Chính sách bảo mật

Tìm hiểu cách chúng tôi thu thập, sử dụng và bảo vệ thông tin của bạn.

Trang chủ
Chính sách bảo mật
Nhân viên của Oxa Care đang cùng một cư dân xem sách.

For Residents, Families, Representatives and Visitors

Effective Date: 1 November 2025

Next Review Date: 1 January 2027

Version: 2.0


1. Introduction and Our Commitment to Privacy

At Oxa Care, we are committed to protecting and respecting your personal information. We recognise that privacy is a fundamental right, and we treat your information with the care and respect it deserves.

This Privacy Policy explains how we collect, use, store, disclose and protect your personal information. It is written in plain language to help you understand our privacy practices and your rights.

We handle personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), the Aged Care Act 2024 (Cth), the Aged Care Rules 2025, and all other applicable privacy and aged care laws.

Our commitment to privacy supports your rights under the Statement of Rights in the Aged Care Act 2024, including your right to have your personal privacy respected and your personal information handled respectfully and in accordance with the law.

2. About Oxa Care

Oxa Care Pty Ltd

ABN: 42 976 001 986 | ACN: 604 344 710

Address: 513 High Street, Epping, Victoria 3076

Oxa Care is a registered provider of residential aged care services under the Aged Care Act 2024. We operate a residential aged care facility in Epping, Victoria, providing permanent residential care, respite care, and palliative care services.

3. Regulatory Framework

This Privacy Policy has been developed with reference to, and complies with, the following legislative requirements and regulatory guidance:

  • The Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs)
  • The Aged Care Act 2024 (Cth), particularly Chapter 7 (Information Management) and Part 2 (Protected Information)
  • The Aged Care Rules 2025, including requirements relating to privacy and information handling
  • The Statement of Rights under Section 15 of the Aged Care Act 2024
  • The Strengthened Aged Care Quality Standards
  • The Surveillance Devices Act 1999 (Vic) for CCTV and optical surveillance
  • The Notifiable Data Breaches Scheme under Part IIIC of the Privacy Act 1988
  • Guidance from the Office of the Australian Information Commissioner (OAIC)
  • Guidance from the Office of the Victorian Information Commissioner (OVIC)
  • Guidance from the Aged Care Quality and Safety Commission

4. Who This Policy Applies To

This Privacy Policy applies to the personal information of:

  • Residents: Current, former and prospective residents of our residential aged care facility
  • Representatives and Supporters: Family members, next of kin, guardians, persons holding power of attorney, registered Supporters under the Aged Care Act 2024, and other authorised representatives
  • Visitors: Family members, friends and other visitors to our facility
  • Volunteers, Students, Service Providers and Job Applicants

Employee Records Exemption: Under the Privacy Act 1988, our handling of employee records of current and former employees (where directly related to the employment relationship) is exempt from the Australian Privacy Principles. Separate internal policies apply to employee records.

5. Types of Information We Collect

We only collect personal information that is reasonably necessary for our functions and activities as a residential aged care provider. The types of information we collect depend on our relationship with you.

5.1 Information We Collect About Residents

Personal Identification Information: Name, date of birth, place of birth, gender, contact details including address, telephone numbers and email address, and photographs for identification and clinical purposes.

Health Information: Medical history, diagnoses, health conditions, care needs assessments, care plans, clinical records, progress notes, treatment records, medication information, allergies, test results, hospital records, details of your GP and other health professionals, and advance care directives.

Legal and Representative Information: Details of next of kin, family members, emergency contacts, guardians, persons holding power of attorney, registered Supporters, and copies of relevant legal documents.

Financial Information: Assets and income information relevant to fee determination, billing details, payment information, bank account details, and government identifiers including Medicare number, Pension number, DVA number, and My Aged Care ID.

Personal Preferences and Lifestyle Information: Cultural background, ethnicity, language preferences, religious and spiritual beliefs, dietary requirements, food preferences, hobbies, interests, social preferences, and daily routine preferences.

CCTV Footage: Images captured by our CCTV cameras in common areas of the facility (see Section 10 for full details).

5.2 Sensitive Information

Some of the information we collect is classified as 'sensitive information' under the Privacy Act 1988, including health information, racial or ethnic origin, religious beliefs, and sexual orientation. We only collect sensitive information where you consent, where required or authorised by law, or where necessary for us to provide your care and services.

