Privacy statement

Doutta Galla Aged Services ABN 96 088 097 929 (Doutta Galla, we, us, our) is committed to handling your personal and health information responsibly and appropriately in accordance with the Privacy Act 1988 (Cth) (and the Australian Privacy Principles (APPs) made under the Act) and the Health Records Act 2001 (Vic) (and the Health Care Principles (HPPs) made under that Act). 

This Statement outlines how we aim to protect the privacy of personal information collected about you, your rights in relation to the information we hold about you, and how we collect, use, store and disclose personal information about you, including the following: 

  • how we ensure that personal information collected about you is managed openly and transparently; 
  • the steps we take to protect the privacy of personal information (including sensitive information and health information); 
  • how we fairly and lawfully collect, handle and store personal information (including sensitive and health information); 
  • the purposes for which we collect, use and disclose personal information; 
  • how we use the information we collect and to whom we typically disclose information; 
  • how you can request access to and correction of any information we hold about you; and 
  • how you can enquire or complain about our methods of handling personal information collected about you. 

We make a copy of this Statement available on the Doutta Galla website We may update this Statement from time to time. While we will use reasonable endeavours to update you on changes to this Statement, we recommend that you regularly check our website for the current version of this Statement. 

If you provide personal information to us, you consent to us collecting, using, storing and disclosing that information in the manner detailed in this Statement. 

Why we collect personal and health information? 

We collect personal information (including sensitive and health information) about you for a number of purposes. Generally, we collect personal information to enable us to provide you with care and services. 

Accordingly, we may use and/or disclose personal information collected about an individual for one or more of the following purposes: 

  • to manage enquiries and applications relating to the provision of our services to you or those you contact us on behalf of; 
  • to provide residential aged care, services in your home or the services related to you living in a Doutta Galla Independent Living Unit; 
  • to provide or procure care services; 
  • to enable allied health care professionals and medical practitioners to provide care and related services; 
  • to assist us to obtain the correct level of government funding with respect to your care; 
  • to comply with our legal and statutory obligations (including reporting to Government agencies, as required); 
  • to communicate with your nominated representative or family member, as the circumstances require; 
  • to handle and resolve any complaints in relation to the services we provide or which are procured for you; 
  • to facilitate our internal administration activities and functions, such as managing your account, as well as training, assessment and reviews; 
  • to send information updates, marketing materials and newsletters to individuals who have consented (either expressly or impliedly) to receive such information and materials, provided that they have not opted out from receiving such information; 
  • to request and to coordinate and manage the participation of individuals in advertising campaigns, events, launches, customer testimonials and focus groups; generally, to improve the quality of the care and services we deliver, as well as improving the quality of our communications with you; and 
  • to seek and implement professional advice (including legal advice) with respect to any of the foregoing. 

Additionally, we may use and/or disclose personal information collected about an individual for one or more of the following purposes: 

  • to assess the suitability of an individual seeking employment with us; 
  • to assess the suitability of a prospective resident for receiving our services and/or applicable funding arrangements; 
  • to assess the suitability of a prospective support worker or care giver for the requirements of a role with us; 
  • to assess and to manage the supply of goods and/or services to us by a prospective or current contractor or service provider; and 
  • to assist us in complying with our regulatory and statutory obligations in relation to the services we provide. 

In the event that you want more information about what information is being requested of you or about how the information requested will be used, stored or shared with others please ask. 

What information is collected? 

The relationship you have with Doutta Galla will determine the type and level of information collected and held by Doutta Galla. Doutta Galla will gather and hold information about people enquiring about our services and people living in Doutta Galla residential facilities, their next of kin, nominated legal guardians, families and friends, other third parties, including other health professionals, legal practitioners acting for individuals who are clients and from individuals living in Doutta Galla residential facilities. 

As required by the law, we generally only collect personal information directly from a client or a resident unless we have the client or resident’s consent to collect information from a third party, or where we are required or authorised by law to collect the information from someone else. Additionally, we may collect personal information about an individual from a person other than that individual if it is unreasonable or impracticable for us to collect information directly from that individual. 

Doutta Galla also collects relevant information from clients accessing our Community Home Support Program (CHSP) Domestic Intensive service, people living in Doutta Galla Independent Living Units, staff members, job applicants, contractor and or suppliers. 

