About Careers Feedback 1300 23 63 82

About Benetas

Privacy Policy & Terms

Benetas takes the privacy of visitors, employees, 
volunteers, customers, suppliers and business partners seriously.


1.0 Purpose

Benetas is committed to protecting privacy in accordance with applicable privacy legislation. The policy explains how Benetas collects, uses, disposes and otherwise handles personal information.

Maintaining appropriate systems and processes for the collection, storage, use and disclosure of information ensures that Benetas is able to maintain key information to support consumers efficiently and effectively and also minimises risk to consumers. This policy assists employees to:

  • Understand their obligations in relation to privacy and information security
  • Become familiar with the relevant legislation and compliance frameworks, including how Benetas will be monitored in relation to privacy and information management
  • Develop a privacy aware culture through best practice information management
  • Know where to get further information and resources

Benetas is subject to the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) which regulates the way in which personal information is handled throughout its lifecycle, from collection and disclosure, storage, accessibility and disposal.

Benetas is also required to comply with the Health Privacy Principles (HPPs) in the Health Records Act 2001 (Vic) in relation to how we collect and handle health information.

In certain circumstances, for example, where funding agreements with government agencies require it, Benetas may also be required to comply with the Information Privacy Principles (IPPs) in the Privacy and Data Protection Act 2014 (Vic).

Benetas aims to provide effective and efficient services, whilst respecting the privacy rights of consumers, employees, contractors and volunteers (inc. students) as well as prospective consumers and job applicants.

2.0 Scope

This policy applies to all employees, contractors, volunteers and students on placement responsible for collecting, storing, using or disclosing individuals’ information on behalf of Benetas.

Benetas collects and handles personal information for the recruitment and engagement of employees and volunteers. While employment details are generally exempt from the Privacy Act, it is Benetas policy to protect the personal information and records of future, current and past employees and volunteers as we do other personal information, and in line with relevant industrial instruments or legislation.

3.0 Collection of personal information - Recruitment

Collection of Information

Benetas may collect personal information throughout its job application and recruitment process whereby candidates are required to provide information for Benetas to assess their suitability for a position.

Examples of personal information Benetas may collect from job applicants in the recruitment process include:

  • curriculum vitae;
  • name, address, telephone, and email contact details;
  • nationality;
  • gender, date of birth;
  • health and medical information;
  • bank account, tax file and superannuation details for payroll;
  • information from referees;
  • education and training information;
  • driver’s license number and other licenses or certificates required for a role; and
  • results of any psychometric testing completed or provided during the recruitment process.

Benetas collects personal information from candidates during the recruitment process to assess their suitability for employment and to meet legal and regulatory requirements within the aged care sector.

This information is only collected from individuals with their prior knowledge and consent and for the primary purpose for which it was collected.

How do we collect personal information in the recruitment process?

Personal information will be obtained by Benetas in the recruitment process when:

  • A job application is submitted by a candidate via a Benetas careers portal hosted by Page Up;
  • An Employee Details form is completed and provided to Benetas following a candidate accepting an offer of employment; or
  • Submission of personal information is made by a third-party recruiter via the Benetas careers portal hosted by Page Up.

If your application is unsuccessful, Benetas may keep your information to build a pool of potential candidates for future positions. You will have the chance to opt out of the talent pool when notified of an unsuccessful application.

If you choose to remain in the pool but later wish to be removed, you can request removal at any time.

Security of personal information

We value the security of personal information and employ reasonable measures to safeguard it.

The personal information we retain is typically stored electronically, either in computers or cloud systems managed by us or our service providers. We employ various information security protocols to protect personal data from unauthorised access, loss, misuse, or improper alteration during handling.

For more information on the measures Benetas adopts to ensure the security of your personal information you can refer to 8.0 Security of personal information of this Privacy Policy.

Disclosure

Benetas may also disclose your personal information for secondary purposes, or where required or mandated by law. Recipients of this information may include:

  • referees;
  • our staff and associated entities;
  • insurers and workers' compensation bodies as required by relevant legislation;
  • contractors, suppliers, and professional advisors;
  • any other entity with an individual’s consent or as required or authorised by law; or
  • third parties engaged to perform administrative tasks or assist in enhancing our services, including PageUp and TechOne in the recruitment process.

For more information on the measures Benetas adopts surrounding disclosure of your personal information, please refer to 7.0 Disclosure of personal information of this Privacy Policy.

Storage and Deletion of Personal Information

Records obtained by Benetas in the recruitment process will be archived on a quarterly basis.