6. How We Collect Your Information

We collect personal information through lawful and fair means. Wherever possible, we collect information directly from you through admission and enquiry forms, face-to-face meetings, telephone conversations, emails and written correspondence, our website, feedback forms and surveys, and care planning discussions.

In some circumstances, we may collect information from third parties including your authorised representatives, healthcare providers, My Aged Care, assessment organisations, and government departments.

7. Purpose of Collection, Use and Disclosure

We collect, use and disclose personal information only for the purposes for which it was collected, for related purposes that you would reasonably expect, or as otherwise permitted or required by law. Key purposes include:

  • Delivering and managing your care, including assessments, care planning, clinical care, and coordination with health professionals
  • Administration and operations, including processing admissions, managing agreements, billing, and responding to enquiries and complaints
  • Legal, regulatory and compliance obligations under the Aged Care Act 2024 and other applicable laws
  • Quality improvement, safety and incident investigation (including review of CCTV footage where relevant)

8. Disclosure of Personal Information

We may disclose your personal information to healthcare providers and professionals, your authorised representatives and Supporters (with consent or as authorised by law), government bodies and regulators (including the Department of Health, Aged Care Quality and Safety Commission, Services Australia, and DVA), service providers and contractors, and law enforcement agencies where required by law or to protect safety.

9. Your Rights Under the Statement of Rights

The Statement of Rights under Section 15 of the Aged Care Act 2024 includes rights relating to privacy. As a resident receiving funded aged care services, you have the right to have your personal privacy respected, have your personal information handled respectfully and in accordance with the law, be treated with dignity and respect, make decisions about your own care and daily life, and raise concerns without fear of reprisal.

10. CCTV and Video Surveillance

10.1 Overview

Oxa Care operates closed-circuit television (CCTV) cameras in certain areas of our facility. This section explains our CCTV practices and how we comply with the Surveillance Devices Act 1999 (Vic), the Privacy Act 1988 (Cth), and Australian Privacy Principles when collecting and handling CCTV footage.

10.2 Purpose of CCTV

We use CCTV cameras for the following purposes:

  • Safety and security: To maintain a safe and secure environment for residents, staff, visitors and contractors
  • Incident investigation: To review footage when investigating incidents, accidents, complaints or allegations of misconduct
  • Deterrence: To deter inappropriate behaviour, theft, vandalism and unauthorised access
  • Compliance: To assist in meeting our obligations under the Aged Care Act 2024 regarding the safety and wellbeing of residents

CCTV footage is only reviewed when there is a specific reason to do so, such as investigating a reported incident or concern. We do not engage in continuous live monitoring of CCTV footage.

10.3 Location of CCTV Cameras

CCTV cameras are installed in common areas only. These areas include:

  • Building entrances and exits
  • Reception and foyer areas
  • Hallways and corridors
  • Communal lounge and dining areas
  • Outdoor areas and gardens
  • Car park

CCTV cameras are NOT installed in:

  • Residents' private rooms or suites
  • Bathrooms, toilets or shower facilities
  • Staff change rooms
  • Any area where a person would have a reasonable expectation of privacy

This approach ensures compliance with Section 7 of the Surveillance Devices Act 1999 (Vic), which prohibits the use of optical surveillance devices to record a 'private activity' without consent. Activities in common areas where people cannot reasonably expect privacy are excluded from this prohibition.

10.4 Signage and Notification

In accordance with privacy requirements and best practice:

  • Clearly visible signage is displayed at all entrances to our facility advising that CCTV is in operation
  • Signs are also displayed in areas where CCTV cameras are located
  • Information about our CCTV use is provided to residents and their representatives as part of the admission process
  • Staff, volunteers and contractors are informed of CCTV monitoring during their induction

By entering areas with CCTV signage, you are taken to have implied consent to being recorded for the purposes stated.

10.5 Audio Recording

Our CCTV cameras record video images only. We do not record audio. This is in compliance with Section 6 of the Surveillance Devices Act 1999 (Vic), which places strict requirements on the recording of private conversations.

