About the CPL group
The CPL group of companies comprises of CPL – Choice, Passion, Life, Access Arts (CPL) Ltd, and Cootharinga North Queensland.
What is personal information?
Personal information is any information about an individual, such as name, age, telephone number, email address, profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
What personal information does the CPL group usually collect and hold?
The type of personal information we collect and hold may include:
- your personal details, such as your name and date of birth;
- your contact details;
- health-related information, such as medical diagnosis, medication requirements, donor details, hospital discharge summary and pathology reports;
- information relevant to administering your payment arrangements such as your banking details, your pension arrangements and entitlements, and information regarding your income and assets;
- government identifiers such as Centrelink reference number, Medicare number, driver licence, Veterans Affairs etc;
- employment information such as work history, contact details of referees etc.
- any other types of personal information which enables us to deliver our services, perform our activities and functions.
If you are receiving services from us, all information we collect from you is classified as “sensitive information” under the Act. We will collect, use and/or disclose your personal information with your consent, or otherwise as permitted by law.
If you are not a client, we will collect, use and/or disclose your personal information in accordance with the Act.
Passive information collection
When you visit any of CPL Group’s websites and other online resources, our quality and performance software and internet service providers record anonymous information for statistical purposes only, including:
- the type of browser, computer platform and screen resolution you are using
- your traffic patterns through our site such as:
- the date and time of your visit to the site
- the pages you accessed and documents downloaded
- the previous page you visited prior to accessing our site
- the Internet address of the server accessing our site
No attempt is or will be made to identify you or to use or disclose your personal information except where required under a law, for example, a law enforcement agency may exercise a warrant to inspect our service providers' logs.
How we collect your personal information
We collect your personal information in a number of ways, including:
- directly from you, when you provide it to us or our agents or contractors, such as in an application and other forms, over the telephone or in person;
- from publicly available resources;
- by analysing our own records of your use of our services; or
- monitoring devices such as surveillance cameras installed at various places;
We may also collect your personal information from:
- other healthcare and service professionals and health service providers involved in your care if you have given them consent to or as authorised by law;
- government agencies responsible for administering applicable benefits and entitlements (such as Services Australia, Medicare, Department of Social Services, National Disability Insurance Agency, Department of Veterans Affairs, and other government agencies responsible and/or associated with your services).
We may also collect information about you from your employers, family members, a carer, an attorney, a guardian or other authorised person.
Why do we collect, hold, use and disclose personal information?
We require personal information to operate as a business. Non-disclosure or withholding some of your personal information may mean we are unable to meet your request or provide our services to you.
The personal information you provide us may be used for a number of purposes connected with our business operations, which include to:
- meet your goals;
- support your chosen quality of life;
- verify your identity;
- facilitate provision of our services to you;
- assist in determining your suitability for a position as an employee or contractor;
- address or respond to any requests from you;
- inform you of existing and proposed services which we provide;
- develop and improve the quality and scope of the services we provide, and seek your feedback;
- to assist in investigating your complaints, feedback and inquiries; and
- for other purposes which are reasonably necessary in connection with our normal functions and activities.
Direct marketing communications
Please note if you are receiving regular email or SMS communication services from the CPL Group as part of your services delivery, they are not considered as direct marketing communications.
We may send our clients direct marketing communications and information about our products or services from time-to-time, that we consider may be of interest to you. These communications may be sent in various forms, including email, SMS and mail in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth).
We will not use or disclose your personal information we hold for the purpose of direct marketing unless you have provided your consent to us, or alternatively as authorised by law.
You always have the right to opt out of receiving this information and if you would like us to stop, please call 1800 275 753 or contact firstname.lastname@example.org and we will remove your contact details from our marketing database within 30 days and for free.
Who will my personal information be disclosed to?
We may disclose your personal information in certain circumstances, such as where we are required or authorised by law or where you have consented to us doing so.
We may also disclose your personal information to:
- our related entities;
- others in accordance with a request made or consent given by you;
- persons engaged in providing us with professional, business, technology and corporate services, when reasonably required; and
- relevant government agencies which regulate or oversee services, operations and activities.
When making such a disclosure we will take reasonable steps to ensure that the recipient is bound by privacy obligations.
Without your consent, we will not disclose your personal information to third parties.
Does my personal information leave Australia?
We will only send your personal information outside Australia:
- if we are authorised to do so by law; or
- if you have consented to us doing so.
Access and correction
You have the right to access the personal information that we hold about you. For enquiries regarding access to your personal records, please contact us as specified under “how to contact us” below.
Any requests for information will be processed within a reasonable timeframe (usually within 15 business days). If the retrieval of information involves accessing archived information and will take longer than normal, we will endeavour to provide you with an estimated timeframe.
You may also request to change the personal information about you. We will take reasonable steps to correct any information that is inaccurate, incomplete, out-of-date or misleading.
If the information retrieval process requires us to allocate additional staff or resources to meet your request, we reserve the right to charge a reasonable fee for the costs of retrieval and supply of any requested information.
Under some circumstances, we may refuse you access to personal information where denying access is required or authorised by law, for example if access would pose a threat to life or the health of anyone, where the request for access is regarded as frivolous or vexatious, or where information relates to anticipated or legal proceedings. If you are denied access to your information, we will explain why.
Storage and security
We will take all reasonable precautions to safeguard your information from loss, misuse, unauthorised access, modification, disclosure or destruction. We may store your files on paper format and/or electronically. We implement a range of physical and electronic security measures to protect the personal information that we hold, including physical access restrictions, password protection, multifactor authentications, access being restricted to authorised personnel and encryption of personal information before sending to 3rd party storage providers.
CPL Information Security Principle
Information security is critical to the success and ongoing viability of CPL. Our core security principle is to ensure the confidentiality, integrity, security and availability of the information we manage on behalf of our employees, clients, customers and business partners (including donors and vendors), as well as our own information. Read our Information Security Principle in full here.
Notifiable Data Breaches scheme
In the event of any loss or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, we will:
- investigate; and
- notify you and the Office of the Australian Information Commissioner as soon as practicable, in accordance with the Act.
What if I have a complaint or question?
CPL will take any privacy complaint seriously and will aim to resolve any such complaint in a timely and efficient manner, and our target response time is less than 30 days.
CPL expects our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also make a formal complaint with the Officer of the Australian Information Commissioner (which is the regulator responsible for privacy in Australia):
Office of the Australian Information Commissioner (OAIC)
Complaints must be made in writing
* Director of Compliance
Office of the Australian
GPO Box 5218
Sydney NSW 2001
How to contact us
Phone: 07 3358 8014
Postal: Level 2, 340 Adelaide Street, Brisbane QLD 4000