Privacy Policy

Ballarat Community Health
Website: https://bchc.org.au

1. Introduction

1.1 Our Commitment to Privacy

Ballarat Community Health (BCH) ABN 98 227 492 950 is committed to protecting your privacy and handling your personal and health information responsibly. This Privacy Policy explains how we collect, use, store, and disclose your information when you use our website and services.

1.2 Our Legal Obligations

We are bound by the Privacy Act 1988 (Commonwealth), the Health Records Act 2001 (Victoria), and other applicable privacy legislation. We are also required to comply with the Australian Privacy Principles (APPs) and Victorian Health Privacy Principles (HPPs).

1.3 Scope of This Policy

This Privacy Policy applies to:

• Our website at https://bchc.org.au
• All health and support services provided by BCH
• Information collected through our facilities, programs, and communications
• Third-party services integrated with our systems

2. What Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

Identity Information:

• Full name, date of birth, gender, preferred pronouns
• Address, phone numbers, email addresses
• Emergency contact details
• Preferred language and communication methods
• Cultural background and country of birth (where relevant to service provision)

Government Identifiers:

• Medicare number
• Healthcare Identifier (IHI)
• Centrelink Customer Reference Number
• Pension/concession card details

Financial Information:

• Payment details for services
• Banking information for direct debits
• Insurance details (where applicable)

2.2 Health Information

We collect health information necessary for providing healthcare services, including:

Medical History:

• Current and past medical conditions
• Medications and allergies
• Previous treatments and procedures
• Family medical history (where relevant)
• Immunization records

Treatment Information:

• Clinical notes and observations
• Test results and reports
• Referral information
• Treatment plans and outcomes
• Appointment history

Mental Health Information:

• Psychological assessments
• Mental health treatment history
• Risk assessments
• Care plans and progress notes

Lifestyle Information:

• Exercise and dietary habits
• Substance use history
• Social and family circumstances (where relevant to care)

2.3 Website and Digital Information

When you visit our website, we may collect:

Technical Information:

• IP address and browser type
• Device information and operating system
• Pages visited and time spent on site
• Referring website information
• Search terms used on our website

Cookies and Tracking:

• Session cookies for website functionality
• Analytics cookies
• Preference cookies for user experience
• Security cookies for fraud prevention

Online Forms and Communications:

• Contact form submissions
• Newsletter subscriptions
• Online appointment requests
• Feedback and survey responses

3. How We Collect Information

3.1 Direct Collection

We collect information directly from you when you:

• Register for our services or create an account
• Attend appointments or receive treatment
• Complete forms (paper or online)
• Contact us by phone, email, or in person
• Participate in programs or activities
• Provide feedback or make complaints

3.2 From Healthcare Providers

We may receive information from:

• Your GP or other healthcare providers
• Specialists and allied health professionals
• Hospitals and other healthcare facilities
• Pathology and imaging services
• Other community health services

3.3 From Third Parties

We may collect information from:

• Government agencies (Medicare, Centrelink, NDIS)
• Insurance providers
• Family members or carers (with your consent)
• Interpreters and support workers
• Emergency services (in urgent situations)

3.4 Automatic Collection

Our website automatically collects certain information through:

• Server logs and analytics tools
• Cookies and similar technologies
• Security monitoring systems
• Email tracking (for newsletters and communications)

4. Why We Collect and Use Information

4.1 Primary Purposes

We collect and use your information to:

Provide Healthcare Services:

• Deliver medical, allied health, and support services
• Develop and implement treatment plans
• Monitor your health and progress
• Coordinate care with other providers
• Maintain accurate medical records

Administrative Functions:

• Schedule and manage appointments
• Process payments and billing
• Maintain client records and databases
• Communicate with you about services
• Provide customer support

Legal and Regulatory Compliance:

• Meet reporting requirements to government agencies
• Comply with health and safety regulations
• Respond to legal requests and court orders
• Conduct mandatory notifications where required

4.2 Secondary Purposes

With your consent, we may use information for:

Service Improvement:

• Quality assurance and clinical audits
• Service planning and development
• Staff training and education
• Research and evaluation (de-identified where possible)

Communication:

• Send appointment reminders and health information
• Provide newsletters and health promotion materials
• Notify you of service changes or new programs
• Seek feedback about our services

Marketing and Fundraising:

• Promote relevant health services and programs
• Conduct fundraising activities (with opt-out options)
• Share success stories (with specific consent)

5. Information Sharing and Disclosure

5.1 Healthcare Providers

We may share your health information with:

• Your nominated GP or primary healthcare provider
• Specialists and allied health professionals involved in your care
• Hospitals and other healthcare facilities
• Pathology and imaging services
• Other community health services (with your consent)

5.2 Government Agencies

We may disclose information to:

• Medicare Australia for billing and reporting
• Department of Health Victoria for funding and compliance
• NDIS for participant support and reporting
• Other government agencies as required by law

5.3 Third-Party Service Providers

We may share information with:

• IT service providers and cloud hosting companies
• Payment processors and financial institutions
• Appointment scheduling and patient management systems
• Interpreting and translation services
• Mail and courier services

5.4 Legal and Emergency Situations

We may disclose information without consent when:

• Required by law or court order
• Necessary to prevent serious harm to you or others
• For public health or safety reasons
• To investigate suspected fraud or illegal activity
• In medical emergencies when you cannot consent

5.5 Overseas Disclosure

Some of our service providers may store or process information overseas. We ensure appropriate safeguards are in place and will notify you of any overseas disclosures where required by law.

