PURPOSE AND SCOPE
This policy defines how Home Instead collects, holds, uses and discloses personal information. We take the privacy of individuals seriously and are committed to complying with the Privacy Act 2020 (Act), including the Information Privacy Principles, other Privacy Codes and the Code of Health and Disability Services Consumers’ Rights.
To request access to or correction of personal information, to request not to receive marketing material or invitations from us, or to make a privacy complaint to us, please contact:
General Manager – Home Instead Auckland East
Level 2, Suite 4, 89 Grafton Road
The Privacy Officer’s role and responsibilities include:
· Encouraging Home Instead, Franchisees, their employees, and all other related parties to comply with the Information Privacy Principles as set out in the Act.
· Dealing with requests made to Home Instead pursuant to the Act.
· Working with the Privacy Commissioner in relation to investigations.
· Ensuring compliance with the Act.
Personal information: information about an identifiable individual.
Privacy: Keeping certain personal information free from public knowledge and having control over its disclosure and use.
Confidentiality: A separate legal concept to privacy, confidentiality applies to information given to a person or organisation under an obligation not to disclose that information to others unless there is a statutory requirement or duty of care obligation to do so. Confidentiality also applies to organisational information which is not to be used or disclosed by Franchise Owners and employees.
Privacy breach: The unauthorised, or accidental access to, or disclosure, alternation, loss, or destruction of personal information; or an action that prevents Home Instead from accessing the information on a temporary or permanent basis.
Notifiable privacy breach: A a privacy breach from which it is reasonable to believe serious harm has been caused to an affected individual(s) or is likely to do so.
1. Confidentiality Obligations
1.1. Home Instead, our Franchise Owners, our clients, our suppliers and our business partners generate important business-related information that must be kept confidential. Accordingly,
there is a strict requirement that employees maintain an extremely high degree of confidentiality at all times in relation to client and business-related matters.
1.2. When an employee commences employment with Home Instead, that employee must accept that he or she will adopt and maintain the highest degree of confidentially where business-related matters are concerned. It is expected that this level of confidentiality will be maintained even if the employee ceases to be employed by Home Instead.
1.3. Any violation of confidentially might seriously damage Home Instead’s reputation and effectiveness. Accordingly, any breach of confidentiality by an employee shall be regarded as serious misconduct and may result in a disciplinary action including and up to termination of employment.
1.4. Any employee who becomes aware through external or other sources that confidentiality has been breached, should advise management as soon as possible so that potential damage to Home Instead can be minimised.
1.5. Any employee who is questioned by a person, other than another employee of Home Instead, regarding client, business-related or operational matters should refrain from responding and should refer the person to management.
2. Personal Information Privacy
2.1. Personal information is any information or opinion which identifies an individual or can be used to identify an individual. It includes information that is generally available in the public such as name, address and telephone number. It also includes sensitive information such as a person’s ethnic origin, religious beliefs and affiliation, criminal record, health information and genetic information etc.
2.2. Home Instead recognises an individual’s right to privacy, including the right to having their personal information protected, and their right to request access to and correction of any personal information held about them.
3. Anonymity and pseudonymity
3.1. Individuals have the right not to identify themselves, or to use a pseudonym in any interactions with Home Instead. However, if we request personal information and it is not provided, we may not be able to provide services to or otherwise assist the relevant individual.
4. What personal information do we collect?
4.1. We collect personal information including an individual’s name, age, contact details, immigration status, tax code and relationship with us. Individuals must notify Home Instead upon any changes to their personal information. With an individual’s consent or as permitted by law, we also collect personal information including sensitive information necessary to function and deliver any specific services our clients require.
4.2. We can collect, hold and manage clients’ personal information relating to the provision of a client’s services.
4.3. We can collect, hold and manage employees’ personal information relating to an employee’s position during their period of employment.
