Amara Residences Privacy Policy

1. Policy Purpose

Amara Residences, its subsidiaries and affiliates in Australia (collectively referred to as “we” and “us”) are committed to managing personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and in accordance with other applicable privacy laws.

This policy sets out how we intend to do so to ensure Amara Residence’s associated entities and all Amara Residences act in a serious and committed manner to meet obligations under the Privacy Act, ensuring personal or sensitive information is collected, held, used, and disclosed in accordance with the Australian Privacy Principles (APP) and in accordance with other applicable privacy laws.

In this Privacy Policy, “we” and “us” refers to Amara Residences and “you” refers to any individual about whom we collect personal information.

To ensure all legislated notifiable breaches are identified, investigated and communicated as per legislative requirements of the Privacy Amendment (Notifiable Data Breaches) Act 2017. To comply with our obligations under the Australian Privacy Principles (APP), as set out in the Privacy Act 1988 (Cth) and the Privacy Amendment (enhancing Privacy Protection) Act 2012 (Cth).

To support the privacy and confidentiality rights of residents, staff and visitors to Amara Residences by meeting the requirements of the Surveillance Devices Act 2007 and to ensure all resident staff and visitors are informed of and understand the surveillance mechanisms in place and the requirements of the Surveillance Devices Act 2007 are met at the facility.

The Policy applies to all persons/stakeholders involved in Amara Residences. This includes:

i.	residents;
ii.	prospective employees and current employees;
iii.	clients, business associates and potential clients and their employees;
iv.	external service providers (medical officers, allied health practitioners/personnel, suppliers and contractors) and their employees.

Please contact us for a full list of the companies which comprise Amara Residences and which are subject to this Privacy Policy.

2. Definitions

Personal information
Is defined as any ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable’.

Sensitive information
Is a subset of personal information and is defined as information or an opinion (that is also personal information) about an individual’s:

i.	affiliations;
ii.	philosophical beliefs;
iii.	membership of a professional or trade association;
iv.	membership of a trade union;
v.	sexual preferences or practices;
vi.	criminal record;
vii.	health information about an individual;
viii.	genetic information (that is not otherwise health information);
ix.	biometric information that is to be used for the purpose of automated biometric verification or Biometric identification;
x.	biometric templates.

Notifiable data breach
Where there has been unauthorised access or disclosure of personal information it holds, or such information has been lost in circumstances where it is likely to lead to unauthorised access or disclosure; and a reasonable person would conclude that such access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.

Surveillance device
Means a data surveillance device, a listening device, an optical surveillance device, or a tracking device. Amara Residences have video surveillance for security of the workplace. The surveillance cameras are located in general work areas, including kitchen, treatment rooms and corridors on all levels, building exit/entry access points and car park. All employees are notified during orientation and it is documented Amara Residences Privacy Policy Page 2 of 10 Last Updated: November 2023 in the employment agreement and staff handbook that Amara Residences has video surveillance in the workplace.

Listening device
Means any device capable of being used to overhear, record, monitor or listen to a conversation or words spoken to or by any person in conversation, but does not include a hearing aid or similar device used by a person with impaired hearing to overcome the impairment.

Optical surveillance device
Any device capable of being used to record visually or observe an activity, but does not include spectacles, contact lenses or a similar device used by a person with impaired sight to overcome that impairment.

Tracking device
Any electronic device capable of being used to determine or monitor the geographical location of a person or an object.

Person responsible
The term “Next of Kin” was replaced by “Person Responsible” by the Guardianship Act of 1987. There is a clear hierarchy set out by the Guardianship Act as follows;

i.	A guardian (including an enduring guardian) who has the function of consenting to medical/dental treatment - if none then;
ii.	The most recent spouse or de-facto who has an ongoing relationship with the person - if none then;
iii.	A relative or friend who has a close personal relationship with the person.

