Calvary Health Care

Little Company of Mary Health Care Limited ABN 11 079 815 697 and its related bodies corporate set out in section 19 below (Calvary, we, our, us) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document is our Privacy Policy and it tells you how we collect, hold, use and share your personal information. This Privacy Policy applies to all hospitals, aged care homes, retirement villages, home care and NDIS services and virtual care services operated by Calvary anywhere in Australia, as well as our national offices and shared service centres.

We respect your rights to privacy under the Privacy Act 1988 (Cth) (Privacy Act). We comply with the Australian Privacy Principles under the Privacy Act and other Commonwealth, State and Territory privacy laws that govern the management of personal information that we collect and hold about you. This includes personal information we hold in hard copy as well as electronically.

We want to be open and transparent with you about how we handle your personal information. If you have any questions about our Privacy Policy, or about the ways we handle your personal information, please contact us using the details set out below.

This Privacy Policy applies to any individual who uses or enquires about our services, including current, former and prospective patients, residents and care recipients and those who have been nominated to support them. It also applies to individuals who engage with our services (including referring doctors, visiting medical officers and other health professionals, donors and volunteers), who visit one of our service locations (including students and trainees, contractors undertaking work at one of our sites or pharmaceutical and medical representatives who attend one of our sites) or visit our website.

This Privacy Policy applies to our employees, contractors and any individual who provides services to Calvary. However, it does not relate to actions we take that directly relate to ‘employee records’ of our current or former employees and to that employment relationship. This is because the retention of, and access to, these types of employee records are governed by different laws.

When used in this Privacy Policy, the term “personal information” has the meaning given to it in the Privacy Act. In general terms, it is any information or opinion that can be used to personally identify you such as your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

Sensitive information, which includes health information, is a sub-category of personal information, and entities (such as Calvary) that hold sensitive information are subject to additional privacy obligations in respect of that information.

When used in this Privacy Policy, the term “health information” has the meaning given to it in the Privacy Act. In general terms, it includes information or opinions concerning your health or any disability you may have, a health service you have received or that will be provided to you, or wishes you have expressed about the health services you receive in future.

Please note that further information on your rights and our responsibilities in regards to your health information can be found at oaic.gov.au.

Calvary operates hospitals, aged care homes, retirement villages, home care, disability services and virtual care services. We also conduct medical research, engage volunteers and undertake fundraising and community activities. We provide healthcare services to adults, children, those with disabilities and older persons.

The personal information we collect will vary depending on the service that you request or that we provide to you, or the reason you engage with us. We seek to collect only the minimum amount of personal information that is necessary in order to provide you with the relevant service or engage with you and to meet our legal obligations.

At some of our service locations, doctors and other health professionals may have their own private consulting rooms. If you visit a doctor or health professional at one of these private consulting rooms, they may keep their own record of your personal information (separate to the record kept by Calvary). If you have questions about the information that your doctor or health professional keeps at their private consulting rooms, please contact them.

5.1 Patients, residents and care recipients

If you:

• become a patient at a Calvary hospital;

• become a resident at a Calvary retirement village or aged care service; or

• receive a home care or other health care service provided by Calvary,

(or if you request information relating to any of these services), we will need to collect and use your personal information in order to determine your eligibility for, and provide you with, the health care services you have requested (or have enquired about). This includes collecting and using your health information and other sensitive information. The types of personal information we will collect include:

• identification information, including: your name, mailing or street address, email address, telephone number, age or birth date, gender and sex, marital status, Medicare number, Individual Healthcare Identifier, next of kin (and their contact details), medical insurance details and your profession, occupation or job title;

• health information, including: information that is necessary to provide health care services to you such as your personal medical history, vaccination status, organ donor status, advance care directives, details of your treating doctors (such as your general practitioner), pathology test results and diagnostic imaging scans, information about referrals to and from other services and lifestyle patterns;

• other sensitive information relevant to the health service you require, which may include: your religion, ethnic origins, criminal history and sexual practices;

• your voice (if you leave a voicemail for us, or call or receive a call from, one of our services that records inbound or outbound calls and continue the call after being informed that it will be recorded);

• details of medical services you have enquired about, together with any additional information necessary to respond to your enquiries;

• payment information, including your health fund, credit card, direct debit, concession card or PBS entitlement details;

• information about your financial position, if you are a resident of one of our aged care homes or retirement villages and pay (or have agreed to pay) us directly for any services we provide to you;

• your photo, if it is necessary for us to have this in order to provide you with the services you need. In certain circumstances there may also be a clinical need to collect video footage in which you can be identified;

• any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites or online presence, through our representatives or otherwise; and

• information you provide to us through our reception desks, service centres, customer surveys (unless the survey is anonymous) or visits by our representatives from time to time.