10.6 Storage and Retention of CCTV Footage

CCTV footage is stored securely in the following manner:

  • Storage: Footage is stored on secure, password-protected recording equipment located on-site in a restricted access area
  • Retention period: Footage is automatically overwritten after approximately 30 days unless it has been specifically preserved for an incident investigation or other lawful purpose
  • Preserved footage: Where footage is preserved for an investigation or legal purpose, it is retained for as long as necessary to fulfil that purpose and then securely deleted
  • Access controls: Only authorised personnel (management and designated staff) have access to the CCTV recording system

10.7 Access to and Disclosure of CCTV Footage

Access to CCTV footage is strictly controlled. Footage may be accessed or disclosed in the following circumstances:

  • Internal investigations: To investigate incidents, accidents, complaints, or allegations of misconduct occurring at our facility
  • Law enforcement: To Victoria Police or other law enforcement agencies where required by law, pursuant to a warrant, or where we reasonably believe it is necessary to assist in the investigation of a suspected offence
  • Regulators: To the Aged Care Quality and Safety Commission or other regulators where required under the Aged Care Act 2024 or other legislation
  • Legal proceedings: Where required or permitted in connection with legal proceedings, including coronial inquests
  • Safety: Where we reasonably believe it is necessary to lessen or prevent a serious threat to the life, health or safety of any individual

We do not disclose CCTV footage to family members, other residents, or third parties without appropriate legal authority, consent, or a lawful basis for disclosure. Where footage includes images of other individuals, we will take reasonable steps to protect their privacy (for example, by pixelating or obscuring their images where practicable).

10.8 Your Rights Regarding CCTV Footage

Under the Privacy Act 1988, you have the right to request access to personal information we hold about you, which may include CCTV footage in which you are identifiable. To request access to CCTV footage:

  • Submit a written request to our Privacy Officer (see Section 20 for contact details)
  • Provide proof of your identity
  • Specify the date, time and location of the footage you are requesting

We will respond within a reasonable timeframe. Access may be declined or limited where:

  • Providing access would unreasonably impact on the privacy of other individuals captured in the footage
  • The footage has been automatically overwritten and is no longer available
  • Disclosure would prejudice an ongoing investigation or legal proceedings
  • Denial of access is otherwise required or permitted by law

10.9 Personal Surveillance Devices

The use of personal surveillance devices (including cameras, audio recorders, or monitoring devices) by residents, family members, or visitors within our facility is subject to legal restrictions under the Surveillance Devices Act 1999 (Vic) and privacy laws.

If you wish to install a personal surveillance device in a resident's room or use a recording device within the facility, you must:

  • Discuss this with our management in advance
  • Obtain appropriate consent from all individuals who may be recorded
  • Comply with all applicable laws, including the Surveillance Devices Act 1999 (Vic)

Recording of staff, other residents, or visitors without their knowledge and consent may constitute an offence under the Surveillance Devices Act 1999 (Vic) and could result in both criminal and civil liability.

11. Storage and Security of Personal Information

We take all reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Our security measures include:

Physical Security: Secure storage of physical records in locked cabinets, access controls to areas where personal information is stored, and CCTV monitoring of common areas.

Electronic Security: Password protection and access controls, encryption of sensitive data, firewalls and security software, and secure backup systems.

Staff and Procedural Measures: Staff training on privacy obligations, confidentiality agreements, access limited to staff who need it for their duties, and clear policies and procedures.

Record Retention: We retain personal information for as long as necessary to fulfil the purposes for which it was collected and as required by law. Aged care records are retained in accordance with the Aged Care Act 2024. When no longer required, personal information is securely destroyed or de-identified.

12. Notifiable Data Breaches

If we become aware of a data breach that is likely to result in serious harm to any individual, we will take immediate steps to contain the breach, assess whether it is likely to result in serious harm, notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required, and take steps to minimise any harm to affected individuals.

13. Overseas Disclosure

We generally do not disclose personal information to overseas recipients. Your personal information is primarily stored and used in Australia. In limited circumstances, personal information may be stored on or accessible through servers located overseas (for example, through cloud-based service providers). Where this occurs, we take reasonable steps to ensure that overseas recipients handle your information in accordance with Australian privacy standards.