3. Types Of Personal Information Collected

The organisation collects and holds the personal information of residents, employees, volunteers, and contractors. ‘Personal information’ means information we hold about the individual from which their identity is either clear or can be reasonably determined. The personal information we may hold includes the following:

Residents

i.	Name;
ii.	Date of birth;
iii.	Marital status;
iv.	Contact details;
v.	Country of Birth and whether you are of Aboriginal and/or Torres Strait Islander origin;
vi.	Current address and next of kin details;
vii.	Person responsible, e.g. Power of Attorney, Enduring Power of Attorney, Guardian, Trustee, etc.;
viii.	Entitlement details including Medicare, pension and health care fund;
ix.	Medical history;
x.	Resident agreements;

Employees

i.	Name;
ii.	Date of birth;
iii.	Country of Birth;
iv.	Address and contact details;
v.	Details of next of kin;
vi.	Occupation;
vii.	Employment history;
viii.	Employment application form;
ix.	Citizenship, passport and/or Visa permit;
x.	Medical history or fitness for work information;
xi.	Immunisation records;
xii.	Employment references;
xiii.	Tax file number;
xiv.	Bank account details;
xv.	HR/Personnel records including superannuation fund;
xvi.	National Police Certificate (Criminal History Record Check);
xvii.	Workers compensation or injury information;
xviii.	Qualifications, training and competency records.

Volunteers

i.	Name;
ii.	Date of birth;
iii.	Country of Birth;
iv.	Address and contact details;
v.	Details of next of kin;
vi.	National Police Certificate (Criminal History Record Check);
vii.	Drivers licence (if relevant).

Contractors

i.	Name;
ii.	Address and contact details;
iii.	Qualifications, licenses, etc.;
iv.	Contractor agreement;
v.	Insurances including Workers Compensation, Professional and Public Liability;
vi.	National Police Certificate (Criminal History Record Check).

Other individuals

i.	Amara Residences may collect personal information about other individuals who are not residents, employees, or volunteers of Amara Residences. This includes customers and members of the public who participate in events we are involved with, individual service providers and contractors to Amara Residences, and other individuals who interact with Amara Residences on a commercial basis. The kinds of personal information we collect will depend on the capacity in which you are dealing with Amara Residences.
ii.	If you are participating in an event we are managing or delivering, we may take images or audio-visual recordings which identify you.
iii.	In limited circumstances, Amara Residences may collect information which is considered sensitive information. For example, if you are injured at an event promoted or delivered by Amara Residences we may collect health information about you in an emergency or otherwise with your consent.
iv.	We may collect personal information about children (for example, when children participate in events we are involved with). Where children do not have sufficient maturity and understanding to make decisions about their personal information, we will require their parents or guardians to make decisions on their behalf.
v.	You can always decline to give Amara Residences any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about personal information we have requested, please let us know.

Visitors to our website
The way in which we handle the personal information of visitors to our websites is discussed below.

4. How And Why Does Amara Residences Collect And Use Your Personal Information?

Amara Residences collects personal information reasonably necessary to carry out our business, to assess and manage our residents’ needs, and provide services for independent living. We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you or third parties and managing resident or representative relationships or external service providers (medical officers, allied health practitioners/personnel, suppliers and contractors).

The purposes for which Amara Residences usually collects and uses personal information depends on the nature of your interaction with us, but may include:

i.	responding to requests for information and other general inquiries;
ii.	managing, planning, advertising and administering programs, events, competitions and performances;
iii.	researching, developing and expanding our facilities and services;
iv.	informing you of our activities, events, facilities and services;
v.	assessing your suitability for an independent living vacancy;
vi.	recruitment processes (including for volunteers, internships and work experience); and
vii.	responding to enquires and complaints; and
viii.	providing a health and hospitality service as an independent living provider.

Amara Residences generally collects personal information directly from you. We may collect and update your personal information over the phone, by email, over the internet or social media, or in person. We may also collect personal information about you from other sources, for example:

i.	our affiliated and related companies; and
ii.	third party suppliers and contractors who assist us to operate our business.

Amara Residences also collects and uses personal information for market research purposes and to innovate our delivery of products and services.

Generally, only personal information is collected if it is necessary to provide health services and to comply with our obligations under Australian law (e.g. tax office obligations, immigration legislation, industrial instruments, etc.) or a court/tribunal order.

Where information is collected from other sources, Amara Residences will inform the individual that we will hold their personal information.

In some circumstances Amara Residences may be provided with personal information about an individual from a third party, for example a report provided by a medical professional, hospital or an employee reference from another person.

Unsolicited information such as personal information that is not relevant to the functions of the organisation will be ‘de-identified’ or destroyed as soon as practicable.

The potential consequences of not allowing us to collect and hold the required personal information may be that we are unable to:

i.	Provide appropriate health care and health services and meet our legislated obligations;
ii.	Meet the individual requirements of the residents;
iii.	Provide continuing employment to an employee;
iv.	Continue with the services of a contractor or volunteer.