If you have an Australian digital health record, known as My Health Record, then we are required to collect and use the health information included in that record in accordance with the My Health Records Act 2012 (Cth). If you are a participant in My Health Record and receive health services from us, Calvary may upload an electronic summary containing personal and health information to your digital health record, unless you tell us not to do so. For more information please visit digitalhealth.gov.au.

If you receive health services from us, we may collect your Individual Healthcare Identifier from the Healthcare Identifiers Service Operator (currently Medicare) and use it for the purposes authorised under the Healthcare Identifiers Act 2010 (Cth). Individual Healthcare Identifiers are used to identify and access consumer records in the My Health Record system described above.

5.2 Other individuals

We also collect personal information about other individuals such as:

• people visiting patients or residents at any of our service locations;

• emergency contacts and authorised representatives;

• health professionals, including referring doctors, visiting medical officers and allied health professionals;

• employees, students and trainees, volunteers, job applicants and referees for job applicants;

• individuals employed by contractors or service providers who provide services to us; and

• individuals participating in our fundraising activities.

The personal information we collect from these individuals will depend on the reason that they are engaging with Calvary.

Visitors and emergency contacts/next of kin

For people visiting patients or residents at our facilities, or emergency contacts/next of kin and authorised representatives, we will collect the personal information that is necessary for us to provide services to the relevant patient or resident or for our administrative or business purposes. For example, if you are visiting a patient or resident, we may need to ask for certain health information (such as your vaccination status) if we are required to do so by law or where it may affect your ability to visit the relevant patient or resident at that time.

Patients admitted to our hospitals have the ability to share certain information about their admission with contacts through the CalvaryCare app. Such access is controlled by the patient and can be changed, via the CalvaryCare app, at any time.

Health professionals

The personal information we collect about health professionals will depend on the role they are performing. For example, if you are a health professional seeking accreditation at one of our hospitals, we will collect information that is relevant to the credentialing process, to enable you to access relevant Calvary systems required to provide health services at our service locations and (unless you tell us otherwise). It also may be used to display your contact information on the “Find a Specialist” sections of our website. For referring doctors and allied health professionals, we may only require identification information.

Working or volunteering with us

For employees, students, trainees, volunteers, applicants and referees, the personal information we collect will also depend on the role you are performing. For those seeking to work or volunteer with us, we will collect information that is necessary for us to assess your application and (if successful) to employ you or engage your services. This may include performing suitability checks (which may include obtaining national police checks and working with vulnerable people checks and collecting other sensitive information relevant to your current or potential role) and speaking with your referees. For those who commence working or volunteering with us, we may also collect additional personal information on a regular basis if it is relevant to your role. For example, we may collect biometric information (such as your fingerprint) as part of our time and attendance systems, as well as vaccination, training, AHPRA and other government registration records.

Donors

For those seeking to donate to Calvary, donations can be made anonymously, but unless you tell us that you want to donate anonymously we will collect information from you for the purpose of recording the terms of the donation, issuing a receipt to you and managing the donation (including on an ongoing basis, if relevant). This will include collecting your name and address, as well as any information relevant to any conditions applicable to the donation. We will not use your name, image or other personal information relating to your donation without your consent.

5.3 Other information

We also collect some information that is not personal information because it does not identify you or anyone else. We collect anonymous answers to surveys and aggregated information relevant to our business operations, such as presentations to emergency departments and the number of calls to referral/enquiry lines.

We will generally collect your personal information directly from you. The ways in which we will collect personal information from you include the following:

• when you complete any documentation in paper or online requested by us: for example relating to admissions, discharges, requests, purchases or any other request relating to your personal or health information that is necessary for us to treat you and provide health care services to you (including when you submit this information via the CalvaryCare app or the eAdmissions portal);

• in person: when you visit one of our service locations or while you receive care as a patient, resident or care recipient;

• by phone: during conversations between you and our representatives;

• online: through your access and use of our website (including when you complete any webform);

• by accessing (through our existing clinical information systems) your My Health Record and your Individual Healthcare Identifier.

