Diabetes Australia is covered by the Privacy Act 1988 (‘the Privacy Act’). Updated Privacy laws commenced on 12 March 2014 that introduced the new Australian Privacy Principles (‘APPs’). The APPs set out the way organisations and government agencies such as Diabetes Australia can collect, use, disclose and provide access to personal and sensitive information.
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether it is true or not and whether it is recorded in a material form or not. It includes, for example, your name, age, gender and contact details. Personal information can also include sensitive information, which can include information or an opinion about your health and health services provided to you.
KeepSight is a new national diabetes eye screening program that is owned and administered by Diabetes Australia. It is a national recall and reminder program that will encourage Australians currently living with diabetes and registered on the National Diabetes Services Scheme (‘NDSS’) to book an appointment with an eye care provider of their choice using targeted messaging such as emails, SMS and social media. Eye care providers will be asked to register as providers with the KeepSight program, through a freely available website and app specifically created for the initiative.
KeepSight is a once-in-a-generation opportunity to increase the rates of eye examinations and reduce and prevent the rates of diabetes-related blindness by detecting problems early when they are treatable. Oculo™️, a secure cloud based platform that has been specifically designed for eye care practitioners to share clinical information, referrals and other clinical correspondence between eye care professionals, has been contracted by Diabetes Australia to run the KeepSight Portal.
Our Privacy Collection Statement is available at: https://www.keepsight.org.au/privacy_collection_statement
Diabetes Australia collects your personal and sensitive information only if you have consented to the information being collected, if the information is reasonably necessary for one or more of our functions or activities or if one of the other exceptions applies under the APPs.
If you are a person with diabetes, we collect personal information about you, such as your name, contact details, gender, date of birth, NDSS number, details of your parent or carer. We also collect sensitive information about you such as diabetes type, details about your eye health such as retinopathy results and other eye examination details, details of your medical practitioner and/or your eyecare healthcare professional and date of your last eye examination as well as whether you are of Aboriginal or Torres Strait Islander origin.
If you are a health care professional, we also collect personal information about you such as your name, date of birth, contact details, practice location, and professional registration numbers (such as your AHPRA or Orthoptics Australia membership number). We use this information to register and verify your identity as a user, to inform the patient who last recorded their eye examination, and to track which health care professionals are actively recording patients in the KeepSight program.
We only collect your information by lawful and fair means. We collect your information in a few different ways, including:
We will always collect personal information from you directly or, with your consent, from diabetes and eye healthcare professionals.
When we collect your information, or as soon as practical after, we will take reasonable steps to let you know:
The Diabetes Australia website and KeepSight website use software known as ‘cookies’ to record your visit to the website and collect some statistical information. We use this information to help administer and improve our websites. We do not use this information to personally identify you. Information we may collect includes:
You may set your web browser to disable cookies when visiting our websites. However, some website functions may be unavailable if you choose to do so.
It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself or to use a fictional name when interacting with us. You can remain anonymous when using some parts of the Diabetes Australia website or sites administered by Diabetes Australia. However, it may be necessary for us to collect your personal or sensitive information if you would like to access certain materials or services. For example, if you would like to enrol in the KeepSight program for reminders about your eye health and recommended timing for eye examinations. If you choose to withhold the information we require, we may not be able to provide the services you have requested.
We take appropriate steps to protect your personal and sensitive information held by us from misuse, interference, unauthorised access, modification, loss or disclosure. This includes during storage, collection, processing, transfer and destruction of the information.
Information is stored in access-controlled premises or in secure electronic databases.
All your information is stored in Australia. We hold the information we collect electronic format. We use best endeavours to protect the unauthorised use or disclosure of the information we collect or hold. This includes using security safeguards as is reasonable in the circumstances, including industry standard techniques such as firewalls, encryption, intrusion detection and site monitoring. While we strive to protect your information, no data transmission over the Internet can be guaranteed to be 100% secure, and we cannot guarantee the security of any information you send to us or receive from us, especially via e-mail, which uses third party providers. Such information cannot be protected by us until it reaches us. Once we receive your transmission, we make our best effort to ensure its security.