5. How Does Amara Residences Interact With You Via The Internet?

a.	You may visit our website (www.amararesidences.com.au) without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry), any personal information you provide to Amara Residences will be managed in accordance with this Privacy Policy.
b.	Amara Residences website uses cookies. A “cookie” is a small file stored on your computer’s browser, which assists in managing customised settings of the website and delivering content. We collect certain information such as your device type, browser type, IP address, pages you have accessed on our websites and on third-party websites. You are not identifiable from such information.
c.	You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.
d.	Amara Residences’ website may contain links to third-party websites. Amara Residences is not responsible for the content or privacy practices of websites that are linked to our website.

6. Can You Deal With Amara Residences Anonymously?

Amara Residences will provide individuals with the opportunity to remain anonymous or use a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally, it is not practicable for Amara Residences to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services or participate in our events, programs or activities we manage or deliver.

7. Consent

A Privacy and Confidentiality Agreement for staff and volunteers is made upon employment and engagement, respectively. A Privacy Exceptions Log that records the wishes of residents where they do not agree with any of the privacy options on the Resident Privacy Consent Form is communicated to relevant staff.

Consent is reviewed every 12 months in line with the annual case conference process. Where the resident is unable to provide written consent but has capacity to consent, the Privacy Agreement will be completed in accordance with the resident’s wishes.

A Resident has the right to withdraw or alter their privacy consent at any time.

Consent Can be:

i.	Informed: The person should understand what they are consenting to, why it is necessary or desirable, and what may be the results of both consenting and of not consenting.
ii.	Freely Given: The person must not be coerced, pressured or intimidated into providing information, nor made to feel they don’t have enough time to make a considered decision.
iii.	Capacity: The person being asked to consent must be cognitively capable to do so. A person with temporary or permanent intellectual impairment should not be asked to consent.

Consent can be obtained in writing or verbally.

8. How Does Amara Residences Hold Information?

a.	Amara Residences stores information in paper-based files or other electronic record keeping methods in secure databases (including trusted third party storage providers based in Australia or overseas). Amara Residences Privacy Policy Page 5 of 10 Last Updated: November 2023 Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.
b.	Amara Residences maintains physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our computer systems.
c.	Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.
d.	We take steps to destroy or de-identify information that we no longer require.

9. Does Amara Residences Use Or Disclose Your Personal Information For Direct Marketing?

a.	Amara Residences may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below.
b.	If you opt-out of receiving marketing material from us, Amara Residences may still contact you in relation to its ongoing relationship with you.

10. How Does Amara Residences Use And Disclose Personal Information?

For Residents

i.	The purposes for which we may use and disclose your personal information will depend on the services we are providing you. For example, if you have engaged us to deliver a service, we may disclose information about you to service providers where this is relevant to our services.
ii.	Personal information relating to residents and employees will not be used for other purposes such as fundraising or direct marketing activities without seeking written consent of the resident or the “person responsible” for the resident.
iii.	Residents, representatives and visitors must also maintain the privacy of other residents living in the home. Protocols in the residence will also reinforce this requirement, for example, not providing information to a resident or a visitor without the resident’s consent.

For consumers and participants

If you are a consumer or participant in an event, we may disclose your personal information to our clients and venues where this is reasonably necessary for, and relevant to, the delivery of the event. We may use images or audio-visual recordings which identify you for promotional purposes where you would reasonably expect this to occur.

Disclosure to contractors and other service providers

i.	Amara Residences may disclose information to third parties we engage in order to provide our services, including contractors and service providers used for data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/ development, printing, archiving, mail-outs, and market research.
ii.	Personal information may also be shared between related and affiliated companies of Amara Residences, located in Australia or overseas.
iii.	Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.

Use and disclosure for administration and management
Amara Residences will also use and disclose personal information for a range of administrative, management and operational purposes. This includes:

i.	administering billing and payments and debt recovery;
ii.	planning, managing, monitoring and evaluating our services;
iii.	quality improvement activities;
iv.	statistical analysis and reporting;
v.	training staff, contractors and other workers;
vi.	risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives);
vii.	responding to enquiries and complaints regarding our services;
viii.	obtaining advice from consultants and other professional advisers; and
ix.	responding to subpoenas and other legal orders and obligations.

