Effective as of 28/01/2019
1. About & Purpose of this Policy
This Policy details how we comply with the Privacy Act, including the Australian Privacy Principle’s, as well as with equivalent applicable State legislation, which regulate how we collect, use, disclose and store Information. We will abide by it and the Australian Privacy Principles in force under the Privacy Act 1988. When used in this Policy, "personal information" has the meaning given in the Privacy Act 1988 (Cth). Generally, it means any information or an opinion that could be used to identify you.
2. Scope of this Policy
This policy applies to HNF handling of personal information.
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
This policy also refers to 'sensitive information’, which is a subset of personal information.
Sensitive information includes information or an opinion about your, this includes (but not limited to):
Racial or ethnic origin;
Religious beliefs or affiliations;
Health information; or
Physical, mental or psychological health of an individual;
A disability of an individual;
An individual’s expressed wishes about the future provision of health services to him or her;
A health service provided, or to be provided, to an individual; and
We will only use your personal information for the purpose for which it was collected unless:
you have consented to its use for another purpose;
you would reasonably expect it to be used for a related purpose (or if the information is sensitive information, for a directly related purpose);
it is permitted or required by law.
We will not disclose your personal information to any third parties without your consent, unless you have already voluntarily done so, permitted or required to do so by law, in particular when we exercise our Duty of Care (see section 6.0).
Your email address will not be added to any mailing lists without your permission. Some other information you provide us will be included in statistical reporting, for example, information on gender and age. This will not contain personally identifying information.
Where possible, we will allow you to interact with us anonymously or using a pseudonym. For example, if you seek to contact us through the Active Listening Chat Service or our general enquiries and feedback online form we will not ask for your name or seek identifying information unless we need it to adequately respond to your request or to assist you.
However, if we do identify you in the course of interacting with you anonymously (such as through your telephone number or email address), we may use or disclose that information to protect you or others. For example we may provide your details (phone number, email, emergency contact details) to emergency services if we think there is a risk of harm to you or another person. This is described in more detail in following sections.
The choice of how much information you provide to us is yours and depends on the purposes for which you interact with us. However, if, for example, you want to subscribe to our mailing list, apply to become an Active Listener, or apply for employment with us, we require certain information from you. Our information handling practices in relation to the personal information we collect are explained in proceeding sections.
4. Information we collect
4.1 - Personal Information
Personal Information that we collect and hold is information that is reasonably necessary for the proper performance of our functions and activities in providing our services.
While the type of Personal Information we collect and hold may vary depending on the nature of our interactions with you, generally it will include the following:
4.1.1 - Identification information, such as your name, gender, date of birth and location;
4.1.2 - Demographic information, such as ethnicity, country of origin and location;
4.1.3 - Contact information, such as telephone numbers and email;
4.1.4 - Emergency contact information, such as name, email, telephone numbers;
4.1.5 - Username (screenname) and passwords;
4.1.6 - Comments and feedback;
4.1.7 - Billing details (payment information, billing address)
4.1.8 - Interests and communication preferences;
4.1.9 - All communication carried out between you and HNF and/or its Active Listeners
4.1.10 - Other personal information collected to refer onto professional services (for example Lifeline);
4.2 - Sensitive information and health information (as mentioned in section 2.0).
We use personal information to perform activities necessary to carry out our services. These activities include:
Providing Active Listening peer support through VOH;
Providing administration and IT support to our Active Listeners to enable them to provide support and Active Listening services,
Conducting education and training in Active Listening, Trust, Empathy, Mental Health and external individuals and organisations;
Conducting research and evaluation and assurance activities to ensure the delivery of quality services and achieve continuous improvement in service delivery;
Assessing suitable candidates for career opportunities within HNF and managing your employment with us if you are an employee;
Assessing suitable candidates for Active Listening opportunities within VOH;
Communicating with the public and the media, including through websites and social media, to raise public awareness of our services; and
Conducting investigations, and managing responses, in relation to complaints concerning our services and the operations of VOH its Active Listeners, employees and/or contractors.
4.3 - Profile Information:
We may ask you several questions about you and your needs. ("Profile Information"). This information is shared with other individuals that use our services. We may use the Profile Information, either by itself or in conjunction with other information, for the following purposes:
Match you with an Active Listener.
Help us get to know you and your needs.
Collect and analyse statistical or aggregated information which is not personally identifiable.
4.4 - Log Data:
When you use our application, our servers or servers of third party services automatically record information that your browser sends ("Log Data"). This Log Data may include, but not limited to, information such as your computer, Internet Protocol address ("IP"), pages that you visit and the time spent on those pages, actions that you take and other statistics. We may use this information, either by itself or in conjunction with other information for the following purposes:
Monitor, analyse and improve the use and functionality of the application and/or website, the applications and/or websites technical operation and the match of the functionality to your needs and preferences.
4.5 - Session Content:
While using our services you and an Active Listener would likely write or say things by means of text-based communication (such as messages), either internally or to each other (collectively "Session Content"). The Session Content may be used, either by itself or in conjunction with other information, for the following purposes:
To provide you with support services and appropriate resources
Supervise, administer and monitor the service.