Where Doutta Galla is collecting information about a current or prospective client or resident, Doutta Galla will usually collect personal and health information including: 

  • Name 
  • Date of birth 
  • Address 
  • Billing Address 
  • Health conditions, diagnosis, allergies and medication requirements 
  • Likes, dislikes and interests to assist with devising an activities program 
  • Emergency contacts name, address and contact phone numbers 
  • Legal representative’s name, address and contact phone numbers 
  • Banking information including bank and credit card details 
  • Financial information including income, assets and pension status 
  • Medicare number, DVA and pension number 

We may also collect similar information from you when you are applying for a job vacancy with Doutta Galla or if you wish to volunteer in any of the programs we operate. When you apply for a job vacancy with Doutta Galla, you agree that we may hold your information in our records even if you are unsuccessful in your application. 

Dealing with us anonymously or on a pseudonymous basis 

Subject to the following, you may interact and deal with us on an anonymous or pseudonymous basis in relation to a particular matter. 

However, if you choose to interact and to deal with us in this fashion, or you do not provide us with personal information when requested, then it may be impracticable or unreasonable for us to provide you with all the services and information that you seek from us. 

Further, there may be occasions where we are required or permitted by or under law to verify your identity or to otherwise deal with you on an identified basis in relation to the particular matter at hand. 

We may also need to verify your identity as part of our response to a request to access and/or correct personal information that we hold about you, or as part of our complaints-handling process. If we are unable to verify your identity, or you continue to engage with us in an anonymous or pseudonymous manner, then we may be unable to satisfy your request. 

To whom we may disclose personal information collected about you 

In accordance with our legal and statutory obligations, we may disclose personal information we collect from and about individuals to third parties but only on an as-needs basis and only to facilitate the fulfilment of one or more purposes for which the information was collected, or any secondary purpose related to the primary purpose (directly related in the case of sensitive information) for which we may be permitted to disclose such information by law. 

Where you are residing in one of our facilities or you are receiving care services from us, in addition to the foregoing, we may disclose personal information collected about your support workers and care givers engaged to provide care services to you, for the purpose of enabling the provision of such support and services to you, and to improve the standard and quality of care provided to you. 

We may disclose personal information to the following people and/or in the following circumstances: 

  • our agents and contractors (including for example, but without limitation, our agents and contractors in order to enable them to perform services under contract with us which may directly or indirectly benefit the individual from whom the information was collected); 
  • marketing providers to facilitate the provision of marketing us and/or the services we provide; 
  • professional advisers to facilitate their provision of advice to us; 
  • government departments and agencies, for the purpose of our ongoing compliance with our statutory obligations; 
  • to individuals or groups of individuals whom you have authorised us to disclose personal information about you which we hold, such as your nominated contract; 
  • when we are required or authorised by law or court or tribunal order to disclose such information, including where we believe in good faith that the law compels us to disclose such information; 
  • when we consider it reasonably necessary to disclose personal information to third parties in order to identify, contact or bring legal action against someone whom we suspect or know is causing harm to, or interference with the services we supply, our information technology systems and equipment, or our property. 

Personal information we hold about individuals may be disclosed to third parties in the event we offer to sell and/or sell our business and/or assets. 

Where we engage third parties to provide products and/or services to us or to individuals residing in any of our facilities, those third parties may be given access to personal information (including sensitive information and health information) that we hold about individuals. This may include information technology service providers including those responsible for processing or storing data for us (such as software and cloud providers) (‘IT Providers’). We do not authorise those third parties to access, use or disclose personal information we may disclose to them for any purpose other than to facilitate the completion of the obligations they owe to us. 

We may disclose personal information to our business partners and to our advisers, including (but not limited to) auditors, financial services and insurance companies, or to our professional advisers (including our legal and accounting advisers) for them to complete their obligations owed to us under agreements that we have entered into for the purpose of undertaking or furthering our business operations and activities. 

In addition, we may disclose statistics (with personal identifiers removed) about our customers to reputable third parties primarily for the purpose of assisting us to improve the services we provide and offer. 

As at the date of this policy, we do not disclose personal information to any recipient located outside Australia save that the services provided by IT Providers may involve access to data by service personnel located outside Australia or the storage of data for business continuity, disaster recovery or similar purposes outside Australia. If we are required to disclose personal information to any other overseas recipient, we will comply with our statutory obligations concerning such disclosure. 

Direct marketing 

We may directly market our services to an individual on the basis that the individual would reasonably expect us to do so, where we have already collected the individual’s personal information. Where we collect information about an individual from a party other than that individual, we will not use that information to directly market to that individual unless that individual provides us with consent (either express or implied). 

In directly marketing our products and services, we will comply with other laws relevant to marketing, including the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and the Competition and Consumer Act 2010 (Cth) (including the Australian Consumer Law). 

All direct marketing communications which we send will include an easy opt-out procedure if at any time you wish for us to stop sending you marketing communications. 