Other uses and disclosures
We may use and disclose your personal information for other purposes explained at the time of collection or otherwise as set out in this Privacy Policy. However:

i.	when Amara Residences collects personal information, we will take reasonable steps to try to identify the circumstances that will inform you (the resident, employee or external service provider) of the circumstances and give you a reasonable explanation about the purpose of collection.
ii.	Amara Residences take reasonable steps to ensure that such recipients (as indicated above) respect the confidentiality of this information by abiding by the APPs.
iii.	if it is necessary to transfer personal information to someone overseas, we will comply with this policy and the APPs, and take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information.
iv.	all information collected is strictly for the use of Amara Residences.

Personal information may be disclosed if we:

i.	are required or authorised by Australian law or a court/tribunal order;
ii.	reasonably believe that the disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety, or a serious threat to public health or safety;
iii.	have reason to believe that an unlawful activity has been, is being, or may be engaged in.

Personal information may be disclosed to other persons as part of the provision of health services, including:

i.	other health care professionals that are or may be involved in the care of residents or employees including general practitioners, hospitals, and other allied health providers;
ii.	other external agencies that we have contracts with to provide services to residents and employees on our behalf. In circumstances where this is necessary, these external agencies are required to provide confirmation of their compliance with the Privacy Act 1988 (Cth);
iii.	funding bodies and other government agencies as required by Commonwealth and State legislation;
iv.	the person designated by the resident as the “person responsible” for giving and accessing their information.

11. Security And Storage Of Personal Information

a.	The APPs require us to take reasonable steps to protect the security of the personal information that we hold from misuse, loose, unauthorised access, modifications or disclosure. This includes appropriate measures to protect electronic materials and materials stored and generated in hard copy.
b.	Amara Residences personnel are required to respect the confidentiality of personal information and the privacy of individuals.
c.	We will hold all personal information in a secure and confidential manner and take all reasonable steps to ensure personal information is secure (e.g. all computers have password access, and personal information is kept in secure areas).
d.	All of our electronic systems that hold personal information have up-to-date security protection systems. These are reviewed on a regular basis and tested to ensure they are efficient and able to meet any potential “interference” that might occur.
e.	Staff who have access to personal information are provided with education and information about their obligations concerning confidentiality of personal information and the privacy of individuals. AmaraResidences will ensure secure disposal of electronic and paper-based records.
f.	Where we no longer require your personal information for a permitted purpose under the APPs, we will take reasonable steps to destroy it.

12. Access To Information

Subject to the exceptions set out in the Privacy Act, Amara Residences will take all reasonable steps to provide access to the personal information that we hold within a reasonable period of time in accordance with the Australian Privacy Principles.

Subject to the exceptions set out in the Privacy Act, an individual may request to gain access to their personal information held by Amara Residences by applying in writing to the Executive Manager of the facility you are associated with. Prior to disclosing any information, the Executive Manager is to refer to Amara Residences Privacy Policy Page 7 of 10 Last Updated: November 2023 the Chief Operating Officer and Village Manager.

Information will not be disclosed to any outside bodies or individuals unless we are legally bound to do so.

We may not provide access to the personal information we hold about an individual when:

i.	release of the personal information would be unlawful;
ii.	the information may be subject to legal proceedings;
iii.	release of the personal information would pose a serious threat to the life, health or safety of an individual or to public health or public safety;
iv.	release is likely to have an unreasonable impact upon the privacy of other individuals;
v.	the information could compromise our business operations;
vi.	the request is assessed as vexatious or frivolous.

Amara Residences will provide reasons for denying or refusing access to personal information in writing. This correspondence will include information concerning the mechanisms for lodging a complaint.

Please note:
If the resident is currently alive and staying in Amara Residences, we can provide the information to the person with Enduring Power of Attorney (EPOA). Once the resident is deceased, the EPOA is no longer valid and the request of information must be made by the Executor. Please make sure to escalate any request of information subjected to legal proceedings to the Head Office, as indicated.

13. Surveillance

Any devices in use will be supplied by Amara Residences. Staff are advised and supported to not use personal devices for surveillance. Staff are encouraged to report any matters of concern relating to the delivery of care and services to the Village Manager.

Any surveillance material stored electronically will be archived and destroyed as per policy.

Listening devices
Listening devices will not be used at our service other than to record a conversation or meeting to which all parties consent, expressly or impliedly, to the listening device being used. Permission to use the device must be documented at the commencement of the meeting and stored with minutes of the meeting.