We take steps to ensure the security of the Diabetes Australia website and KeepSight website. However, users are advised that there is always some risk when transmitting information across the Internet, including a risk that information sent to or from a website may be intercepted, corrupted or modified by third parties.
We do not use or disclose your information other than as intended for the KeepSight program.
The KeepSight website and sites administered by Diabetes Australia contain links to external websites. We recommend that you review the privacy policies of those external websites as we are not responsible for their privacy practices.
When we no longer need personal information for any purpose we will take reasonable steps to destroy the information or ensure that the information is de-identified. This will apply except where we are required by law or a court/tribunal order to retain the information.
We only collect, hold and use your personal and sensitive information for purposes which are directly related to the reason you provided us with your information in the first place and where you would reasonably expect us to use your information. For example, we may send people who register with KeepSight information about the need for eye examinations and the effective self-management of diabetes.
We will not collect, hold and use your personal information for another purpose unless you have given consent or one of the exceptions under the Privacy Act applies. For example, if the use of the information is authorised by Australian law or is necessary for law enforcement by an enforcement body, such as the Australian Federal Police.
When you provide us with your personal and sensitive information, we seek your consent to disclose the information for the purposes identified.
We only disclose your personal and sensitive information for purposes which are directly related to the reason you provided us with your information in the first place and where you would reasonably expect us to disclose your information. We will not sell the personal or sensitive information we collect from you without your knowledge or consent.
We do not currently disclose your personal information to overseas parties. If your personal information is transferred overseas, we will comply with our obligations under the APPs.
We will not disclose your personal information for another purpose unless you have given consent (for example, as de-personalised information for research purposes) or one of the exceptions under the Privacy Act applies. For example, we may disclose your personal information if authorised by Australian law or if necessary for law enforcement.
From time to time, we may send out promotional materials for the purposes of Diabetes Australia or KeepSight. If you do not wish to receive these communications, please contact Diabetes Australia to unsubscribe (see contact details below). Your information may also be used by us to provide you with details of our services and events where permitted by the Privacy Act or where you have consented to the use or disclosure of your personal information for direct communications and promotional materials.
It is our policy that any direct communication or promotional material will include a statement advising that you may request not to receive further material by contacting us using the details provided.
We will take reasonable steps to ensure that all personal information that we hold, collect, use or disclose is accurate, up-to-date, complete, relevant and not misleading.
We will correct any personal information that we believe to be incorrect, out-of-date, incomplete, irrelevant or misleading. This includes taking reasonable steps to notify any organisation or government agency to which information was disclosed about the correction. You may request to access or correct your personal information at any time by contacting the Privacy Officer using the details below. We will give you access to the information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.
If you request to access or correct your information, we will respond within a reasonable time (usually within 30 days). If your request is refused, we will give you a written notice that sets out the reasons for refusal and how to complain about the decision.
The Privacy Act Amendment Notifiable Data Breaches (NDB) Act 2017 requires Diabetes Australia to notify particular individuals and the Office of the Australian Information Commissioner about ‘eligible data breaches’. A data breach is eligible if it is likely to result in serious harm to any of the individuals to whom the personal or sensitive information relates. Diabetes Australia will make an objective assessment of whether a data breach is likely to result in serious harm and take remedial action according to its data breach response plan. See https://www.oaic.gov.au/ for further information
The Spam Act prohibits sending unsolicited commercial emails, SMS and MMS messages for commercial purposes. Examples of unsolicited communications are ones that do not directly relate to a service you have previously signed up with or agreed to. While not-for-profit organisations such as Diabetes Australia do have some exemptions from the Spam Act, we are guided by the Code of Practice developed by the Australian Direct Marketing Association. More information:https://www.adma.com.au/comply/code-of-practice/