We strive to ensure the security of personal information we collect and hold. We take reasonable steps to protect your personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure. 

We regularly review and update our physical and data security measures in light of current technologies. Unfortunately, no data storage or transmission of data over the Internet or over mobile data and communications services can be guaranteed to be totally secure. 

In addition, our employees and contractors who provide services related to our information systems or who have access to personal information we collect, and hold are obliged to respect the confidentiality and privacy of any personal information we hold. 

We do everything reasonably within our power and control to prevent unauthorised use or disclosure of personal information we collect and hold. However, we are not responsible for events arising from unauthorised use of or access to personal information except to the extent that such unauthorised use or access is as a result of our failure to comply with our legal obligations in relation to the reasonable steps taken to secure the personal information we hold. 

Quality of the personal information we hold 

We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date. However, the accuracy of the information we hold largely depends on the accuracy of the information supplied to us or which we collect. If at any time you discover that any information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please contact us to request a correction to the information. 

Accessing and correcting personal information we hold 

Where we hold personal information about an individual, that individual is entitled at any time (upon request) to access the personal information we hold about that individual. 

Where we receive a request to access the personal information we hold about an individual, we will respond within a reasonable period of time. Unless it is unlawful or impracticable for us to do so, we will generally provide access to the requested information in the manner requested. 

Please note that we are entitled, under the applicable law, to charge a reasonable administrative fee to cover our costs incurred in providing access to the personal information we hold about an individual. 

Please also note that we reserve the right to verify the identity of the person making an access request, to ensure that we are not inadvertently disclosing personal information to an individual not entitled to access such information. 

Further, we reserve the right to redact the information we make available in response to an access request, to protect the privacy of other individuals. 

We may from time to time refuse to provide access to the information we hold about an individual, in accordance with applicable laws. Where we refuse access, we will explain the reasons for refusal in writing and provide details in relation to the relevant complaint process. 

As noted above, we take reasonable steps to ensure that the information we collect, hold, use and disclose about an individual is complete, up-to-date and accurate. However, if at any time you believe that personal information we hold about you is incorrect, incomplete, outdated or inaccurate, you have the right to request that we amend such personal information. If we refuse the correction request, we will provide written reasons and information about the complaint process should you not be satisfied with our reasons. 

Where information about you is incorrect and the information has previously been disclosed to third parties, we will take reasonable steps to notify third parties of the correction where appropriate having regard to the reasons for the disclosure to those third parties. 

Making a complaint 

Complaints in relation to breaches of privacy and/or confidentiality must be made in writing and should be, wherever practicable and/or reasonable, raised with Doutta Galla in the first instance. 

Complaints may be addressed by: 

  • Raising the complaint or grievance with the Facility or Resident Services Manager or immediate line supervisor in the first instance, or if this is not appropriate 
  • Addressing the complaint to the relevant authorised Privacy Officer:
    • For Resident/service users: Privacy Officer – General Manager, Operations and Service Development 
    • For Staff: Privacy Officer – General Manager, Organisational Capability 
    • For Financial/Corporate Records – General Manager, Commercial and Corporate Services 

Lodging a complaint through STOPline, if the complaint meets the criteria as a whistle-blower complaint 

Lodging a complaint with the Aged Care Quality and Safety Commission at Home | Aged Care Quality and Safety Commission Lodging a complaint with the Office of the Australian Information Commissioner at 

Where you lodge a complaint with us, we will promptly acknowledge receipt of your complaint and we will endeavour to deal with your complaint and to provide you with a response within a reasonable period of time following receipt of your complaint (generally 30 days of receipt). 

Where a complaint requires a more detailed investigation, it may take longer to resolve. If this is the case, then we will provide you with progress reports. 

We will verify your identity and seek (where appropriate) further information from you in connection with your complaint. 

Where required by law, we will provide our determination on your complaint to you in writing. 

Please note that we may refuse to investigate or to otherwise deal with a complaint if we consider your complaint to be vexatious or frivolous, and we are permitted by law to do so. 

If you are not satisfied with the outcome of your complaint, you may write to us seeking an internal review of the decision. Such internal review will be completed by an officer not previously involved in your complaint. 

If you remain dissatisfied following the outcome of our internal review, you may escalate the complaint to the appropriate Government agency (including the Office of the Australian Information Commissioner or the Health Services Commissioner). 

Further information can be obtained by contacting Doutta Galla Corporate Support on (03) 9680 3300. 

Book a tour at
Privacy Statement

Book a private inspection for Privacy Statement

Make a Respite Enquiry

Skip to content