All archived personal information will be stored securely, and Benetas will regularly assess how long such information has been archived in its systems and whether its continued storage is necessary.

If there is no ongoing need for retaining such information, Benetas will take reasonable steps to ensure its destruction or deidentification in accordance with the Australian Privacy Principles. This will involve appropriately disposing of and/or deidentifying personal information.

Enquiries or Complaints

Should you have any questions or concerns regarding the collection, usage, storage, or handling of your personal information acquired during the recruitment process by Benetas, please reach out to our Privacy Officer (refer to 11.0 Contact details for privacy requests and complaints).

Alternatively, you can follow our complaints procedure outlined in this Privacy Policy under the Heading 9.0 Complaints.

4.0 Collection of personal information - General

The collection of relevant, personal information is necessary to enable the provision of quality care and services. Information is collected throughout the customer journey and can be received in a variety of forms including, but not limited to, direct contact, telephone, email, internet, web interactions, surveys and other forms of communication.

General

The kind of personal information that Benetas collects about individuals depends on the type of dealings they have with Benetas. For example, if a person:

  • is someone Benetas supports or is connected to a person Benetas supports (e.g. a family member, carer, advocate or nominated representative), Benetas may collect their:
    • name, address, telephone and email contact details
    • gender, date of birth and marital status, information about their condition and support needs
    • health and medical information
    • Medicare number and other identifiers used by Government Agencies or other organisations to identify individuals
    • financial information and billing details including information about the services individuals are funded to receive
    • records of interactions with individuals such as system notes and records of conversations individuals have had with Benetas’ employees
    • information about the services Benetas provides to individuals and the way in which Benetas will deliver those to individuals
  • registers for a subscription to a Benetas publication, Benetas may collect their name, organisation and contact details and details about the information individuals access in Benetas’ publications
  • makes a donation, Benetas may collect their name, organisation, contact details, the amount and frequency of their donation and payment details from individuals directly or from another fundraising entity that allows Benetas to contact their supporters and provides Benetas with their contact details
  • attends a Benetas event, Benetas may collect their name, organisation, contact details, payment details (if applicable) and any dietary and accessibility requirements
  • participates in Benetas’ surveys, Benetas may collect their name, organisation contact details and their survey responses
  • sends Benetas an enquiry, Benetas may collect their name, contact details and details of their query
  • visits Benetas’ website, Benetas will use ‘cookies’ and may use tools to track visits to the Benetas website including how individuals arrive at the website and which pages they use. Benetas may also collect data to enable Benetas to personalise a webpage or pre-fill a form with their details
  • makes a complaint, Benetas may collect their name, contact details, the details of their complaint, information collected in any investigation of the matter and details of the resolution of the complaint
  • applies for a job or volunteer role at Benetas, Benetas may collect the information individuals included in their application, including their cover letter, resume, contact details and referee reports, their tax file number and other identifiers used by Government Agencies or other organisations to identify individuals, information from police checks, working with children checks (or similar), and information about their right to work in Australia
Sensitive information

Benetas employees must only collect sensitive information where it is reasonably necessary for Benetas’ functions or activities and either:

  • the individual has consented or
  • Benetas is required or authorised by or under law (including applicable privacy legislation) to do so.

For example, in order to provide Benetas’ services to a consumer or to respond to a potential consumer’s inquiries about services, Benetas may be required to collect and hold their sensitive information including health and medical information and information relating to their disability and support requirements.

What if a consumer doesn't provide Benetas with their personal information?

The nature of the business carried on by Benetas means that, generally, it is not possible for Benetas to provide services to customers or otherwise deal with individuals in an anonymous way.

However, in some circumstances Benetas allows individuals the option of not identifying themselves, or of using a pseudonym, when dealing with Benetas (for example, when viewing Benetas’ website or making general phone queries or providing feedback about our services). Donations may also be made anonymously, but in this case Benetas may not be able to issue a tax-deductible receipt.

This information is only collected from individuals with their prior knowledge and consent and for the primary purpose for which it was collected.

5.0 Use of personal information

Main Purposes for Collecting Personal Information

The main purposes for which Benetas collects, holds, and uses personal information include:

  • to provide services to its consumers;
  • to respond to individual requests;
  • to maintain contact with consumers, family members, and duly authorised representatives;
  • provision of online email subscription services i.e. Benetas' email alert service, newsletters, and relevant marketing communications;
  • to comply with duties imposed by legislation in responding to requests by Governmental agencies;
  • for the purposes of research, quality assurance, and improvement activities.