4.4. Sensitive information which may be collected could include, but is not limited to:
4.4.2. Cultural preferences
4.4.3. Sexual identity
4.4.5. Health and/or psychological information
5. Why do we collect personal information?
5.1. Generally, we will collect, use and hold a client’s or employee’s personal information for the purpose of:
5.1.1. Assisting in the provision of quality care services for our clients.
5.1.2. Assessing suitability for employment or ongoing employment.
5.1.3. Administrative purposes relating to employment.
5.1.4. Effectively training, managing and ensuring the safety of each employee.
5.1.5. Facilitating our internal business operations, including the fulfilment of any taxation, compliance or legal requirements.
5.1.6. Analysing our services, client and employee needs with a view to improve those services.
5.1.7. Contacting the client to provide a testimonial for us.
6. How do we collect personal information?
6.1. We collect information by lawful and fair means, and only collect personal information that is necessary for the purposes stated above, such as the provision of a client’s services, for employment purposes, and/or for conducting our business in general.
6.2. We collect information about an individual from:
6.2.1. Our clients, potential clients and their families, carers, health service providers, care services and other service providers.
6.2.2. Our employees, potential employees and contractors.
6.2.3. Third parties e.g. an individual’s employer or provider of an employment or other reference.
6.2.4. Publicly available records.
6.3. We collect personal information directly from an individual when that individual requests our services, meets with us, communicates with us by letter, telephone, email or fax, gives us a business card, subscribes to our publications, registers for or attends our events or submits information through our websites or other social media outlets, for the purposes stated above.
6.4. When it is not reasonably practicable to collect personal information directly from the individual (for example, the individual is referred to our services), we collect information about an individual from:
6.4.1. The government agency that refers the potential client/resident/care recipient to us.
6.4.2. The potential or current client families, carers, legal representatives, external health or other service providers whose cooperation is required to deliver our service.
6.4.3. Third parties e.g. an individual’s employer or provider of an employment or other reference.
6.4.4. Publicly available records.
6.5. In the circumstances where personal information is not collected directly from the individual, we will take reasonable steps either to notify or to ensure the individual is aware that we have collected their personal information and the circumstances of the collection.
6.6. Once collected, we will not keep the personal information for longer than is required for the
purposes for which the information may lawfully be used.
7.1. We maintain the privacy of all users and guests of our digital location.
7.2. We track usage patterns on our website on an anonymous basis. Each time an individual accesses our website a web server makes a record of the visit.
7.3. Specifically, it records:
7.3.1. The internet service provider
7.3.2. Date and time of your visit
7.3.3. Pages accessed and the documents downloaded
7.3.4. Search items entered and
7.3.5. Referring URLs (universal locators).
8. How do we use the information?
8.1. We will take reasonable steps to ensure that the information is accurate, up to date, complete, relevant, and not misleading before we use or disclose that information.
8.2. We will only use or disclose personal information relating to clients and employees in circumstances permitted under the Act, including:
8.2.1. If the disclosure is to the individual concerned.
8.2.2. For the purpose for which it was collected.
8.2.3. If authorised by the individual.
8.3. To carry out the functions and activities of Home Instead, we may use an employee’s personal information in connection with the employee’s:
8.3.1. Work placement.
8.3.2. Performance appraisals.
8.3.3. Identification of training needs.
8.4. We may also use an employee’s information in the management of any complaint, investigation or inquiry in which the employee is involved including, but is not limited to, insurance and/or ACC claims.
8.5. We capture client’s personal information in the client’s individualised care plan which supports and guides the provision of a client’s care services and may be used to share:
8.5.1. With other service providers to ensure the provision of the required care and services.
8.5.2. With our Caregivers in feedback about their care visit.
8.6. In some circumstances, we may use or disclose personal information without consent. This may include, but is not limited to the following circumstances permitted under the Act:
8.6.1. Enabling us to match an employee’s interests with the interests of our clients.
8.6.2. Reviewing and analysing our services, including client and employee needs with a view to improving those services.
