher level of protection. Sensitive information is defined in the Privacy Act and includes information or an opinion about an individual’s racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual preferences or practices; or criminal record.
If it is reasonably necessary in the circumstances, Djirra may also collect sensitive information such
as a person’s medical history, nationality, their ethnic background or disabilities.
Djirra is required by law to obtain consent when collecting sensitive information. Djirra will assume
consent to the collection of all sensitive information that is provided to it for use in accordance with
What personal information does Djirra collect and hold?
The type of information collected by Djirra will depend on the nature of a person’s interaction with Djirra, however Djirra may collect the following types of personal information:
- identification and contact details, such as name, mailing or street address, email address, telephone number, age or birth date;
- family type, country of birth, year of arrival in Australia, language spoken at home;
- financial information, such as housing, occupation, financial status and income;
- sensitive information, such as racial or ethnic background, criminal history and health information, English proficiency, need for an interpreter, or disability;
- other personal or sensitive information not covered above which is collected as a result of providing a client with legal advice;
- details of the services a client has requested or enquired about, or services provided, together with any additional information necessary to respond or deliver those services; and
- any additional information relating to a client that a client provides in-person, by telephone, in writing or via email.
How does Djirra collect your personal information?
Djirra collects personal information directly from an individual unless it is unreasonable or impracticable to do so. This may occur in a range of ways including in person; by letter, fax, email or telephone; on hard copy forms; through the website; from referring or third parties (with consent); and at events or forums.
Depending on the circumstances, some types of information will be required to be provided and others might be optional. If you do not provide some or all of the information requested, this may affect Djirra’s ability to communicate with you or to provide the requested products or services.
By not providing requested information, you may jeopardise your ability to receive services or apply for employment or volunteer positions with Djirra. If it is impracticable for Djirra to deal with you as a result of you not providing the requested information or consent, Djirra may refuse to do so.
Collection from third parties
Djirra may collect personal information regarding a child from the parent or other responsible person associated with that child.
In many circumstances, Djirra collects information from third parties with written client consent.
Examples of such third parties could include, without limitation:
- police, courts, corrections agencies;
- hospitals, health services, medical and allied health professionals, counsellors; and
- government agencies, schools, community organisations.
Notification of collection of personal information
For what purposes does Djirra collect, hold, use and disclose personal information?
Djirra collects, holds, uses and discloses personal information for the following purposes:
- to assess whether a client is eligible for assistance, including assistance in the form of a grant of legal aid from a Legal Aid Commission, and to maintain those grants of aid;
- to provide legal and non-legal support services to clients;
- to answer enquiries and provide information about Djirra’s services;
- to recruit staff, contractors and volunteers;
- for planning, quality control and for the creation of anonymous case studies;
- to update records;
- for use in monitoring and assessing Djirra’s services, including as part of peer review of service, legal needs assessments, reports to funding providers, compliance, quality audits and evaluations including those conducted by external bodies such as Victoria Legal Aid, Department of Health and Human Services and others;
- to process and respond to any complaints; and
- to comply with any law, rule, regulation, lawful and binding determination.
Djirra may use health information to ensure that programs we operate are run safely and in accordance with any special health needs participants may have. Health information may also be kept for insurance purposes. In addition, we may use de-identified health information and other sensitive information to carry out research, to prepare submissions to government, or to plan events and activities. Djirra may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or which are required or authorised by or under law for which the individual has provided their consent.
To whom may Djirra disclose your information?
Djirra may disclose your personal information to a range of organisations which include, but are not limited to:
(a) other organisations involved in providing similar services or programs in Australia;
(b) companies we engage to carry out functions and activities on Djirra’s behalf,
including direct marketing;
(c) our professional advisers, including our accountants, auditors and lawyers;
(d) our insurers; and
(e) in other circumstances required or permitted by law.
In some circumstances, personal information may also be disclosed outside of Australia. In such circumstances, Djirra will use its best endeavours to ensure such parties are subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are suitably similar to the Australian Privacy Principles.
