A Decrease font size. A Reset font size. A Increase font size.

Close Menu
  07 3360 9000

Purpose

TriCare is required to comply with the Privacy Act, State-based privacy legislation, the Aged Care Act and Rules, and retirement village legislation.

The Privacy Act sets out the manner in which organisations may collect, store, use, and disclose Personal Information and how a person can access and/or correct records containing their Personal Information.

As a registered provider of funded aged care services, we are also required to comply with the obligations under the Aged Care Act relating to the handling and protection of Personal Information and upholding an Individual’s right to have their privacy respected.

As a retirement village operator, we are required to comply with the obligations under the relevant state based retirement village legislation and in accordance with residence agreements.

We are committed to protecting your privacy and upholding our obligations under the Privacy Act, Aged Care Act, and retirement villages legislation.  

As part of this commitment, we:

  • are transparent about the Personal Information we collect;
  • only collect Personal Information that is necessary for the services we provide;
  • ensure Personal Information is handled in accordance with the law;
  • take reasonable steps to keep all Personal Information secure;
  • build privacy considerations into our contractual and other arrangements, including where other organisations or contractors are used to deliver services on our behalf;
  • monitor activities to ensure compliance and identify areas for improvement; and
  • notify affected individuals and the Australian Information Commissioner, Queensland Information Commissioner, Victorian Information Commissioner or the New South Wales Information and Privacy Commissioner (as required) in the event of a data breach, when required to comply with our regulatory obligations.

This policy outlines the types of Personal Information that we usually collect, the purposes for which we collect it, to whom we disclose it, how we hold and keep it secure and your rights in relation to your Personal Information, including how to complain and how we deal with complaints. 

  • We are committed to ensuring that this policy is accessible, understood, and embedded in everyday practice. We do this by:
  • Delivering privacy training to our Employees;
  • Taking reasonable steps to make the Privacy Policy is available to a person or body who requests it; and
  • Implementing policies, procedures and systems to ensure compliance with the APPs and deal with inquiries or complaints about compliance.

Definitions

In this policy, capitalised terms have the following meanings:

TermDefinition
Aged Care Act means the Aged Care Act 2024 (Cth).
APPsmeans the Australian Privacy Principles.
Employeesmeans any employee, volunteer or subcontractor engaged by us, or on our behalf.
Individualmeans individuals who receive funded aged care services.
Personal Informationmeans information or an opinion (including written and verbal information or an opinion forming part of a data base), whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable. It may include, for example, basic identifying information such as name and address, health information, financial information, or employment information such as job title or work schedule. Personal Information may include Sensitive Information and protected information (as that term is defined in the Aged Care Act). Personal Information may or may not apply to information of deceased people.
Privacy Actmeans the Privacy Act 1988 (Cth).
Sensitive Informationmeans a type of Personal Information that requires higher protection due to its sensitive nature. It may include, for example, racial or ethnic origin, religious or philosophical beliefs, health records, criminal record, or any other Personal Information that is ‘Sensitive Information’ as defined in the Privacy Act. For an Individual, this may look like: health and medical information (such as progress notes); racial or ethnic origin and religious beliefs or affiliations.
TriCaremeans TriCare Limited.
Residentmeans person living in a TriCare retirement community.
Rulesmeans the Aged Care Rules 2025 (Cth).
We, Us or Ourmeans TriCare Limited.

