Our Policy Statement
RCA is the owner and operator of retirement living villages throughout Victoria. By providing your personal information to us, you consent to our collection, use, storage, disclosure and management of your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and this Policy.
What personal information do we collect?
The types of personal information RCA collects about you depends on the nature of your interactions with us. In this Policy personal information has the meaning given to it in the Privacy Act and includes any information or opinion, whether true or not, about an individual or an individual who is reasonably identifiable.
We may collect the following types of personal information:
- information to verify your identity including your name, date of birth, gender, address, email address and telephone number.
- financial information including bank accounts and credit card details.
- your marital status
- your next of kin details
- your preference of our products, services, facilities and lifestyle activities
- information about you and your family and any characteristics, preferences or requirements that are relevant to the products and services that we may provide to you
- your image and/or voice and other personal information (such as your car licence plate) collected via CCTV surveillance systems installed in our retirement villages and workplaces
- your device ID, device type, geo-location information, IP address, browsing information and any personal information that you may provide to us directly or indirectly via our website, Wi-Fi services, mobile applications, embedded networks and emergency call systems
- any other personal information that may be required in order to facilitate your dealings with us.
Do we collect sensitive information?
In some cases we may also collect sensitive information, for example if you are involved in an accident we may collect medical information and incident reports.
CCTV footage may contain sensitive information, and as such its use and release is governed by additional policies, this is covered in the section dealing with access to personal information.
How is personal information collected?
We will generally collect personal information:
- from you directly when you communicate with us;
- from you directly during the sale process;
- from you indirectly, anytime you communicate or interact with us, whether this is by phone, email, face to face meeting, online or social media interaction;
- when you subscribe to our email, magazine or marketing lists, use our website, applications or our Wi-Fi services;
- your participation in our surveys, competitions, loyalty programs, marketing and sales events or promotions;
- when you visit our retirement living villages or workplaces or carparks through our CCTV systems; and
- through our recruitment process when you apply for a position with us.
We may also collect your personal information from third parties such as:
- marketing agencies, data collection and research organisations;
- medical professionals (for example if you are involved in an accident);
- credit reporting bodies, law enforcements and government entities; and
- other individuals (for example employment references).
What happens if we cannot collect personal information?
You are not required to provide personal information to us. If you wish to deal with us anonymously or you decide not to provide us with the personal information described above, we may not be able to provide or tailor our products, services or information to you, either to the same standard or at all (for example certain functions, services or information may not function properly, or you may not be able to access if you disable cookies).
Why do we collect, store, use and disclose personal information?
We may collect, hold, use and disclose your personal information for the following purposes:
- to provide and market our products and services
- to communicate with you
- to do business with you
- for the general management and conduct of our business
- to comply with our legal obligations
- to investigate incidents (including potential incidents) which occur on or at our premises
- to consider the suitability of prospective employees
- for security and risk management purposes, and
- to help us manage, develop and enhance our services, including our websites, Wi-Fi networks and applications.
We will not use or disclose your personal information for any purpose other than the purpose for which it was collected (or a related purpose) unless you have consented to that purpose or we are permitted to do so by law.
To whom do we disclose personal information?
We may disclose your personal information (including in some circumstances your sensitive information) for the purposes for which it was collected or related purposes (as described above) to:
- social media channels on which we have a presence such as Facebook, Twitter and Instagram
- regulatory authorities, police or government agencies or bodies where required by law
- related parties, entities and trusts of RCA
- related RCA Village Associations and/or management
- other companies, service providers and individuals who assist us in providing our services or managing our operations
We do not disclose your personal information to third parties outside the RCA group unless one of the following applies:
- the third party is the manager or provides the management services at one of our Villages
- the third party is engaged by us to assist with conducting the activities for which the information was collected (such as service providers, couriers, mailout providers)
- you have consented
- you would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies (Australia only)
- it is required or authorised by law, or it will prevent or lessen a serious and imminent threat to someone’s health or life.
We do not disclose your personal information to overseas recipients.
Where we have disclosed personal information to a third party acting on our behalf, we request that those third parties do not use the personal information for their own purposes and that they comply with the Privacy Act and this Policy.
CCTV at our Sites
We use CCTV surveillance systems to monitor and record activities at some of our Villages. The main purpose of this is to maintain a safe and secure environment for our employees, customers and visitors to our premises.
This means we may use your personal information gathered from CCTV for security and risk management, loss prevention, incident investigation and other purposes set out in this Policy or as permitted by law.
Free Wi-Fi Service
We offer a free Wi-Fi network service at certain RCA premises.
If you are carrying a Wi-Fi enabled device within range of one of our Wi-Fi networks, we may pick up certain data that is transmitted from your device whether or not you join our Wi-Fi network, including;
- your device ID, device type, IP address and MAC address
- geo-location information and any movement of your device throughout our premises
- any other information which you may voluntarily provide to us while accessing our Wi-Fi networks, for example your name, email address, the details of websites or mobile applications whilst you are connected to our network.
We may also link this type of information to your provided personal information if we hold a common identifier such as your unique device identifier.
In each case, we will only use information or data collected via our free Wi-Fi network service in accordance with, and for the purposes set out in this Policy, or as permitted by the law.
