Privacy :: Keepsight

Privacy Policy

Diabetes Australia is covered by the Privacy Act 1988 (‘the Privacy Act’). Updated Privacy laws commenced on 12 March 2014 that introduced the new Australian Privacy Principles (‘APPs’). The APPs set out the way organisations and government agencies such as Diabetes Australia can collect, use, disclose and provide access to personal and sensitive information.

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether it is true or not and whether it is recorded in a material form or not. It includes, for example, your name, age, gender and contact details. Personal information can also include sensitive information, which can include information or an opinion about your health and health services provided to you.

What is KeepSight?

KeepSight is a new national diabetes eye screening program that is owned and administered by Diabetes Australia. It is a national recall and reminder program that will encourage Australians currently living with diabetes and registered on the National Diabetes Services Scheme (‘NDSS’) to book an appointment with an eye care provider of their choice using targeted messaging such as emails, SMS and social media. Eye care providers will be asked to register as providers with the KeepSight program, through a freely available website and app specifically created for the initiative.

KeepSight is a once-in-a-generation opportunity to increase the rates of eye examinations and reduce and prevent the rates of diabetes-related blindness by detecting problems early when they are treatable. Oculo™️, a secure cloud based platform that has been specifically designed for eye care practitioners to share clinical information, referrals and other clinical correspondence between eye care professionals, has been contracted by Diabetes Australia to run the KeepSight Portal.

Diabetes Australia is the national body for people affected by all types of diabetes and those at risk. Diabetes Australia administers the NDSS on behalf of the Australian Government. Diabetes Australia is committed to the protection of your privacy. This Privacy Policy sets out how Diabetes Australia handles the personal and sensitive information of people who register with the KeepSight program, and ensures we manage personal and sensitive information consistently with the APPs.

This Privacy Policy applies to all employees, consultants, contractors and agents of Diabetes Australia, and covers all information for the KeepSight program.

Collection of your information

Our Privacy Collection Statement is available at: https://www.keepsight.org.au/privacy_collection_statement

Diabetes Australia collects your personal and sensitive information only if you have consented to the information being collected, if the information is reasonably necessary for one or more of our functions or activities or if one of the other exceptions applies under the APPs.

If you are a person with diabetes, we collect personal information about you, such as your name, contact details, gender, date of birth, NDSS number, details of your parent or carer. We also collect sensitive information about you such as diabetes type, details about your eye health such as retinopathy results and other eye examination details, details of your medical practitioner and/or your eyecare healthcare professional and date of your last eye examination as well as whether you are of Aboriginal or Torres Strait Islander origin.

If you are a health care professional, we also collect personal information about you such as your name, date of birth, contact details, practice location, and professional registration numbers (such as your AHPRA or Orthoptics Australia membership number). We use this information to register and verify your identity as a user, to inform the patient who last recorded their eye examination, and to track which health care professionals are actively recording patients in the KeepSight program.

We only collect your information by lawful and fair means. We collect your information in a few different ways, including:

  • electronically, such as through the KeepSight website;
  • phone calls;
  • as part of health care services we provide to you; and
  • other correspondence, such as email and mail.

We will always collect personal information from you directly or, with your consent, from diabetes and eye healthcare professionals.

When we collect your information, or as soon as practical after, we will take reasonable steps to let you know:

  • that the information has been received by Diabetes Australia and how to contact us;
  • if we received your information from another source, details of the information we have received and why we received it;
  • why we are collecting the information;
  • the main consequences (if any) for you if you do not provide all or part of the information we have requested;
  • the organisations or types of organisations to which we normally pass on information;
  • that you can access and seek to correct your information and that our Privacy Policy explains how that can be done;
  • that our Privacy Policy contains information about how someone can complain if they believe we have breached the APPs and how we will handle that complaint; and
  • whether we are likely to disclose information to overseas parties and if so, the countries in which those parties are located

Cookies

The Diabetes Australia website and KeepSight website use software known as ‘cookies’ to record your visit to the website and collect some statistical information. We use this information to help administer and improve our websites. We do not use this information to personally identify you. Information we may collect includes:

  • your server address
  • your domain name
  • the date and time of access to the website
  • pages accessed and documents downloaded
  • the previous site visited
  • if you have visited the website before
  • the type of browser software in use.

You may set your web browser to disable cookies when visiting our websites. However, some website functions may be unavailable if you choose to do so.

Can I remain anonymous?

It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself or to use a fictional name when interacting with us. You can remain anonymous when using some parts of the Diabetes Australia website or sites administered by Diabetes Australia. However, it may be necessary for us to collect your personal or sensitive information if you would like to access certain materials or services. For example, if you would like to enrol in the KeepSight program for reminders about your eye health and recommended timing for eye examinations. If you choose to withhold the information we require, we may not be able to provide the services you have requested.

Security of your information

We take appropriate steps to protect your personal and sensitive information held by us from misuse, interference, unauthorised access, modification, loss or disclosure. This includes during storage, collection, processing, transfer and destruction of the information.

Information is stored in access-controlled premises or in secure electronic databases.

All your information is stored in Australia. We hold the information we collect electronic format. We use best endeavours to protect the unauthorised use or disclosure of the information we collect or hold. This includes using security safeguards as is reasonable in the circumstances, including industry standard techniques such as firewalls, encryption, intrusion detection and site monitoring. While we strive to protect your information, no data transmission over the Internet can be guaranteed to be 100% secure, and we cannot guarantee the security of any information you send to us or receive from us, especially via e-mail, which uses third party providers. Such information cannot be protected by us until it reaches us. Once we receive your transmission, we make our best effort to ensure its security.

