Skip to:
9 SIL Vacancies
Searching

Commonly searched

-

Privacy Policy

Purpose & Scope

Stride Mental Health Limited (ABN 58 000 020 146) (Stride) has obligations concerning the collection, use, disclosure and storage of personal information. These obligations are set out in the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act) and other applicable State and Territory privacy laws.

This document sets out our policies and procedures for managing your personal information and is referred to as our Privacy Policy.

In this Privacy Policy, references to “we”, “us” and “our” are to Stride. References to “you” and “your” are to any individual about whom we collect personal information.

This document sets out our policies and procedures for managing your personal information and is referred to as our Privacy Policy.

We understand the importance of and are committed to protecting your personal information. You consent to us collecting, holding, using and disclosing your personal information in accordance with this Privacy Policy.

We will review and update this Privacy Policy from time to time.

Key definitions

When used in this privacy policy, the term “personal information” has the meaning given to that term in the Privacy Act.

Specifically, “personal information” means information or an opinion about an identified individual or reasonably identifiable individual, whether true or not and whether recorded in material form or not.

Sensitive information” is a sub-category of personal information which includes information about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record, health information, and genetic or certain biometric information.

What personal information do we collect and hold?

We collect information about you and your interactions with us. The types of personal information we collect about you will depend upon the nature of our interaction with you.

Specifically, the personal information we collect and hold may include:

  • name;
  • address;
  • email address;
  • contact number;
  • age and/or date of birth;
  • gender;
  • emergency contact details;
  • identification information, such as driver licence details or passport number;
  • photographs or images of you;
  • the location from which you have come to our website and the pages you have visited; and
  • technical data, which may include IP address, the types of devices you are using to access the Websites, device attributes, browser type, language and operating system.

Prospective employees/applicants

We collect personal information when recruiting personnel, such as your name, contact details, qualifications and work history. Generally, we will collect this information directly from you.

We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions (for example, positions which involve working with children).

Sensitive Information

  • Stride also collects sensitive information, including:
  • health information including your medical history;
  • your medical support and care needs; and
  • biometric information.

We collect and record personal information about individuals such as:

  • our consumers, potential consumers, and their representatives;
  • our donors, partners and volunteers;
  • our suppliers, potential suppliers and their representatives;
  • contractors, subcontractors, potential contractors and subcontractors and their representatives in relation to providing goods and services to us;
  • our employees past and present, including applicants; and
  • any other person who comes into contact with us.

How do we collect and hold personal information?

We will collect and hold your personal information in a fair and lawful manner. Where it is reasonably practical to do so, we will collect personal information directly from you.

Before we collect sensitive or health information, we will explain how your information will be used and obtain your consent. Consent may be written, verbal, or implied through your participation in our services, depending on the context. We will seek your consent again if the way we use or share your information changes.

We will provide information about how we handle your personal information in plain language and in a way that you can understand. If you require assistance, an interpreter, or alternate communication formats, we will take reasonable steps to support your understanding before asking for your consent.

You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, except where we are required by law to retain or use your information, or where doing so would prevent us from providing essential aspects of your service.

We review your consent periodically (at least every 12 months) or if your circumstances, treatment/services, or the purpose for which we use your information changes. This helps ensure that your consent remains current and informed.

We may also collect personal information about you from a third party. We will only collect personal information from a third party if it is unreasonable or impracticable to collect this information directly from you or if we are otherwise permitted to do so. We may collect information from third parties such as:

  • your nominated representative (e.g. family member, carer, guardian);
  • your referrer, including general practitioners, other healthcare professionals, hospitals, community services, or government agencies;
  • our related entities;
  • other service providers involved in your care or support (e.g. allied health professionals, NDIS providers, primary health networks, or partner organisations);
  • publicly available sources of information or registers;
  • social media or other mobile applications (e.g. the “Stride” app);
  • regulatory or funding bodies, where required or authorised by law; and
  • any other third party where you have provided consent, or where we are otherwise permitted or required to do so by law.

We may collect your personal information when:

  • you communicate with us through our website, by telephone,by e-mail or by social networking services such as Facebook, Instagram, Linkedin, Youtube;
  • you participate in our programs and activities, such as Stride Outside, reference groups and co-designs;
  • you use our services;
  • you provide us, or you offer or apply to supply us, with goods or services;
  • you request information about us, our services, programs or events;
  • you provide feedback to us;
  • you visit, make an inquiry, or fill in a form on our website;
  • you register to be a member, donor, volunteer or partner;
  • you visit premises from which we operate;
  • you register to receive our newsletter;
  • you submit a job application to us;
  • you contact us by telephone, email, social media, post or in person; and
  • we are otherwise required or authorised by law.

