About this policy
This policy applies to personal information collected by the National Mental Health Commission. The Commission is bound by the provisions of the Privacy Act 1988, including the Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for how we handle and maintain personal information. This includes how we collect, store, use, disclose, quality assure and secure personal information, as well as your rights to access or correct your personal information.
You will generally be able to remain anonymous or use a pseudonym when interacting with us. However, it may not always possible for this to occur—for example, when we are authorised or required under the law to deal with individuals who have identified themselves. We will inform you if you are unable to remain anonymous or use a pseudonym when dealing with us.
Our personal information handling practices
We only collect personal information where that information is reasonably necessary for, or directly related to, one or more of our functions or activities. Generally, we will only collect sensitive information (such as health information) if you consent and it is reasonably necessary for, or directly related to, one or more of our functions or activities. We will not collect any personal information if we do not need it.
We may collect personal information directly from you, your representative or a third party. We primarily collect information directly from you or another individual, but in certain circumstances we may also obtain personal information collected by other Australian, State and territory government bodies or other organisations.
We collect personal information in a variety of ways, including paper-based forms, online (through our website as well as email), over the telephone and by fax.
When we collect personal information, we are required under the Privacy Act to notify you of a number of matters if it is reasonable to do so. These matters include the purposes for which we collect the information, whether the collection is required or authorised by law, and any person or body to whom we usually disclose the information. To achieve this, we will mainly use privacy collection notices on our forms and online portals.
Types of personal information that we hold
The Commission only collects personal information that is necessary for, or directly related to its functions or activities. It may include:
- personal contact details
- personnel/employee records including educational qualifications
- complaint and feedback information
- financial payment records
- contract, tender and submission documents
- litigation and compensation records
- grants information
- employee conflict of interest declarations
- mailing and subscription lists (i.e. eNews)
- FOI applications
- ministerial or Commission correspondence, and
- submissions to consultations or reviews that we administer
We may also collect and hold a range of sensitive information, including:
- health information – where you provide details of your medical history to us (such as in a submission to a review we are conducting); or the health information of staff (such as rehabilitation and compensation case files, next of kin or details of disabilities or injuries);
- racial or ethnic origin – of staff members for reporting purposes, or
- criminal records – as part of pre-employment screening.
When the Commission collects sensitive personal information, it is usually collected with the consent of the individual concerned. In limited circumstances we may collect personal information from a third party such as when a court order exists or it is authorised under an Australian law. If personal information about an individual is collected from another source, reasonable steps will be taken in the circumstances to notify the individual of the circumstances of the collection.
Use and disclosure of personal information
We will not give your personal information to other government agencies, private sector organisations, or anyone else unless you consent or one of the following exceptions applies:
- you would reasonably expect us to use the information for that other purpose
- it is legally required or authorised, such as by an Australian law, or court or tribunal order
- it is reasonably necessary for an enforcement-related activity
- we reasonably believe that it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in and we reasonably believe that it is necessary in order for us to take appropriate action in relation to the matter
- we reasonably believe that it is reasonably necessary to help locate a person who has been reported as missing
- it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
- it is reasonably necessary for the purposes of a confidential alternative dispute resolution process.
Disclosure to overseas recipients
We do not routinely provide personal information to overseas recipients. If, at some point, disclosure of information to an overseas recipient becomes necessary, we will only provide personal information to an overseas recipient if we are allowed to do so under the Privacy Act. We will also take reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to the information.
Quality of personal information
The Privacy Act requires us to take reasonable steps to ensure that the personal information we hold is safe and secure. We are also required to take reasonable steps to ensure that the personal information that we collect is accurate, up-to-date, and complete. This may include correcting your personal information where it is appropriate to do so.
How we store personal information
The Commission stores all personal information securely and restricts access to those employees who need access in order to perform their duties or to assist individuals. In general, personal information is stored electronically in record keeping systems, on hard drives or in emails.
We take all necessary steps to ensure that personal information is protected from misuse, loss and interference. When personal information is no longer required, we delete or destroy it in a secure manner, unless we are required to maintain it because of a law, or court or tribunal order. This situation might arise where the Archives Act 1983 requires that we maintain your personal information because it forms part of a Commonwealth record.
Accessing and correcting your personal information
You have a right to access personal information we hold about you. You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
There is no charge associated with making a request and notification of the outcome will be provided, in most cases, within 30 days. For security reasons, and to protect other person’s privacy, applicants may be asked to provide proof of their identity.
To access personal information, a written request should be sent to the Commission’s Privacy Officer by email at firstname.lastname@example.org or in writing to:
The Privacy Officer
PO Box R1463 Royal Exchange
We can decline access to, or correction of, personal information under circumstances set out in the Privacy Act. Generally, where we refuse to give you access, we will give you written notice of the reasons for refusal and the mechanisms available to you to dispute that decision.
The Privacy Officer can be contacted on (02) 8229 7550 to discuss any privacy issues.
Making a privacy complaint
An individual may complain about the way the Department has handled their personal information. Complaints should be in writing and sent to the Privacy Officer using the contact details provided.
The complaint should provide sufficient detail so the issues and concerns can be investigated.
If you are not satisfied with the outcome of an investigation, a complaint can be submitted to the Office of the Australian Information Commissioner (OAIC). Further details about making a privacy complaint to the OAIC can be found at www.oaic.gov.au/privacy/making-a-privacy-complaint.
What happens when you visit our website
Protecting your privacy online
The Commission is committed to protecting privacy online in accordance with the Guide to securing personal information issued by the OAIC.
While every effort is made to secure information transmitted to this site over the internet, there is a possibility that this information could be accessed by a third party while in transit.
When visiting this site, a record of your visit is logged. This "clickstream data" is recorded for statistical purposes only and is used to help improve this website. The following information is supplied by your browser (eg: Internet Explorer):
- the user's server address
- the user's operating system (for example Windows, Mac OS X etc)
- the user's top level domain name (for example .com, .gov, .au, .uk etc)
- the date and time of the visit to the site
- the pages accessed and the documents downloaded
- the previous site visited, and
- the type of browser used.
This information is used for statistical purposes only. No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency (or other government agency) exercises a legal authority to inspect Internet Service Provider (ISP) logs (eg. by warrant, subpoena or notice to produce).
Cookies are pieces of information that a website can transfer to your computer when you access information on that site. Cookies can make websites easier to use by storing information about your preferences on a particular website. This information remains on your computer after you close your browser.
Collection of personal information
When you e-mail us:
- we will record your e-mail address
- we will only use your e-mail address for the purpose for which you provided it
- it will not be added to a mailing list, unless provided by you specifically for that purpose
- we will not use your e-mail address for any other purpose
- we will not disclose it without your consent.
Other personal information is collected by us when you subscribe to any subscription service on the National Mental Health Commission website.
The contact information you provide, for example, your name and email address, will only be used for the purposes as outlined for this Service.
Additional information is collected for statistical purposes only. This information is non-mandatory and will be:
- collected by lawful and fair means
- used for a lawful purpose, and
- collected with your consent.
This site does not provide facilities for the secure transmission of information across the Internet. Users should be aware that there are inherent risks in transmitting information across the Internet. As an alternative, users are able to make comments and suggestions by writing to:
National Mental Health Commission
Post Box R1463
Royal Exchange NSW 2000
Links to other sites