(Version 1.0, July 2020)
TIACS volunteers and employees and prospective employees who have been offered a position should also refer to our Employment/Volunteer Conditions Policy.
The specific legal obligations TIACS has when collecting and handling your personal information are outlined in the Privacy Act 1988 (Cth), and in particular the Australian Privacy Principles found in that Act.
2. Definitions of Personal, Sensitive and Health Information
This policy applies to TIACS handling of personal information.
section 6 of the Privacy Act 1988: personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
This policy also refers to 'sensitive information’, which is a subset of personal information.
Sensitive information includes information or an opinion about your:
• racial or ethnic origin;
• political opinions;
• religious beliefs or affiliations;
• philosophical beliefs;
• sexual orientation;
• criminal record;
• health information; or
• genetic information.
Where possible, we will allow you to interact with us anonymously or use a pseudonym if you seek to contact us through the Support Text and Telephone Service on 0488 846 988. If we do identify you in the course of interacting with you anonymously (such as through your telephone number), we may use or disclose that information to protect you or others. For example we may provide your phone number to emergency services if we think there is a risk of harm to you or another person.
In donating to TIACS or running a fundraiser, we will ask for identifying information to adequately respond to your request.
4. The purposes we collect, use and disclose personal and or health information
The choice of how much information you provide to us is yours and depends on the purposes for which you interact with TIACS. However, if, for example, you want to make a donation, apply to become a volunteer, or apply for employment with us, we require certain information from you. Our information handling practices in relation to the personal information we collect are explained below.
We collect, hold, use and disclose personal information for the purpose of carrying out the objectives of TIACS.
These Objectives) are to:
to provide to all Blue collar workers and those who care about them a relatable, reliable, and discrete counselling service, primarily (though not exclusively) through telephone and video counselling services;
develop and conduct programs, projects and initiatives to enable people to build resilience, overcome isolation and cope with problems and crisis affecting mental health, well-being, life and safety; and
do any other things incidental or conducive to the furthering its objectives.
We use personal information to perform activities necessary to carry out these objectives. These activities include:
providing telephone support, via telephone and text as well as ongoing telephone, video and face to face counselling.
providing administration and IT support to TIACS to enable them to provide support and other services (for example resiliency programs).
conducting research, evaluation and assurance activities to ensure the delivery of quality services and achieve continuous improvement in service delivery;
conducting fundraising activities to raise funds to support the implementation of the TIACS Objectives;
communicating with the public and the media, including through websites and social media, to raise public awareness of TIACS services; and
conducting investigations, and managing responses, in relation to complaints concerning TIACS services and the operations of TIACS Foundation.
Use for primary purpose and certain secondary purposes.
TIACS Foundation must only use individuals’ personal information for the primary purpose for which it was collected, a secondary purpose to which the individual has given informed consent, or for a purpose related to the primary purpose of collection and the individual would reasonably expect the personal information to be used for such purpose.
Primary purposes (and secondary purposes for which consent is required) should be set out in collection notices, and may include:
marketing: to communicate with individuals about donations, products, services, campaigns, causes and events.
Research: to conduct and/or fund research into TIACS programs and services or
Volunteering and other support: to enable individuals to assist us with volunteering,
community fundraising, advocacy or other activities where we seek the community’s assistance.
Other issues: communicating with individuals in relation to our operations, activities and objectives, to verify their identity, to improve and evaluate our programs and services and comply with relevant laws.
Use for direct marketing General principles
TIACS may use individuals’ personal information for direct marketing purposes, but only where:
The direct marketing communication contains a prominent statement that the individual may opt out of receiving that type of communication, and
The relevant individual has not made such a request
Consent for direct marketing
Opting out of direct marketing
Email direct marketing communications should contain an ‘unsubscribe’ link that provides individuals with the opportunity to opt out of direct marketing communications. In other circumstances, individuals who do not wish to receive direct marketing communications from TIACS may contact us at
….email@example.com opt out or use the opt out provided on the direct marketing material.
TIACS must take all necessary steps to opt such individuals out of direct marketing
communications. Requests to opt out of direct marketing communications should be treated in the first instance as a request to opt out of the particular campaign or event to which the communication relates. However, individuals must be given the opportunity to contact TIACS (for example, by phone) to opt out of all direct marketing communications, across all programs, events and channels.
Individuals who have opted out of direct marketing may still receive administrative emails or phone calls, such as reminders to bank funds raised.
Removal of opt-outs
Individuals who register for events, make a donation or otherwise provide their personal information for marketing-related purposes after they have previously opted out of direct marketing communications should be taken to have ‘opted in’ once again and may receive direct marketing communications. However, all such direct marketing communications must give the individual the opportunity to opt out as described above.