Policy

  1. Scope
    1.1 This policy applies to:
    • TriCare;
    • Individuals, and their relatives, supporters and authorised representatives;
    • Residents, and their relatives, and authorised representatives; and
    • our Employees.
    1.2 The Privacy Act and this Policy do not apply to employee records, such as salary details, performance reviews, medical records, and disciplinary actions where the collection, use, or disclosure is directly related to a current or former employment relationship with us
  2. Types of Personal Information we collect
    2.1 We collect Personal Information from Individuals, Residents, Employees, job applicants, and other people when they choose to engage with us.
    2.2 The type of Personal Information we collect and why we collect it depends on your relationship with us. The Personal Information we collect may include (but is not limited to):
    • Individuals: name, address, date of birth, details of next of kin, emergency contacts, financial information and sensitive information such as health and medical information, racial or ethnic origin, religious beliefs or affiliations;
    • Residents: name, address, date of birth, details of next of kin, emergency contacts;
    • Employees: name, address, date of birth or emergency contact information;
    • Job applicants: employment history and qualifications, information provided in resumes and cover letters, information from interviews, reference checks, and health information such as medical assessments, superannuation fund details, personal alternative contact details and criminal history record;
    • Other people: any information provided in the course of interacting with us, such as through feedback forms, surveys, or event participation.
    2.3 We collect Personal Information from you to provide services and to operate our business. We may also collect Sensitive Information from you. If we are unable to collect Personal Information, we may be unable to provide the services required or continue our relationship with you.
    2.4 Where possible, Individuals may choose to remain anonymous or use a different name when dealing with us. However, this may not be possible if:
    • it is impracticable to proceed without identification; or
    • identification is required by law, a court, or tribunal.
  3. How we collect Personal Information
    3.1 We will generally collect Personal Information directly from you, using forms and documents (including in electronic form) you submit to us, such as when you enter into a contract with us.
    3.2 We also collect Personal Information through:
    • you or your authorised representative;
    • completion of our enquiry or application form;
    • publicly available sources, including social media;
    • correspondence, telephone calls, or meetings;
    • online interactions through our website;
    • closed circuit television (CCTV) or other monitoring systems at our premises;
    • photography or videography in the course of providing services, such as during consultations; and
    • if you are an employee via facial recognition scanning for timekeeping purposes.
    3.3 We may collect information from you without your consent in certain lawful circumstances, for example where it is necessary to prevent a serious threat to the life, health or safety of a person.
    Information from third parties
    3.4 We also collect Personal Information from third parties depending on your relationship with us, including:
    • Individuals: from relatives, supporters or other authorised representatives, health service providers (such as general practitioners, hospitals or allied health professionals), or relevant government agencies (such as MyAgedCare and the Department of Health, Disability and Ageing);
    • Residents: from relatives, or authorised representatives;
    • Job applicants and contractors: we may collect details of any existing criminal record from police agencies or agencies completing police checks on our behalf, information from your references and previous employers.
    Unsolicited information
    3.5 If we receive unsolicited information (for example, an email sent to us by mistake), we will check if we could have lawfully collected it. If not, we will destroy or anonymise the information as soon as possible, unless it’s reasonable and lawful to keep it. If we do keep it, we will handle it according to this Policy.
    Handling government identifiers
    3.6 Tax file numbers and other government identifiers will only be handled in accordance with relevant legislation, if applicable.
  4. Purposes for which we collect, use and disclose Personal Information
    4.1 We collect, use and disclose your Personal Information to:
    • assess eligibility for services, tailor services or provide the appropriate care or support to Individuals, where applicable;
    • assess the eligibility of Residents to reside in our retirement villages and to deliver services in connection with the operation of the retirement villages, where applicable;
    • manage and conduct our business, including matters such as payment for services;
    • report data to government departments, as required by law;
    • comply with legal and regulatory obligations, resolve any disputes and enforce our agreements and rights with third parties;
    • to offer or promote our products and services;
    • to obtain feedback;
    • to help us manage, develop and enhance our services, including our websites and applications;
    • assess suitability and eligibility for employment;
    • improve our services, programs, and communication with stakeholders.
    4.2 In certain circumstances, including those contemplated by the Aged Care Act, we disclose your Personal Information to third parties, including the following types of persons or entities:
    • necessary third parties in order to provide our services;
    • relatives, authorised representatives or supporters (if applicable) where permitted;
    • Employees, including contractors, consultants, associates, volunteers, students, and related entities who are subject to confidentiality obligations;
    • our professional advisers, including lawyers, accountants and auditors;
    • industry bodies, tribunals, courts, or others, in connection with any complaints made;
    • government departments or funding agencies, police agencies and agencies (such as CrimTrac and MyAgedCare);
    • a purchaser of our business, or part of our business, as a going concern; and
    • other entities with the required consent or as permitted or required by law (such as where there is a coronial inquest).
    4.3 In certain circumstances, we may use or disclose your information for a purpose other than what it was collected, for example, in emergency situations or law enforcement activities.
    4.4 We may disclose the Personal Information of Employees, if required, to:
    • health services providers;
    • other employees in the course of conducting referee checks;
    • government departments or funding agencies, police agencies and agencies;
    • the Australian Tax Office;
    • workplace regulators, including for workplace health and safety, and workers compensation purposes;
    • superannuation and insurance bodies; or
    • external auditors or regulators.
    4.5 We will not use your Personal Information without taking reasonable steps to ensure the information is relevant, accurate, up to date, complete and not misleading.
    4.6 We may aggregate or de-identify statistical information so that people cannot be identified, for use in our internal purposes or for sharing with government agencies or research organisations.
  5. How we keep your Personal Information safe
    5.1 We will handle your Personal Information in an open and transparent way.
    Storing your Personal Information
