Juniper is committed to protecting and upholding the right to privacy of all residents, clients, representatives, personnel, visitors and other individuals with whom it deals.
In line with the regulatory requirements under the Privacy Act 1988; the Australian Privacy Principles; and the Surveillance Devices Act 2004, Juniper has developed a Policy and Practice for the collection, use and disclosure of personal information.
Data collection and cookies
Juniper uses cookies to collect statistical information about how visitors use its websites, including juniper.org.au. The information Juniper collects includes visitors’ country of origin, server (IP) address, the date and time of the visit, the pages accessed, documents downloaded, the number of bytes transmitted, the previous site visited, any search terms used, and the type of browser being used. This allows Juniper to uniquely identify the browser (but not the individual) accessing the website and to use this anonymous information to improve its website.
Certain functions on the websites (such as downloadable forms and interfaces with Google) need visitors’ browsers to allow cookies to be created on their computer. Otherwise, visitors may disable cookies in their browser.
Juniper may, however, collect personal information such as an individual’s name and contact details, for instance if the individual uses Juniper’s ‘contact us form’.
Information access and collection
Juniper will not attempt to identify users of this website or their browsing activities. However, in the unlikely event of an investigation, a law enforcement agency or other government agency may exercise its legal authority to inspect our records.
Specific applications on this website ask you to submit additional information for operational purposes. Where applicable, additional privacy information is provided for those applications.
Juniper will only record your email address when you send us a message. Or if you register with us to be included on a mailing list. Your email address will only be used for the purpose for which you provided it. Your email address will not be used for any other purpose. It will not be disclosed to other parties, without your consent.
Any other personal details submitted via this website will only be used for the purpose for which they are provided. Personal details will not be used for any other purpose and will not disclosed to other parties without your consent.
Provision will be made for you to edit or remove your details from that list. This is in the case if a facility exists that enables you to register to join a mailing list.
How does Juniper collect personal information?
Juniper aims to collects personal information from individuals directly (including via its websites). However, in some cases, it may collect personal information from third parties as set out below.
Residents and Clients
Juniper may also collect personal information about residents and clients from third parties such as an Aged Care Assessment Team, doctors, relatives or nominated representatives. Wherever possible, Juniper will do so with resident’s or client’s consent.
Employees, volunteers, students and referees
Juniper may also collect information about personnel as part of their application and during the course of their employment/volunteering from third parties such as recruitment agencies, referees and Government agencies and departments, such as a Police Criminal History Check from the Police (or similar).
Protecting your privacy
Juniper protects privacy by keeping personal information secure from unauthorised access, use or loss. Employees are provided with guidelines for collection, use, release and disposal of personal information.
Information contained within paper and computer-based systems is accessed by administrative and care staff to the extent needed to perform their duties.
Access to electronic information is controlled by providing users with individual passwords and log-on credentials. These provide access only to the information they need to perform their duties.
Residential Care and Home and Community Care programs have electronic care records systems accessed and kept secure on the above basis.
There are also paper-based files for some administrative information and essential care information. We use this as a backup in the event of a system outage. Hard copy files are stored securely in an office environment.
For Home and Community Care clients, the above records system applies, with the addition of private notes being kept in their home. Clients are responsible for keeping this information secure from unwanted access, use or loss.
Staff and volunteer records are held by the immediate manager of the individual.
Such files must be kept in a locked cabinet accessible only to the relevant manager. Another person will not be able to access it without the knowledge and approval of the manager.
How is information used?
When personnel commence work or residents and clients enter into care, they will be asked to sign a release form, confirming whether or not they provide consent for Juniper to use and disclose their Personal Information (including photographs).
In some cases, Juniper will not be able to provide services to residents or clients, or commence or continue a personnel’s engagement, if the person does not provide their consent. If so, Juniper will advise the person of this. Otherwise, the person may withhold or withdraw their consent without repercussion.
Juniper will only use and disclose an individual’s personal information with their consent, where it is related (or in the case of sensitive information, directly related) to the primary purpose(s) that the personal information was collected by Juniper, or where Juniper is permitted by law to disclose it to that third party (for instance in the case of a medical emergency).
Who else has access to your information?
In some circumstances, Juniper is required by law to release information e.g. advising the WA Department of Health of people with certain infectious diseases and types of cancer. These must be reported to databases or registers maintained securely by advising the WA Department of Health or other health care bodies.
Juniper is required by law to disclose personal information1 to the Aged Care Quality and Safety Commission when a residential care recipient is the victim of an incident that falls within the categories of the Australian Government’s Serious Incident Response Scheme (SIRS)2.
Where the residential care recipient is also a participant in the National Disability Insurance Scheme (NDIS), personal information may also be disclosed to the NDIS Quality and Safeguards Commission when the incident meets the criteria of a reportable incident under the National Disability Insurance Scheme (Incident Management and Reportable Incidents) Rules 20183.
Juniper may also be required by law to provide information to a court, tribunal, law enforcement agency or other government agency. Juniper does not routinely disclose personal information overseas.
Access & correction to your information
Juniper updates information on an ongoing basis as and when changes are advised. All individuals are asked to promptly advise Juniper if any details they have provided have changed.
The Act gives individuals (other than employees) the right to access personal information about themselves held by Juniper. However, Juniper gives employees access to their records on the same basis.
The Act provides a reasonable time for Juniper to respond to such requests, allows Juniper to levy a reasonable charge, and provides a range of criteria by which Juniper can deny access to some information, such as where granting access would violate the privacy of another person.
