Carinity Privacy Policy

1.    POLICY

Carinity provides high quality care and services that make a difference to people in need as a provider of aged care, education, retirement lifestyle, disability support, counselling, chaplaincy, youth and community services.

Carinity engages volunteers and employees, and receives donations, funding and support from members of the community, corporations, groups and governments to carry out this mission. Carinity holds contracts to deliver State and Commonwealth government programs.

Carinity is committed to protecting your personal information and meeting our obligations under the Act, including the Australian Privacy Principles.

2.    SCOPE

This policy sets out how Carinity manages your personal information.


The purpose of this policy is to:

  • have a clearly expressed and up-to-date policy about the management of your personal information by Carinity;
  • document the kinds of personal information Carinity collects and holds;
  • set out the purposes for which Carinity collects, holds, uses and discloses your personal information;
  • inform how you may access your personal information held by Carinity and seek the correction of that information;
  • assist you with how to make a complaint about a suspected breach of the Australian Privacy Principles by us, and inform you about how we will deal with such a complaint;
  • let you know if we are likely to disclose your personal information to overseas recipients; and
  • if we are likely to disclose your personal information to overseas recipients, the countries in which such recipients are located, if it is practicable to specify.


4.1.  Personal Information generally

Carinity may collect personal information from you. We will only collect your personal information where it is reasonably necessary for, or directly related to, one or more of our functions or activities.

Generally, we may collect the following personal information from you:

  • general contact and personal details.
  • financial details needed for application assessments and account processing.

If you are a service user of Carinity’s Aged Care and Home Care services, we may also collect your:

  • personal background information needed for ensuring we can meet your care needs.
  • government issued information linked to the approved levels of care you may have.

If you are a service user of a Carinity school or youth service, such as a parent or student, we may also collect your:

  • educational background, academic achievements and reports.
  • relevant court orders, such as orders about parental responsibility, pick-ups and family and domestic violence protection orders which limit contact.

If you are a Carinity donor, we may also collect your donation history and amounts.

If you are a Carinity worker, or prospective worker, we may also collect:

  • personal details including date of birth, driver’s licence and contact details for next of kin or emergency contact.
  • country of birth, citizenship, residency and/or visa details.
  • Tax File Number.
  • background checks, details of skills, qualifications and current and previous governance, employment or volunteer experience.

If you are a user of Carinity’s website, we may also collect your “cookies”, to help customise your experience when interacting with the website and generation of statistical information used to help us improve the experience over time. We do not collect personal information through the “cookies”.

At some of our sites, we use CCTV to maintain the safety and security of our service users, visitors, workers and property. Sometimes, our CCTV will collect and store personal information.

4.2.  Sensitive Information (including health information)

As part of providing our services, Carinity may collect your sensitive information. Examples of your sensitive information that Carinity may collect include:

  • health information, including your medical history, test results, diagnosis, treatments, special needs, and details of your treating practitioners.
  • indigenous status.
  • religious beliefs.
  • criminal record.

We will not collect your sensitive information unless the collection of the information is reasonably necessary for or directly related to one or more of our functions or activities, and:

  • you have consented to the collection of this information; or
  • the collection of the information is required by or authorised by an Australian law or Court; or
  • there is a permitted general situation; or
  • there is a permitted health situation, such as the collection of health information to provide a health service, or for research or statistical purposes relevant to public health or safety in accordance with any ethical or professional confidentiality rules of the competent health or medical research body; or
  • the information relates to our activities, and you have regular contact with us and our activities.


5.1.  Means of Collection

We will collect your personal information only by lawful and fair means.

Unless it is unreasonable or impracticable to do so, we will collect your personal information directly from you.

We collect information through various means, including:

  • correspondence and meetings, such as telephone calls, letters, interviews and emails; and
  • online and offline forms, such as application forms, questionnaires and permission forms.

If you are a service user of our Aged Care and Home Care services, we may also collect your information through:

  • referrals and reports from your doctor, pathology service provider or other allied health practitioner; and
  • service approvals, such as ACAT approval.