    5.2 We store Personal Information in both paper form and electronically. Electronic records may be stored on local and/or cloud-based platforms. Our cloud storage providers are contractually required to handle Personal Information securely and in accordance with privacy laws.
    5.3 We may also store archived Personal Information at a secure offsite records storage and archive management facility. The Personal Information will be destroyed in line with the relevant legislative requirements.
    5.4 Images from facial recognition timekeeping software do not store images. The timeclock scans an image, which generates an individual template created from digital representations. These mathematical digital representations of the face cannot be used to re-create the original image. The original images are promptly destroyed once the template is created.
    5.5 We take all reasonable and appropriate steps (including organisational and technological measures) to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
    How we protect your Personal Information
    5.6 We have strict security measures in place to protect Personal Information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These measures include:
    • policies and procedures: clear security protocols for our Employees to follow;
    • secure storage: physical files are stored in secured facilities both on our premises and at offsite locations;
    • restricted access: only authorised Employees and contractors, who need access for their role, can view certain Personal or Sensitive Information;
    • secure transmission: electronic information is transmitted using secure networks or encryption. However, despite our best endeavours, it is important to note that no internet transmission is completely secure; and
    • device and network protection: security tools such as authentication controls, firewalls, virus scanning and intrusion detection help safeguard our systems.
    How we handle data breaches
    5.7 We take data breaches seriously. If a data breach occurs, we will notify the affected individuals and the Australian Information Commissioner if required in accordance with our regulatory obligations
    How long we keep Personal Information
    5.8 We retain Personal Information only as long as necessary for the primary purpose of collection or a lawful secondary purpose.
    5.9 Generally, records are kept for at least seven years from the date of the last record. When no longer needed, Personal Information is securely destroyed or de-identified.
    How we destroy Personal Information
    5.10 When Personal Information is no longer required for our functions, activities, or legal obligations, we securely destroy or permanently de-identified it to protect privacy and prevent unauthorised access.
    5.11 We follow all legal and regulatory requirements when destroying information, ensuring compliance with the Privacy Act and other relevant laws.
  6. Cookies and websites
    6.1 Cookies are small data files stored on a person’s computer, mobile phone or other device when visiting a website. They help track pages visited and improve website functionality, and may remember your preferences
    6.2 Our website uses cookies. Browser settings can be adjusted to block cookies; however, this may limit website functionality.
    6.3 Whilst we do not use browsing information to identify you personally, we can record certain information about your use of our website, such as which pages you visit, the time and date of your visit, search engine referrals and the internet protocol address assigned to your computer.
    6.4 Our web pages can contain electronic images, known as web pixels. These electronic images enable us to count users who have visited certain pages on our website. Web beacons are not used by us to access your personal information, they are simply a tool we use to analyse which web pages are viewed, in an aggregate number.
    6.5 We are not responsible for third-party websites, platforms, or applications linked to, or associated with our services. Their privacy policies should be reviewed before use. Some third-party platforms may offer tools to manage privacy settings and opt out of personalised ads.
  7. Direct Marketing
    7.1 We can use your Personal Information to identify a product or service that we believe you may be interested in. We can, with your consent, use the Personal Information we have collected about you to contact you from time to time whether by phone or email to tell you about new products or services and special offers that we believe is of interest to you.
    7.2 You can withdraw your consent to receiving direct marketing communications from us at any time by unsubscribing from the mailing list by clicking on the link in the marketing communication.
  8. CCTV
    8.1 We use CCTV systems at our sites. We collect your Personal Information via CCTV for the purpose of:
    • monitoring the safety and security of Individuals, Residents, Employees and suppliers, and completing incident investigations;
    • detecting and deterring unauthorised access to, or unwelcome or criminal behaviour at, our venues; and
    • implementing and enforcing our policies and procedures.
    8.2 CCTV footage may be disclosed to third parties, such as:
    • law enforcement agencies;
    • third party service providers; or
    • our third party claims management provider in connection with incidents. The claims manager may provide CCTV footage to its related entities as part of its ordinary claims management practices.
  9. Accessing and Correcting your Personal Information
    9.1 You can request access to or correction of the Personal Information we hold about you, by contacting us using our details in the “contact us” section below.
    9.2 We will address such requests as soon as practicable, and usually within 30 days.
    9.3 We may require you to verify your identity or the authority you have to request information if the information relates to someone other than yourself, before the access to Personal Information is granted.
    9.4 Access may be denied in certain circumstances, such as where releasing the information would impact another person’s privacy or where legal restrictions apply. If we decide to refuse your request, we will tell you why in writing and how to complain.
    9.5 Where a request is made for access to information of a deceased individual, we will handle the request in accordance with its obligations under applicable Commonwealth and State legislation. Access will be granted to a legal representative of the deceased (being an executor or administrator of the estate) upon receipt of a written request and satisfactory evidence of identity and authority.
    9.6 We may require you to pay a fee to access your Personal Information.
    9.7 We will take reasonable steps to correct any Personal Information we consider to be inaccurate, incomplete, misleading or out of date.
  10. Making a complaint
    10.1 If there are concerns about a possible breach of the Privacy Act, APPs, or any related privacy code, a complaint can be made:
    • verbally; or
    • in writing to the Privacy Officer using the contact details below.
    10.2 Upon receiving a complaint, we will confirm how we intend to address the issue as soon as reasonably practicable.
    10.3 If the response is unsatisfactory, complaints can be escalated to the Office of the Australian Information Commissioner (OAIC). More information on lodging a complaint is available at www.oaic.gov.au/privacy/privacy-complaints.
  11. Contact us
    11.1 For any privacy-related queries, please contact:
    TriCare Privacy Officer
    PO Box 439, Mt Gravatt, Qld, 4122
    Telephone: (07) 3360 9039
    Email: privacy@tricare.com.au
  12. Variation
    12.1 We may update this policy, from time to time, to take account of changes to law or regulations and changes to our services or business operations.