Privacy Policy

 

Purpose

Estia Health recognises the importance of your privacy. This Privacy Policy outlines how we collect, use, disclose, store, and otherwise handle your personal information and acknowledges Estia Health's obligations under the Australian Privacy Principles and other relevant privacy laws and regulations (Privacy Laws).

Scope

Our aim is to provide transparency regarding our data handling practices. This Privacy Policy is intended to provide an overview of our practices for the handling of your personal information in the course of providing our services, such as residential aged care and allied health services.

It extends to information collected through our Website, or via other methods including social media channels, customer service interactions, including verbal, written or electronic communications and any other engagements with Estia Health.  By using our Website and/or providing your personal information to us, you acknowledge that we will handle your personal information in a manner consistent with this Privacy Policy.

Other policies may apply in addition to this Privacy Policy.  For example, a privacy collection notice made available to you, that explains our personal information handling practices relevant to our dealings with you.

Terminology

Within the context of this Privacy Policy, references to “Estia Health” and “we," "us" and "our" are references to entities in the Estia Health Group.  These include:

Estia Health Pty Ltd, Estia Investments Pty Ltd, Estia Finance Pty Ltd, Estia Health Residential Aged Care Pty Ltd, Estia Health BidCo Pty Ltd, Estia Health HoldCo Pty Ltd, Estia Health MidCo Pty Ltd and Estia Health TopCo Pty Ltd.

The terms "you" and "your" refer to any natural person whose personal information we collect.

References to our “Website” represents our online presence, accessible at www.estiahealth.com.au, through which we provide information about our services and homes.

Types of Information We Collect

The types of personal information we collect about you is tailored to our relationship with you, whether you're a resident in our care, a relative of a resident, someone exploring our offerings or applying for a job or engagement with us. Below is an overview of the types of information we may collect:

For Residents:

  • Personal Identification: Including your name, date of birth and place of birth, gender and contact information such as address, phone numbers, and email.
  • Health Information: Comprehensive details covering care needs, assessments, clinical and hospital records, medications, medical history, test results, details of your general practitioner and other health professionals involved in your care, photographs for clinical and identification purposes, and disability status to ensure all care requirements are met.
  • Legal and Representative Information: Details of your family status, relatives, carers and visitors and any individuals authorised to act on your behalf, including next of kin, power of attorney, and guardians, along with any relevant legal documents like advance healthcare directives.
  • Financial and Billing Information: Information about your assets and income, billing details, Medicare, pension or DVA (Department of Veterans' Affairs) specifics, bank account details, necessary for processing payments and managing accounts.
  • Personal Preferences and Lifestyle Information: Insights into your religious preferences, personal likes, dislikes, dietary requirements, hobbies, and social preferences to enhance your living experience with us.
  • Technology Usage: Information on your use of digital devices and services within our homes, ensuring we support your connectivity and access needs.
  • Interaction Records: Documentation of communications with Estia Health, including emails, letters, notes, and possibly voice recordings of calls for quality and record-keeping purposes.
  • Consent and Permissions: Detailed records of consents provided for various activities, services, and data sharing to uphold your rights and preferences.
  • Safety and Incident Reports: Any incidents involving you for ensuring ongoing safety, compliance, and care quality improvement.

 

For Prospective Residents

When you inquire or request information about becoming a resident at an Estia Health home either through written communication or verbally, we collect specific information from you or any individual acting on your behalf.:

  • Contact Information: We collect the names and contact details (phone number and email address) of prospective residents and any individuals making inquiries on their behalf.
  • Personal Details: The prospective resident's name, date of birth, and place of birth are gathered to personalise our response and understand your needs better.
  • Health Information: Health-related details, including Aged Care Assessment Team (ACAT) approval specifics, are essential for tailoring our services to meet your health care requirements.
  • Vaccination Status: Information regarding the vaccination status of prospective residents, including COVID-19 and influenza vaccinations, is collected to ensure the safety and well-being of our community members.