If you do not want this information collected, you can disable Wi-Fi and Bluetooth on your device/should not sign into the Wi-Fi network.
Direct marketing communications
We and/or our third party service providers may send you direct marketing communications and information about:
- products, services, discounts, competitions and special promotions that we consider may be of interest to you;
- offers or promotions based on how you use our products and services
- third party products and services (including offers and discounts we may have negotiated for our residents) we think may interest you
These communications may be sent in various forms, including by telephone, post, fax, email, SMS or any other form of electronic communication, in accordance with the Privacy Act and the Spam Act 2003 (Cth). By providing us your contact details you consent to us and/or third party service providers we engage, sending you the direct marketing messages described above.
Opting-out of other or all marketing communications
You may opt out of any or all direct marketing communications at any time by contacting the sender using the details set out in the communication (for example an unsubscribe link), or in the case of RCA, by contacting our Privacy Officer using the contact details below. In some situations, for example if we are providing services to you, we may still be required to make certain communications to you in connection with providing the services or products to you or as required by law.
Do we disclose personal information outside of Australia?
We may disclose your personal information to the following overseas recipients:
- To other companies, service providers and individuals who assist us in providing services or perform functions on our behalf such as hosting and data storage providers; and
- Where we are required or authorised by law to do so.
The countries in which the recipients are likely to be located include United States.
We will take reasonable steps to ensure that any overseas recipient does not use personal information for their own purpose and complies with the Privacy Act and this Policy.
You can set your browser to notify you when you receive cookies, providing you with the opportunity to either accept or reject it, you can also refuse all cookies by turning them off in your browser. However, if you do this, certain parts of our website may not function properly.
We handle personal information collected by cookies in the same way that we handle all other personal information as described in this Policy.
Security of Information
We may hold your personal information in either electronic or hard copy form. The confidentiality and security of your information is very important to us, and we take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
We use a number of physical, administrative, personnel and technical measures to protect your personal information, and regularly test our security controls, however the open nature of the internet means there is always some risk that an unauthorised party may find ways to overcome our security measures, and it is not possible to guarantee the security of your personal information. You should also be aware that e-mail communications are not usually encrypted and should not be considered secure.
Where we no longer require your personal information for business or legal reasons, we will take reasonable steps to destroy or de-identify it.
Where required by applicable law, we will notify you, and the office of the Australian Information Commissioner and/or other regulatory authorities, of data breaches affecting your personal information.
Third Party Links
Our website and mobile applications may contain links to websites owned and operated by other organisations. When you click on one of these links, you are moving to another website. Unless stated otherwise, we are not responsible for the privacy practices of, or content on, those linked websites. We encourage you to read the privacy policies and other terms that apply to those websites as they may differ from this Policy, and if you have any privacy concerns, we encourage you to contact those website providers directly.
Access and correction of personal information
If you wish to seek access to and correction of your personal information that we hold about you, please contact our Privacy Officer using the contact details set out below. Depending on the nature of your request, we may ask you to provide us further information in order to verify your identity and ask you to put in writing the information that you require.
There may be instances where we cannot grant you access to the personal information we hold, for example, if a legal exception applies or where granting access would interfere with the privacy of others or result in a breach of confidentiality. If that happens, we will give you written reasons for refusal.
In the case of requesting access to CCTV footage, we have a corporate procedure, developed to confirm with the Privacy Act that governs our use and release of CCTV footage. It may also be the case that we are unable to release CCTV footage if there is an investigation or legal action pending.
If you wish to update the personal information that we may hold, please contact our Privacy Officer email@example.com. If we disagree that there are grounds for amending your personal information, we will inform you of the reasons and add a note to the personal information stating that you disagree with it.
We will not charge you with requesting access or corrections to your personal information, however we may recover reasonable expenses for providing you with access to your personal information.
Withdrawing consent for disclosure of personal information
If you wish to withdraw your consent for the use and disclosure of the personal information that we may hold, please contact our Privacy Officer firstname.lastname@example.org. If we disagree that there are grounds for withdrawing your consent (such as where we are required by law to use and disclosure the personal information), we will inform you of the reasons and add a note to the personal information stating that you disagree with it.
We will not charge you with requesting for the consent to the use and disclosure of the personal information to be withdrawn.
Complaints and concerns about your privacy
If you have any questions about how we handle your personal information, or if you wish to make a complaint about our information handling practices, please contact our Privacy Officer (Peter Quinn, Joint Chief Operating Officer):
Phone: + 61 3 9988 6020
Mail: Privacy Officer, Unit 1, 39 – 43 Duerdin Street, Notting Hill, Victoria, 3168
Our Privacy Officer will acknowledge receipt of your complaint and after we have completed our investigations, contact you (usually in writing) to advise the outcome, usually within 30 days, and invite you to respond to our findings.
If you consider that we have been unable to satisfactorily resolve your concerns about our handling of your personal information, you can contact the Office of the Australian Information Commissioner:
Phone: 1300 363 992
Mail: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW, 2000
Please visit the OAIC website at www.oaic.com.au for further information.
We may update our Policy from time to time to take into account new laws and technology, changes to our operations and business practices. The most current version of this Policy is on our website at www.rcavillages.com.au and we encourage you to check periodically to ensure that you have the most up to date version of our current Policy.
Chief Operating Officer
10 June 2022