Our privacy policy is available in two formats.

You can download and print out the PDF version.

Or you can read it as a website page below.


Why do we have this privacy policy?

As the administrator of the NDSS, Diabetes Australia is subject to the Privacy Act 1988 (‘the Privacy Act’) and the Australian Privacy Principles (APPs) contained in the Privacy Act. The APPs set out the way organisations such as ours can collect, use, disclose and provide access to personal and sensitive information.

Personal information is any information or opinion that identifies (or could reasonably identify) a person, whether it is true or not. It includes, for example, your name, age, gender and contact details. Personal information can also include sensitive information, which includes information about your health and health services provided to you.

We are committed to the protection of your privacy. This Privacy Policy describes how we handle your personal and sensitive information when administering the NDSS, including programs under it such as the Diabetes in Schools program, and ensures we manage personal and sensitive information consistently with the APPs.

This Privacy Policy applies to all Diabetes Australia employees, consultants, contractors and NDSS Agents engaged in the administration of the NDSS, and covers all information collected for the NDSS on the NDSS website, the Diabetes in Schools website and other websites and applications administered by us.

What personal information may be collected?

We may collect your personal information if the information is reasonably necessary for administering the NDSS and any of its programs, services, or activities, including providing information, education, and support services to people with diabetes and their carers and guardians. When personal information is sensitive information (for example, health information), it will only be collected if you have consented to that information being collected, or if one of the other exceptions applies under the APPs.

Personal information that we may collect, or use includes:

  • your name
  • contact details and address
  • gender
  • date of birth
  • country of birth
  • Australian Government Medicare number or Department of Veterans’ Affairs number
  • Commonwealth concession card details
  • Passport or student visa details (as required)
  • NDSS number
  • details of your parent or carer, and
  • details of your usual general practitioner and other health professional.

If you are a guardian of someone under 16 years of age or provide ongoing care to an adult, we will collect personal information such as your name, date of birth, contact details and relationship to the person with diabetes.

The sensitive information we may collect includes:

  • whether you are of Aboriginal or Torres Strait Islander origin
  • main language spoken at home
  • diabetes type
  • details of the medication and NDSS products you require to manage your diabetes
  • whether your immediate relatives have had diabetes and how your diabetes is currently managed
  • health services provided to you
  • other health information.

We also collect information about your interactions with the NDSS. This includes your attendance or interaction with NDSS programs, services and activities including online, in person or via telephone or social media, as well as any feedback or complaints. It also includes the NDSS products you have accessed, date and location of purchase, method of payment and other service arrangements.

How is personal information collected?

We collect your personal information in several ways including:

  • on forms, such as the NDSS registration form
  • when you contact the NDSS Helpline
  • information you provide while visiting NDSS Access Points (primarily community pharmacies), NDSS Agent locations and other places for example, health centres and hospitals
  • from websites and applications operated by us or on our behalf, including websites that capture content, are used to register for training or facilitate access to subsidised diabetes-related products, and
  • other ways, such as when you interact with us in person, or through phone calls to our staff, email, mail, and social media.

We will always collect personal information from you directly unless it is unreasonable or impractical to do so. For example, if a school principal registers their school for training under one of our programs, they may enter the name and contact details of school staff they nominate to attend training, and we may use this information to contact those staff to participate in the program. When a person with diabetes is under 16 years of age, or is an adult receiving continuing care, education or support services, the person’s primary carer or guardian will be the one to consent to the collection of the person’s information.

Sometimes we may receive personal information that we did not request (for example, if you complete an NDSS registration form and you attach extra documents that we did not request). If this happens, and we could not have collected this information as set out above, if allowed by law we will destroy or de-identify the extra information as soon as practicable (i.e. any information that could reasonably identify you as an individual will be removed).

Cookies

Our websites and applications use software known as ‘cookies’ to record your visit to the websites and collect some statistical information. A cookie is a small text file that our site may place on your computer as a tool to remember your preferences. We use this information to help administer and improve our websites. We do not use this information to personally identify you.

You may set your web browser to disable cookies when visiting our websites. However, some website functions may be unavailable if you choose to do so.

Can I remain anonymous?