5. Collection and use of your personal information
5.1 What we collect
We only collect personal information that is reasonably necessary for, or directly related to, an activity we are undertaking to carry out a TIACS Objective. The kind of personal information we may collect, and its uses, are described below.
Information collected in providing a support service
We collect information that you provide to the TIACS telephone, text support and counselling service. We collect this information as a result of our role in providing:
• services directly to you; or
• administration, IT support and infrastructure to TIACS Foundation. For example: a telephone/text psychologist will create a simple text-based electronic record of the caller's situation as told to the psychologist and information that is necessary for the psychologist to provide ethical, evidence based and appropriate interventions to the caller in the clinical file. The record will include the call time and duration; originating region of the call; telephone number and presenting issue.
• the IT infrastructure that supports the telephone/text support service will collect
your device's IP address. Your name and contact details are recorded in one part of our two part record keeping protocol.
Information collected when you make a general enquiry
We collect personal information that you provide to enable us to respond to your enquiry. For example, we collect your name and contact details and the nature of your enquiry if you contact us to:
become involved in our campaigns, fundraising or other initiatives
make a complaint about the way a TIACS service has been delivered to you;
ask for access to information that TIACS holds about you;
notify TIACS about a data breach;
report a matter for investigation; and
apply for a job vacancy or volunteer position at TIACS.
Information collected in relation to Fundraising
Fundraising refers to the activities undertaken by TIACS to raise
funds to support its services. This includes (but is not limited to), facilitating donations, sponsorships, workplace giving and fundraising campaigns.
When you make a donation, we collect your name and contact details, your credit card number, the card expiry date and the amount donated.
Where possible, we will collect personal information directly from the individual. However, it is permissible to obtain personal information from third parties such as contractors including fundraising service providers, and will ensure that any contractual arrangements will meet all requirements outlined in the Australian Privacy Principles. If personal information about an individual is collected from a third party and it is unclear that the individual has consented to the disclosure of his or her personal information to TIACS, reasonable steps should be taken to contact the individual and ensure that they are aware of the collection. In most cases, this can take place simultaneously with the first use of the information by TIACS.
Donors also have the availability to ‘opt in’ to providing other information such as date of birth, employment information, including but not limited to job title, opinions via surveys and questionnaires and postal address. This information can be provided to TIACS in an ‘opt in’ basis, and donors have the ability to opt out of this at any time.
Where TIACS collects personal information from an individual in relation to fundraising, you will be given information that discloses why we collect that particular information, how we use it and who has access to that information.
The collection notice should cover as many of the following matters as is reasonably practicable in the circumstances:
TIACS Foundation name and contact details
If the personal information was collected from a third-party source, how it was collected
The purposes for which the information is being collected
The consequences to the individual of not providing the information
To whom TIACS usually discloses that kind of personal information
access to and correction of personal information and how an individual may complain about a breach of the Australian Privacy Principles
Whether we are likely to disclose personal information to overseas recipients, and if practicable, the countries where they are located.
TIACS Foundation may use individuals’ personal information for direct marketing purposes, but only where:
• The direct marketing communication contains a prominent statement that the individual may opt out of receiving that type of communication, and
• The relevant individual has not made such a request.
Information collected when you volunteer to provide services
We collect personal information necessary to enable us to assess your application to register as a volunteer. This may include your employment and volunteer history, education, criminal history or a working with children background check. Volunteers for Board member positions may also have to provide information relevant to assessing conflict of interest risks.
Information collected when you seek employment with TIACS
We collect personal information necessary to enable us to assess your application for employment with us such as:
your résumé, statement addressing the criteria and referee reports;
written tasks undertaken by you during the selection process;
proof of Australian citizenship or residency;
copies of academic qualifications.
Information collected in relation to TIACS employees
We collect personal information necessary to manage our employees such as:
the employee's employment contract;
proof of Australian citizenship or residency;
copies of academic qualifications;/registration of the appropriate Health Practitioner Board
records relating to the employee's salary, benefits and leave;
health related information supplied by an employee or their medical practitioner;
superannuation contributions; and
information relating to the employee's training and development.
5.2 Who we collect personal information from
The main way we collect personal information about you is when you give it to us.
For example, we may collect personal information from you:
when you have contact with us over the telephone;
when you have contact with us in person;
when you interact with us online including via our website, support and counselling service, Facebook and Twitter; and
when you communicate with us in writing including via post.
We also collect personal information from you when you give it to a TIACS psychologist or authorised staff member and that information is entered by that member into TIACS IT systems.
Sometimes we collect personal information from a third party or a publicly available source, but only if the individual has consented to such collection or would reasonably expect us to collect their personal information in this way. For example, we collect personal information:
from referees provided by you in support of an application for a TIACS
position with us (either as an employee, volunteer or as a contractor);
5.3 Collecting through our websites
TIACS Foundation has its own website — www.tiacs.org.