 

For Relatives or Representatives:

When acting as an authorised representative (e.g., attorney, guardian, or financial manager) or substitute decision maker for either an existing or prospective resident of Estia Health, we recognise the importance of your role in facilitating care and services. To this end, we collect and utilise specific information about you to ensure the effective provision and administration of care to the resident, and to validate decisions and actions taken on their behalf. This information may also be recorded in the resident's care notes and other relevant records associated with their care:

  • Identification and Contact Details: Your name and how to reach you, including your address, phone numbers, and email, to facilitate effective communication.
  • Details of Appointment: Information concerning your status as an authorized representative, including a copy of the document appointing you to this role, and the nature of your relationship to the resident. This helps us understand the scope of your authority and responsibilities.
  • Interaction Records: Records of your interactions with us, capturing the essence of our communications, including correspondences like emails and letters.

 

For Volunteers and Students:

  • Personal and Contact Information: This includes your name, address, postcode, telephone and email addresses, to facilitate communication.
  • Demographic Details: We gather information such as your age, date and place of birth, and gender to ensure diversity and inclusion.
  • Professional Background: Your qualifications and experience are collected to assess your suitability for the position.
  • Legal Compliance Checks: This encompasses police, NDIS, and other necessary checks to meet aged care sector requirements.
  • References and Additional Information: Information obtained from references and any other data you or your referees provide in connection with your application.
  • Health Information: Including vaccination status for diseases such as COVID-19 and influenza, to comply with legal and regulatory mandates, and to ensure the safety and health of our residents, employees and visitors.

 

For Service Providers, Suppliers, Contractors and Consultants:

  • Contact Details: Names, addresses, postcodes, telephone and fax numbers, and email addresses to ensure effective communication.
  • Professional Credentials: Your qualifications, experience, licenses, and registrations to verify expertise and compliance with industry standards.
  • Health Information: Vaccination status, including COVID-19 and influenza, to adhere to health and safety protocols.
  • Compliance Checks: Police, NDIS, and other necessary checks to meet aged care and medical service standards.
  • Supplementary Information: Additional details you or your nominated referees provide relevant to your services.
  • Financial Information: Necessary data to evaluate creditworthiness and manage financial transactions, including banking and account details.
  • Legal and Regulatory Compliance: Any other information needed to fulfil legal obligations, regulatory directives, and our internal policies and procedures, ensuring the safety and well-being of our residents, employees, and the broader Estia Health community.

 

For Prospective Employees:

  • Personal Identification: This includes names, dates and places of birth, gender, addresses, contact details, and emergency contact information.
  • Background check results: This includes reference checks, police checks, NDIS checks and any other checks required for employment in aged care which are necessary for ensuring the safety and security of our residents and employees.
  • Employment Details: Job titles, employment history, qualifications, certifications/licences and any other information related to your prior employment history.
  • Health and Safety Information: Health information that is relevant to your job role, including any disabilities or health conditions that may require workplace accommodations, and information related to workplace health and safety incidents.

 

Current Employees:

We will collect the same information from you as for Prospective Employees with the addition of:

  • Financial Information: Banking details for salary processing, tax information, superannuation details, and any other financial information relevant to employment remuneration and benefits.
  • Performance Information: Records related to job performance, including appraisals, training records, and any disciplinary or grievance procedures.
  • Technology Use Information: Information related to the use of Estia Health's technological resources, including email communications, network usage, and access to systems and applications.

 

Anyone entering an Estia Health Premises:

For the purpose of maintaining a secure environment, security cameras are operational at various locations within Estia Health premises, including at entrances, exits, car parking areas, and other zones clearly marked by signage. These cameras are intended to:

  • Enhance Safety: Monitor activities to help provide a secure setting for residents, visitors, and employees.
  • Incident Review and Security Management: Stored digital footage, generally retained for up to 90 days, is utilised primarily for reviewing in the event of an incident.

Use of security camera footage for personal identification will be strictly confined to security-related, risk management, and incident investigation objectives. Authorised external parties, as permitted by law or court order, may access the footage for these purposes.

 

Collection of Additional Personal Information

Estia Health may, from time to time, collect additional personal information not specifically listed in this Privacy Policy. This may occur under circumstances when you communicate with us (whether by email, telephone, writing, or in person) or when we determine that collecting certain information is essential for our functions and activities or otherwise permitted or required by law.

How do we collect information?

We collect personal information about you directly from you.

