UPA recognises that it holds a position of trust in obtaining and keeping personal, health and sensitive information for all consumers and is committed to protecting the confidentiality and privacy of information which the organisation collects, stores, and administers. This includes other persons dealing with us and that they understand our practices in relation to the management of personal information. UPA complies with Privacy Amendment (Notifiable Data Breaches) Act 2017, Privacy Act 1988, Australian Privacy Principles and Aged Care Act 1997.

UPA is committed to protecting and maintaining the privacy and confidentiality of all consumers with whom we deal regarding their personal, health and sensitive information and takes all reasonable steps to safeguard this. UPA only collects information by lawful and fair means and only if the information is necessary for our functions as an Approved Provider.

All consumers must have the capacity to consent; informed consent will be obtained to collect information.  UPA facilitates consumers to be involved, as far as practicable, in any decision-making process and will support and facilitate use of additional resources such as an interpreter services or alternative communication methods. UPA will discuss privacy issues with them in a way that is understandable to them. If a consumer does not have capacity, even with support or supply of additional resources UPA will take into consideration who can act on the individual’s behalf. Alternatives include:

  • a guardian,
  • someone with an enduring power of attorney,
  • a person recognised by other relevant laws, for example in NSW, a ‘person responsible’ under the Guardianship Act,
  • 1987 (NSW) (this may be an individual’s spouse, partner, carer, family member or close friend), or
  • a person who has been nominated in writing by the individual while they could give consent.

A key aspect of dignity and respect is ensuring consumer’s privacy is respected. It is essential that all stakeholders respect a consumer’s right to privacy, how personal information it is collected, used, and communicated. Dignity and privacy will be extended to others when they visit our premises with the provision of personal rooms or areas to undertake confidential discussions, when it is applicable and with the consent of the consumer or their substitute decision maker.

All stakeholders receive ongoing education and training regarding privacy, confidentiality, dignity, and respect which includes talking to other consumers, other family members and visitors not involved in providing care and services without consent and how they are to enter a consumer’s room or home.

Collection, use and disclosure of information
UPA collects personal, health and sensitive information for the purpose of delivering direct care and services, managing processes with service delivery e.g., referrals and to comply with legal obligations. The nature and extent of the information collected varies depending on the consumers interaction with us. UPA only uses personal information for the purposes for which it was given to us, or for purposes which are in relation to one of our services.

We may disclose information to other external organisations such as funding bodies, contractors, health care professionals, other regulatory bodies, or our professional advisors. This information may be collected using in-person interviews, intake, registration, application processes, online or electronic registration or communications and via telephone. UPA’s Code of Conduct outlines the expectations of stakeholders and contractors to take all reasonable steps to protect organisational, personal, health and sensitive information. All stakeholders and third-party contractors are required to sign a confidentiality and privacy agreement to that effect.

UPA ensures that safeguards are in place to protect the personal, health and sensitive information it administers against loss, interference, unauthorised access, inappropriate disclosure, modification, or other misuse. These safeguards include reasonable physical and technical steps for both electronic and hard copy records. Some of these include, but are not limited to:

  • securing information in lockable storage cabinets,
  • not storing personal information in public areas,
  • restricting physical access,
  • positioning electronic equipment so that they cannot be seen or accessed by unauthorised persons, and/or,
  • using passwords, different levels of information systems access, anti-viral software, and firewalls to restrict unauthorised use.

UPA takes all reasonable steps to ensure that information that it collects is accurate, up-to-date, and complete. This may include maintaining and updating information either proactively or when we are advised by individuals that the information has changed.

It is a criminal offence for any individual to falsify records, any stakeholder who is aware of this occurring is to report it immediately to their manager or senior management.

Exemptions for disclosure
A legal requirement to disclose personal information may override UPA, this is known as a ‘duty of care’. Situations where this may occur include the following:

  • where there is serious risk of abuse or physical harm to the individual or other person, including our consumers/clients, the public and own employees,
  • where the disclosure if required under a law,
  • where the individual would reasonably expect us to use or give that information,
  • when the disclosure is necessary by or for a law enforcement agency (e.g., prevention, investigation, prosecution of punishment of criminal offences, protection of public revenue, preparation or implementation of a court or tribunal order).

Access to information
Consumers or other individuals can request that we provide access to personal information that we hold, collect and store. UPA will make all reasonable attempts to grant this unless providing access is:

  • frivolous or vexatious
  • endangers the life, health, and safety of any individual or endangers public health or safety,
  • unreasonably impacts upon the privacy of other individuals,
  • jeopardizes existing or anticipated legal proceedings,
  • prejudices negotiation between the individual and UPA,
  • an enforcement body performing a lawful security function requests us not to provide access to the information.

Access is undertaken in line with NSW Legislation – Health Records and Information Privacy Act 2002 No 71.

Requests for access to information can be made in writing and addressed to the Regional Manager or Manager.

All consumers are offered a copy of their care and service plan at their request. As required changes will be made to the individualised plan in consultation with the consumer based on their goals, choices and wishes.