Allow referral to professional services by qualified professionals.
Allow in accordance with legislation to contact of emergency services and/or emergency contact personnel in the event of a crisis situation where we feel yours or someone else’s safety is at risk.
Note that all communications transmitted through the app, may be recorded or monitored for quality assurance and training purposes and become part of your file and records.
5. Collection and use of your personal information
We collect Information only by fair and lawful means where it is reasonable and practicable to do so. We do so in order to conduct our organisation, effectively deliver our services, to provide accurate information to you, to market our goods and to meet our legal obligations.
If you do not provide us with Information we reasonably request, we may not be able to provide the requested services in the most efficient manner possible, or at all. We also may not be able to provide you with the information about the services that you may want.
5.1 - How we Collect Information
5.1.1 - We collect Information that you provide:
126.96.36.199 - in written correspondence to us (including email correspondence).
188.8.131.52 - through transactions conducted with us; and
184.108.40.206 - online conversations with us or active listeners;
220.127.116.11 - Becoming a member on our website
18.104.22.168 - through registering for the Active Listener training
22.214.171.124 - from downloading and registering on our application
126.96.36.199 - when visiting our website at
5.1.2 - We also collect Information provided by third parties when it is necessary for a specific purpose, such as checking Information that you have given us or where you have consented, or would reasonably expect us, to collect your Information in this way.
If it is unclear to us whether you have consented to the collection of Information from a third party, we will take reasonable steps to contact you to ensure that you are aware of the reason and purpose of the collection.
5.1.3 - We will also collect Information about you if we are required to do so under an Australian law. If so, we will inform you of this, including details of the law requiring the collection.
5.1.4 - We may also collect Information about you from a range of publicly available sources including newspapers, journals, directories, the internet and social media sites.
5.2 - Internet Usage
It is important that you understand that there are risks associated with use of the internet and you should take all appropriate steps to protect your Information.
5.2.1 - your browser type;
5.2.2 - your location;
5.2.3 - your IP address;
5.2.4 - information about when and how you use our website;
5.2.5 - your computer, device and connection information, such as browser type and version, operating system, mobile platform and unique device identifier and other technical identifiers;
5.2.6 - URL click stream data, including date and time, and content you viewed or searched for; and
5.2.7 - information about your past internet usage, such as websites you visit before coming to our website.
5.3 - Unsolicited Information
Where we receive unsolicited Information about you, we will check whether that Information is reasonably necessary for our functions. If it is, we will handle this Information in the same way we do other Information we seek from you. If not, we will destroy or de-identify it.
6. Duty of Care
In certain circumstances, if your communication with us or an Active Listener raises safety concerns, we will try to contact you to check that you and/or others are safe. If necessary, we may need to pass on your contact information and/or emergency contact information (if you have supplied it) to authorities or outlined contact who can help protect you and/or others, such as a crisis service or the police. Where possible we will work with you openly, letting you know if our concerns reach the point where we need to involve other services. We are obliged to try to protect you and/or others if the information you submit tells us that:
(a) you are being seriously hurt by someone else;
(b) you are thinking of seriously harming yourself;
(c) someone else is being, or is likely to be, seriously hurt by you or another person.
7. Reason for Collection, Disclosure & Use
7.1 - Personal Information
We may use and disclose your Personal Information for the primary purpose for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose, and in other circumstances authorised by the Privacy Act and equivalent State legislation that applies. In general, we use and disclose your Personal Information to:
7.1.1 - conduct our organisation;
7.1.2 - provide our services to you;
7.1.3 - market our organisation and services;
7.1.4 - communicate with you and assist you with enquiries;
7.1.5 - comply with our legal obligations;
7.1.6 - to emergency services or qualified professionals in the event of a crisis situation, where yours or someone else’s safety could be at risk
7.1.7 - we may disclose your personal information with your consent
7.1.8 - help us manage and enhance our service standards;
7.1.9 - gain an understanding of your needs;
7.1.10 - respond to requests, inquiries, complaints or applications;
7.1.11 - update you on relevant new services and benefits;
7.1.12 - personalise the service and to select content to be communicated to you;
7.1.13 - contact you regarding our services or other services from third parties;
7.1.14 - invite you to participate in surveys, sweepstakes, competitions and similar promotions;
7.1.15 - conduct website and/or application administration, such as for the technical support of our websites, applications and computer systems.
7.1.16 - conduct data analysis and audits;
7.1.17 - identify usage trends and analyse the effectiveness of our promotional campaigns;
7.1.18 - prevent and detect security threats, fraud or other malicious activity;
7.1.19 - comply with our legal obligations, resolve disputes, and enforce our agreements.
7.1.20 - establish an account for you; and
7.1.21 - improve your online experience with us.