We will assume consent to use non-sensitive personal information to provide better services and for marketing purposes (including disclosure of such information to service providers).
Every person whose data is collected by Djirra has the option to refuse e-mail, SMS or posted communications by making a request in writing to Djirra via the contact details set out below or by making use of the opt-out procedures included in any communications from us (however, information relating to the option to unsubscribe from those communications may be retained).
In addition, Djirra may also disclose personal information:
(a) with your express or implied consent;
(b) when required or authorised by law;
(c) to an enforcement body when reasonably necessary; or
(d) to lessen or prevent a threat to an individual or public health or safety.
When users visit the Djirra website, our systems may record certain information about their use of the site, including the web pages visited and the time and date of their visit. Djirra uses this information to help analyse and improve the performance of the Djirra website.
Websites linked to the Djirra website are not subject to Djirra’s privacy standards, policies or procedures. Djirra cannot take any responsibility for the collection, use, disclosure or security of any personal information that you provide to a third party website.
Accessing and correcting personal information
An individual may request access to any personal information Djirra holds about them at any time by contacting Djirra (see the details below). Where Djirra holds information that an individual is entitled to access, we will try to provide the information in the manner requested (for example, photocopies or by viewing a file) and in a timely way.
There may be instances where Djirra cannot grant access to the personal information held. For example, Djirra may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, Djirra will provide written notice outlining the reasons for the decision and available complaint mechanisms.
Djirra will take all reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete and up-to-date. However, we rely on the accuracy of personal information as provided to us both directly and indirectly. If an individual believes that personal information Djirra holds about them is incorrect, incomplete or inaccurate, then they may request us to amend it. Djirra will then consider if the information requires amendment. If we agree that it requires amendment we will take reasonable steps to correct that information. If Djirra does not agree that there are grounds for amendment then the individual may request that Djirra add a note
to the personal information stating that the relevant individual disagrees with the information and Djirra will take reasonable steps to do so.
If Djirra corrects personal information about an individual and has previously disclosed that information to another agency or organisation that is subject to the Privacy Act, the individual may ask Djirra to notify that other entity and Djirra will take reasonable steps to do so, unless this would be impracticable or unlawful.
In addition to above, in circumstances where a client requests access to personal information held by Djirra’s Aboriginal Family Violence Legal Service, the Manager of Legal Service will view the file and approve any copies of material to be given to the client prior to client access. A copy of the relevant part of the file will be made available to the client as soon as practicable after this.
If an individual believes that their privacy has been breached, please contact our Privacy Officer at this address:
Djirra’s Aboriginal Family Violence Legal Service
292 Hoddle Street, Abbotsford, 3067
Phone: 03 9244 3333
Djirra treats all complaints confidentially. Djirra will try to resolve all complaints in a timely, fair and reasonable way. We will respond to your complaint within 30 days and try to resolve it within 90 days. If an individual is not satisfied with Djirra’s response, a complaint can be made to the Office of the Australian Information Commissioner (by telephone: 1300 363 992, by email firstname.lastname@example.org or by post: GPO Box 5218 Sydney NSW 2001).
Security and integrity of personal information
Djirra stores information in different ways, including in paper and electronic form.
Much of the information we collect from and about the people we provide our services to is added to Djirra’s database. When your information is entered into Djirra’s database, the information may be combined or linked with other information held about you.
Djirra takes reasonable steps to ensure that personal information we collect, use and disclose is accurate, up-to-date and complete and relevant. Security of personal information is important to Djirra. Djirra has taken steps to protect the information we hold from misuse, loss, unauthorised access, modification or disclosure. Some of the security measures Djirra uses include strict confidentiality requirements of our employees, volunteers and service providers, security measures for system access and for our website.
Data breach notification
As outlined above, Djirra seeks to protect your personal information from any unauthorised loss, disclosure or access. However, it is a requirement of the Privacy Act that if a serious data breach occurs, Djirra must notify you and the Office of the Australian Information Commissioner regarding the circumstances of the breach.
Changes to the Policy