Declining access
An individual’s identity is established prior to allowing access to requested information. If unsatisfied with an individual’s identity or access is requested from an unauthorised party, we can decline access to information requested. We will provide in writing the reasons for declining access to requested information.

Grievance procedure
Any concerns or complaints regarding Privacy and confidentiality can be directed to UPA Privacy Officer Contact details:

Phone: 02 9482 4530 Fax: 02 9487 7362 Email: PrivacyOfficer@upa.org.au. It is our intention to resolve any complaints or concerns as quickly as possible. As required concerns or complaints can be forwarded to Office of the Privacy Commissioner for further consideration – GPO Box 5218 SYDNEY NSW 2001, Phone: 1300 363 992, Email: enquiries@oaic.gov.au

Storage and disposal of information
UPA has systems and processes in place designed to hold personal information securely and will take all reasonable steps to store and dispose of this in line with relevant legislation. When personal information is no longer required, it will be destroyed in a secure manner, deleted or de-identified in accordance with legal or compliance requirements.

Digital information is stored securely and is only accessed by those with delegated authority. Only authorized personnel are granted access to relevant information, any information no longer required will be destroyed and stored in a secure manner.

Cross border disclosure
UPA will not disclose any consumers’ personal information to an overseas recipient except where they are approved to receive this information, the overseas recipient is subject to laws similar to the Australian Privacy Principles and we reasonably believe the disclosure is necessary or authorised by Australian Law.  The consumer will be requested to give express consent to the disclosure.

 Privacy Policy – Website
Your continued use of this website indicates that you accept this Privacy Policy and consent to the collection and use by UPA of any personal information you provide while using this website.

 We take your privacy very seriously.
We will only collect your information when:

  • You send us an email or
  • You subscribe to receive our newsletter and other information material
  • You give us any personal information when using the ‘Contact Us’ form

If we require further information from you, we will contact you either by phone, in writing & or email.

 What information is collected?
If you choose to provide us with your personal information through this website, it will generally be limited to:

  • Your personal contact details (name, address, phone number, email address)

All information is held securely.  To ensure your privacy is protected, your information will not be disclosed outside of UPA.

 Who will have access to your personal information?
All personal information provided to UPA via this website will only be seen or used by persons employed by UPA and our contracted service providers (eg, Web Developers who are bound by privacy legislation).  The only other time external entities will have access to your personal information is if:

  • We are required to provide your information to others for purposes relating to public safety and law enforcement.

 Security of your personal information
We take precautions to ensure the security of personal information by storing it in a secure environment.

This website has security measures designed to protect against the loss, misuse and/or alteration to your personal information under our control.  However, information exchanged via the Internet may be accessed and used by people other than those for whom it is intended.  If you send us any personal information by email it is sent at your own risk.

If you use our website or any online facility we confirm that we may utilise tracking software and cookies. A cookie is a small file of letters and numbers downloaded on to a device when the user accesses certain websites.  A cookie will allow a website to recognise a user’s device.

A cookie will contain the name of internet location (the domain) from which the cookie has come and the lifetime of the cookie (a cookie will usually expire after a certain period of time).

Two types of cookies are used on this website:
Session cookies which are temporary cookies that remain in the cookie file of your browser until you leave the site; and

Persistent cookies which remain in the cookie file of your browser for much longer (though how long will depend on the lifetime of the specific cookie).

How we use cookies on our site and what information we collect

Session cookies
We use session cookies to allow you to carry information across pages of our site and avoid having to re-enter information.

Persistent cookie
We use persistent cookies from time to time to help us recognise you as a unique visitor when you return to our website and to monitor your use of our website;

Use of web beacons and other tracking software
Some of our web pages may contain web beacons which allow us to count users who have visited web pages.  Web beacons collect only limited information including a cookie number, time and date of a page view, and a description of the page on which the web beacon resides.  These beacons do not carry any personally identifiable information and are used to track the effectiveness of a particular communication or marketing campaign.

 Your control
If you provide UPA with confidential information;

  • You have the right to ask for a copy of these details at any time.
  • You have the right to request removal or update of your details at any time.

To request update or delete your information, wish to stop receiving information, ask questions about privacy or register a complaint regarding privacy and your information, please email privacy@upa.org.au or by telephone on 1800 UPA NOW.


Confidentiality: implies the relationship of confidence between the organisation and individuals.

Health information: information or an opinion, that is also personal information:

  • The health or disability (at any time) of an individual,
  • An individuals expressed wishes about the future provision of health services to him or her,
  • Other personal information collected to provide, or in providing, a health service,
  • Other personal information about an individual collected in connection with the donation, or intended donation,
  • by the individual of his or her body parts, organs, or body substances; or,
  • Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.

Personal information (as defined by the Privacy Act 1988): Is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Privacy: keeping certain personal information free from public knowledge and having control over its disclosure and use.

Sensitive information (As defined by the Privacy Act 1988): Is information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, or health, genetic or biometric templates, that is also personal information.