It is your choice to provide information to us. Wherever it is lawful and practicable for us to deal with individuals who have not identified themselves, you have the option not to identify yourself or to use a fictional name when interacting with us. For example, you can remain anonymous when using some parts of the NDSS website, Diabetes in Schools website and other sites administered by us.

However, it will be necessary for us to collect your personal or sensitive information if you would like to access certain NDSS products, education and support services or programs. If you choose to withhold the information we require, we may not be able to provide the services you have requested.

Security and storage of your information

We take appropriate steps to protect your personal and sensitive information held by us from misuse, interference, unauthorised access, modification, loss, or disclosure. This includes during storage, collection, processing, transfer, and destruction of the information.

Information is stored in access-controlled premises or in secure electronic systems. In certain sensitive circumstances, Diabetes Australia has the ability to protect or suppress certain personal information (e.g. date of birth, address and contact details) of a person’s profile, so that it is not visible to NDSS Access Points.

You can be assured that we will take all reasonable steps to ensure your personal details always remain confidential. Our employees, NDSS Agents, NDSS Access Points, and third parties to whom we disclose your information, such as the Australian Institute of Health and Welfare, sign a confidentiality agreement that requires them to comply with the Privacy Act and our Privacy Policy.

We take steps to ensure the security of our websites and applications, however, users are advised that there is always some risk when transmitting information across the Internet, including a risk that information sent to or from a website may be intercepted, corrupted, or modified by third parties.

When we no longer need your personal information for any purpose, we will take reasonable steps to destroy the information or ensure that the information is de-identified. This will apply except where we are required by law or a court/tribunal order to retain the information.

For what purposes do we use or disclose your information?

We use or disclose your personal and sensitive information for the purposes of administering and providing the NDSS programs, services, and activities such as the Diabetes in Schools program. We may also use or disclose your information for a secondary purpose which is directly related (where this is sensitive information) or related (for non-sensitive information) to the reason you provided the information in the first place, but only where you would reasonably expect us to use your information for this secondary purpose.

For example, we may use your information to:

  • confirm your identity and update your personal details
  • contact you to provide you with information about the NDSS, managing your diabetes or sending reminder notices to you and your health professionals about important aspects of your diabetes management
  • contact you to invite you to participate in education, support services and programs delivered by Diabetes Australia or your local state and territory diabetes organisations, or other NDSS programs requiring a specific consent
  • provide training to you, (or if you are a student to your school’s staff), on diabetes and diabetes management
  • provide information about access to subsidised diabetes-related products, or related information such as product recalls
  • run targeted digital advertising campaigns promoting diabetes education, support services and programs to people with diabetes registered with the NDSS
  • produce statistical and evaluation reports on the NDSS
  • manage and respond to requests for information, feedback and complaints
  • improve our programs and services.

Your information may also be used or disclosed to the following people or entities:

  • the Commonwealth as represented by the Department of Health and Aged Care, which funds the NDSS, to produce statistical and evaluation reports on the NDSS and for administrative purposes, or for public accountability purposes
  • the Australian Institute of Health and Welfare for inclusion in the National (insulin-treated) Diabetes Register, cross-checking against the National Death Index, statistical analysis, to undertake data linkage activities with other datasets for health research purposes and to facilitate health research projects undertaken by researchers and other parties (see Release of information to the Australian Institute of Health and Welfare section below)
  • Commonwealth agencies, researchers, and other parties to facilitate health and other research projects including data linkage activities, or to plan for the emerging needs of people with diabetes (see Release of information to other parties for research, policy development or service delivery section below)
  • other third parties for the purposes of administering the NDSS (or providing NDSS programs, services, and activities) including organisations that deliver services on our behalf (such as mailing houses), or organisations that provide services to us. For example, if you choose to sync your MyDESMOND account with a fitness tracker provided by a third party, your information will be disclosed to that third party. Their use of your data is governed by their own privacy policies rather than ours – see the MyDESMOND website for more details ndss.com.au/mydesmond
  • if you are a student participating in one of our programs, we may disclose your information to parent/guardians, school staff and medical treatment staff, and Diabetes Australia employees and contractors involved in the program. If you are school staff or medical treatment staff, we may disclose your information to parents/guardians, other school staff and medical treatment staff, and Diabetes Australia employees and contractors involved in the program.

We do not disclose your personal information to overseas parties, unless you have a MyDESMOND account and choose to sync that account with a fitness tracker provided by an overseas provider (or an Australian provider who stores their data overseas).

