Privacy Policy

“We”, “us”, “our” and “Gateways” means Gateways Support Services Incorporated (an incorporated association registered in Victoria with registration number A0035063A) (ABN 98 140 810 929) of 12-14 Thompson Road, North Geelong VIC 3215.

We acknowledge and respect the privacy of every individual and are committed to the protection of an individual’s personal information.

By virtue of our activities and funding arrangements, we have obligations to comply with the requirements of the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs), Privacy and Data Protection Act 2014 (Vic), the Information Privacy Principles (Vic) and Health Records Act 2001 (Vic) and other legislation in the collection, management and disclosure of personal information (including health information and sensitive information).

This policy explains how and why we collect, hold, use and disclose your personal information. You consent to us collecting, holding, using and disclosing your personal information in accordance with this policy.

What is personal information?

Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.

Sensitive information is a subset of personal information and is information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences, criminal record or health information.

What personal information do we collect and hold?

Gateways is a not-for-profit organisation that provides support to children and adults with a disability or additional needs. More information about what we do is available on our website.

We may collect personal information about you and your interactions with us when it is reasonably necessary for, or directly related to, our functions inclusive of providing supports and services and related business activities.

We may collect sensitive information about you where you consent, when the collection is authorised or required by law, or where the collection is otherwise allowed under the Privacy Act or other applicable legislation.

The kinds of information we collect will depend on our interactions with you. For example, when you engage us for any services, call us, make a donation, provide feedback, make a complaint, apply for a paid or unpaid position with us or otherwise visit our website.

The personal information we collect may include:

  • identity information, such as name, date and place of birth, gender, signature and copies of identity documents;
  • images (both digital and in hard copy format);
  • address and other contact details;
  • identifiers such as Medicare numbers, NDIS numbers, driver’s licence numbers and Working With Children Check numbers;
  • financial information (including bank account details) and billing details;
  • information about the services we provide you and the way in which we deliver those services, including file notes and meeting minutes;
  • communication preferences;
  • correspondence and details of communications/interactions with us;
  • information about your background and circumstances, such as education, employment history, residency status, financial information/situation, Court documents such as parenting orders; or
  • information about family and other related persons, including nominees or authorised representatives and treating professionals.

The kinds of sensitive information we may collect include:

  • health information, such as disability details and medical conditions, goals for your NDIS plan, support requirements and medical treatments;
  • cultural background; or
  • criminal history.

If you visit our website, we may collect information about how you access, use and interact with the website. This information may include:

  • the location from which you have come to the site and the pages you have visited; and
  • technical data, which may include IP address, the types of devices you are using to access the website, device attributes, browser type, language and operating system.

We use cookies on the website. A cookie is a small text file that the website may place on your device to store information.

  • We may use persistent cookies (which remain on your computer even after you close your browser) to store information that may speed up your use of our website for any of your future visits to the website. We may also use session cookies (which no longer remain after you end your browsing session) to help manage the display and presentation of information on the website.
  • You may refuse to use cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of the website.

Why do we collect, hold and use your personal information?

We collect, hold and use your personal information so that we can:

  • conduct our functions and activities;
  • provide you with our services;
  • manage our relationship with you;
  • contact you;
  • conduct our general business functions, such as:
  • recruitment and security assessment of prospective staff and volunteers;
  • managing employees;
  • managing contracts and funding agreements;
  • processing donations and organising fundraising events;
  • seeking funding;
  • processing payments;
  • fraud and compliance investigations;
  • audits (both internal and external);
  • conducting quality assurance activities including analysing and resolving complaints (including privacy complaints), feedback and enquiries made;
  • surveillance when you visit any of our offices; or
  • legal matters, which may include obtaining legal advice from internal and external lawyers;
  • comply with our legal obligations and assist government and law enforcement agencies or regulators; and
  • identify and tell you about other services that we think may be of interest to you.

We may also collect, hold, use and disclose personal information for other purposes which are explained at the time of collection, purposes which are required or authorised by or under law (including, without limitation, privacy legislation) or purposes for which an individual has provided their consent.

If you do not provide us with your personal information, we may not be able to provide you with our services, communicate with you or respond to your complaints or enquiries.

How do we collect your personal information?

We will collect your personal information directly from you when you interact with us, including when you:

  • apply for and use our services;
  • apply for a position (whether paid employment, as a volunteer or student);
  • make a donation;
  • contact us (for example by letter, fax, email or telephone);
  • complete any forms;
  • visit our offices;
  • attend our events;
  • subscribe to our newsletters;
  • participate in our surveys unless you choose to complete the survey anonymously;
  • interact or engage with us through our website or social media platforms; or
  • become an employee, volunteer, supplier or contractor.

We may collect personal information indirectly:

  • via manual or electronic visitor sign-in and security surveillance at our offices; or
  • from third parties such as:
  • your authorised representatives;
  • child representatives, such as parents or legal guardians;
  • funding agencies, State and Territory governments and government entities (such as the National Disability Insurance Agency (NDIA) or NDIS Quality and Safeguards Commission);
  • support coordinators; and
  • fundraising entities and fundraising service providers who permit access to their donors lists for fundraising purposes.

How do we store and hold personal information?

We store most information about you in computer systems and databases operated by either us or our external service providers.

We also store information about you in paper files that we store securely.

We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.

These processes and systems may include:

  • the use of identity and access management technologies to control access to systems on which information is processed and stored;
  • requiring all employees to comply with internal information security policies and keep information secure;
  • requiring all employees to complete training about information security; and
  • monitoring and regularly reviewing our practice against our own policies and against industry best practice.