Additionally, Benetas may use personal information about individuals in marketing and promoting our services, including email. However, individuals always have the opportunity to elect not to receive marketing materials or have their information used by writing to the Benetas Privacy Officer.

Website and Use of Aggregate Data

Benetas’ website is managed internally. Generally, Benetas only collects personal information from its website where a person chooses to provide that information. Benetas records a range of technical information which does not reveal the individual's identity. This information includes:

  • The IP or server address;
  • General locality; and
  • The date and time that the website was visited.

This information is used for statistical and development purposes. No attempt will be made to identify an individual through their browsing other than in exceptional circumstances, such as an investigation into the improper use of the website.

Some functionality of the Benetas’ website is not run by Benetas, and third parties may capture and store your personal information outside Australia. These third parties include (but are not limited to) Facebook, YouTube, Mail Chimp, Survey Monkey, Twitter, and Google and may not be subject to the Privacy Act. Benetas is not responsible for the privacy practices of these third parties and encourages individuals to examine each website's privacy policies and make their own decisions regarding their reliability.

Benetas’ website contains links to other websites. Benetas is not responsible for the content and privacy practices of other websites and encourages individuals to examine each website's privacy policies and make their own decisions regarding the reliability of material and information found.

Cookies

Cookies are used to maintain contact with a user through a website session. A cookie is a small file supplied by the Benetas and stored by your web browser software on your computer when you access the Benetas website. Cookies allow Benetas to recognize an individual web user as they browse the Benetas website.

6.0 Access and correction to personal information

Access to Records

All requests for access to personal information should be made to the Benetas Privacy Officer. All applications made by a third party must be submitted in writing. Individuals can use the Benetas Health Information Request Form or submit a written request.

Benetas will provide access to personal information held by it to an individual, provided it is authorized to do so. When making a request to access personal or health information, we will require the individual to provide evidence of their legal right to access the information unless otherwise previously provided.

Benetas will acknowledge all requests within two days of receipt and respond to all requests within 30 days from the date upon which it was received.

Where Benetas refuses to provide an individual with personal information, it will do so stating why in writing within the above specified time frame.

In providing the information, Benetas may also charge an administrative fee to cover the access or provision of copies of the documentation requested as per relevant legislation.

Corrections and Amendments of Records

If you believe information held by Benetas is incorrect or out of date, please contact our respective business managers to have the record amended or corrected.

If you wish to have personal information held about you deleted, we will require this request be made in writing to the Privacy Officer.

7.0 Disclosure of personal information

Data Disclosure

Benetas does not disclose personal information to other third parties or organisations unless:

  • Use and disclosure is required under this policy
  • Is required or permitted by law
  • Prior consent has been given by the individual(s) concerned
  • To reasonably protect the rights or safety of any member of the public or consumer(s) of Benetas

Benetas, in the normal course of its operations, does not provide personal information to third parties in other countries.

Any information used for the purposes of research shall be de-identified unless individual consent is provided.

Contractors

Where Benetas engages third parties to handle personal or health information, it will ensure, through a documented Service Agreement, that the contractor will:

  • Ensure that the rights of the individual are preserved in accordance with the Privacy Act
  • Observe all obligations relating to the application of the APP's to personal and health information as and when provided by Benetas in performance of their service
  • Take all reasonable steps to ensure that personal and health information held in connection with the agreement/contract is protected against misuse, loss, unauthorized access, modification, or disclosure
  • Notify Benetas immediately where there is any concern about, or suspicion that a data breach may have occurred

8.0 Security of personal information

Data Protection

Benetas will take all reasonable steps to protect personal information collected, held, and stored from misuse, interference, loss, and unauthorized access, whether it be in electronic or hard copy form.

The destruction of personal records is performed in accordance with Benetas' Retention and Disposal of Records procedure. All personal information not actively being used is stored in line with prescribed retention periods as set out in legislation. A specialized third-party provider is engaged to provide secure off-site archiving services.

Electronic Communication

There are inherent risks associated with the transmission of information over the Internet, including via email. Where this is of concern, Benetas will accept other methods of communication such as post, fax, or phone (although these methods have associated risks).

Benetas only records email addresses when a person sends a message or subscribes to a mailing list. Any personal information provided, including email addresses, will only be used or disclosed for the purpose for which it was provided.

Accidental or Unauthorized Disclosure

Benetas takes all accidental or unauthorized release or disclosure of personal information seriously. Legislative or administrative sanctions, including criminal sanctions, may apply to unauthorized disclosures of personal information.