We will ask for your consent to collect this sensitive information, unless the law allows us to collect the information without your consent.

Where we collect personal information about a vulnerable segment of the community, such as children and young people, people with disability, older persons, or individuals with a legal guardian or substitute decision maker, additional policies and procedures will be followed in collecting and holding that personal information.

Why do we collect, hold, use and disclose personal information?

As a general rule, we only use personal information for purposes that would be considered relevant and reasonable in the circumstances.

More specifically, we collect, hold, use and disclose your personal information so that we can:

  • provide you with requested information, services and support;
  • perform our organisational functions and activities in order to operate our business efficiently;
  • contact you, for example, to respond to your queries or complaints, or if we need to tell you something important;
  • administer our promotions, surveys and competitions;
  • manage and enhance the programs, events and services we provide to you;
  • manage the goods and services we procure from our suppliers and subcontractors;
  • manage and administer any account you hold with us;
  • enable you to access and use our website(s) and online services;
  • process payments when you make a donation;
  • meet our legal obligations and funding requirements;
  • operate, improve and optimise our website(s) and online services and yours and other users’ experience;
  • send support and administrative messages, reminders, technical notices, updates, security alerts, and information to you;
  • send marketing and promotional messages to you and other information that has been requested or which may be of interest;
  • process any application submitted by you; and
  • assist government and law enforcement agencies or regulators.

There are circumstances where we may be required by law to share information (for example, where there is a risk of harm to you or others, or a court order). We will explain these limits of confidentiality to you before obtaining your consent wherever possible.

For service delivery contexts, this Privacy Policy should be read in conjunction with our Consumer and Carer Rights and Responsibilities Information Sheet (C-1.1.01) and Consumer Consent Procedure (C-1.1.02), which describe additional details about how we obtain, document, and review informed consent for service participation.

To ensure safe, high-quality care, staff may discuss your care in meetings or supervision. Only the information needed is shared. If any consultation involves someone outside Stride, your information is de-identified or shared only with your written and informed consent.

Use of Artificial Intelligence and Automated Tools

Stride may use approved artificial intelligence (AI), machine learning, and other automated tools to support administrative, operational, quality improvement, reporting, service planning, and other organisational functions. These tools may process personal information where this is reasonably necessary for Stride’s functions and activities and is otherwise permitted by law.

Where AI or automated tools are used, Stride will take reasonable steps to ensure appropriate human oversight, governance, privacy, confidentiality, and cyber security controls are in place. Stride does not intend to rely solely on AI or automated processing to make decisions that have a significant impact on an individual without appropriate human involvement and review.

Where third-party AI or automated service providers are engaged, Stride will take reasonable steps to ensure appropriate contractual, privacy, confidentiality, and security protections are in place, including controls relating to access, use, storage, and disclosure of personal information.

Direct marketing

Marketing is important to our continued success. We believe we have a range of products and services that we provide you at a high standard. We therefore like to stay in touch with you and let you know about new opportunities, products, services and promotions.

If you have opted to receive updates from us via emails, letters, texts or messaging services, we will use your personal information to offer you such marketing material, but we will not do so if you tell us not to.

If you are a consumer, you agree and acknowledge that even if you opt out of receiving marketing material, we will still send you essential information that we are legally required to send you relating to the services we provide. Once you opt out of receiving marketing material from us, you agree and acknowledge that this removal from our distribution lists may take several business days after the date of your request to be removed.

When you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication or by contacting our Privacy Officer.

To whom do we disclose personal information?

We may disclose your personal information to the following third parties for the purposes listed above:

  • to your nominated representatives or emergency contacts;
  • your nominated support person or family;
  • service providers or healthcare professionals involved in your care (e.g. general practitioners, allied health providers, hospitals, NDIS providers, or other community services);
  • referrers and other relevant service providers (e.g. Primary Health Networks [PHNs], or other government-funded referral pathways) to support care coordination and continuity of care;
  • other organisations or individuals who assist us in providing products, events, services and programs to you or to administer our business;
  • professional service providers and advisors who perform functions on our behalf, such as lawyers and accountants;
  • medical providers including medical and rehabilitation practitioners for assessing insurance claims;
  • government and regulatory authorities, funding bodies, or other organisations as required or authorised by law (e.g. the NDIS Quality and Safeguards Commission, the Office of the Australian Information Commissioner, or health departments); and
  • other government, regulatory authorities or other organisations as required or authorised by law.