6. Data Security and Storage

6.1 Security Measures

We implement appropriate technical and organizational measures to protect your information:

Physical Security:

• Secure facilities with access controls
• Locked filing cabinets and storage areas
• Surveillance systems and alarm systems
• Clean desk policies and secure disposal procedures

Technical Security:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security updates and patches
• Firewalls and intrusion detection systems
• Regular security audits and assessments

Administrative Security:

• Staff training on privacy and security
• Access controls based on need-to-know
• Regular review of access permissions
• Incident response procedures
• Privacy impact assessments

6.2 Data Retention

We retain your information for:

• Health records: As required by law (typically 7 years for adults, until age 25 for children)
• Financial records: 7 years from last transaction
• Website analytics: 26 months (or shorter if you withdraw consent)
• Marketing communications: Until you unsubscribe or object
• Legal hold: Until legal requirements are satisfied

6.3 Data Destruction

When information is no longer required, we securely destroy it using:

• Secure shredding for paper records
• Certified data destruction for electronic media
• Secure deletion of digital files
• Certificate of destruction for sensitive materials

7. Your Rights and Choices

7.1 Access to Information

You have the right to:

• Request access to your personal and health information
• Receive a copy of your records (fees may apply)
• Request information about how we use your data
• Ask who we have shared your information with

7.2 Correction of Information

You can:

• Request correction of inaccurate or incomplete information
• Add a statement to your record if we disagree with requested changes
• Have corrections shared with relevant third parties

7.3 Consent and Withdrawal

You can:

• Withdraw consent for non-essential uses of your information
• Opt out of marketing communications
• Request restrictions on how we use your information
• Object to processing for direct marketing

7.4 Website Choices

You can:

• Disable cookies in your browser settings
• Opt out of analytics tracking
• Unsubscribe from newsletters and communications
• Request deletion of your online account

7.5 Making Requests

To exercise your rights:

• Contact our Privacy Officer using the details below
• Complete our privacy request form (available on our website)
• Provide identification to verify your identity
• Specify what information or action you’re requesting

8. Cookies and Website Analytics

8.1 Types of Cookies

We use the following cookies on our website:

Essential Cookies:

• Session management and security
• Form submission and error handling
• Load balancing and performance
• Accessibility preferences

Analytics Cookies:

• Google Analytics (with IP anonymisation)
• Website usage statistics
• Performance monitoring
• User behavior analysis

Preference Cookies:

• Language and accessibility settings
• Location-based content
• Customized user experience
• Remember login status

8.2 Cookie Management

You can manage cookies through:

• Browser settings to block or delete cookies
• Our cookie consent banner on first visit
• Privacy settings in your user account
• Opt-out tools provided by analytics services

8.3 Third-Party Analytics

We use Google Analytics to understand website usage. Google Analytics:

• Collects anonymous usage data
• Uses cookies to track user behavior
• Provides aggregated reporting
• Complies with Google’s privacy policy

You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on.

9. Changes to This Policy

9.1 Policy Updates

We may update this Privacy Policy to reflect:

• Changes in applicable laws
• New technologies or services
• Feedback from users and regulators
• Improvements to our privacy practices

9.2 Notification of Changes

We will notify you of significant changes by:

• Posting updates on our website
• Sending email notifications to registered users
• Displaying notices in our facilities
• Updating the “Last Modified” date below

9.3 Continued Use

Your continued use of our website and services after changes are posted constitutes acceptance of the updated Privacy Policy.

10. Complaints and Concerns

10.1 Internal Complaints

If you have concerns about our privacy practices:

• Contact our Privacy Officer first
• We will investigate and respond within 30 days
• We will work with you to resolve any issues
• We maintain records of all privacy complaints

10.2 External Complaints

If you’re not satisfied with our response, you can complain to:

Office of the Australian Information Commissioner (OAIC):

• Website: oaic.gov.au
• Phone: 1300 363 992
• Email: [email protected]

Health Complaints Commissioner (Victoria):

• Website: hcc.vic.gov.au
• Phone: 1300 582 113
• Email: [email protected]

11. Contact Information

12. Definitions

Health Information: Information about your health, disability, health services provided, or health wishes.

Personal Information: Information that identifies you or could reasonably identify you.

Consent: Your agreement to the collection, use, or disclosure of your information.

De-identified Information: Information that has been processed to remove identifying details.

Sensitive Information: Information about health, race, political opinions, religious beliefs, sexual orientation, or criminal history.