Optical surveillance devices
Cameras will only be used with the consent of resident or staff member. The camera will be a device supplied by Amara Residences. Personal cameras are not to be used under any circumstances. Examples of approved camera use may include:

i.	recording of clinical progress, e.g. wound healing; or
ii.	recording of social events for publishing in a newsletter or on social media.

CCTV is installed at the facility and signage is installed to advise all visitors to the service of the use of this device.

CCTV is installed in common areas only excluding bathrooms and change rooms.

Safety tracking devices
Safety tracking devices such as alert bands or anklets will only be used with the consent of the resident or their legal representative. Management will discuss the use of this device with the resident or representative and will record this conversation in progress notes and in the care plan.

14. Quality And Correction Of Personal Information

How can you access or seek correction of your personal information?

i.	You are entitled to access your personal information held by Amara Residences on request. To request access to your personal information please contact our privacy officer using the contact details set out below.
ii.	You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
iii.	We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.
iv.	However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
v.	We may decline your request to access or correct your personal information in certain circumstances Amara Residences Privacy Policy Page 8 of 10 Last Updated: November 2023 in accordance with the Australian Privacy Principles. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.

Amara Residences will take all reasonable steps to ensure that the personal information we collect, use, hold, or disclose is accurate, complete and up to date. Individuals may request that personal information we hold is corrected if it is inaccurate, out of date, incomplete, irrelevant or misleading.

Amara Residences will take all reasonable steps to correct the personal information we hold. Amara Residences will provide reasons for not complying with requests to correct personal information in writing.

15. Notifiable Data Breach And Loss Of Personal Information

If Amara Residences becomes aware of reasonable grounds to believe that:

i.	there has been unauthorised access or disclosure of personal information it holds, or such information has been lost in circumstances where that’s likely to lead to unauthorised access or disclosure; and
ii.	a reasonable person would conclude that such access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates,

Then Amara Residences will respond following these key steps:

i.	Contain the breach and do a preliminary assessment;
ii.	Evaluate the risks associated with the breach – assess whether a reasonable person would conclude that such access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; then
iii.	Notify affected individuals and the Commissioner;
iv.	Prevent future breaches;
v.	Prepare a statement that describes what has happened and recommends the steps individuals should take in response to the breach; and
vi.	Give a copy of the statement to the Privacy Commissioner; and
vii.	If practicable, give a copy of the statement to each of the individuals to whom the relevant information relates; or
viii.	If practicable, give a copy of the statement to each of the individuals who are likely to suffer serious harm from the breach; or
ix.	If neither iii) nor iv) is practicable – publish a copy of the statement on its website and take any other reasonable steps to publicise the contents of the statement.

You can obtain further general information about your privacy rights and privacy law from the Chief Operating Officer or the Office of the Australian Information Commissioner by:

i.	calling the Privacy Hotline on 1300 363 992;
ii.	visiting their web site at www.oaic.gov.au;
iii.	emailing: enquiries@oaic.gov.au;
iv.	writing to: The Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001.

In the event of loss of personal information, we will:

i.	inform the affected individual(s) where appropriate and possible so that individuals have the opportunity to take steps to protect their personal information after a data breach;
ii.	seek to identify and secure the breach to prevent further breaches;
iii.	assess the nature and severity of the breach;
iv.	commence an internal investigation in relation to the breach;
v.	report the breach to police where criminal activity is suspected;
vi.	notify the Office of the Australian Information Commissioner if the data breach is likely to cause serious harm under the Notifiable Data Breaches scheme inform the affected individual(s) where appropriate and possible so that individuals have the opportunity to take steps to protect their personal information after a data breach.

16. Privacy Breaches And Reviews

Where a person believes that a breach of this policy or the Privacy Act has occurred, it should be referred to the Chief Operating Officer in writing.

If you have any complaints about our privacy practices or wish to make a complaint about how your personal information is managed, please contact the Chief Operating Officer to request an internal review.

This application should be made within six months from the time the applicant became aware of the alleged breach or inappropriate disclosure.

All complaints will be dealt with confidentially and promptly. Residents, families, friends or staff who have complaints about how Amara Residences have dealt with personal information may apply for an internal review.

Applications for an internal review may concern conduct a person believes is:

i.	a breach in information protection procedure;
ii.	a breach in the code;
iii.	an inappropriate disclosure by us of personal information.

Application for the internal review should be made in writing to the Chief Operating Officer. This application should be made within six months from the time the applicant became aware of the alleged breach or inappropriate disclosure.