We may disclose your personal information to external service providers so that they may perform services for us or on our behalf or to assist us in providing our programs, events and services or to administer our business.

When we disclose personal information to third parties, we make all reasonable efforts to ensure that we disclose only relevant information and that it is accurate, complete and up to date and that the third party will comply with the Privacy Act in relation to the use, disclosure and storage of your information.

Other permitted disclosures

We may disclose personal information in other circumstances, where the person concerned has consented to the disclosure, or where we are expressly permitted to do so by the Privacy Act or another law. These other disclosures may include where:

  • you would reasonably expect the disclosure to occur (for example, quality assurance purposes or training);
  • we are authorised or compelled by law to disclose;
  • it will prevent or lessen a serious threat to someone’s life, health or safety or a threat to public health or safety;
  • it is necessary as part of the establishment or defence of a legal claim;
  • it is requested by an enforcement agency such as the police; or
  • it is a necessary part of an investigation following a complaint or incident.

Other uses and disclosures

We may collect, use and disclose your personal information for other purposes not listed in this Privacy Policy. If we do so, we will make it known to you at the time we collect or use your personal information.

Disclosure of personal information outside Australia

Generally, we do not send or disclose your personal information to anyone outside Australia.

Web beacons

The website communications generated from using and/or registering on this Website, such as promotional emails, may contain electronic images known as “web beacons”. Web beacons generally work in conjunction with cookies, and we may use them with cookies to, for example, count the number of visitors to the Websites or see whether you have acted on an email or clicked on a link, for example where this is a condition of entering a competition.

Google Analytics

Our Websites use Google Analytics, a web analytics service provided by Google Inc. (Google). Google Analytics uses cookies to help analyse how users use the Websites. Google Analytics anonymously tracks how users interact with the Websites, including where they came from, what they did on the Websites and whether they completed any transactions on the Websites.

The information generated by the cookie about your use of the Websites (including their IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of compiling reports on the Websites’ activity and providing other services relating to the Websites and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate a person’s IP address with any other data held by Google.

You can opt out of the collection of information via Google Analytics by downloading the Google Analytics Opt-out browser add-on here.

Clickstream data

When you visit our Websites, a record is made of your visit, including the following information:

  • your server address;
  • your top level domain name;
  • the date and time of access to the site;
  • pages accessed and documents downloaded;
  • the previous site visited; and
  • the type of browser software in use.

We analyse this non-identifiable Website traffic data (including through the use of third party service providers) on an aggregated basis to improve our services and for statistical purposes.

No attempt will be made to identify users or their browsing activities except in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the Internet Service Provider’s log files.

WP Statistics

We use WP Statistics to understand the traffic and user data of our website by tracking the following information:

  • IP address.
  • Country of origin.
  • Device information.
  • Browser (including version of browser).
  • Search engine referrals.

We will deal with any personal information collected by this tool in the same way we handle other personal information under this Privacy Policy.

Third party websites

The Websites may link to other websites which are outside our control, and other websites outside our control may link to the Websites. Whilst we try to ensure that we link only to websites which share our privacy and security standards, once you have left a Website we cannot be responsible for the protection and privacy of any information which you provide on other websites. You should exercise caution and review the privacy statement applicable to the website in question.

Security of your personal information

We store most information about you in computer systems and databases operated by either us or our external service providers. Some information about you is recorded in paper files that we store securely.

We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure. This also applies to disposal of personal information. This includes:

  • training our staff in how to keep your information safe and secure;
  • conducting privacy impact assessments;
  • restricting access to personal information to only those who need access to the personal information do their job;
  • implementing physical, electronic and managerial procedures to safeguard the security and integrity of your personal information
  • storing your hard copy and electronic records in secure systems; and
  • using trusted contracted service providers (including cloud storage providers).

Retention, Destruction and De-identification of Personal Information

Stride retains personal information only for as long as it is required for the purpose for which it was collected, and to satisfy legal, regulatory, contractual, clinical, funding, audit, risk management, and operational requirements.

When personal information is no longer required, Stride will take reasonable steps to securely destroy the information or de-identify it, unless Stride is required or authorised by law to retain the information for a longer period.

Secure destruction methods may include shredding or secure disposal of physical records and permanent deletion, destruction, or de-identification of electronic records in accordance with Stride’s records management, privacy, and information security requirements.

However, we advise that there are inherent risks in transmitting information across the internet, including the risk that information sent to or from a website may be intercepted, corrupted or modified by third parties. If you have security concerns, or wish to provide personal information by other means (e.g. by telephone or paper), you may contact us using the contact details set out at the bottom of this Privacy Policy.