We generally try to avoid asking you to send us personal information via unsecured email. We cannot guarantee the security of your personal information sent by email until it is received by us. If you provide personal information to us via email, the email and its contents will be encrypted once it is in our systems.

Depending on your circumstances, we may also collect personal information from third parties including:

• your referring doctor or health professional, or your referring health service provider, where you are referred to Calvary;

• from government agencies such as My Aged Care, State or Territory health departments, law enforcement agencies, Services Australia, Centrelink, or the Department of Veteran’s Affairs;

• from third party companies such as credit reporting agencies, and health funds;

• other medical professionals, your relatives, people who are permitted by law to act as your attorney or guardian in relation to health matters and from other health service providers in order to assist us in our provision of services to you;

• as part of applications made to one of our Human Research Ethics Committees, in connection with research that is proposed to be conducted at one of our service locations or using personal information that is held by us;

• past employers or referees; or

• the other Calvary entities in section 19.

We will generally only collect personal information about you from a third party if:

• you consent;

• the collection is necessary in order for us to provide you with services and your consent cannot be obtained, such as when there is an immediate need to provide you with health care services by way of immediate emergency medical treatment where your state of health and/or life is at risk;

• the collection is reasonably necessary to enable us to manage and operate our business; or

• we are permitted by law to collect the information from that third party.

Generally, we will collect personal information about children from their parents or guardians.

In these situations, we will collect your personal information in accordance with applicable law.

We use camera and other optical/video surveillance systems (including CCTV) at many of our service locations, to help maintain the safety and security of our patients and residents, employees, visitors and other people on site. These systems may collect and store personal information and are used in accordance with applicable surveillance laws. Signs will be visible at service locations where optical/video surveillance systems are in operation.

In order to protect our valuable equipment, some of our devices and equipment (including mobile medical equipment, laptops and vehicles) are fitted with tracking devices. Such equipment will be labelled.

We seek to collect only the minimum amount of personal information that is necessary to provide you with the relevant services. It is important that the information you provide is complete and accurate.

If you do not provide us with the personal information described above, or if you provide inaccurate or incomplete information, some or all of the following may happen:

• we may not be able to provide the requested health care services to you, either to the same standard or at all;

• we may not be able to provide you with information about the health care services that you may want, including information about treatment and care options;

• we may not be able to allow you onsite; or

• if you are applying to be accredited at our facility, or if you are applying to work or volunteer with us, we may not be able to progress your application.

We will use and disclose your personal information for the purpose for which it was collected by us (the primary purpose), unless we are permitted by law to use the information for another purpose (secondary purpose).

Selected examples of how we may use or disclose your personal information, and who we may disclose the information to, are described below.

9.1 Patients, residents and care recipients

For patients, residents and care recipients, the primary purpose for which we collect your personal information is generally to provide (or assess whether we can provide) health care services to you. Examples of how we may use and disclose your personal information (including health and other sensitive information) include:

• to coordinate your care with other health practitioners: for example, for those receiving hospital care, we will provide your personal information to your treating doctors and surgeons to assist them to provide health services to you, and in all our services we will usually provide your personal information to your referring doctor or general practitioner (such as through a discharge summary when you leave hospital);

• to coordinate your care with other health service providers: for example, if you require pharmacy, diagnostic imaging, pathology or other allied health services as part of the health service we provide, we will provide your personal information to the organisations and individuals who provide those allied health services so they can participate in your care;

• to offer you pastoral care and other support: pastoral care practitioners who are employed by us may be given your personal information as part of the care services we provide;

• to assess your suitability to receive care from us: for example, we will use your health information to determine whether the level of aged care support you require can be provided by our aged care homes;

• to assist our staff to know you better: for example, in our aged care homes we may display your name and photo on the door of your room and our staff may talk to you about your lifestyle and food preferences and suggest activities that you may want to become involved in;

• if you have received an implant or other medical device at a Calvary facility, we may disclose your personal information to the manufacturer to enable them to contact you about the device in future;

• to assist us to diagnose and treat you: for example, we may use information about your profession, occupation or job title to assist us to consider possible occupational illnesses or information about your ethnic origins where it may be relevant to your diagnosis;

• in the event you require a transfer to another facility (whether that is a Calvary facility or not), we will disclose your personal information to the receiving health care facility, aged care facility or health service provider to ensure continuity of care, and to any ambulance or patient transport service arranged to facilitate your transfer;

