As the administrator of the NDSS, Diabetes Australia is subject to the Privacy Act 1988 (‘the Privacy Act’) and the Australian Privacy Principles (APPs) contained in the Privacy Act. The APPs set out the way organisations such as ours can collect, use, disclose and provide access to personal and sensitive information.
Personal information is any information or opinion that identifies (or could reasonably identify) a person, whether it is true or not. It includes, for example, your name, age, gender and contact details. Personal information can also include sensitive information, which includes information about your health and health services provided to you.
What personal information may be collected?
We may collect your personal information if the information is reasonably necessary for administering the NDSS and any of its programs, services or activities, including providing information, education and support services to people with diabetes and their carers. When personal information is sensitive information (for example, health information), it will only be collected if you have consented to that information being collected, or if one of the other exceptions applies under the APPs.
Personal information that we may collect, or use includes:
- your name
- contact details and address
- date of birth
- country of birth
- Australian Government Medicare number or Department of Veterans’ Affairs number
- Commonwealth concession card details
- Passport or student visa details (as required)
- NDSS number
- details of your parent or carer, and
- details of your usual general practitioner and other health professional.
If you are a guardian of someone under 16 years of age or provide ongoing care to an adult, we will collect personal information such as your name, date of birth, contact details and relationship to the person with diabetes.
The sensitive information we may collect includes:
- whether you are of Aboriginal or Torres Strait Islander origin
- main language spoken at home
- diabetes type
- details of the medication and NDSS products you require to manage your diabetes
- whether your immediate relatives have had diabetes and how your diabetes is currently managed
- health services provided to you
- other health information.
We also collect information about your interactions with the NDSS. This includes your attendance or interaction with NDSS programs, services and activities including online, in person or via telephone or social media, as well as any feedback or complaints. It also includes the NDSS products you have accessed, date and location of purchase, method of payment and other service arrangements.
How is personal information collected?
We collect your personal information in several ways including:
- on forms, such as the NDSS registration form
- when you contact the NDSS Helpline
- information you provide while visiting pharmacies (NDSS Access Points), NDSS Agent locations and other places for example, health centres and hospitals
- from websites and applications operated by us or on our behalf, including websites that capture content, are used to register for training or facilitate access to subsidised diabetes-related products, and
- other ways, such as when you interact with us in person, or through phone calls to our staff, email, mail and social media.
We will always collect personal information from you directly unless it is unreasonable or impractical to do so. For example, if a school principal registers their school for training under one of our programs, they may enter the name and contact details of school staff they nominate to attend training, and we may use this information to contact those staff to participate in the program. When a person with diabetes is under 16 years of age, or is an adult receiving continuing care, education or support services, the person’s primary carer or guardian will be the one to consent to the collection of the person’s information.
Sometimes we may receive personal information that we did not request (for example, if you complete an NDSS registration form and you attach extra documents that we did not request). If this happens, and we could not have collected this information as set out above, if allowed by law we will destroy or de-identify the extra information as soon as practicable (i.e. any information that could reasonably identify you as an individual will be removed).
Our websites and applications use software known as ‘cookies’ to record your visit to the websites and collect some statistical information. A cookie is a small text file that our site may place on your computer as a tool to remember your preferences. We use this information to help administer and improve our websites. We do not use this information to personally identify you.
You may set your web browser to disable cookies when visiting our websites. However, some website functions may be unavailable if you choose to do so.
Can I remain anonymous?
It is your choice to provide information to us. Wherever it is lawful and practicable for us to deal with individuals who have not identified themselves, you have the option not to identify yourself or to use a fictional name when interacting with us. For example, you can remain anonymous when using some parts of the NDSS website, Foot Forward website and other sites administered by us.
However, it will be necessary for us to collect your personal or sensitive information if you would like to access certain NDSS products, education and support services or programs. If you choose to withhold the information we require, we may not be able to provide the services you have requested.
Security and storage of your information
We take appropriate steps to protect your personal and sensitive information held by us from misuse, interference, unauthorised access, modification, loss or disclosure. This includes during storage, collection, processing, transfer and destruction of the information.
Information is stored in access-controlled premises or in secure electronic systems. In certain sensitive circumstances, Diabetes Australia has the ability to protect or suppress certain personal information (e.g. date of birth, address and contact details) of a person’s profile, so that it is not visible to NDSS Access Points.