If you are a service user of our Education services, we may also collect your information through:

  • referrals from other education providers;
  • academic reports; and
  • progress reports.

In relation to donations, we may collect personal information through online registrations and donations.

Carinity is an outreach of Queensland Baptists, and we may collect your personal information from Queensland Baptists. If we have done so, then the purpose of collecting this particular information is as set out in Queensland Baptists’ privacy policy available at their website here: Privacy Policy – Queensland Baptists (

If you feel the information that we are requesting, either on our forms or in our discussions, is not information you wish to provide, please raise this with us.

5.2.  Holding

Carinity takes reasonable steps to protect the personal and sensitive information we hold against misuse, interference, loss, unauthorised access, modification and disclosure.

Our security measures include, but are not limited to:

  • training our staff on their obligations regarding your personal information;
  • use of passwords when accessing our data storage system;
  • use of firewalls and virus scanning tools to protect against unauthorised interference and access; and
  • multi-factor authentication.

Where reasonable, Carinity will take steps to ensure that your personal information that we collect, use and disclose is accurate, up-to-date and complete.

We retain your personal information for as long as the information is required for any purpose under this policy, or otherwise required under law. If your personal information is no longer required, we will take reasonable steps to destroy or de-identify the information.


6.1.  Purposes of Collection, Hold, Use and Disclosure of Personal Information

We only use your personal information for the purposes for which it was given to us (“primary purpose”), or for purposes which are directly related or related to one of our functions or activities (“secondary purpose”). Carinity collects, holds and discloses your personal information to:

  • provide you with the most appropriate care and service for your needs;
  • meet any requirements of government funding programs; and
  • comply with our legal obligations.

In our Aged Care and Home Care services, our purposes also include:

  • monitoring and evaluating existing services and plans for future services;
  • (where relevant) to produce annual reports; and
  • occasionally, providing your information for research and statistical purposes as part of a permitted health situation.

In our Education service, our purposes also include:

  • to keep parents informed about matters related to their child’s schooling, through correspondence, newsletters and magazines;
  • carrying out day-to-day administration of our schools;
  • looking after students’ educational, social and medical wellbeing; and
  • seeking donations for, and the marketing of, our schools.

In relation Carinity donors, our purposes also include:

  • processing donations and providing accurate receipts; and
  • facilitating on-going fundraising and marketing activities.

If we are unable to collect all or some of your personal information, we may not be able to provide you with the most appropriate care and service for your needs or achieve the other purposes which for which we seek to collect your personal information.

Background checks into workers and prospective workers such as a bankruptcy search, or a criminal history check, such as a Police check, Blue Card or Yellow Card, may be required to meet our obligations under law. If you are a worker or prospective worker, you may be required to provide some information for a police check including identity documents for submission on your behalf and with your consent, for a nationally coordinated criminal history check through Australian Criminal Intelligence Commission National Police Checking Service. Carinity abides by the agreement for controlled access by duly Accredited Bodies, to access Nationally Coordinated Criminal History Checks. In some cases, the police check will be received directly by Carinity and then stored securely or destroyed.

6.2.  Health Information

In some situations, it is necessary for Carinity to collect or receive health information. In this circumstance, Carinity will advise why the information is being collected and whether and to whom it will be released.

Carinity will not use health information beyond the consent provided by you, unless your further consent is obtained in accordance with one of the exceptions under the Act or in compliance with another law.

If Carinity uses your health information for research or statistical purposes, it will be de-identified if practicable to do so.

6.3.  Marketing

We will not use or disclose personal information about you for the purposes of direct marketing, unless:

  • the information is collected directly from you and it would be reasonably expected for us to use or disclose your personal information for the purpose of direct marketing; and
  • we have provided you a means to ‘opt-out’ and you have not opted out.

We will not use or disclose your sensitive information for direct marketing, unless you have consented to the sensitive information being used for direct marketing.

If we use your personal information for the purposes of direct marketing, you may:

  • ask us not to provide direct marketing communications;
  • ask us not to disclose or use the information; or
  • ask us to provide the source of the information.


