Lifeline Direct Privacy Policy

1. About the Organisation

Lifeline Direct Limited ACN 618 509 818 (LLD) is a wholly-owned subsidiary of Lifeline Australia with an independent Board. LLD undertakes delivery of crisis support, fundraising, community programs, and training services, as well as operation of retail stores and warehouses across multiple geographies as part of a national network in pursuit of a vision of an Australia free of suicide.

2. Purpose and Scope

This Privacy Policy outlines how LLD manages, uses, and protects personal information in compliance with federal and state-based legislation.

This policy applies to all internal and external parties who may collect, hold, and / or disclose personal or sensitive information in their interaction with LLD - hereafter referred to as ‘Individuals’ – including, but not limited to:

  • employees, volunteers, and officers of LLD
  • help seekers, consumers, and customers
  • donors and clients
  • contractors, visitors, and service providers
  • job applicants
  • website users
  • whistleblowers

This Privacy Policy does not apply to Lifeline Australia (as the parent of LLD) or other Lifeline Members. Lifeline Australia’s Privacy Policy, which explains how it collects and handles information about help seekers who call Lifeline, and those seeking service provision information regarding Specialist and Targeted Services (STS), is available here: Privacy policy - Lifeline Australia.

3. About This Privacy Policy

LLD is committed to protecting the privacy of the personal information collected about and on behalf of Individuals in compliance with:

  • Privacy Act 1988 (Cth) (Privacy Act) including the Australian Privacy Principles (APPs)
  • Health Records and Information Privacy Act 2002 (NSW) including 15 Health Privacy Principles (HPPs)
  • Privacy and Personal Information Protection Act 1998 (PPIP Act) (NSW) which include 12 Information Privacy Principles (IPPs)
  • Health Records Act 2001 (VIC) including 11 Health Privacy Principles (HPPs)
  • Privacy and Data Protection Act 2014 (VIC) including 10 Information Privacy Principles (IPPs)

The APPs, HPPs and IPPs regulate the handling of personal and health information, and set out the obligations, standards, and Individual rights in relation to LLD’s collection and handling of personal information across its lifecycle.

The Privacy Policy outlines LLD’s handling of personal and health information, aligning with the APPs, HPPs, and IPPs, and covering collection, storage, protection, disclosure, and Individual privacy rights.

4. Personal Information collected, held and disclosed by LLD

4.1. Types of Personal Information

Personal information means any information or opinion about an identified or reasonably identifiable Individual, irrespective of its accuracy or the format it is recorded and held in. Sensitive information is a subset of personal information about an Individual’s race or ethnic origin, political opinions, philosophical or religious beliefs, affiliations, sexual orientation, health and some types of genetic information, and criminal record.

LLD collects various types of personal, including sensitive, information dependent on who the Individual is and the nature of their interaction with LLD. LLD collects personal information when the Individual engages with the organisation as a community service member or mutual obligation person.

Elements of the following personal or sensitive information collected by LLD include, but are not limited to:

  • name, address, date of birth, telephone number
  • nationality and visas
  • photos, phone, and video recordings
  • health records, including mental health status, safety plans, and domestic violence history
  • Individual verification documentation and unique government identifiers including passport, licence, Medicare and Centreline details
  • procurement and payment details including credit card and bank details
  • IP address, location (device) and network information
  • survey responses
  • donation information
  • death notifications
  • training participation and history

4.2. How Personal Information is collected by LLD

Where possible, personal information is collected directly from Individuals with their consent at the time of their interaction with LLD; however, LLD may also need to collect information from third party sources, including:

  • clients, partners, and supporters
  • LLD’s parent company, Lifeline Australia
  • Lifeline Members
  • universities associated with the UCL service
  • universities and other training organisations
  • public sources
  • job referees
  • CCTV/surveillance
  • service providers

Cookies and web analytics

Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes and to enhance functionality on the website. Most browsers allow you to

choose whether to accept cookies or not. The cookies LLD use are first party, performance and functionality to assist in understanding Individual preferences, and these will not be shared with external parties. LLD’s website also uses Google Analytics to collect data about how Individuals interact with the site.

If an Individual wishes not to have cookies placed on their computer, browser preferences should be set to reject all cookies before accessing the LLD website, noting this may affect some functionality.

4.3. How Personal Information is secured

LLD holds personal information in hard copy form and in digital form in IT systems, some of which are supported by Lifeline Australia and third-party platforms (such as Microsoft Teams). LLD retains and archives personal information, including health data, in accordance with statutory retention obligations and for as long as reasonably required, dependent on the purpose of collection. LLD will then securely delete, shred or de-identify information no longer required.