7.2 - Sensitive Information and Health Information
We will not collect Sensitive Information and Health Information about you unless:
7.2.1 - we obtain your consent to collect and use such Sensitive Information and/or Health Information; or
7.2.2 - the Sensitive Information and/or Health Information is reasonably necessary for one or more of our functions or activities; or
7.2.3 - the collection of the Sensitive Information and/or Health Information is required or authorised by or under Australian law or a court/tribunal order; or
7.2.4 - a permitted general situation exists in relation to the collection of the Sensitive Information by us; or
7.2.5 - a permitted health situation exists in relation to the collection of the Sensitive Information by us.
7.3 HNF Services and Consent
7.3.1 - If you engage with an HNF service (by any means including, but not limited to, in person, by telephone, online chat, video) you will be:
(a) informed that your interaction with us will be digitally recorded and electronically stored by us, which may include the collection of your Information;
(b) informed that Information you provide is subject to the terms of this Policy and where you can read this Policy; and
(c) provided with the opportunity to consent or not consent to these Policy terms.
If you do not consent to these Policy terms we may not be able to provide services to you.
7.4 - Necessary Disclosure
We may disclose your Information (including producing documents) to another person, entity, authority or government body if:
7.4.1 - we are required to do so by an Australian law;
7.4.2 - we are ordered to do so by a court/tribunal order; and/or
7.4.3 - there is an immediate or imminent risk of serious harm to you, an identified third party and/or the general public.
7.4.4 - Immediate threat to HNF personnel
7.4.5 - Individual repeatedly makes a nuisance contact, including calls, chats or emails.
7.5 - Disclosure to Related Entities and Service Funders
We may disclose Information to our related entities and service funders according to the contractual obligations of our service agreement with each of those affiliated organisations.
7.6 - Important Exceptions
We may disclose your Personal Information to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Services, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose Personal Information when we believe in good faith that such disclosure is permitted or required by and in accordance with the law.
8. Disclosure of Personal Information Overseas
Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries.
When you communicate with us through a social network service such as Facebook or Instagram, the social network provider and its partners may collect and hold your personal information overseas.
Your information may be transferred to and maintained on computers located outside of your state, province, country or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the Australia and choose to provide information to us, we may transfer Personal Information to Australia and processes it there.
9. Data Quality, Security & Management
9.1 - General
We hold personal information in a number of ways including electronically and hard copy paper files held at our office.
9.2 - Data quality
We take steps that are reasonable in the circumstances to ensure that the personal information we collect, use and disclose is accurate, current, complete and relevant. You can help us keep your information up to date by letting us know about any changes to your contact details.
9.3 - Protection of personal information
We take steps as are reasonable in the circumstances to ensure that personal information is protected from misuse, interference, loss, unauthorised access, modification and disclosure. However, no data transmission over the Internet is totally secure. Although we strive to protect such information, we give no warranty and cannot ensure the security of any information which you send online. Accordingly, any information which you transmit to us via the Internet is transmitted at your own risk.
9.4 - Retention of personal information
Your personal information is only kept while it is required for the purpose for which it was collected, for a permitted secondary purpose or as required by law.
9.5 - Credit card information
We do not store any credit card information on our servers.
9.6 - Additional steps
In addition to what is mentioned above, we take reasonable steps to protect your Information against misuse, interference, loss, unauthorised access, modification and disclosure. The protective steps we take include:
confidentiality requirements of our employees and subcontractors;
limiting access to Information to employees who have a need to use the Information;
educating our employees in relation to obligations under the Privacy Act, related State legislation and ethical codes of conduct for health practitioners;
document and file storage security policies;
security measures for restricted access to our systems; and
deletion, destruction or de-identification of Information where it is no longer required by us.
10. Access and Correction
Under the Privacy Act (Australian Privacy Principles 12 and 13) you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information.
You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to. For example, we will not give you access to your personal information if we reasonably believe that:
giving access would have an unreasonable impact on the privacy of other individuals;
giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
the request for access is frivolous or vexatious.
Individuals will be required to provide the following information before access or correction is undertaken:
A written request for access and/or correct addressed to the Privacy Officer and sent via email to email@example.com.
In order to enable us to conduct a record search of our service data bases we require you to provide us the following information:
the date, time and number used to contact our service; or
the date, time and IP address used to access our Active Listener support chat service.
Name of the Active Listener, personnel or member in contact with.
Proof of identity (this may be achieved through a number of means, including using the 100-point identification system and proof of contact number, certified through a legal practitioner, pharmacist, police officer or GP with an accompanying statutory declaration).
We will not provide access to personal information unless we are sure that the person seeking access is the person to whom the information relates, or the law otherwise supports such access. In some cases additional proof of identity information may be required or access may have to be denied because ownership of a record cannot be proven.
If we refuse to give you access to, or correct, your personal information, we will notify you in writing setting out the reasons.
If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
If we refuse to correct your personal information, you can ask us to attach a statement which indicates that you believe the information is incorrect, and why.
If you wish to contact us about a privacy matter or are concerned about the way we have handled your personal information, you can lodge a written request or complaint with our Privacy Officer at the following address:
Email Address: firstname.lastname@example.org.
If you are dissatisfied with our investigation of your concerns, you can lodge a complaint to the Office of the Australian Information Commissioner who is independent of HNF.
13. Contacting Us