Privacy Policy

Regulatory Obligations 

As an aged care service, this organisation is bound to collect a range of personal information according to the Aged Care Act 1997. The organisation is also bound by the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) and various state laws relating to our dealing with health records. The laws set out the requirements for ensuring systems and processes are in place to appropriately manage personal information.


In this Privacy Policy:

  • “we” “us” and “our” and “Estia Health” are reference to Estia Health Pty Ltd (ACN 160 986 201)
  • “you” and “your” means a natural person whose personal information we have knowingly collected; and
  • “Website” means our website located at URL


What personal information do we collect?

Personal details such as;

  • name, gender, date of birth, next of kin details, telephone numbers, pension status and number;
  • photograph for identification on records including the medication chart;
  • photographs uploaded on the Website;
  • Medicare number, health fund details if relevant, ambulance membership number, pharmaceutical entitlement, state trustee number if relevant; and
  • financial and banking details relevant for payments as required by the Aged Care Act 1977.


Sensitive information including;

  • health information including:
    • previous and current physical and mental health conditions and or disabilities;
    • advance care wishes;
    • health assessments about physical, mental and lifestyle needs and preferences, an individualised plan of care, ongoing health charting, health professional reports and notes and test results that form the health record; and
  • police checks from prospective employees or subcontractors.  


Other sensitive information such as;

  • Ethnicity or cultural background
  • Religious beliefs and practices
  • Sexual preferences. 

(Please note you have a right not to provide the last three types of sensitive information listed above if you do not wish to).

We may also collect any other personal information you or a person ostensibly authorised by you submits to us, as well as any other information that we consider is necessary to perform our functions and activities.

How do we collect information?

We may collect personal information:

  • where you provide information via our Website;
  • where you provide information directly to us during a recruitment process;
  • where you complete paper based forms or our computer programs;
  • where you interact directly with our employees and such other persons acting for us or on our behalf, such as our human resources team;
  • from related entities; and
  • from publicly available sources of information.


Estia Health takes measures to destroy or de-sensitise unsolicited personal information that we receive. If you do not wish for your personal information to be collected in a way anticipated by our Privacy Policy, we will use reasonable endeavours to accommodate your request. If we do comply with your request, or if you provide us with inaccurate or incorrect information, we may not have sufficient information to conduct our business and we may be limited:

  • in our ability to provide our services;
  • in our ability to keep you informed about company updates and services information;
  • in considering your application for employment with us; or
  • in our ability to respond to your inquiry or request.


How do we store and secure personal information?

A unique number referred to as a Unit Record (UR) number is assigned to your health records to enable your information to be appropriately filed and stored and is not used for any other purpose.  Processes are in place to ensure your personal and health information is safeguarded against loss, unauthorised access, modification or disclosure. For example; record storage areas are secured at all times with limited access and computer records are password secured with levels of access according to staff role and responsibility.

The building has security cameras located at all entries and exits, the car park and the common areas such as; corridors and lounge areas for safety and security.  These cameras record images that are kept for 1 week for review should an incident occur.  Staff also monitor the images throughout each shift to identify potential or actual incidents related to resident safety and or security.  The cameras and images are not used for any other purpose

Although we take all reasonable measures, we are not responsible for third party circumvention of security measures on our electronic databases or at any of our premises. Please note that third party recipients of personal information may have their own privacy policies and we are not responsible for their actions, including their handling of personal information. We cannot control the actions of other people with whom you share your information. Further, we cannot guarantee that only authorised persons will access your personal information and we cannot guarantee that information you share with us on our website will not become publically available. Please notify us immediately if you believe there has been any unauthorised access to your information.

For which purposes do we collect, hold, use and disclose personal/health information?

We may collect, use and disclose personal information for the primary purpose of conducting our business, which includes:

  • providing and managing the delivery of our health care services;
  • assessing a person's application for employment with us;
  • assessing a person's application to receive our services;
  • delivering service and company update notices to you to inform you about new services or projects being undertaken;
  • monitoring and assessing the effectiveness and appropriateness of care through a range of continuous improvement activities including documentation audits, surveys, reviews, staff training and data analysis activities.  Such activities are undertaken by managers and staff and in some cases contracted consultants who are all bound by the privacy legislation to maintain confidentiality of your information;
  • responding to an inquiry or request;
  • maintain security of our facilities;
  • service your needs as a security holder, provide appropriate administration, facilitate distribution payments and corporate communications to you as a security holder;
  • compiling and maintaining mailing lists derived from our Website and hardcopy forms and communicating with persons on those lists;
  • fulfilling obligations to, and cooperating with, government authorities;
  • doing something that one would reasonably expect us to do using the information we hold; and
  • where you otherwise provide your consent, whether express or implied.


In conducting our operations, your personal and health information is used by nursing and care staff and visiting health professionals involved in your care such as; medical practitioner/s, physiotherapist, pharmacist, podiatrist to enable them to provide you with care and services appropriate to your needs and preferences. In an emergency, information is provided to health professionals for example ambulance officers and locum doctors. 

Personal information is also provided on a need to know basis to service departments such as; catering, cleaning, laundry and maintenance and specialist suppliers like continence aid supplier.     As required by the Aged Care Act the police and the Department of Social Services are informed where a resident is unexplainably missing or if physical elder abuse has occurred.  As required by the Department of Health, there is a requirement to report certain illnesses such as; gastroenteritis or influenza outbreak.