Sometimes, your personal information may also be collected, with your consent or as legally permitted, from the following sources, especially when it is unreasonable or impractical to collect it directly from you:

  • Authorised Representatives: This includes appointed guardians, attorneys, public trustees, or guardians.
  • Family and Friends: Those involved in your care or acting on your behalf.
  • Healthcare and Service Providers: Other professionals involved in your care or service delivery.
  • Public Sources: For verification purposes, such as professional registration boards, especially for healthcare providers.
  • Government and Regulatory Bodies: Agencies such as Medicare, the Department of Veterans' Affairs, and other relevant authorities for compliance and verification purposes.
  • Estia Health Group Entities: Other entities within the Estia Health Group may share information as necessary for operational, care, and regulatory reasons.
  • For Employees: Information may be collected from colleagues, references, educational institutions, professional associations, and regulatory bodies for employment and verification purposes or where you provide information directly to us during a recruitment process.
  • Service Providers: Financial institutions, credit providers, licensure, and qualification verification sources, as well as referees and insurers for administrative and compliance purposes.

 

If we are unable to collect the personal information that we require, or the information provided is incorrect or incomplete, then we may not have sufficient information to conduct our business and we may be limited:

  • in our ability to provide our services;
  • in our ability to keep you informed about company updates and services information;
  • in considering your application for employment with us; or
  • in our ability to respond to your inquiry or request.

 

Use and Disclosure of Personal Information

We use your personal information for the purposes for which we collected it as described above, and for other related purposes that you would reasonably expect. Generally, these purposes include (but are not limited to);

  • Delivering and managing healthcare services tailored to individual needs, preferences, and conditions.
  • Reporting to entities like the police, the Aged Care Quality and Safety Commission, the Department of Social Services or the Department of Health and Aged Care in specific scenarios, such as unexplained absences of residents or instances of elder abuse, as mandated by the Aged Care Act.
  • Complying with health department requirements to report certain illnesses, ensuring public health and safety.
  • Ensuring the security and safety of our homes for all residents and employees.
  • Sharing relevant information with nursing, care employees, and visiting health professionals (e.g., doctors, physiotherapists, pharmacists) to facilitate coordinated and personalised care.
  • Engaging in continuous improvement activities, such as audits, surveys, and training, to monitor and enhance the quality and appropriateness of care.
  • Providing necessary personal and health information to Government, State, regulatory and other health departments and agencies.
  • Sharing information with;
    • Regulatory and law enforcement agencies for investigations, notification of complaints, serious incidents, and reportable events, in accordance with legal and regulatory requirements.
    • Medical professionals or experts, for obtaining medico-legal opinions;
    • Insurance providers, for the purposes related to liability and indemnity coverage;
    • Legal representatives or medical defence organisations associated with our practitioners, aiming to address liability or indemnity issues, particularly following an incident that adversely affects a patient; or
    • Parties involved in preparing for, or engaging in, legal proceedings, whether anticipated or ongoing.
  • Sharing information on a need-to-know basis with third parties for operational, regulatory and legal purposes including billing and debt recovery, service monitoring, funding, complaint handling, incident reporting, as well as the development, planning, evaluation, quality assurance, and audit of our services, alongside accreditation activities.
  • Utilising contact information to maintain mailing lists for effective communication and engagement with our community and communicating important service updates, new projects, and opportunities for enhanced care.
  • Assessing applications for employment to build a skilled and dedicated team.
  • Undertaking any activities or sharing information for purposes to which you have provided explicit or implied consent such as marketing initiative and information about our upcoming events or offerings.
  • Addressing any inquiries or requests you may have promptly and effectively; and
  • As otherwise permitted or required by law.

 

Direct marketing

From time to time. we may reach out to you to share information about our offerings, those of our related entities, and our business partners that align with your interests and potential needs. This includes sending newsletters to you, or contacting you through various channels such as post, email, phone, or SMS.

Upon engaging with Estia Health, you agree that we may use of your personal information for direct marketing activities as outlined in this Privacy Policy, unless you tell us otherwise to opt-out.  You can opt-out of receiving marketing materials at anytime by contacting us on the details at the end of this Privacy Policy, or by using the functional opt out mechanism in one of our communications.