14. Accessing and Correcting Your Information

You have a right to request access to personal information we hold about you, including health records and CCTV footage in which you are identifiable. To request access, contact us using the details in Section 20. We may ask you to submit your request in writing and provide proof of identity. We will respond within a reasonable timeframe (generally within 30 days).

We take reasonable steps to ensure that personal information we hold is accurate, up-to-date, complete and relevant. If you believe any information is inaccurate, incomplete or out-of-date, please contact us and we will take reasonable steps to correct it.

15. Anonymity and Pseudonymity

Where practicable, you may interact with us anonymously or using a pseudonym. However, in most cases relating to the provision of aged care services, it is not practicable for us to deal with you anonymously as we need to identify you to provide your care and meet our legal obligations.

16. Website Privacy

When you visit our website (www.oxacare.com.au), we may collect information about your visit, including your IP address, the date and time of your visit, pages viewed, the type of browser and operating system used, and the referring website.

Cookies: Our website uses cookies to enhance your browsing experience. You can manage or disable cookies through your browser settings.

Third-Party Analytics: We use third-party analytics services, including Google Analytics, to collect anonymised information about website usage.

External Links: Our website may contain links to external websites. We are not responsible for the privacy practices of those websites.

17. Direct Marketing

From time to time, we may use your contact information to send you information about our services, events, or other matters we believe may be of interest to you. If you do not wish to receive marketing communications, you can opt out at any time by contacting us or using the unsubscribe function. Opting out will not affect the care and services we provide or essential communications.

18. Making a Complaint

If you have a complaint about how we have handled your personal information, we encourage you to contact us first. We will acknowledge receipt within 7 days and aim to respond within 30 days.

If not satisfied with our response, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)

Phone: 1300 363 992 | Website: www.oaic.gov.au

Office of the Victorian Information Commissioner (OVIC)

Phone: 1300 006 842 | Website: www.ovic.vic.gov.au

Aged Care Quality and Safety Commission

Phone: 1800 951 822 | Website: www.agedcarequality.gov.au

19. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the 'Effective Date' and make the updated policy available on our website and upon request. If we make significant changes, we will take reasonable steps to notify you.

20. Contact Us

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or have a privacy-related complaint, please contact us:

Oxa Care Pty Ltd

Attention: Privacy Officer

Address: 513 High Street, Epping, Victoria 3076

Phone: 1300 584 741

Email: privacy@oxacare.com.au

Website: www.oxacare.com.au

21. Definitions

In this Privacy Policy:

"Aged Care Act" means the Aged Care Act 2024 (Cth).

"APPs" means the Australian Privacy Principles contained in Schedule 1 of the Privacy Act 1988 (Cth).

"CCTV" means closed-circuit television, being a video surveillance system that transmits signals to a specific set of monitors or recording devices.

"Health Information" means information or an opinion about the health or disability of an individual, or a health service provided to an individual.

"Optical surveillance device" has the meaning given in Section 3 of the Surveillance Devices Act 1999 (Vic), being any device capable of being used to record visually or observe an activity.

"Personal Information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not.

"Privacy Act" means the Privacy Act 1988 (Cth).

"Private activity" has the meaning given in Section 3 of the Surveillance Devices Act 1999 (Vic), being an activity carried on in circumstances that may reasonably be taken to indicate that the parties to it desire it to be observed only by themselves. It does not include an activity carried on outside a building or an activity carried on in circumstances where the parties ought reasonably to expect it may be observed by someone else.

"Protected Information" has the meaning given in the Aged Care Act 2024 and includes personal information obtained or generated for the purpose of providing aged care.

"Sensitive Information" has the meaning given in the Privacy Act 1988 and includes information about an individual's racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, health information and genetic information.

"Statement of Rights" means the Statement of Rights set out in Section 15 of the Aged Care Act 2024.

"Supporter" means a person registered as a supporter under Section 37 of the Aged Care Act 2024 to support an older person in making decisions and exercising their rights.

"Surveillance Devices Act" means the Surveillance Devices Act 1999 (Vic).

"We", "us", "our" refers to Oxa Care Pty Ltd (ABN 42 976 001 986, ACN 604 344 710).

"You", "your" refers to any individual whose personal information we collect, use or disclose.

This Privacy Policy was last updated on 1 January 2026.

© 2026 Oxa Care Pty Ltd. All rights reserved.