If an individual identifies information that is incorrect, Juniper will update it unless it disagrees with the correction. If the individual does not agree with opinions that are expressed the individual can advise Juniper. Juniper may agree (but is not obligated) to remove the material from the record.
In either case, individuals’ minimum right under the Act is to add a comment or further information to the file.
If an individual chooses to withdraw any form of consent, Juniper will keep a note of it in their file and make sure it is actioned. This may involve contacting any third parties to whom that information has been provided.
Photographs & video
Juniper may take photos and videos of people (including personnel, residents and clients and their families, and visitors) at functions and events. Photos are often displayed on facility notice boards or published in internal newsletters, which are accessible to personnel, visitors, residents and clients and their families.
From time to time, Juniper may take professional photos or video for external promotional purposes such as the annual report, website etc.
When a resident or client enters into services, they will be asked to sign a release form, confirming whether or not they provide consent for Juniper to use or display any photographs and/or videos taken (whether internally or for external promotional purposes).
Function and event invitations/posters will include a note that photos may be taken. Any attendee, who is not a Juniper personnel, resident or client, and who does not consent to their photo being used must advise Juniper prior to their attendance. By attending a Juniper function or event, attendees will provide implied consent for Juniper to use their photographs unless they have advised Juniper otherwise.
Closed-Circuit Television (CCTV) & Surveillance Recording
Juniper may install CCTV in public places both inside and outside of its facilities. Residents and/or their representatives may also install CCTV in their own rooms. All sites with CCTV in use will have signs displayed advising of its use.
All CCTV and surveillance recordings are managed in accordance with Juniper’s Closed-Circuit Television and Surveillance Recording policy and procedure document, which is available upon request.
Unsolicited personal information
Juniper receives unsolicited personal information (e.g. CVs from people seeking employment, application forms from people seeking care or accommodation). Juniper will destroy, erase or anonymise the personal information when there is no longer an operational need or legal requirement to hold onto it.
Data Breaches
If a person believes their personal information has been lost or subjected to unauthorised access, modification, use or disclosure, or other misuse they must notify Juniper immediately. Any actual or suspected data breaches will be promptly investigated and managed in accordance with Juniper’s ICT Security and Data Protection Policy. Personnel at all levels will fully cooperate in any investigation as a result of a suspected or actual data breach.
Complaints
Juniper is committed to providing a high standard of care and services to our residents and clients to ensure their experience of care and lifestyle services, is a positive one. We welcome your feedback as a valuable contribution to quality improvement.
All privacy complaints are handled in accordance with Juniper’s Managing Feedback (Complaints, Compliments and Suggestions) Policy.
Complaints can be submitted by writing to: Juniper – Re Privacy, PO Box 810, Balcatta WA 6914, emailing privacy@juniper.org.au, contacting Juniper via telephone or in person. Juniper will accept and act upon anonymous feedback and complaints.
If an individual is not happy with Juniper’s resolution, they can make a complaint to the Office of the Australian Information Commissioner. Go to www.oaic.gov.au for full information or phone: 1300 363 992, email: enquiries@oaic.gov.au or write to GPO Box 5218, Sydney NSW 2001.
For more information
Further questions can be directed to the Quality and Risk Manager during business hours.
Juniper, Quality and Risk Manager, 313 Main Street, Balcatta WA 6021.
PO Box 810, Balcatta WA 6914
Telephone: +61 (08) 9240 0313
Facsimile: +61 (08) 9240 0329
Email: juniper@juniper.org.au
—
1 Under the Privacy Act 1988, personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
2 Under section 54-3 of the Aged Care Act 1997, a reportable incident is any of the following incidents that have occurred, are alleged to have occurred, or are suspected of having occurred to a residential care recipient (consumer), in connection with the provision of residential care, or flexible care provided in a residential setting:
- unreasonable use of force against a consumer
- unlawful sexual contact, or inappropriate sexual conduct, inflicted on a consumer
- psychological or emotional abuse of a consumer
- unexpected death of a consumer
- stealing from, or financial coercion of, a consumer by a staff member of the provider
- neglect of a consumer
- use of physical or chemical restraint of a consumer (other than in the circumstances set out in the Quality of Care Principles)
- unexplained absence of a consumer from the service
For all of the above range of incident types, the reporting requirements under SIRS also require a provider to report to the Commission, allegations and suspicions of such incidents, as well as where evidence is unambiguous that an incident has occurred.
3 Under the National Disability Insurance Scheme (Incident Management and Reportable Incidents) Rules 2018, a registered NDIS provider must notify the NDIS Quality and Safeguards Commission of all reportable incidents in connection with the provision of supports or services where a certain act or event has happened (or is alleged to have happened).
This includes:
- the death of a person with disability
- serious injury of a person with disability
- abuse or neglect of a person with disability
- unlawful sexual or physical contact with, or assault of, a person with disability
- sexual misconduct, committed against, or in the presence of, a person with disability, including grooming of the person with disability for sexual activity
- use of a restrictive practice in relation to a person with disability where the use is not in accordance with an authorisation (however described) of a state or territory in relation to the person, or if it is used according to that authorisation but not in accordance with a behaviour support plan for the person with disability
If there is no authorisation process (however described) of a state or territory in relation to the use of the restrictive practice, its use is not a reportable incident if the use is in accordance with a behaviour support plan.