Release of information to Australian Institute of Health and Welfare

Your information (including identified and sensitive information) will be disclosed to the Australian Institute of Health and Welfare for inclusion in the National (insulin-treated) Diabetes Register. Your information will also be cross-checked against the National Death Index to ensure data collection about diabetes remains accurate and up to date. The National (insulin-treated) Diabetes Register and National Death Index are maintained by the Australian Institute of Health and Welfare on behalf of the Commonwealth.

The Australian Institute of Health and Welfare may also use your information for statistical analysis and research. The AIHW may also use your information to facilitate health and other research projects undertaken by researchers and other parties, including data linkage activities with other datasets. For more details of how your information can be used by the Australian Institute of Health and Welfare, please refer to their website and privacy policy.

Where possible, the Australian Institute of Health and Welfare will de-identify your information before the release of data to researchers and other parties. Where identified data is required for the project, for example because it involves data linkage, your information will not be disclosed to anyone other than the linkage authority responsible for conducting data linkage projects. Researchers accessing linked data are only provided with information that has been de-identified. All research projects require an ethics approval before information will be disclosed.

Release of information to other parties for research, policy development or service planning and delivery

Our research policy is available here. In addition to the Australian Institute of Health and Welfare, your information may be disclosed to other Commonwealth agencies (such as the Australian Bureau of Statistics) for statistical and research purposes, or for service delivery or policy development, and this may involve data linkage with other datasets. Disclosure of your personal information to these agencies is generally necessary in these circumstances (for example, to conduct data linkages), but your information will not be disclosed to anyone other than the agency and its contractors (contractors are required to sign a confidentiality undertaking).

In addition, your information (which is de-identified but can include sensitive information) may be disclosed to other researchers, health services and planning agencies, and other parties to facilitate health and other research projects, or to plan for the emerging needs of people with diabetes. These third parties are subject to strict obligations of confidentiality concerning the de-identified data they receive.

If you have not opted-out when you registered with the NDSS, you may also receive information from us about opportunities to participate more directly in a research study.

Other disclosures

We will not use or disclose your personal information for another purpose except as described in this Privacy Policy unless you have given consent or one of the exceptions under the Privacy Act applies. For example, we may disclose your personal information if authorised by Australian law or if necessary, for law enforcement.

Promotional materials

From time to time, we may send out promotional materials for the purposes of the NDSS or we may use a third party to send out these materials. If you do not wish to receive these communications, please contact us to unsubscribe (see contact details below).

It is our policy that any promotional material will include a statement advising that you may request not to receive further promotional material by contacting us using the details provided. Even if you unsubscribe, if you are registered with the NDSS you will still receive important information about diabetes and NDSS products and services.

How to access and correct your information

We will take reasonable steps to ensure that all personal information that we collect, use or disclose is accurate, up-to-date, complete, relevant and not misleading.

We will correct any personal information that we believe to be incorrect, out-of-date, incomplete, irrelevant or misleading. This includes taking reasonable steps to notify any organisation or government agency to which information was disclosed about the correction. You may request to access or correct your personal information at any time by contacting our Privacy Officer using the details below. We must give you access to the information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.

If you request to access or correct your information, we will respond within a reasonable time (usually within 30 days). If your request is refused, we will give you a written notice that sets out the reasons for refusal (except to the extent it would be unreasonable to do so) and how to complain about the decision.

Complaints and enquiries

We are committed to the protection of your privacy. If you have any questions about how we handle your personal information, would like to complain about how we have handled your information, or would like further information about our Privacy Policy, please submit a written query or complaint to our Privacy Officer (see details below). Our Privacy Officer will assess any complaints and liaise with you to resolve any issues within a reasonable time (usually within 30 days). If you are still not satisfied with our handling of the problem or complaint, you may lodge a complaint with the Office of the Australian Information Commissioner.

See oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint for further information.

Contact details

Privacy Officer
Diabetes Australia
GPO Box 3156
Canberra, ACT 2601

Email: [email protected]

Other websites

The NDSS website, the Diabetes in Schools website and other sites administered by us may contain links to external organisations and websites. We recommend that you review the privacy policies of those external organisations and websites as we are not responsible for their privacy practices.