LLD takes reasonable steps to protect the personal information it handles through a combination of technical and other measures including:

  • secure web-based services
  • unique user profiles and password protection
  • 2 or multi-factor authentication where available
  • firewalls, anti-virus software and encryption
  • physical security measures
  • restricted data access based on role
  • provision of privacy and security training

4.4. Purpose for collection of Personal Information

LLD collects and uses Individual personal information to carry out its operations and provide services which include, but are not limited to:

  • delivering a range of counselling and crisis support in person, by phone, text, video, and telehealth (that may vary from time to time).
  • legal and ethical compliance in protection of LLD’s employees and volunteers
  • delivering education, community engagement and wellbeing programs
  • operating Lifeline retail stores, warehouses and distribution centres
  • meeting service delivery and reporting obligations to funders
  • providing referrals to and promoting other services
  • managing grants, fundraising, and donor activities and communication
  • service quality, training and improvements
  • recruitment, evaluation, assessment, onboarding and ongoing management of employees, volunteers, contractors, and suppliers
  • responding to inquiries and complaints
  • emergency response and intervention
  • obtaining accreditations
  • communicating and engaging across various channels including social media

LLD may also use consumer personal information for other purposes with consent or where it is required or when authorised by an applicable law to do so and so not to limit the collection of individual personal information to the points listed, but to allow for additional services and operations as they arise.

4.5. Disclosure to third parties

LLD will not disclose Individual personal information to other external organisations except:

  • where an Individual has provided consent to do so through acceptance of this Policy and the disclosure relates to the services LLD provide to them
  • to comply with mandatory reporting obligations where LLD reasonably believe an Individual is at risk to themselves or someone else)
  • as required by law
  • for referral of services
  • for a purpose permitted by this Policy
  • Examples of organisations and / or third parties include:
  • LLD’s parent company Lifeline Australia
  • Lifeline Members
  • LLD service providers
  • external / referred third-party service providers
  • government or non-government agencies where there is a reasonable concern regarding the safety or wellbeing if an individual

Overseas disclosures: LLD typically does not share personal information with overseas recipients; however, the organisation LLD uses cloud-based third-party platforms, including payment platforms, located in various countries including New Zealand, the USA, UK, Philippines, and Canada.

4.6. Direct marketing and opt-outs

LLD may communicate about events, campaigns, courses, fundraising, and job opportunities based on collected personal information, unless requested not to. LLD does this through email, SMS and post, depending on the contacts details provided.

Individuals may opt out of receiving direct marketing communications from LLD at any time, by clicking the unsubscribe function in any electronic communication, replying STOP to any SMS communication, or by contacting LLD on 1300 152 854 or [email protected].

5. Individual privacy rights

5.1. Access and correction

Individuals can request access to their personal information, including health data, held by LLD, with exceptions as per APPs, HPPs or IPPs. LLD won't charge for requests but may apply a reasonable fee for retrieval. Access will be provided in the requested form whenever possible.

LLD take reasonable steps to correct outdated, incorrect, or misleading personal information. Individuals can request corrections, with identity verification required. If requesting on behalf of someone else, proof of authority will be required.

If LLD denies access or correction, it will provide a written explanation and instructions for raising complaints. If correction is refused, consumers can request a statement with their personal information record.

Individuals can also update their personal information by sending a request through to [email protected] and if it is deemed that the relationship is with Lifeline Australia (LLA), then LLD escalate this to the LLA Privacy Officer as appropriate.

5.2. Anonymous interaction with LLD

Individuals can opt not to identify themselves to LLD unless necessary for inquiries, complaints, job applications, or service provision; however, noting that LLD may need to identify an Individual to, for example, respond to an inquiry or complaint, to process job applications, or to provide services.

5.3. Making a complaint

To report any concerns about LLD's handling of personal information, Individuals can contact the organisation in writing and providing full name, contact details, and a clear description of the issue. LLD may be required to verify identity and may require additional information for resolution.

LLD will acknowledge receipt of the complaint no longer than 7 days and aim to respond to and resolve the complaint within a reasonable time and usually within 30 days. If a longer timeframe is required, LLD will advise the Individual and explain why.

In Individuals are not satisfied with LLD’s response to a complaint, the following contact options are available:

  • Office of the Australian Information Commissioner (OAIC) - the independent national regulator for privacy and freedom of information

www.oaic.gov.au/privacy/privacy-complaints/

  • For health information concerns, the relevant state information or health commissioner

5.4. Mandatory Notifiable Data Breaches

If an Individual suspects unauthorised access or disclosure of their personal information, they should contact LLD immediately. LLD are obligated to notify Individuals if a data breach is likely to result in serious harm and will comply with relevant laws to protect Individual privacy information.

6. Contacting LLD

For complaints, questions, or feedback, or to make an access or correction request, please contact the LLD Privacy Officer using the details below:

12 Maitland Road

Islington NSW 2296

Email: [email protected]

Phone: 1300 152 854