We will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the APPs, subject to any legal or contractual requirements to retain the information.

Who do we disclose your personal information to, and why?

We may disclose personal information to third parties where appropriate for the purposes for which we have collected the information, including disclosure to:

  • our funding providers;
  • Government and regulatory bodies, including the NDIA, Medicare, the Department of Families, Fairness and Housing, the Department of Health, the Department of Education and the Australian Taxation Office;
  • NDIS Quality and Safeguards Commission;
  • people acting on your behalf including your nominated representatives, legal guardians, executors, trustees and legal representatives;
  • the police, or to the Disability Services Commissioner, or to comply with compulsory notices from courts of law, tribunals or Government Agencies;
  • financial institutions for payment processing;
  • referees whose details are provided to us by job applicants; and
  • our service providers, including:
  • information technology service providers;
  • invoice processing service providers;
  • conference, function and training organisers;
  • marketing and communications service providers;
  • freight and courier services;
  • distributors of direct marketing material including mail houses;
  • external business advisors (such as recruitment advisors, auditors and lawyers).

We may also disclose your personal information to others where:

  • we are required or authorised by law to do so;
  • you may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
  • we are otherwise permitted to disclose the information under the Privacy Act.

Do we disclose personal information to overseas recipients?

We primarily use cloud infrastructure or servers located within Australia, but we may on occasion use a platform or service located outside of Australia. Apart from this, we do not typically transfer personal information outside of Australia.

Overseas recipients may have different privacy and data protection standards. However, before disclosing any personal information to an overseas recipient, we will take steps reasonable in the circumstances to ensure the overseas recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme, unless disclosure is otherwise required or permitted by law or consented to.

Do we use your personal information for marketing?

We will use your personal information to offer you services we believe may interest you and to keep you informed and up to date about our work, but we will not do so if you tell us not to.

Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.

Access to and correction of your personal information

You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. There are some circumstances in which we are not required to give you access to your personal information.

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).

We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date, complete, relevant and not misleading.

Complaints

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.

We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.

If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (OAIC) (www.oaic.gov.au) or, in some instances, other regulatory bodies, such as the Victorian Information Commissioner or the Victorian Health Complaints Commissioner, for guidance on alternative course of action which may be available.

Contact details

If you have any questions, comments, requests or concerns, please contact us at:
Gateways Privacy Officer
Mail: 12-14 Thompson Road
North Geelong VIC 3215
Phone: (03) 5221 2984
Email: privacy@gateways.com.au

Changes to this policy

From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our website.

You may obtain a copy of our current policy from our website or by contacting us at the contact details above.

“We”, “us”, “our” and “Gateways” means Gateways Support Services Incorporated (an incorporated association registered in Victoria with registration number A0035063A) (ABN 98 140 810 929) of 12-14 Thompson Road, North Geelong VIC 3215.

Gateways has installed fixed security cameras at various locations around and inside Gateways’ premises. These cameras are not covered or hidden and are positioned to ensure the ‘private activities’ of individuals are not in view.  All properties with closed-circuit television (CCTV) system (including cameras) will have signs indicating its use on the site.  Fixed cameras are in use twenty-four (24) hours a day, seven days a week.

What personal information do we collect?

By entering Gateways’ premises your personal information, being your personal image, will be captured by security cameras.

Gateways only collects images on camera and no sound or voice is recorded.

The camera technology does not use a system for facial recognition.

Why do we collect personal information?

Gateways collects personal information through the CCTV system:

  • to enhance and ensure the safety and security of Gateways’ staff and visitors (including volunteers, clients and participants) on buildings which Gateways occupies, uses or controls;
  • to protect property, assets and any information owned and/or managed by Gateways;
  • to prevent or respond to critical incidents or security incidents;
  • to protect, and minimise the risk of access by unauthorised persons to, Gateways’ premises, property, assets and any information managed by Gateways; and
  • for investigative or legal purposes, including for investigations in accordance with Gateways’ policies and procedures.

Who has access to your personal information?

CCTV footage and images will only be accessed by relevant senior staff members of Gateways in accordance with their roles and responsibilities as set out in Gateways’ policies and procedures.

Gateways will disclose CCTV footage as required by law.

In some cases, Gateways will make relevant CCTV footage available to third parties who are closely associated with Gateways and where the disclosure of the CCTV footage is necessary to achieve the purpose for collection as set out above. Whether Gateways makes relevant CCTV footage available to other third parties will be at the absolute discretion of Gateways.

In general, disclosure of CCTV footage outside of Gateways is managed in accordance with Gateways’ Privacy Policy, as well as the Privacy Act 1988 (Cth).

Consent to collection

By entering Gateways’ premises, you provide your consent for the collection and disclosure of your personal information in accordance with the details set out above.

Security and retention of personal information

Gateways uses reasonable safeguards to protect your personal information from unauthorised access, use or disclosure. Access to Gateways’ CCTV system is restricted and managed in accordance with Gateways’ ICT requirements.

All CCTV footage is stored on a secure server (on site, that is, not in the cloud) for up to 60 days.

Footage may be downloaded and stored electronically where required for purposes as set out herein. Footage that is downloaded for any purpose is stored on a restricted drive that is managed by Gateways’ ICT team.

Complaints or concerns

Gateways’ Privacy Policy provides information on how individuals may access their personal information or seek the correction of this information.

Privacy complaints or concerns in relation to Gateways’ collection and use of CCTV footage can be raised, and will be managed by Gateways, in accordance with Gateways’ Privacy Policy. All privacy complaints or concerns should be made in writing and directed to privacy@gateways.com.au.

Date

This collection notice is dated 20 August 2024.