Storage and security

We may hold your personal information in electronic formats or in hard copy. We will endeavour to take all reasonable steps to keep any information that we hold about you secure, and to keep this information accurate, up to date and complete in compliance with applicable laws.

We may retain your personal information for as long as necessary to comply with any applicable law, for insurance and corporate governance purposes, for the prevention of fraud and to resolve disputes.  Your personal information may also be retained in our IT system back-up records. 

If you apply for a job with us, we may retain your personal information for a period of time after we receive your application so that we may consider you and keep you in mind about similar roles, unless you ask us not to. 

The transfer of data over the internet is inherently insecure.  We cannot guarantee the security, during transmission, of any personal information provided to us via our Website or through communications you send to us.  Please bear this in mind when transmitting information by this means to us.

Accessing your personal information

You have a right to request access to personal information that Estia Health holds about you. To request access to your information, please contact us (our contact details are outlined below).

We may ask you to submit your request in writing and provide proof that you are legally entitled to obtain access to the information you are requesting (for example, if you are making a request on behalf of someone else).

We reserve the right to charge for providing access to certain information, as permitted by law and you will be informed of this at the time of your request. We will always endeavour to meet your request for access within a reasonable timeframe and in the manner requested by you if it is reasonable to do so.

However, in some circumstances, we may decline a request for access to information such as where we no longer hold the information, or where denying access is permitted or required by law. If we are unable to give you access to the information you have requested, we will give you written reasons for this decision when we respond to your request.

Updating or correcting your information

To enable us to provide you with the best possible service, it is important that the information we hold about you is accurate.

If your information changes you should contact us to let us know. If you believe any information we hold about you is inaccurate, incomplete or out-of-date, you should contact us (our contact details are below).

Our Website

When you access the Website from a computer, mobile phone, or other device, we may make a record of your visit and logs for statistical and business purposes and we may collect information including: the user’s server address, the user’s domain name, IP address, the date and time of visit, the pages accessed and documents downloaded, the previous site visited, the operating system used and the type of browser used. We may also track some of the actions you take on the Website such as when you provide information or content to us.

We use "cookies" (small pieces of data we store for an extended period of time on your computer, mobile phone, or other device) to make the Website easier to use. We also use them to know when you are interacting on the Website. You can remove or block cookies using the settings in your browser, but in some cases that may impact your ability to use some areas on the Website. If you use an external source to publish information on the Website (such as a mobile application or a Connect site), you should check the privacy setting for that post, as it is set by that external source.

Other features such as Google Analytics are used in conjunction with our Website. These features collect data via advertising cookies and anonymous identifiers in order to provide ads to users based on certain characteristics. You may opt out of the use of Google Analytics through Google Ads Settings (see www.google.com/settings/ads/plugin ). For more information about Google Analytics, see here: https://support.google.com/analytics/answer/7318509?hl=en 

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Where the Website contains links to other websites, we do not control those websites, and we are not responsible for the privacy practices of the content of such websites. We do not take responsibility for the content in, or currency of, any externally linked sites. The inclusion of any link within the Website does not imply endorsement by us of the linked site, nor does it suggest any relationship with the organisation linked.

Contacting us

If you would like to access your personal information, correct or update your information, give us feedback or make a privacy complaint you can contact us in the following ways:

Call us at 1300 682 833 (9am-5pm, Monday to Friday, AEST)

Email us at privacy@estiahealth.com.au

Write to us at Estia Health, Attn: Chief Privacy Officer, Level 9, 227 Elizabeth Street, Sydney, NSW 2000.

Complaints about how we handle your information

Estia Health takes your privacy concerns seriously and is committed to the transparent and respectful handling of your personal information. If you would like to make a complaint about the handling of your personal information we encourage you to contact us to try and resolve the matter first. In some cases, we may need to investigate the matter first and we will keep you updated as to the progress of such an investigation.

If, after our attempts to resolve the issue, you remain dissatisfied with our response, you have the right to escalate your complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by calling 1300 363 992 or visiting their website at oaic.gov.au.

Changes to this Policy

Estia Health reserves the right to amend this Privacy Policy from time to time to reflect changes in legal requirements, our services, or privacy practices. The most current version of the Policy will be available on our Website and will supersede all previous versions. The revised version of our Privacy Policy will be effective at the time we post it on our Website.