• to answer your queries about the care you have received and provide information or advice about existing and new products and services;

• to receive payment for the health services we provide: for example, so that we can receive payment from Medicare, your health fund or any other organisation, government agency or individual who is responsible for payment of the fees for those health services;

• to enable Chaplains or representatives of other faiths who are not employed by us to visit you: if you have requested or consented to the disclosure, your name, location and any specific requests you have made will be provided to a Chaplain or representative of another faith (as applicable) so they can arrange to visit you;

• to provide updates to your family, friends, legal representatives, guardians and attorneys (but only in accordance with the law), unless you have told us that you do not want us to disclose your personal information (or certain types of personal information) to any such person;

• to update our records and to ensure those health practitioners or health care providers involved in your care have your updated personal information;

• to comply with laws relating to the care that we provide to you, such as to the My Health Record System Operator by uploading information to your My Health Record (unless you have opted-out) or, in relation to Individual Healthcare Identifiers, to other entities in accordance with the Healthcare Identifiers Act 2010 (Cth);

• to comply with our obligations under contracts with government agencies: for example, some of our services are provided to public patients under arrangements with Commonwealth, State or Territory government agencies and we are required to provide the personal information of those patients to the relevant government agency;

• if we sell, transfer or close a facility where you are a resident or are receiving services, we may disclose your personal information to one or more proposed new providers to confirm that they will be able to continue to provide you with health care services, and in the case of a closure of our facility, we will provide your personal information to the health care facility that you ultimately move to. In each of these cases, this might include transferring your personal information to a government authority, where we have provided services to you as part of a contract with a government authority. We will take reasonable steps to tell you if your personal information will be disclosed to a third party in these circumstances; or

• notifying you if we become aware of a clinical trial or research that may be relevant to a health service you received from us. We will not disclose your personal information to any researcher without your consent or unless we are permitted to do so by law.

9.2 Other individuals

For health professionals, employees, volunteers, students, trainees and job applicants, we will use your information for the purpose for which you provide it to us (for example to accredit you to our facility, or enable you to work for Calvary).

With your consent we may store your information and use it to contact you to invite you to attend relevant training or educational events we offer, or future recruitment or employment opportunities.

We may also disclose your personal information where we are required to comply with any mandatory reporting obligations to regulators or professional bodies, or any other law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country or in response to any subpoena or lawful request for production of information.

For next of kin and other personal representatives, we may have received personal information about you directly from you, or from the person for whom you are the representative. We will use your personal information to contact you in relation to the person for whom you are the representative and to provide you with other information about our facility or the person for whom you act (such as newsletters about the relevant aged care facility).

For people who attend our sites, either as visitors or to provide services, we will use your information for the purpose for which you provided it to us (for example, to ensure that you hold any necessary vaccinations that are required before visiting the relevant site or that you hold qualifications to perform the services you are providing to us).

9.3 Other typical uses

In addition to the above, we may also use and disclose your personal information:

• to send communications you have requested, to answer your enquiries and provide information or advice you have asked for about existing and new products or services;

• for our quality control and research purposes including as part of audits conducted for our quality assurance and accreditation processes from time to time (either by us, by third party service providers we engage to assist us or by government agencies);

• to our related bodies corporate (as listed at the end of this Privacy Policy), such as where a number of Calvary entities are involved in providing you with care or you are transferred from one Calvary service to another;

• to our contracted service providers (such as software and information technology suppliers, providers of agency staff, consultants or auditors) where it is relevant to the professional services that they provide to us (subject to the providers agreeing to comply with the Privacy Act and any other applicable privacy legislation);

• to process and respond to any complaint made in relation to the services provided to you;

• for our administrative, marketing (including direct marketing), planning, product or service development purposes; and

• to any person or organisation for an authorised purpose with your consent.

Your personal information will not be sold or rented by us, and it will not be shared or disclosed other than as described in this Privacy Policy. You always have the ability to unsubscribe from direct marketing from us at any time.

Your personal information is important to us. Information on how we protect your personal information is provided in the “How do we protect your personal information” section below.

We may combine any information that we collect from you with information collected from you by any of our related bodies corporate (within Australia).

We will only use your personal information for direct marketing if you give us your consent to do so.