If Benetas believes that there are reasonable grounds to suspect an eligible data breach has occurred, it will conduct a reasonable and prompt assessment of whether an eligible data breach has in fact occurred (where possible within 30 calendar days after becoming aware of the suspected eligible data breach).

An eligible data breach occurs where:

  • There has been unauthorized access to, or unauthorized disclosure of personal information held by an organization; or
  • Personal information is lost in circumstances where there is likely to be unauthorized access to or unauthorized disclosure of personal information; and
  • A reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.

When assessing whether serious harm has occurred, regard will be given to:

  • The sensitivity of the information;
  • Whether the information is protected by one or more security measures;
  • The persons or the kinds of persons who have obtained or who could obtain the information; and
  • The nature of the harm.

As soon as practicable after becoming aware of reasonable grounds to believe an eligible data breach has occurred, Benetas will notify the Office of the Australian Information Commissioner (OAIC). An eligible data breach statement form is available for notification on the OAIC’s website at www.oaic.gov.au.

Note: Notification to the OIAC is not required where:

  • Benetas is already required to disclose the breach of personal information under section 75 of the My Health Records Act 2012 (Cth);
  • Benetas has taken effective remedial action in respect of the eligible data breach before it causes serious harm;
  • The notification is inconsistent with a secrecy provision in another law.

As soon as practicable after lodging the eligible data breach statement to the OAIC, Benetas will:

  • Take steps that are reasonable in the circumstances to notify the contents of the eligible data breach statement to each of the individuals to whom the relevant information relates (if this is practicable); or
  • Take steps that are reasonable in the circumstances to notify the contents of the eligible data breach statement to each of the individuals who are at risk of the eligible data breach (if this is practicable); or
  • If neither of the above 2 points apply, publish a copy of the statement on Benetas’ website and take reasonable steps to publicize the contents of the statement.

Benetas follows the OAIC’s Data breach notification — A guide to handling personal information security breaches when handling accidental or unauthorised disclosures of personal information.

9.0 Complaints

Where an individual suspects that a breach of their privacy has occurred, they should be referred to the Benetas Privacy Officer. Benetas will respond to any complaints or requests promptly and in line with our Complaints Management and Resolution Policy. Benetas is committed to the quick and fair resolution of any complaints and takes all complaints seriously. All privacy complaints and breaches must be recorded in Riskman.

External complaint options

Individuals also have the right to contact the Office of the Australian Information Commission (OAIC) to make a privacy complaint against Benetas, or if they are not satisfied with how we have handled their complaint. The OAIC website contains information for individuals about how to make a privacy complaint. Where an individual makes a complaint directly to the OAIC rather than to Benetas, the OAIC may recommend that they try to resolve the complaint directly with Benetas in the first instance.

10.0 Breaches of this Policy

The irresponsible access or disclosure of information on any matters regarding the service, its consumers or fellow employees constitutes a breach of confidentiality and privacy. These breaches will be managed in accordance with Benetas Disciplinary Policy and Procedures.

11.0 Contact details for privacy requests and complaints

Where an individual requires further information about Benetas’ Privacy Policy, procedures or wishes to make a complaint, please contact the Benetas Privacy Officer using the following contact details:

  • Email: privacy@benetas.com.au
  • Phone: (03) 8823 7900 (reception)
  • Fax: (03) 9822 6870 (reception)
  • Post: Level 1 - 789 Toorak Road, Hawthorn East, VIC 3122

12.0 Responsibilities

All Employees, Volunteers, and Contractor Responsibilities

  • Comply with this Policy and associated procedures
  • Ensure that all personal and health information collected is protected, and that privacy is maintained
  • Be respectful of the need for an individual’s privacy when providing care and services
  • Refer all requests for access to personal and/or health information to the Manager or delegate
  • Report any concerns or breaches of this Policy immediately to the manager
  • Where applicable, authorize Benetas Payroll Service (in writing) if granting access to external parties (e.g. Banks) to their own personal/payroll information
  • To participate in training and education to support the effective implementation of this Policy

Management Responsibilities

  • Ensure that the Benetas Privacy Policy is freely available and accessible to all consumers, employees, volunteers, and contractors
  • Actively support the implementation of, and compliance with, this Policy and associated procedures through education, training, audit, and assurance activities
  • Address any areas of non-compliance with this Policy
  • Ensure that all requests for personal and health information are received and referred to the Privacy Officer for review
  • Ensure that privacy complaints are addressed or referred proactively
  • Ensure that existing and new consumers regularly give informed consent to the organization to collect information relevant to the purpose for the collection
  • Consult with the Privacy Officer on any matters relating to the implementation of this policy and the release of information

