Privacy Policy

1. Commitment to Privacy 

The Buttery is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and other applicable laws governing health information.

This Privacy Policy explains how we collect, use, store, and disclose your personal and health information when you use our services or interact with our website. 

2. What Information We Collection 

We may collect the following types of information:

2.1 Personal Information

· Name, address, email, phone number, date of birth

· Demographic information

· Emergency contact details

2.2 Health and Sensitive Information (collected only with your consent)

· Medical history and health assessments

· Treatment plans and progress notes

· Mental health information

· Information relating to alcohol, drug, or behavioural support services

2.3 Donor and Financial Information

· Donation history, value, and designated funds

· Billing or payment information (processed securely via third-party payment processors)

2.4 Automatically Collected Information

· IP address, browser type, and device identifiers

· Website usage data via analytics and cookies 

3. How We Collect Information 

We collect personal information when you:

· Register for a program or treatment

· Submit an enquiry or feedback form

· Donate or subscribe to our newsletters

· Participate in surveys or online resources

We may also collect information from:

· Referring health professionals

· Government agencies, where authorised

· Website analytics tools and cookies 

4. Consent 

We will obtain your explicit consent before collecting health or other sensitive information. You may withdraw your consent at any time by contacting us. However, this may affect our ability to provide services to you.

5. Purpose of Collection and Use 

We collect and use your personal information to:

· Provide health and support services

· Manage appointments and communications

· Maintain clinical records

· Process donations and issue receipts

· Update supporters and donors

· Improve our website and services

· Comply with legal and regulatory obligations

· Report to funding bodies (in a de-identified form unless otherwise required)

We will not use your information for direct marketing without your express consent, and you may opt out at any time. 

6. Disclosure of Personal Information 

We may disclose your information to:

· Qualified staff and health professionals involved in your care

· Third-party IT and service providers who support our operations

· Funding, accreditation, and regulatory bodies where required

· Emergency services if there is a serious threat to your health or safety

· Government agencies when required by law

6.1 Overseas Disclosure 

Some third-party cloud or IT providers may store data overseas (such as the United States, European Union, or Asia-Pacific regions). Where this occurs, we take reasonable steps to ensure that the overseas recipient complies with privacy obligations equivalent to the Australian Privacy Principles.

7. Data Security

We take all reasonable steps to protect personal information from misuse, loss, unauthorised access, modification, or disclosure. Security measures include:

· Secure servers and encryption

· Role-based access control

· Staff confidentiality agreements

· Regular cybersecurity reviews

8. Data Retention and Destruction

We retain personal information only for as long as necessary to provide services and fulfil legal obligations. Health records are retained for the period required under applicable health regulations (a minimum of 7 years from the last interaction, or longer for minors). After this time, information is securely destroyed or permanently de-identified.

9. Cookies and Website Analytics

Our website uses cookies to enhance your browsing experience and collect anonymous usage statistics. You may disable cookies through your browser settings. Some website functions may not work if cookies are disabled.

10. Access and Correction 

You have the right to:

· Request access to the personal information we hold about you

· Request corrections if the information is inaccurate or incomplete

We will respond within a reasonable timeframe and may require proof of identity.

11. Notifiable Data Breaches

If a data breach occurs that is likely to result in serious harm, we will promptly notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches Scheme.

12. External Links

Our website may contain links to external sites. We are not responsible for the privacy practices or content of these third-party sites.

13. Complaints Procedure

If you have a complaint about how your information has been handled, please contact us using the details below. We will respond within 30 days.

If you are not satisfied with our response, you may contact the OAIC:

· Website: https://www.oaic.gov.au

· Phone: 1300 363 992

14. Changes to This Policy

We may update this Privacy Policy periodically. The updated version will be posted on our website with the effective date.

15. Contact Us

If you have any questions or wish to access or update your information, withdraw consent, or make a privacy complaint, please contact us:

Email: info@buttery.org.au Phone: 02 6687 1111

Acknowledgment

By using our services or website, you acknowledge that you have read and understood this Privacy Policy.