Having accurate and complete personal information is important so that we can provide high quality, safe and effective health services. You generally have the option of dealing with us anonymously or using a pseudonym, however if you choose to do this we may not be able to provide you with all the services you require, or assist you to the full extent possible. For example, you may make a complaint to us anonymously, but if you choose to do so we may be limited in the action that we can take if we need further information from you in order to resolve the complaint. In some circumstances we need to be able to identify you (and you cannot remain anonymous or use a pseudonym), where:

• we are required or authorised by law to only deal with an identified individual (for example if you request access to your or someone else’s personal information, we need to be able to identify you); or

• it is impractical for us to interact with you anonymously or pseudonymously. For example, if you are a patient at a Calvary hospital, you cannot choose to be anonymous or use a pseudonym because we need to collect your personal information in order to treat you and ensure your care can be paid for.

You can request access to any personal information, health information or other sensitive information we hold about you at any time by contacting us (please use the Request for Information form). If you request access to your personal information, we will require you to verify your identity and specify the information that you require. Where we hold information that you are entitled to access, we will try to provide you with a suitable means of accessing it (for example, by mailing or emailing it to you). Depending on the nature of the personal information you seek we could charge you a reasonable amount to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and we will not charge for making any corrections to your personal information.

There may be instances where, by law, we cannot grant you access to the personal information or health information we hold, or can only grant you access on certain conditions. For example, we will refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, then you can request that we amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.

If you wish to make such a request, or for more information about accessing your health records and personal information, please use the contact details which are set out in the “How can you contact us?” section.

We take any suspected breach of privacy very seriously. If you believe that your privacy has been breached by us in a manner inconsistent with this Privacy Policy, please contact the local person in charge, and our Privacy Officer using the contact details which are set out in the “Contacting Us” section below, and provide details of the incident so that we can investigate it.

We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. We will respond to your complaint as soon as possible and in any event within 30 days of receipt of your complaint. If we need further information, we will let you know, and we will tell you whether we will conduct an investigation, (if applicable) the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process.

After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.

If you are not satisfied with the outcome of your complaint then you can make a complaint to the Privacy Commissioner through the following channels:

• Online: visit www.oaic.gov.au to use the privacy complaint form

• Via postal mail: Mail is to be directed to GPO Box 5288 Sydney NSW 2001

• Via fax: Send your complaint to +61 2 6123 5145

Your personal information is generally stored at premises or data centres located in Australia (which may be owned by Calvary or by third parties). Calvary prioritises working with third party providers who store data in Australia. Sometimes, third parties who store or process data on our behalf do this overseas, typically in the European Union or the United States. We also use service providers who have employees located overseas who may need to access our systems (and the personal information on those systems) to perform their services (for example staff on the help desks of software providers who provide technical support to us outside Australian business hours).

Our agreements with those third parties and service providers require them to ensure that they do not breach the Australia Privacy Principles when they store, process or access personal information overseas.

We understand the importance of protecting your personal information.

We have technical and organisational processes and systems in place to protect the personal information we hold about you (either on our own systems or on third party systems), including controlling access to systems on which personal information is stored and processed, requiring employees to comply with Calvary information security policies and requiring employees to undertake training about information security.

We regularly assess the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of the personal information we hold and we take measures to address these risks. Such measures include; keeping a record of when someone adds, changes or deletes personal information and checks to ensure that staff only access records they need to. We conduct regular internal and external audits to assess whether we have adequately implemented these measures and that your personal information is protected.

We may hold your information in either electronic or hard copy form. Personal information that we hold or control is generally securely destroyed or de-identified 7 years after our last contact with you, unless we are required by law to retain it for longer.

16.1 Information we collect and how we use and disclose it

Other than as described below, we generally do not:

• collect personal information via our website (calvarycare.org.au) or social media sites unless you choose to provide it to us that way (for example through direct messages via our social media profiles, by completing a webform or submitting your admission information via our e-admissions portal or the CalvaryCare app); or

• use personal information collected via our website except in the circumstances described in the “What do we use and disclose your personal information for?” section above.

We log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users’ movements, and gather broad demographic information.

We also collect your personal information through the use of cookies. We use cookies and third-party tracking pixels to analyse how visitors interact with our website and online services, helping us understand usage patterns and improve your experience. These analytics cookies collect anonymous information about how you navigate our site, which pages you visit most frequently, and how long you spend in different areas. This data allows us to make informed decisions about our website's design and content, ultimately creating a better, more intuitive experience for you.