We use Google Analytics to collect data about your interaction with our website. Google Analytics is hosted by a third party. The sole purpose of collecting your data in this way is to improve your experience when using our site. The types of data we collect with these tools include:
your device's IP address (collected and stored in an anonymized format);
device type, operating system and browser information;
referring domain and out link if applicable;
search terms and pages visited; and
date and time when website pages were accessed.
Cookies are small data files transferred onto computers or devices by websites for record keeping purposes and to enhance functionality on the website.
Social Networking Services
We use social networking services such as Facebook and Twitter to communicate with the public about us. When you communicate with us using these social networking services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies.
You can access the privacy policies for Twitter and Facebook on their websites.
6.1 General Disclosure Practices
We do not disclose personal information to another person or organisation (including police, emergency services and other government agencies) unless one of the following applies:
the individual has consented to the disclosure of their personal information;
the individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies and the disclosure: in the case of personal information (that is not sensitive information) relates to the primary purpose for which it was collected; or in the case of sensitive information is directly related to the primary purpose for which it was collected;
the disclosure is otherwise required or authorised by law;
we reasonably believe that the disclosure will prevent or lessen a serious and
imminent threat to somebody's life, health or safety (including your own) or serious threat to public health, property or public safety;
the individual has made threats to harm third parties;
the disclosure is to a TIACS service provider as described below.
6.2 Disclosure to service providers
TIACS Foundation uses a number of service providers to whom we disclose personal information. These include providers that host our website servers and the interface between record keeping, video counselling, and telephone system.
To protect the personal information we disclose we:
enter into a contract which requires the service provider to only use or disclose the information for the purposes of the contract;
include special privacy requirements in the contract, where necessary.
6.3 Disclosure of personal information overseas
Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries. When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.
7. Quality of personal information
To ensure that the personal information we collect is accurate, up-to-date and complete we apply the following data quality procedures:
we record information in a consistent format and
provide TIACS service providers
with an IT system that supports consistent recording;
promptly add updated or new personal information to existing records; and
we do not, as a matter of standard practice, confirm the accuracy of personal
information provided by a third party. We would only act on the information (irrespective of its quality) by disclosing it if we reasonably believe that the
disclosure is necessary to prevent or lessen a serious and imminent threat to
somebody's life, health or safety or
serious threat to public health or public safety; and
we keep employee specific employment records and accordingly update those records to include new personal information.
8. Storage and security of Information security
We take reasonable steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. These steps include:
only allowing personnel with a 'need to know' to access our IT systems and records;
(where relevant) undertaking background checks on personnel who require access to our IT systems and records;
password protection for accessing our electronic IT systems; and
securing paper files in locked cabinets and physical access restrictions.
end to end encryption of all electronic communications
We also regularly review and test our systems and processes. When no longer required, personal information is destroyed or deleted in a secure manner in compliance with the AHPRA and Queensland State Government requirements.
9. Access and correction
Under the Privacy Act (Australian Privacy Principles 12 and 13) you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information.
You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
For example, we will not give you access to your personal information if we reasonably believe that:
giving access would have an unreasonable impact on the privacy of other individuals;
giving access would pose a serious threat to the life, health or safety of any individual,
or to public health or public safety; or
the request for access is frivolous or vexatious.
Individuals will be required to provide the following information before access or correction is undertaken:
A written request for access and/or correction addressed to the Privacy Manager and sent either via email to firstname.lastname@example.org. or via post to TIACS Foundation 3/77 Riverside Place Morningside Qld 4171.
In order to enable us to conduct a record search we will need information regarding your name and contact details.
Proof of identity (this may be achieved through a number of means, including using the 100-point identification system and proof of contact number, certified through a legal practitioner, pharmacist, police officer or GP with an accompanying statutory declaration).
We will not provide access to personal information unless we are sure that the person seeking access is the person to whom the information relates, or the law otherwise supports such access. In some cases additional proof of identity information may be required or access may have to be denied because ownership of a record cannot be proven.
If we refuse to give you access to, or correct, your personal information, we will notify you in writing setting out the reasons.
If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
If we refuse to correct your personal information, you can ask us to attach a statement which indicates that you believe the information is incorrect, and why.
10. How to make a complaint or contact us
If you wish to contact us about a privacy matter or are concerned about the way we have handled your personal information, you can lodge a written request or complaint with our Privacy Manager CEO TIACS Foundation at either of the following addresses:
Postal Address: TIACS Foundation 3/77 Riverside Place Morningside Qld 4171.or
If you are dissatisfied with our investigation of your concerns, you can lodge a complaint to the Office of the Australian Information Commissioner who is independent of TIACS Foundation.