As an aged care service provider, we are required by law to communicate some personal information to the Department of Social Services (DSS) to enable the organisation to receive the correct level of funding for the care required and the appropriate running of the service. This information includes personal details about your identity e.g. name, date of birth and health information such as; medical conditions, the level of assistance required for activities of daily living and specialised care needs.  The organisation is also bound by law to provide access to your personal and health information to the Aged Care Quality Assessors. The DSS and Aged Care Quality Assessors are also bound by the Australian Privacy Principles. 

It is unlikely that your personal information will be disclosed to an overseas recipient unless required by law or if requested or consented by yourself for a particularly purpose.

Security holders

If you are a security holder in Estia Health, the Australian taxation legislation and the Corporations Act require personal information about you, including your name, address and details about your Shares, to be included on the share register. Your personal information held on the share register must be accessible to the public under the Corporations Act and will continue to be included on the share register where you cease to be a security holder. Your personal information may also be used from time to time and disclosed for purposes relating to your investment to our agents and service providers we may engage with in connection with the ordinary conduct of its operations, persons inspecting the register, bidders for your securities in the context of takeovers, regulatory bodies, including the Australian Taxation Office, the Australian Stock Exchange, authorised securities brokers, legal and accounting firms, auditors and other advisers for the purpose of advising on the Shares, print service providers, mail houses, the Share Registry or as otherwise required under the Privacy Act 1988 (Cth).

Sensitive information

We will only disclose sensitive information where you would reasonably expect us to do so for a secondary purpose, and where the secondary purpose is directly related to our primary purpose of collecting that information, or disclosure is otherwise authorised or required by law. In circumstances where we are considering an application for employment, we may require you to provide a police check. We will only use this information for the purpose of assessing your application and meeting our legal requirements.

Direct marketing

When you provide your personal details to us, you consent to us using your personal information for direct marketing purposes (for an indefinite period). From time to time, we may contact you with information about products and services offered by us and other companies which we think may be of interest to you.  This includes sending newsletters to you. When we contact you it may be by mail, telephone, email or SMS.

Where we use or disclose your personal information for the purpose of direct marketing, we will allow you to ‘opt out’ or in other words, allow you to request not to receive direct marketing communications and will comply with a request by you to ‘opt-out’ of receiving further communications within a reasonable time frame. We will only ever contact you if you have consented to direct marketing, and you can ask to be removed from our marketing lists at any time by directly contacting us.  If you don't wish to receive new information, just contact the Privacy Officer using the details set out at the end of this Privacy Policy.

How can you access and or correct your information?

We will use reasonable steps to ensure the personal information we hold is complete, up to date and accurate, so far as it is practicable for us to do so. The Privacy Officer for the organisation will assist you with your right to access or correct your personal information held by the organisation. If you have any questions or would like to access or correct information that you believe is incorrect please write or speak to the Privacy Officer using the details set out at the end of this Privacy Policy.  The Privacy Officer will inform you of any documentation requirements associated with your request and promptly deal with your request as soon as practicable and within 30 days. We reserve the right to charge you an inexcessive fee for giving access.  If we become aware that your personal information is no longer needed for any of our purposes, and we are not required to retain it under the law, we will take reasonable steps to de-identify or destroy it.

Our website

In addition to our privacy policy generally, there are specific issues relating to your privacy associated with the Website. If you access the Websites from outside Australia, you accept responsibility for ensuring or confirming compliance with all laws in that jurisdiction that apply to you as a result of that access or any consequent transactions or dealings with us, the Website or other users.

When you access the Website from a computer, mobile phone, or other device, we may make a record of your visit and logs for statistical and business purposes and we may collect information including: the user’s server address, the user’s domain name, IP address, the date and time of visit, the pages accessed and documents downloaded, the previous site visited, the operating system used and the type of browser used. We may also track some of the actions you take on the Website such as when you provide information or content to us.

We use "cookies" (small pieces of data we store for an extended period of time on your computer, mobile phone, or other device) to make the Website easier to use. We also use them to know when you are interacting on the Website. You can remove or block cookies using the settings in your browser, but in some cases that may impact your ability to use some areas on the Website. If you use an external source to publish information on the Website (such as a mobile application or a Connect site), you should check the privacy setting for that post, as it is set by that external source.

Where the Website contain links to other websites, we do not control those websites, and we are not responsible for the privacy practices of the content of such websites. We do not take responsibility for the content in, or currency of, any externally linked sites. The inclusion of any link within the Website does not imply endorsement by us of the linked site, nor does it suggest any relationship with the organisation linked.

How to make a complaint

If you wish to make a complaint about a situation where you believe your personal information has been inappropriately handled or there has been a breach of privacy please write or speak to the Privacy Officer.  The Privacy Officer will follow the organisation’s Complaints Procedure which involves a response as soon as practicable and action taken based on a risk assessment and within 30 days.  A copy of the procedure is available upon request.  If you are dissatisfied with the response and or the handling of your complaint you may contact the following: 


Health Services Commissioner (Vic)
Call: 1300 582 113
Address: 26th Floor, 570 Bourke Street
Melbourne. Vic 3000



Office of the Australian Information Commissioner

Call: 1300 363 992


Address: GPO Box 5218  Sydney NSW 2001



Contact – Privacy Officer

The contact details of Estia Health's Privacy Officer are as follows:

            Name: Mark Brandon


            Phone: 03-9811-9777


Changes to this Policy

We may change this Privacy Policy at any time. The revised version of our Privacy Policy will be effective at the time we post it on our Website.