Privacy Officer Responsibilities

  • Ensure ongoing evaluation of the privacy management system and supporting documentation
  • Provide support and advice to management to understand and implement this Policy and associated procedures
  • Oversee the development and implementation of a capability framework to support this Policy
  • Process requests for access to personal and health information, review requests in line with privacy principles and relevant legislation, and authorize the release or otherwise, of the information
  • Maintain a register of requests and privacy breaches, including documented outcomes for each
  • Ensure records are retained in accordance with legislative requirements
  • Ensure information used in research, statistical compilation, and analysis is de-identified or has the individual's consent obtained
  • Seek advice on record retention requirements where there is a reasonable prospect of litigation

Chief Executive Officer (CEO) Responsibilities

  • Ensure that systems and processes are in place to ensure compliance with legislation and associated regulations
  • Appoint the Benetas Privacy Officer

13.0 Definitions

Australian Privacy Principles (APPs)

Legally binding standards that regulate the way agencies collect, store, use, and disclose information. The Principles include that:

  • Individuals be told why the information is being collected
  • Individuals have access to personal information about them
  • Personal information is only used for the purpose for which it was collected
  • Personal information not be disclosed, except where provided to the individuals concerned, or where consented disclosure provides legitimate release

Data Breach

A data breach is an incident where sensitive, proprietary, or confidential information is stolen or taken from a system without the knowledge or authorization of the system’s owner.

Health Information

Information or an opinion about the health or disability (at any time) of an individual; or their expressed wishes about the future provision of health services to him or her; or a health service provided, or to be provided; that is also personal information; or other personal information collected to provide, or in providing, a health service; or other personal information collected in connection with the donation/intended donation of their body parts, organs, or body substances.

Health Privacy Principles (HPPs)

Apply to health information collected and handled in Victoria by the Victorian public sector and the private sector.

Notifiable Data Breach (NDB)

A data breach occurs when personal information held by an organization is lost or subjected to unauthorized access or disclosure. The NDB scheme only applies to data breaches involving personal information that is likely to result in serious harm to any individual affected.

Personal Information

Means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can reasonably be ascertained, from the information or opinion.

Privacy

Privacy or health privacy is the practice of maintaining the security and confidentiality of consumer records. It involves both the conversational discretion of health care providers and the security of health records.

Sensitive Information

A subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, and some types of biometric information.

14.0 References

Relevant Legislation, Standards, and Amendments

Benetas is required to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 – (Cth) (Privacy Act) which regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.

Benetas is also required to comply with the Health Privacy Principles (Health Privacy Principles) in the Health Records Act 2001 – (Vic) when Benetas collects and handles health information.

In certain circumstances (for example, where funding agreements with Government Agencies require it), Benetas may also be required to comply with the Information Privacy Principles in the Privacy and Data Protection Act 2014 – (Vic).

In cases where a privacy breach has occurred, Benetas is required to comply with the Privacy Amendment (Notifiable Data Breaches) Act 2017 No.12 (Cth).

Personal information and its disclosure is also protected under other legislation, including but not limited to the:

  • Aged Care Act 1997 (Cth)
  • Charter of Human Rights and Responsibilities Act 2006 (Vic)
  • Disability Discrimination Act (DDA) 1992 (Cth)
  • Freedom of Information Act 1982 (Cth)
  • Health Records Act 2001 (Vic)
  • Information Privacy Act 2000 (Vic)
  • National Disability Insurance Scheme Act 2013 (Cth)
  • Privacy Act 1988 (Cth)
  • Privacy and Data Protection Act 2014
  • Retirement Villages Act 1986

The following Standards apply to this policy and supporting documentation:

  • Aged Care Quality Standards
  • National Disability Insurance Scheme (NDIS) Practice Standards
  • ISO9001:2015

Copyright and Disclaimer

The material on this website is copyright. You may download, display, print and reproduce (copy) this material in unaltered form only (retaining this notice) for your personal, non-commercial use or use within your organisation. Apart from any use as permitted under the Copyright Act 1968, all other rights are reserved. If you wish to republish any material on your own website or in a publication of any description, please see further guidance below.

Requests and inquiries concerning reproduction and rights should be addressed to:

Benetas Support Office
PO Box 5093
Glenferrie South
VIC 3122
P: (03) 8823 7900

© 2024 Benetas | Privacy Policy | Modern Slavery Statement