We use Google technology to provide you with personalised advertising. These features collect data via advertising cookies and anonymous identifiers to help us display ads that match your preferences and potential needs, based on your browsing behaviour and interactions with our website. Your privacy remains important to us, and all data collection complies with applicable privacy laws and Google's advertising policies.

You can manage or disable cookies at any time by accessing your browser settings and clearing your browser data, or by adjusting your cookie preferences in your browser's privacy settings.

You don’t need to provide us with personal information to use our website, but if you don’t, we may be unable to tailor the content of our websites to your preferences (meaning your experience of our websites may not be as enjoyable or useful). You will not be able to use our e-admissions portal or the CalvaryCare app without providing personal information. If you choose to identify yourself while using our website, any personal information you provide to us will be managed in accordance with this Privacy Policy.

16.2 Social media sites

Calvary uses LinkedIn, Facebook, Instagram, YouTube and X (formerly Twitter) to engage with patients, residents and care recipients and to let the public know about our health care services. We will not ask you to share your personal information through our social media channels, but if you use these services to contact us or communicate with us, we will collect the personal information you provide as part of that message (for example, your user name). If you wish to discuss details about your care or service experience, please contact us via our website.

LinkedIn, Facebook, Instagram, YouTube and X have their own privacy policies.

16.3 Links

Our website may contain links to external sites that are not operated by Calvary. We provide these links for your convenience and informational purposes only.

The inclusion of a link to a third-party site does not imply our endorsement of the content, products, or services offered by that site.

Calvary is not responsible for the content or practices of any linked third-party sites. Your use of these sites is at your own risk, and we encourage you to review these policies when visiting such sites.

16.4 Security

Calvary uses a third party to process information submitted via the webforms that are available on our website (calvarycare.org.au). Data we collect via those webforms is stored in Australia with encryption at rest and in transit. All data collected through those webforms remains the exclusive property of Calvary and will not be accessed by the third party except when explicitly authorised by Calvary.

Information that you submit via the CalvaryCare app or the eAdmissions portal is protected by additional security measures. Further information about these measures is available in the app and the portal.

However, while we take all reasonable steps to protect the personal information on our systems, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.

If you have any questions about this Privacy Policy, any concerns or a complaint regarding the treatment of your personal information, or are concerned about a possible breach of your privacy, please use the contact link on our website or contact our Privacy Officer using the details set out below.

We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns.

Please contact our Privacy Officer at:

Privacy Officer, Little Company of Mary Health Care Limited

Post: GPO Box 4121, SYDNEY NSW 2001

We will update this Privacy Policy from time to time. Any updated versions of this Privacy Policy will be posted on our website. Please review it regularly.

This Privacy Policy (version 2) was last updated in March 2025.

Hard copies of our Privacy Policy are available from our service locations.

The key Calvary operating entities to which this Privacy Policy applies are set out below:

This Privacy Policy also applies to personal information collected by any other Calvary entities from time to time.

In this Privacy Policy:

health information has the meaning given to it in the Privacy Act, which is that the following information is health information:

• information or an opinion about:

  • the health, including an illness, disability or injury, (at any time) of an individual; or

  • an individual’s expressed wishes about the future provision of health services to the individual; or

  • a health service provided, or to be provided, to an individual;

that is also personal information;

• other personal information collected to provide, or in providing, a health service to an individual;

• other personal information collected in connection with the donation, or intended donation, by an individual of his or her body parts, organs or body substances;

• genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.

personal information has the meaning given to it in the Privacy Act, which is that it is information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• whether the information or opinion is true or not; and

• whether the information or opinion is recorded in a material form or not.

primary purpose means the purpose for which personal information was collected by us

Privacy Act means the Privacy Act 1988 (Cth)

secondary purpose means a purpose other than the primary purpose

sensitive information has the meaning given to it in the Privacy Act, which is that it is:

• information or an opinion about an individual’s:

  • racial or ethnic origin; or

  • political opinions; or

  • membership of a political association; or

  • religious beliefs or affiliations; or

  • philosophical beliefs; or

  • membership of a professional or trade association; or

  • membership of a trade union; or

  • sexual orientation or practices; or

  • criminal record;

that is also personal information; or

• health information about an individual; or

• genetic information about an individual that is not otherwise health information; or

• biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or

• biometric templates.