We, us, our, and Summerset mean Summerset Group Holdings Limited and its subsidiaries.
‘Personal information' is information or an opinion (whether true or not and whether recorded in a material form or not) about an identified person, or a person who is reasonably identifiable. 'Sensitive information' is a subset of personal information and includes your health information, information about your religion, ethnicity and criminal records.
We are committed to dealing with your personal information in a manner that complies with the Privacy Act 1988 (Cth), the Australian Privacy Principles, confidentiality requirements set out in the Aged Care Act 1997 (Cth), and relevant State and Territory privacy laws.
2. Collection – How we collect information about you
Who we collect information about
We may collect and hold personal information about:
current, potential and former residents, and their families and other representatives;
service providers, suppliers and their employees and contractors;
investors and prospective investors;
current and prospective employees and contractors of Summerset, and their next-of-kin or emergency contacts;
individuals we deal with in the course of carrying on our business; and
other people who come into contact with Summerset.
Information we collect
We collect personal information where it is reasonably necessary to manage and conduct our business, to provide and market our services and to meet our legal obligations. We will only collect your personal information (including sensitive information) with your consent or where we are legally permitted to collect the information.
Depending upon the nature of your relationship with Summerset, the type of personal information we collect and hold may include:
a) information as required for us to identify and establish and maintain a relationship with you, such as:
your name, address, contact details, date of birth, and documents that verify your identity and other personal details;
your tax file number, tax status and citizenship or residency details;
diversity information, which might include gender, ethnicity, languages spoken, relationship status etc;
your bank account details (for direct debits or payments, as applicable);
any other information which assists us in conducting our business, providing and marketing our services (provided you have consented to direct marketing and not later opted-out of this service) and meeting our legal obligations;
details of your religious beliefs or affiliations;
your health and medical information, including medical history, condition and treatment plan, and contact details for your medical practitioners and treatment providers; and
information that we create in the course of our relationship with you, such as details or evaluations of your interactions with us.
For current or prospective residents
b) information to help us assist you with the application process and to enable us to deliver the best support and service for your needs. This may include:
details of your family medical history;
your Medicare number, pension or other concession details, Veterans Affairs number and private health fund details (where applicable);
name and contact details for your family members, attorneys, next of kin, emergency contacts and others acting on your behalf. We may also collect copies of any relevant enduring powers of attorney; and
any relevant details relating to your residence at our facilities (for instance, assessment of suitability to use certain facilities such as swimming pools).
For current or prospective staff members, contractors or suppliers
c) information for the purpose of commencing and conducting a business or employment relationship with you. This may include:
information about your occupation, employment history, education and suitability for the role or relationship, including criminal history and social media profiles;
name and details of emergency contacts; and
information about your performance in the role or relationship, including results of drug testing (if applicable).
transactional and financial information relating to your investment.
In some cases, if personal information we request is not provided, we may be unable to supply the relevant service or to perform our obligations to you.
If we receive unsolicited personal information (i.e. information that we have not requested from you) that we could not have obtained by lawful means, we will destroy or de-identify it as soon as practicable and in accordance with the law.
Who we collect personal information from
Whenever it is reasonable and practicable to do so, we will collect your personal information directly from you.
From time to time, we may collect personal information:
from you indirectly (including through the use of services and facilities available through our websites and social media channels);
from current, potential and former residents, residents’ families, service providers, suppliers and their employees and contractors, investors, employees, individuals we deal with in the course of carrying out our business and other people who come into contact with Summerset; and
In some circumstances we might collect personal information about you from a third party, for example, a report provided by a medical professional or an employment reference from another person. Other third parties may include:
your health service providers, health insurers, government agencies, private and public hospitals, service providers we engage to manage our investors, recruitment and labour hire companies, and suppliers of services to us, or third parties where we have your consent to that collection;
from CCTV cameras that may be placed on our premises, which includes our retirement villages and aged care facilities; and
from publicly available sources including websites.
In most cases we will obtain your consent before collecting any of your personal information other than from you directly.
If you have provided us with information about another person, you must have that person’s permission to do so.
3. Use — How we use and disclose information that we collect about you
In general, we collect, hold, use and disclose your personal information for the following purposes:
to communicate with you;
to conduct our business and help us manage and enhance our services;
to provide and market our services to you, provided you have not asked us to stop providing you with this type of information;
to process, administer, collect payments from or make payments to you, and if applicable, make appropriate taxation deductions;
to ensure health and safety on our premises;
to engage third parties on your behalf (where authorised);
to provide joint marketing initiatives with other service providers, provided you have not asked us to stop providing you with this type of information;
to perform data analysis for the purposes of monitoring and enhancing our services;
to perform market research (provided that your personal information is first de-identified);
to identify, prevent or investigate any complaints, incidents, actual or suspected fraud, unlawful activity or threats to our systems or any person; and
to comply with our legal obligations, including our reporting obligations.
For current or prospective residents
to assist you to apply to live in a Summerset village or care centre;
to assess your requirements, needs, health status and how we can best provide you with our services;
to provide you with or facilitate the provision of healthcare services, treatments or care;
to assess information you have provided to us, or have consented to us obtaining, about your credit-worthiness;
to maintain and administer your record, including (where relevant) your clinical record.