Nomination of internal review team
In receiving an application and conducting an internal review under the Privacy Act, we will nominate an investigation team within two weeks of receiving the compliant by the Chief Operating Officer (Privacy Officer).

IT Security and data breaches
Apek provides Amara Residences with IT support and security. Under the Privacy Act 1988 (Cth), as amended by the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (Privacy Act) an “Eligible Data Breach” happens if:

i.	there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and
ii.	the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.

Apek shall, at all times, comply with its obligations under the Privacy Act.

If Apek, at any time, has reasonable grounds to suspect that there may have been an unauthorised access to, disclosure of, or loss of, information of Amara Residences that could potentially result in an Eligible Data Breach, Apek shall:

i.	immediately notify Amara Residences in writing;
ii.	take all steps possible to prevent or minimise the access to, or loss or disclosure of, information;
iii.	as soon as possible, provide Amara Residences with all available details in writing of the suspected access, disclosure or loss including the extent and nature of the access, disclosure or loss and the kind or kinds of information concerned;
iv.	cooperate fully with Amara Residences and promptly provide Amara Residences with such assistance as it reasonably requests to prevent or minimize the access, disclosure or loss of information and to allow Amara Residences to comply with its obligations under the Privacy Act;
v.	if the breach is likely to cause serious harm by reputation or financially to the company or our customers Apek will notify the Executive Team including the Managing Director, Chief Operating Officer and Chief Financial Officer by phone/SMS alert and an email sent so we can activate our action plan.

17. Conducting A Privacy Review

The internal review team will take the following steps in conducting the review:

i.	Assist the applicant as much as possible;
ii.	Interview relevant staff, examine records and obtain any other pertinent information on the circumstances of the alleged breach;
iii.	Seek advice from court and legal service or from Office of the Australian Information Commissioner as required;
iv.	Determine whether a breach of the Privacy Act has occurred and, if so, what harm or damage it has caused to the applicant;
v.	The Chief Operating Officer will prepare a report of the investigation setting out the relevant facts, the conclusions reached and recommendations for action to be taken to resolve the complaint;
vi.	If the outcome indicates a breach of the Privacy Act has been committed, the Chief Operating Officer will meet with the Managing Director and contact the Australian Information Commissioner regarding the finding and the corrective actions instituted;
vii.	The Chief Operating Officer will indicate outcomes to the applicants and ensure that they are aware of the Office of the Australian Information Commissioner who can investigate privacy complaints from individuals about private sector organisations and government agencies.

Completion of Internal review
Once an application for an internal review is received, the review will be completed as soon as reasonably Amara Residences Privacy Policy Page 10 of 10 Last Updated: November 2023 practicable. Once the review is completed the Chief Operating Officer, in consultation with the Managing Director, may decide to:

i.	take no further action on the matter;
ii.	recommend a formal apology to the applicant;
iii.	take appropriate remedial action;
iv.	provide an understanding that the conduct will not occur again;
v.	implement measures to prevent recurrence of the conduct.

You can obtain further general information about your privacy rights and privacy law from the Office of the Australian Information Commissioner by:

i.	calling their Privacy Hotline on 1300 363 992;
ii.	visiting their web site at www.oaic.gov.au;
iii.	emailing: enquiries@oaic.gov.au;
iv.	writing to: The Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001.

18. Refusal To Provide Information

You are not obliged to give us your personal information. However, if you choose not to provide Amara Residences with personal details we may not be able to provide accommodation for a resident, a position of employment or service agreement in our residences. It may also restrict our ability to assist you in accessing some other services.

19. References

•	Retirement Villages Act 1999 No 81
•	Australian Privacy Principles 2014
•	Privacy Act 1988 (Cth)
•	Privacy Amendment (enhancing Privacy Protection) Act 2012 (Cth)
•	Relevant State & Territory Privacy Acts
•	The Privacy Amendment (Notifiable Data Breaches) Act 2017
•	Surveillance Devices Act 2007 (NSW)

Privacy Officer's Name:
Esperanza Arias Calli
Chief Operating Officer

Privacy Officer's Phone Number:
(02) 8437 1707

Privacy Officer's Email Address:
EAriasCalli@pathways.com.au

Approval Date:
28/07/2023

Effective Date:
28/07/2023

Review Year:
2024

Policy Advisor:
Policy and Document Control Review Committee

Approving Authority:
Policy Review Committee