8.6.3. Where we reasonably believe that the use or disclosure is necessary to reduce or prevent a threat to a person’s life, health or safety or a serious threat to public health or safety.
8.6.4. Where the use or disclosure is required by law
8.6.5. Where we reasonably believe the use is necessary for law enforcement, public revenue protection, or conduct of court or tribunal proceedings, either by or on behalf of an enforcement body.
8.6.6. To prevent/lessen a serious threat to public health or safety, or the life or health of an individual.
8.6.7. Where the information is to be used in a form in which the individual concerned is not identified, or for research or statistical purposes where the information would not be published in a form that would identify the individual.
9. Failure to provide Home Instead with information and/or inaccurate information
9.1. If the personal information a client or an employee provides is incomplete, not current or inaccurate, we may be unable to provide our clients with the care and services required.
9.2. Failure to provide complete and accurate information by an employee could also result in disciplinary action up to and including the termination of their employment agreement.
10. Direct Marketing
10.1. We may from time to time use clients’ personal information to market services directly to that client. However, we will not provide or disclose client information to any third party for the purposes of direct marketing.
10.2. In the event we use information about clients for the purpose of direct marketing, we will provide an ‘opt-out’ mechanism. If an individual chooses to ‘opt-out’ and does not authorise us to use the information, we will not use the individual’s information for direct marketing purposes.
11. Disclosure to overseas recipients
11.1. We may disclose personal information about an individual to overseas recipients only where consent to such disclosure is given by that individual or where required or authorised by law.
11.2. We will take all steps as are reasonable in the circumstances to ensure that overseas recipients do not breach the New Zealand Information Privacy Principles which apply upon such disclosures.
12. How do we keep personal information secure?
12.1. We take reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure.
12.2. We store information in access-controlled premises, and electronic information on secure servers. We require all persons authorised to access electronic information to use logins and passwords to access such information.
12.3. We require all our contractors and others to whom we disclose personal information or whom may have access to personal information we collect, to keep such personal information private and to protect such personal information from misuse and loss and from unauthorised access, modification or disclosure.
12.4. Unless we are prevented to do so by the law, we de-identify or destroy securely all personal information we hold when no longer reasonably required by us.
13. Gaining access to and correction of personal information
13.1. A client and/or an employee may request access to any personal information held about them, by making a written request. Home Instead will respond to any information request within a reasonable period.
13.2. Home Instead may decline a request for access to personal information in circumstances prescribed by the Act. If access is declined, Home Instead will provide you with a written notice setting out the reasons for the refusal.
13.3. If, upon receiving access to personal information, or at any time, clients and/or employees believe the personal information held is inaccurate, incomplete or out of date, Home Instead is to be notified immediately. Home Instead will take reasonable steps to correct the information to ensure information is always accurate, complete and current.
14. Data breach of personal information
14.1. In the event that any employee becomes aware of a privacy breach, they must notify the Privacy Officer immediately so that we can deal with the matter in accordance with our obligations under the Act.
14.2. In the event that a notifiable privacy breach occurs, Home Instead is required to notify the Privacy Commissioner and the individual affected by the notifiable privacy breach of that occurrence.
15. Lodging a complaint and providing feedback
15.1. If a client and/or employee wish to lodge a complaint about a breach of the Act and/or New Zealand Information Privacy Principles or other applicable Privacy Codes, they are to contact the Privacy Officer.
15.2. In the event a client and/or employee is not satisfied with the response from the Privacy Officer of Home Instead, they may lodge a complaint directly to the Office of New Zealand Privacy Commissioner by filling out the complaint form on their website at: https://www.privacy.org.nz/your-rights/making-a-complaint/complaint-form/
It is the responsibility of Home Instead to:
· ensure that all Franchise Owners and employees have access to, and are aware of, this policy and related processes.
· ensure client’s and external stakeholders are provided with this policy when asked.
It is the responsibility of all Home Instead Franchise Owners and employees to:
· comply with this policy and related processes.
Chief Executive Officer on 03/03/2021