Privacy

• Give you an understanding of the kinds of personal information that we collect and hold. 
• Communicate how and when your personal information is collected, disclosed, used, held and otherwise handled by us. 
• Inform you about the purposes for which we collect, hold, use and disclose personal information.
• Provide you with information about how you may access your personal information and seek correction if required. 
• Provide you with information about how you may make a complaint, and how we will deal with any such complaint. 

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. It includes your name, date of birth / age, gender, credit card and contact details as well as health information (which is also sensitive information). In this statement, a reference to personal information includes sensitive / health information. 

Luma may collect personal information from (but not limited to): 

• clients; 
• parents, guardians and/or carers of clients and other family members of clients (where applicable); 
• teachers of clients (where applicable); 
• healthcare professionals in the course of referrals and/or providing information to us about your condition and treatment, or in the course of us engaging with them to assist us to provide services; 
• third parties providing a service to us;  
• subscribers to our newsletter; and 
• staff, contractors, students and volunteers. 

Consent and confidentiality are the fundamental rights of everyone accessing Luma’s services. We will obtain informed consent from you before collecting information, disclosing personal information, or providing services, by discussing with you: 

• what services Luma provides; 
• conditions for accessing Luma’s services, including your rights and responsibilities; 
• how personal information is managed by Luma; 
• the extent and limits of confidentiality; 
• the right to change and withdraw consent at any time; 
• the consequences of withdrawing consent.  

Personal information collected by us generally falls into the following categories: 

• Contact information (name, age, address, email address and telephone numbers). 
• Emergency contact information. 
• Government identifiers, such as Medicare number. 
• Employment information (such as employment history, work performance, emergency contact details, absences and workplace incidents). 
• Credit card information (for processing of payments). 
• Financial information (such as staff bank account details). 
• Sensitive information (such as disability, health condition, medical history, assessment questionnaires and outcomes, criminal history, religious beliefs, cultural background). 

We may collect information from you in a variety of ways including when: 

• we provide services to you 
• you visit our website 
• you submit your information in response to events or activities or subscribe to our newsletter 
• you contact or make an appointment with us by any method, such as face-to-face, over the telephone, through an online or paper-based form or by email 
• through our secure payment system 

Sometimes we will collect personal information from a third party or a publicly available source where we have your consent, where we are required by law to do so, and/or if it is unreasonable or impracticable to collect the personal information directly from you (e.g. checking a candidate’s work history, or obtaining client information from a parent, guardian or carer (where applicable), or from your treating healthcare professionals).  

You may choose to deal with us anonymously or under an alias, where lawful and practical.  Where you choose not to provide us with your personal information, depending on the circumstances in which you do so, we may be unable to provide you with our services. 

Where we are collecting personal information from a child or young person, we will use our judgement to determine if that person has the capacity to consent. Where we are unsure, we will seek consent from a parent, guardian or carer. 

We collect, use, disclose and store your personal information to provide you with our services.  We will only collect information that is necessary for, or directly related to, Luma’s work and we will always notify you either at the time or before we collect information.  

Personal information about an individual is collected for one purpose and will not be used or disclosed for another purpose, this includes; 

• Engagement in a Luma program. 
• Managing our relationship with you (including if you are a health professional, client, service provider, staff member, contractor, student or volunteer). 
• Where you have subscribed to Luma, providing you with information about our services including newsletters, updates, information about events and seeking feedback. 
• Processing of payments. 
• Verifying and updating personal information held by us. 
• Recruiting, managing, training and clinically supervising personnel (including staff, contractors, students and volunteers). 
• Resolving any complaints and issues. 
• Complying with our legal or regulatory obligations. 
• For other purposes required or authorised by or under law, including purposes for which you have provided your express or implied consent. 

If you have subscribed to Luma, you may opt out of receiving marketing information by notifying us accordingly, or by using any unsubscribe facility we provide for that purpose.  

We take the security of your personal information seriously. Your details are stored securely and protected from unauthorised access, modification, misuse or disclosure. Some of the ways we do this are: 

• Requiring staff and contractors to enter into confidentiality agreements. 
• Using industry-standard encryption and security measures for access to computer systems.  
• Ensuring data storage devices such as laptops, tablets and smartphones are password protected. 
• Providing discreet environments for confidential discussions. 
• Implementing access control for our buildings including waiting room / reception protocols and measures for securing the premises when unattended. 
• Implementing security protocols for our website. 

Personal information may be stored in documentary form but will generally be stored electronically on our software or systems. 

We will take reasonable steps to ensure that personal information that is held which is no longer required, including under any contractual or legal requirement, is destroyed or de-identified in a secure manner. 

We may disclose your personal information to government agencies, private sector organisations or other entities where required or permitted by law, which may include the following circumstances: 

• You have consented to such disclosure. 
• We believe that you would reasonably expect, or have been told, that information of that kind is usually passed to those individuals or agencies, and it is being disclosed for a purpose related to the reason we collected the information. 
• We are required or authorised to make such disclosure by law or the requirements of any professional bodies, including where we are required to do so in accordance with child safety obligations. 
• A permitted general situation or permitted health situation (as these terms are defined in the Privacy Act) exists in relation to the disclosure. 
• We believe it is reasonably necessary for enforcement related activities conducted by, or on behalf of, an enforcement body (e.g. police). 

The persons and organisations which Luma may disclose your personal information will handle your personal information in accordance with their privacy policies. 

Will my personal information be disclosed overseas? 

The persons to whom we disclose personal information are normally located in Australia. 

Please contact us in writing if you would like to seek access to or correct the personal information we hold about you: 

• info@luma.org.au, or 
• PO Box 32, Northbridge WA, 6865  

Luma will generally provide you with access to your personal information and will take reasonable steps to amend any personal information about you which is inaccurate or out of date. In some circumstances and in accordance with applicable privacy laws, we may not permit you access to your personal information, or may refuse to correct your personal information, in which case we will provide you with written reasons for the decision and the process by which to complain about the refusal. 

If we do not agree to make a correction to personal information, you may provide a statement about the requested corrections, and we will ensure that the statement is provided to any users of the relevant personal information. 

If you have any concerns or complaints about the way your personal information has been collected or handled by Luma, please advise us of your concern or complaint in writing using the complaint form online (accessed via the Luma website), via the HaDSCO website or the above contact details.  

Action to resolve a complaint will commence within 5 working days of the complaint being made, this includes contacting the complainant to provide an estimate of how long it will take to investigate and respond to. 

It is our intention to use our best endeavours to resolve any complaint to your satisfaction. However, if you are unhappy with our response, you may contact the Office of the Australian Information Commissioner who may investigate your complaint further.