7.1.  Right of Access and Correction

You have a right to request that we provide access to your personal information that we hold, and to seek correction to that personal information.

We shall make all reasonable attempts to grant you that access, or correct your personal information, unless an exception applies. An example of an exception is where the request will unreasonably impact upon the privacy of other individuals.

If we refuse to do so, we must give reasons in writing for this.

If an exception applies for granting access, and we refuse to provide access to your personal information, where reasonable to do so, we will seek to take reasonable steps to find an alternative way to provide you with access to your information,

7.2.  Requesting access, and seeking correction

If you wish to request access and/or correction to your personal information, please address this in writing to our Privacy Officer.

For security reasons, you will be required to put your request in writing and provide proof of identity. This is necessary to ensure personal information is provided only to the correct individuals and the privacy of others is not undermined.

7.3.  Granting access

On request (and after determining your right to access the information requested), Carinity will take reasonable steps to provide access to the requested information it holds within 30 calendar days of a request being received. In situations where the request is complicated or requires access to large volumes of information, Carinity will consult with you to explain the delay and provide an expected timeframe for finalizing the request.

Carinity may charge a reasonable fee for providing access to personal information.


8.1.  How can you complain about a breach of the Australian Privacy Principles, and how will we deal with it?

A privacy complaint relates to any concern that you may have regarding our privacy practices or our handling of your personal information.

This could include matters such as:

  • how your personal information is collected and stored;
  • how your personal information is used or disclosed; or
  • how access or correction is provided to your personal information.

If you wish to make a complaint about the way we have managed your personal information, you may make that complaint verbally or in writing by setting out the details of your complaint to our Privacy Officer.

8.2.  How Carinity will deal with a privacy complaint

A privacy complaint will be logged onto our database and handled by us in accordance with our internal procedures.

The goal of Carinity’s complaints handling procedure is to achieve an effective resolution within a reasonable timeframe, usually 30 days or as soon as practicable. However, in some cases, particularly if the matter is complex, the resolution may take longer. We will keep a record of each complaint and the outcome.

We are unable to respond to anonymous complaints. This is because we are unable to investigate and follow-up such complaints. If an anonymous complaint is received, we will note the issue/s raised and, where appropriate, investigate and resolve appropriately.

8.3.  What other mechanisms do you have if your privacy complaint is unresolved?

If you remain dissatisfied with the outcome of your privacy complaint following a response from our Privacy Officer, you may make a complaint to the Office of the Australian Information Commissioner.

8.4.  What are our Privacy Officer’s Contact Details?

Our Privacy Officer’s contact details are as follows:

Telephone: 07 3550 3737

Post:     PO Box 6164, Mitchelton QLD 4053


8.5.  Assisted Contact

If you are deaf, or have a hearing or speech impairment, please contact us through the National Relay Service:

  • TTY users: phone 1800 555 677 then ask for 1800 550 552
  • Speak and Listen users: phone 1800 555 727 then ask for 1800 550 552
  • Internet relay users: connect to the National Relay Service and enter 1800 550 552


In the course of providing our services, we may occasionally use cloud technology for the purposes of storing information. We take steps to ensure that service providers have secure practices around storing personal information that are consistent with the Australian Privacy Principles and limit their collection and use of personal information to what is required.

We do not usually send personal information out of Australia. If we are otherwise required to send information overseas, we will take measures to protect your personal information. We will protect your personal information either by ensuring that the country of destination has similar protections in relation to privacy, or that we enter into contractual arrangements with the recipient of your personal information that safeguards your privacy.


10.1.  Third Party Websites

Carinity websites may from time to time contain links to other websites. Carinity stresses that when an online user accesses a website that is not a Carinity website, it may have a different privacy policy. To verify how that website collects and uses information, the user should check that particular website’s policy.

10.2.  Employee Record

Under the Act, the Australian Privacy Principles do not apply to an employee record. Accordingly, this policy does not apply to employee records. These are dealt with through workplace laws.


