Privacy Policy

Your Rights in Relation to Privacy

Carrington Centennial Care Limited, ABN 11 109 853 278 (we, us, our) is committed to protecting the privacy of our care recipients and staff in accordance with the Australian Privacy Principles (APP) and Guidelines endorsed by the Office of the Australian Information Commission.

This policy sets out how we aim to protect the privacy of personal information managed by us and the way we collect, use and disclose personal information.

Carrington recognises that any personal information we collect will only be used for the purposes we have collected it or as allowed under the law.

It is important to us that employees and care recipients are confident that any personal information we hold will be treated in a way which ensures protection of personal information.

PURPOSE STATEMENT The purpose of this policy and procedure is to: a. ensure personal information is managed in an open and transparent way; b. protect the privacy of personal information including health information of clients, care recipients and staff; c. provide for the fair collection and handling of personal information; d. ensure that personal information we collect is used and disclosed for legally permitted purposes only; e. regulate the access to and correction of personal information, and f. ensure the confidentiality of personal information through appropriate storage and security.


Personal information is any information that identifies an individual or any information from which an individual’s identity could reasonably be ascertained. During the provision of our services, including if access to our website, we may collect personal information.

We generally collect four kinds of information:

1. personal information provided by an individual, including name, address, telephone number and email address;

2. health and financial information in the event that an individual enters Carrington;

3. information that we obtain about an individual in the course of interactions with our website including internet protocol (IP) address, the date and time of visit to our website, the pages accessed, the links clicked and the type of browser that was used; and

4. aggregated statistical data which is information relating to use of our website and our services, such as traffic flow and demographics.


Personal information (including health information), may be collected:

a. from a client or care recipient;

b. from any person or organisation that assesses health status or care requirements, for example the Aged Care Assessment Team;

c. from the health practitioner of a care recipient;

d. from other health providers or facilities;

e. from family members or significant persons of a care recipient;

f. from a legal advisor of a care recipient.

g. from government departments and their agencies.

We will not collect personal information from the care recipient unless:

1. we have the consent of the care recipient to collect the information from someone else; or

2. we are required or authorised by law to collect the information from someone else; or

3. it is unreasonable or impractical to do so.


We collect personal information for the purposes of providing care and services. Where applicable, we may use personal information:

1. to provide aged care services;

2. to enable allied health care providers and medical practitioners to provide care and services;

3. to enable us to obtain the correct level of government funding in relation to an individual’s care;

4. to enable contact with a nominated person regarding health status;

5. to lawfully liaise with a nominated representative and to contact family if requested or needed;

6. to identify and inform a care recipient of any other services that may be of interest to them;

7. to fulfil any legal requirements; or

8. for other purposes permitted or referred to under any terms and conditions entered into or otherwise agree to with respect to our service.

If you do not wish to have your personal information used in any manner or purpose specified above, please contact our Privacy Officer.


We will at or before the time or as soon as practicable after we collect personal information from you, take all reasonable steps to ensure that an individual is notified or made aware of:

a. our identity and contact details;

b. the purpose for which we are collecting personal information;

c. the identity of other entities or persons to whom we usually disclose personal information;

d. that our privacy policy contains information about how they may complain about a breach of the APPs and how we will deal with a complaint;


We may disclose your personal information to allied health professionals who assist us in providing care and services, medical practitioners, external health agencies such as the ambulance service, the Australian Department of Social Services, the Aged Care Standards and Accreditation Agency, Medicare and relevant State health authorities as necessary to carry out the purposes for which the information was collected. We may not use or disclose personal information for a purpose other than the primary purpose of collection, unless:

a. the secondary purpose is related to the primary purpose and you would reasonably expect disclosure of the information for the secondary purpose;

b. you have consented;

c. the information is health information and the collection, use of disclosure is necessary for research, the compilation or analysis of statistics, relevant to public health or public safety, it is impractical to obtain consent, the use or disclosure is conducted within the privacy principles and guidelines and we reasonably believe that the recipient will not disclose the health information;

d. we believe on reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety;

e. we have reason to suspect unlawful activity and use of disclosure of personal information as part of our investigation of the matter or in reporting our concerns to relevant persons or authorities;

f. we reasonably believe that the use or disclosure is reasonably necessary to allow an enforcement body to enforce laws, protect the public revenue, prevent seriously improper conduct or prepare or conduct legal proceedings; or

g. the use or disclosure is otherwise required or authorised by law.