For current or prospective staff members, contractors or suppliers
to assess suitability or performance of potential or current employees, contractors or suppliers;
to manage and meet obligations in relation to our employees and contractors;
to purchase goods or services; and
to perform drug and alcohol searching and testing, in accordance with relevant Summerset policies.
to process your application to become an investor of Summerset and enable your investment in Summerset.
In addition, CCTV footage specifically may be used for the following purposes:
a) detecting and deterring criminal or inappropriate behaviour on our premises and at our retirement villages and aged care facilities;
b) monitoring the safety and security of our staff, residents, contractors and visitors, and completing incident investigations; and
c) reviewing the actions of our staff or contractors.
All information collected by Summerset from any drug and/or alcohol testing or search will be kept confidential to the extent permitted by law, provided that relevant information may be disclosed to that individual’s supervisor or manager.
4. Who we may disclose your personal information to
We may disclose your personal information:
a) a) to you, or your attorneys or authorised representatives. If you are a prospective, current or former resident and you do not have an attorney or representative, we may also disclose your personal information to your family members or carers if we consider it necessary for the purposes of your care or wellbeing, or for compassionate reasons;
b) to Summerset employees and independent contractors;
c) to Summerset Group Holdings Limited or other subsidiaries within the group for the purposes of operating our business, providing services to you, or managing service provision to us;
d) if you are a resident or staff member, to third party health providers where necessary for your treatment or insurance companies to assist with the processing of a claim in connection with treatment (this is done with your permission where appropriate);
e) if you are a resident, to the Aged Care Quality and Safety Commission and/or the police for the purposes of fulfilling our reporting obligations under the Aged Care Act 1997 (Cth);
f) to other third parties who provide services to or for Summerset (including, for example, our technology service providers) or who act on our behalf;
g) to our professional advisers, insurers, auditors;
h) to courts, tribunals, regulatory authorities, enforcement agencies and/or government agencies;
i) to anyone who assists us to identify, prevent or investigate any actual or suspected fraud, unlawful activity or threats to our systems or any person;
j) to industry associations or other third parties, for benchmarking, statistical analysis and reporting purposes (provided your information is first anonymised);
k) if you are a staff member, to professional organisations or the professional registration board which you are a member of, where necessary for any registration, assessment requirements or legal reporting requirements;
l) to anyone else to whom you authorise us to disclose it; and
m) where we are required or permitted to do so by law.
When we disclose your personal information to third parties, we make reasonable efforts to ensure we disclose only relevant information and that it is accurate, complete and up-to-date.
Some of these organisations may be located overseas. For example, we are likely to disclose your personal information (including sensitive information) to Summerset Group Holdings Limited and related bodies corporate located in New Zealand.
5. Security and storage of your personal information
We store your personal information in hard copy and electronically. We take reasonable steps (including organisational and technological measures) to protect personal information held by us from misuse and loss and from unauthorised access, modification or disclosure, for example by use of physical security and restricted access to electronic records.
We will record and store your personal information in accordance with our internal policies and procedures as in effect from time to time.
Where we no longer require your personal information we will use reasonable endeavours to destroy or de-identify the information where it is lawful to do so.
6. Access to, and correction of, your personal information
We endeavour to ensure that the personal information we hold is accurate, complete and up-to-date. We encourage you to contact us in order to update any personal information we hold about you. Contact details are set out below. You have the right to request access to, or correction of, any personal information we hold about you.
You may request access to, or correction of, the personal information which we hold about you by contacting:
if you are a current resident, your Village Manager; or
in all other cases, our Head Office (Australia) Privacy Officer on email@example.com.
We will require you to verify your identity and to specify what information you require. If the request is being made by someone on your behalf, evidence of your consent, the applicant's authorisation and the applicant's identity may be required.
The timeframe for actioning an access or correction request is usually 30 calendar days from the date the request is received. If your request is approved, you will be required to advise us of your preferred means of access to the personal information (e.g. receiving a copy by email or post).
Any access or correction request that is refused will be notified to you in writing.
A fee may be charged for providing access to your personal information. If a fee is to be charged, we will advise you in advance and the fee will not be excessive.
7. Changes to this Policy
This Policy will be reviewed periodically and may be amended from time to time. The most current version of this Policy will be published on the Summerset website located at https://www.summerset.com.au/privacy-policy/. We encourage you to check the Summerset website periodically to ensure you are aware of our current Policy. Alternatively, a printed copy can be obtained by contacting our Head Office (Australia) Privacy Officer on the details below.
8. How to contact us and complaints
If you have any questions about privacy related issues or wish to complain about the handling of your personal information by us, please contact our Head Office (Australia) Privacy Officer at firstname.lastname@example.org. We may ask you to lodge your complaint in writing. Any complaint will be investigated by the Head Office (Australia) Privacy Officer and you will be notified of the decision in relation to your complaint as soon as practicable after it is made, usually within 20 working days of receipt.
If we are unable to satisfactorily resolve your concerns about our handling of your personal information, a complaint may be made to the Office of the Australian Information Commissioner (visit https://www.oaic.gov.au/about-us/contact-us for further information) or My Aged Care (visit https://www.myagedcare.gov.au/contact-us/complaints for further information).