Act means the Privacy Act 1988 (Cth).

Employee Record is a record of personal information relating to the employment of the employee.  Examples of personal information relating to the employment of the employee are health information about the employee and personal information about all or any of the following:

  • the engagement, training, disciplining or resignation of the employee;
  • the termination of the employment of the employee;
  • the terms and conditions of employment of the employee;
  • the employee’s personal and emergency contact details;
  • the employee’s performance or conduct;
  • the employee’s hours of employment;
  • the employee’s salary or wages;
  • the employee’s membership of a professional or trade association;
  • the employee’s trade union membership;
  • the employee’s recreation, long service, sick, personal, maternity, paternity or other leave; and
  • the employee’s taxation, banking or superannuation affairs.

Health Information is:

  • information or an opinion about:
  • your health, including an illness or a disability (at any time);
  • your expressed wishes about the future provision of health services to you; or
  • a health service provided, or to be provided, to you that is also personal information; or
  • other personal information collected to provide, or in providing, a health service to you;
  • other personal information about you collected in connection with the donation, or intended donation, by the individual of your body parts, organs or body substances; or
  • genetic information about you in a form that is, or could be, predictive of the health of the individual or a genetic relative of you.

Permitted general situation are certain situations defined under the Act, and includes:

  • lessening or preventing a serious threat to the life, health or safety of any individual, or to public health or safety;
  • taking appropriate action in relation to suspected unlawful activity or serious misconduct;
  • locating a person reported as missing;
  • asserting a legal or equitable claim; and
  • conducting an alternative dispute resolution process.

Permitted health situation are certain situations defined under the Act, and includes:

  • the collection of health information to provide a health service;
  • the collection of health information for certain research and other purposes;
  • the use or disclosure of health information for certain research and other purposes;
  • the use or disclosure of genetic information; and
  • the disclosure of health information for a secondary purpose to a responsible person for an individual.

Personal information as defined in the Act is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.

Sensitive information as defined in the Act is information or opinion (that is also personal information) about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health, genetic, biometric information or biometric templates.

Serious Harm is as defined in the Act and may occur when a reasonable person would conclude that the access or disclosure of personal information would be likely to result in serious harm to any of the individuals to whom the information relates.  Information more likely to cause serious harm if compromised includes:

  • Sensitive (including health) information
  • Identity documents
  • Financial information
  • A combination of types of personal information

Unsolicited Information is all personal information received from an individual that we did not actively seek to collect.

Us, our and we means Carinity and our services.

Workers means all members of the Carinity workforce, including Council members, employees, volunteers, contractors or consultants engaged to perform work for Carinity.

You and your means a natural person or persons that is using our services, and generally an individual under the Act.


Carinity is committed to complying with the obligations imposed on Carinity under all legislation including but not limited to:

  • Aged Care Act 1997 (Cth)
  • Anti-Discrimination Act 1991 (Qld)
  • Child Protection Act 1999 (Qld)
  • Community Services Act 2007 (Qld) 
  • Disability Services Act 2006 (Qld) 
  • Education (General Provisions) Act 2006 (Qld)
  • Education (Accreditation of Non-State Schools) Act 2017 (Qld) 
  • Fair Work Act 2009 (Cth) 
  • Fair Work Regulation 2009 (Cth)
  • Information Privacy Act 2009 (Qld)
  • National Disability Insurance Scheme Act 2013
  • National Vocational and Education and Training Regulator Act 2011 (Cth)
  • Privacy Act 1988 (Cth)
  • Retirement Villages Act 1999 (Qld)
  • Right to Information Act 2009 (Qld)


13.1.  Policies

  • Feedback and Complaints Policy and Procedure
  • Incident Management Policy
  • Media Management Policy and Procedure

13.2.  Procedures

  • Privacy Procedure

13.3.  Internal Documents

  • Code of Conduct
  • Privacy Collection Statement
  • Protecting the Privacy of Personal Information When Working Outside the Office – AC

You can click here to download a PDF version of the Privacy Policy.