We may disclose health information about an individual to a person who is responsible for the individual if:

a. the individual is incapable of giving consent or communicating consent;

b. the Care Service Manager is satisfied that either the disclosure is necessary to provide appropriate care or treatment or is made for compassionate reasons or is necessary for the purposes of undertaking a quality review of our services (and the disclosure is limited to the extent reasonable and necessary for this purpose); and

c. the disclosure is not contrary to any wish previously expressed by the individual, of whom the Care Service Manager is aware, or of which the Care Service Manager could reasonably be expected to be aware and the disclosure is limited to the extent reasonable and necessary for providing care or treatment.

A ‘person responsible’ could be a parent, a child or sibling, a spouse, a relative, a member of the individual’s household, an enduring guardianship and an enduring power of attorney, a person who has an intimate personal relationship with the individual, or a person nominated by the individual to be contacted in case of emergency, provided they are at least 18 years of age.


We take all reasonable steps to ensure that the personal information we hold is protected against misuse, loss, unauthorised access, modification or disclosure. We hold personal information in both hard copy and electronic forms in secure databases on secure premises, accessible only by our authorised staff.

Non-current information is archived in secure premises in accordance with our Archive Document Control – Offsite Storage policy.

However, we cannot guarantee the security of any personal information transmitted to us via the internet.


Under the Privacy Act, individuals have a right to access their personal information that is collected and held by us. If at any time an individual would like to access or change the personal information that we hold, or an individual would like more information on our approach to privacy, please contact our Privacy Officer.

To obtain access to personal information, an individual will have to provide proof of identity. This is necessary to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected. We will take all reasonable steps to provide access to personal information within 30 days from a request. In less complex cases, we will try to provide information within 14 days.

If providing access requires a detailed retrieval of personal information, a fee may be charged for the cost of retrieval and supply of information.

However, in some circumstances we may decline a request for access to information such as where we no longer hold the information, or where denying access is permitted or required by law. If we are unable to give access to the information requested, we will give written reasons for this decision when we respond to a request.


As part of the personal information that we collect, we may use government identifiers including, but not limited to, aged care client identification numbers, tax file numbers and Medicare numbers. We will generally not adopt government identifiers for use as our own identifiers. If we are required to collect a government identifier in providing our services, we will not use this number to identify the individual.


In most circumstances it will be necessary for us to identify an individual in order to successfully do business with them. However, where it is lawful and practicable to do so, we will offer the opportunity of doing business with us without providing us with personal information.


For further information or enquiries regarding personal information, please contact our Privacy Officer on:

Telephone: (02) 4659 0357 Mail: PO Box 269, Camden NSW 2570 Email:


Collected data can be used for Google Analytics & Advertising features, such as remarketing and cross-device signals.
You can opt out of these Google features via Ads Settings, Ad Settings for mobile apps, or any other available means. You can find Google Analytics’ currently available opt-outs for the web here.


All stakeholders have a right to complain without fear of retribution, and can expect complaints to be dealt with fairly, promptly, and confidentially. If you are dissatisfied with how we have dealt with your information, or you have a complaint about our compliance with the Privacy Act, you may contact our Privacy Officer using the contact details above. We will acknowledge your complaint within 7 days and will provide you with a decision on your complaint within 30 days.

If you are dissatisfied with the response of our Privacy Officer you may make a complaint to the Privacy Commissioner who can be contacted via the Office of the Australian Information Commissioner website ( or on 1300 363 992.