We take steps to ensure the security of our websites and applications, however, users are advised that there is always some risk when transmitting information across the Internet, including a risk that information sent to or from a website may be intercepted, corrupted or modified by third parties.
When we no longer need personal information for any purpose, we will take reasonable steps to destroy the information or ensure that the information is de-identified. This will apply except where we are required by law or a court/tribunal order to retain the information.
For what purposes do we use or disclose your information?
We use or disclose your personal and sensitive information for the purposes of administering and providing the NDSS programs and services such as Foot Forward program. We may also use or disclose your information for a secondary purpose which is directly related (where this is sensitive information) or related (for non-sensitive information) to the reason you provided the information in the first place, but only where you would reasonably expect us to use your information for this secondary purpose.
For example, we may use your information to:
- confirm your identity and update your personal details
- contact you to provide you with information about the NDSS, managing your diabetes or sending reminder notices to you and your health professionals about important aspects of your diabetes management
- contact you to invite you to participate in education, support services and programs delivered by Diabetes Australia or your local state and territory diabetes organisations, or other NDSS programs requiring a specific consent
- provide training to you, (or if you are a student to your school’s staff), on diabetes and diabetes management
- provide information about access to subsidised diabetes-related products, or related information such as product recalls
- produce statistical and evaluation reports on the NDSS
- manage and respond to requests for information, feedback and complaints
- improve our services.
Your information may also be used or disclosed to the following people or entities:
- the Commonwealth Department of Health, which funds the NDSS, to produce statistical and evaluation reports on the NDSS and for administrative purposes, or for public accountability purposes
- the Australian Institute of Health and Welfare for statistical analysis and research, unless you registered for the NDSS before July 2003 and did not consent to your information being supplied to the Australian Institute of Health and Welfare
- other third parties for the purposes of administering the NDSS, including organisations that deliver services on our behalf (such as mailing houses), or organisations that provide services to us
We do not disclose your personal information to overseas parties.
We will not use or disclose your personal information for another purpose except as set out above unless you have given consent or one of the exceptions under the Privacy Act applies. For example, we may disclose your personal information if authorised by Australian law or if necessary, for law enforcement.
From time to time, we may send out promotional materials for the purposes of the NDSS or we may use a third party to send out these materials. If you do not wish to receive these communications, please contact us to unsubscribe (see contact details below).
It is our policy that any promotional material will include a statement advising that you may request not to receive further material by contacting us using the details provided. Even if you unsubscribe, if you are registered with the NDSS you will still receive important information about diabetes and NDSS products and services.
Release of information for research or service planning by third parties
We often receive requests from researchers, universities and non-government bodies for data to assist them with research projects or to plan for the emerging needs of people with diabetes. Our research policy is available here, and it should be noted that only de-identified information can be released for research purposes and only with the explicit consent of the individual. Individuals registered with the NDSS may receive information from us about opportunities to participate in research unless they have chosen to unsubscribe.
There is no obligation to participate in a research study and the release of information must adhere to strict data release policies. In some instances, such as a research request for data linkage, only the Department of Health may agree to information being released. Individuals may at any time unsubscribe from receiving information about opportunities to participate in research.
How to access and correct your information
We will take reasonable steps to ensure that all personal information that we collect, use or disclose is accurate, up-to-date, complete, relevant and not misleading.
We will correct any personal information that we believe to be incorrect, out-of-date, incomplete, irrelevant or misleading. This includes taking reasonable steps to notify any organisation or government agency to which information was disclosed about the correction. You may request to access or correct your personal information at any time by contacting our Privacy Officer using the details below. We must give you access to the information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.
If you request to access or correct your information, we will respond within a reasonable time (usually within 30 days). If your request is refused, we will give you a written notice that sets out the reasons for refusal (except to the extent it would be unreasonable to do so) and how to complain about the decision.
Complaints and enquiries
See oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint for further information.
GPO Box 3156
Canberra, ACT 2601
The NDSS website, the Foot Forward website and other sites administered by us may contain links to external organisations and websites. We recommend that you review the privacy policies of those external organisations and websites as we are not responsible for their privacy practices.
Version 9 August 2020. First published August 2011.