If the information we store is no longer required by us for any purpose for which it was collected and is no longer required by law to be retained by us, we will destroy or de-identify the information.

If we experience a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified or disposed of by any unauthorised person or in an unauthorised manner, we will notify you as soon as reasonably possible. If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact our Privacy Officer.

How can I access or correct my personal information?

We have measures in place to ensure the information we hold about you is accurate, complete and up to date.

You may access or request correction of the personal information that we hold about you by contacting our Privacy Officer at any time. Our contact details are set out below. There are some circumstances in which we are not required to give you access to your personal information.

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).

We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate and up to date.

If we refuse to provide you with access to your record or to update your record in the way you request, we will provide you with written reasons.

If we refuse to correct or update your information, you may request that we make a note on your record that you are of the opinion that the information is inaccurate, incomplete, out of date, irrelevant or misleading, as the case may be.

How can I make a complaint?

If you have a complaint or concern regarding our handling of your personal information or think that your privacy has been affected, you should contact us in writing using our contact details set out below to raise your complaint or concern.

We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.

If you remain unsatisfied with the way in which we have handled your privacy complaint or concern, you may approach an independent advisor or contact the OAIC. See the OAIC website for more information about how to make a complaint.

Take down notices

Although we reserve the right to screen or monitor content on our systems, we generally do not do so. If you discover content that you believe should be taken down, you may file a complaint in accordance with this Privacy Policy.

Your take down request must include specific information about the allegedly offending content. If your complaint is about copyright, trademark, or publicity rights infringement you must be the copyright owner.

Upon receiving a request:

  • If the complaint claims infringement of copyright, we will promptly remove the content while we evaluate the complaint.
  • If the complaint claims (1) infringement of trademark, privacy, or publicity rights, or (2) that the content is obscene, child pornography, or depicts the exploitation of children, we may, in our discretion, remove the content.
  • If the complaint makes some other claim, we may, in our discretion, take down the content while the complaint is evaluated. However our default position will be to not take down content while we evaluate the complaint.
  • If we do take down content, we’ll notify the user who posted it.

Where contacting us, you have the option to remain anonymous or use a pseudonym. However, this right will not apply if it is impracticable for us to communicate with you that way or where we are required or authorized by law to only deal with individuals who have identified themselves.

Contacting us

If you:

  • have any questions or would like further information about our Privacy Policy or practices,
  • wish to make a complaint about the way we have collected, used, held or disclosed your personal information;
  • would like to opt out of receiving communications from us, please contact our Privacy Officer in any of the following ways:
  • Email: privacy@stride.com.au
  • Mailing address: Suite 3, Level 4, 31-39 Macquarie Street, Parramatta NSW 2150

Associated Documents

  • C-1.1 Rights and Responsibilities Policy
  • C-1.1.01 Consumer and Carer Rights and Responsibilities Information Sheet
  • C-1.1.02 Consumer Consent Procedure
  • C-1.1.02.1 Consumer Consent Form
  • C-1.2.01 Consumer Feedback Management Procedure
  • C-3.1.9 Open Disclosure Procedure
  • C-3.1.10 Release of Information Procedure
  • I-2.01 Information Security Management Policy
  • I-4.01 IT User Commitment Statement
  • P-1.03 Code of Conduct

Accreditation References

NDIS Practice Standards: Core Module – Division 1, Rights and Responsibilities – Privacy and Dignity; Core Module – Division 2, Provider Governance and Operational Management – Information Management.

National Standards for Mental Health Services (NSMHS, 2010): Standard 1 Rights and Responsibilities; Standard 8 – Governance, Leadership and Management, Standard 10 Delivery of Care.

National Safety and Quality Digital Mental Health Standards (NSQDMHS, 2020): Clinical and Technical Governance Standard – Action 1.16 Healthcare records, Actions 1.28-1.30 Privacy, Action 1.31-1.32 Transparency; Partnering with Consumers – Actions 2.1-2.3 Healthcare rights and informed consent.

National Safety and Quality Mental Health Standards for Community Managed Organisations (NSQMH CMOs, 2022): Practice Governance Standard – Action 1.14 Consumer care records and information, Actions 1.26-1.27 Privacy; Partnering with Consumers, Families, and Carers Standard – Action 2.07 Informed Consent; Model of Care Standard – Action 3.05 Access and Entry, Action 3.12 Integration, Action 3.28 Communication to support consumer referral and collaborative integration.

Suicide Prevention Australia Standards for Quality Improvement (2nd edition): Standard 5 Program Management – 5.2 Privacy.

 

recaptcha logo
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.