Employees of Diabetes Australia, Oculo™️ and other contracted third parties and other parties to whom we disclose your information, sign a confidentiality agreement that requires them to comply with the Privacy Act and our Privacy Policy.

We take steps to ensure the security of the Diabetes Australia website and KeepSight website. However, users are advised that there is always some risk when transmitting information across the Internet, including a risk that information sent to or from a website may be intercepted, corrupted or modified by third parties.

We do not use or disclose your information other than as intended for the KeepSight program.

The KeepSight website and sites administered by Diabetes Australia contain links to external websites. We recommend that you review the privacy policies of those external websites as we are not responsible for their privacy practices.

When we no longer need personal information for any purpose we will take reasonable steps to destroy the information or ensure that the information is de-identified. This will apply except where we are required by law or a court/tribunal order to retain the information.

Use of your information

We only collect, hold and use your personal and sensitive information for purposes which are directly related to the reason you provided us with your information in the first place and where you would reasonably expect us to use your information. For example, we may send people who register with KeepSight information about the need for eye examinations and the effective self-management of diabetes.

We will not collect, hold and use your personal information for another purpose unless you have given consent or one of the exceptions under the Privacy Act applies. For example, if the use of the information is authorised by Australian law or is necessary for law enforcement by an enforcement body, such as the Australian Federal Police.

Disclosure of your information

When you provide us with your personal and sensitive information, we seek your consent to disclose the information for the purposes identified.

We only disclose your personal and sensitive information for purposes which are directly related to the reason you provided us with your information in the first place and where you would reasonably expect us to disclose your information. We will not sell the personal or sensitive information we collect from you without your knowledge or consent.

KeepSight information provided by you will be disclosed to Oculo™️ and may be disclosed to other third parties, including organisations that deliver services on our behalf or to us, government agencies, mailing houses and other organisations or government agencies for the purpose of administering the NDSS. Oculo™️’s privacy policy is available at: http://www.connect.oculo.com.au/privacy-policy/

Where possible, the information that could reasonably identify you as an individual is first removed before it is disclosed to external parties. You can be assured that we will take all reasonable steps to ensure your personal details remain confidential at all times. All external parties who receive your information must sign a confidentiality agreement that requires them to comply with the Privacy Act and our Privacy Policy.

We do not currently disclose your personal information to overseas parties. If your personal information is transferred overseas, we will comply with our obligations under the APPs.

We will not disclose your personal information for another purpose unless you have given consent (for example, as de-personalised information for research purposes) or one of the exceptions under the Privacy Act applies. For example, we may disclose your personal information if authorised by Australian law or if necessary for law enforcement.

Direct communications and promotional materials

From time to time, we may send out promotional materials for the purposes of Diabetes Australia or KeepSight. If you do not wish to receive these communications, please contact Diabetes Australia to unsubscribe (see contact details below). Your information may also be used by us to provide you with details of our services and events where permitted by the Privacy Act or where you have consented to the use or disclosure of your personal information for direct communications and promotional materials.

It is our policy that any direct communication or promotional material will include a statement advising that you may request not to receive further material by contacting us using the details provided.

How to access and correct your information

We will take reasonable steps to ensure that all personal information that we hold, collect, use or disclose is accurate, up-to-date, complete, relevant and not misleading.

We will correct any personal information that we believe to be incorrect, out-of-date, incomplete, irrelevant or misleading. This includes taking reasonable steps to notify any organisation or government agency to which information was disclosed about the correction. You may request to access or correct your personal information at any time by contacting the Privacy Officer using the details below. We will give you access to the information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.

If you request to access or correct your information, we will respond within a reasonable time (usually within 30 days). If your request is refused, we will give you a written notice that sets out the reasons for refusal and how to complain about the decision.

Notifiable Data Breaches

The Privacy Act Amendment Notifiable Data Breaches (NDB) Act 2017 requires Diabetes Australia to notify particular individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the personal or sensitive information relates. Diabetes Australia will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action according to its data breach response plan. See https://www.oaic.gov.au/ for further information

The Spam Act 2003

The Spam Act prohibits sending unsolicited commercial emails, SMS and MMS messages for commercial purposes. Examples of unsolicited communications are ones that do not directly relate to a service you have previously signed up with or agreed to. While not-for-profit organisations such as Diabetes Australia do have some exemptions from the Spam Act, we are guided by the Code of Practice developed by the Australian Direct Marketing Association. More information:https://www.adma.com.au/comply/code-of-practice/

How to make a complaint or enquiry

Diabetes Australia is committed to the protection of your privacy. If you have any questions about how we handle personal information, would like to complain about how we have handled your information, or would like further information about our Privacy Policy, please submit a written query or complaint to our Privacy Officer, whose contact details are set out below. Our Privacy Officer will assess any complaints and liaise with you to resolve any issues within a reasonable time (usually within 30 days). If you are unhappy with the outcome, you may lodge a complaint with the Office of the Australian Information Commissioner who can order the payment of compensation by Diabetes Australia in certain circumstances. More information: https://www.oaic.gov.au/privacy/making-a-privacy-complaint

Contact Details

Privacy Officer
Diabetes Australia
GPO Box 3156
Canberra, ACT 2601
Phone: 02 6232 3800
Email: [email protected]