Privacy Policy

Western Australian Ostomy Association Inc.

Privacy Policy

The Western Australian Ostomy Association Inc. (WAOA) recognises the importance of protecting the privacy and the rights of individuals in relation to their personal and sensitive information. This document is our privacy policy and it tells you how we collect and manage your personal and sensitive information.

We respect your rights to privacy under the Privacy Act 1988 (Cth Act) and we comply with all of the Act’s requirements in respect of the collection, management and disclosure of your personal and sensitive information.

What is your personal information?

When used in this privacy policy, the term ‘personal information’ has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

What personal information do we collect and hold?

We may collect the following types of personal information:

  • name;
  • mailing or street address;
  • email address;
  • telephone number;
  • facsimile number;
  • age or birth date;
  • profession, occupation or job title;
  • Medicare or DVA number;
  • Pensioner Concession Card number;
  • Health Care Card number;
  • details of the products and services you have received and/or purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries;
  • any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites or online presence, through our representatives or otherwise; and
  • information you provide to us through our service centre, customer surveys or visits to or by our representatives from time to time.

We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.

How do we collect your personal information?

We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect in ways including:

  • through your access and use of our website;
  • during conversations between you and our representatives; or
  • when you complete an application or purchase order.

We may also collect personal information from third parties including:

  • health professionals
  • from third party companies such as credit reporting agencies, law enforcement agencies and other government entities


For information on how we utilise cookies please refer to our Cookie Policy.

What happens if we can’t collect your personal information?

If you do not provide us with the personal information described above, some or all of the following may happen:

  • we may not be able to provide the requested products or services to you, either to the same standard or at all;
  • we may not be able to provide you with information about products and services that you may want, including information about discounts, sales or special promotions; or
  • we may be unable to tailor the content of our website to your preferences and your experience of our website may not be as enjoyable or useful.

For what purposes do we collect, hold, use and disclose your personal information?

We collect personal information about you so that we can perform our business activities and functions and to provide best possible quality of customer service. We collect, hold, use and disclose your personal information for the following purposes:

  • to provide products and services to you and to send communications requested by you;
  • to answer enquiries and provide information or advice about existing and new products or services;
  • to provide you with access to protected areas of our website;
  • to assess the performance of the website and to improve the operation of the website;
  • to conduct business processing functions including providing personal information to our related bodies corporate, service providers or other third parties;
  • for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of WAOA, its related bodies corporate, contractors or service providers;
  • to provide your updated personal information to our related bodies corporate, contractors or service providers;
  • to update our records and keep your contact details up to date;
  • to process and respond to any complaint made by you; and
  • to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country (or political sub-division of a country).

Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy.

To whom may we disclose your personal information?

We may disclose your personal information to:

  • our employees and volunteers, related bodies corporate or service providers for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide products and services to you including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;
  • suppliers and other third parties with whom we have commercial relationships for business, marketing and related purposes; and
  • any organisation for any authorised purpose with your express consent.

We may combine or share any information that we collect from you with information collected by any of our related bodies corporate (within Australia).

Direct marketing materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.

We do not provide your personal information to other organisations for the purposes of direct marketing.

How can you access and correct your personal information?

You may request access to any personal information we hold about you at any time by contacting us (see the details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you and, if so, the fees will be $10.00. We will not charge for simply making the request and will not charge for making any corrections to your personal information.

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, we will add a note to the personal information stating that you disagree with it.

Sensitive information

‘Sensitive information’ is a sub-set of ‘personal information’ and is given a higher level of protection under the National Privacy Principles (NPPs).

Sensitive information is defined in the Privacy Act to mean information or an opinion about an individual’s:

  • racial or ethnic origin;
  • political opinions;
  • membership of a political association;
  • religious beliefs or affiliations;
  • philosophical beliefs;
  • membership of a professional or trade association;
  • membership of a trade union;
  • sexual preferences or practices; or
  • criminal record.

Sensitive information also includes health information and genetic information about an individual that is not otherwise health information.

Sensitive information is subject to a higher level of privacy protection than other personal information handled by organisations in the following ways:

  • sensitive information may only be collected with consent, except in specified circumstances. Consent is generally not required to collect personal information that is not sensitive information;
  • sensitive information must not be used or disclosed for a secondary purpose unless the secondary purpose is directly related to the primary purpose of collection and within the reasonable expectations of the individual;
  • sensitive information cannot be used for the secondary purpose of direct marketing; and
  • sensitive information cannot be shared by ‘related bodies corporate’ in the same way that they may share other personal information.


Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.

1. Contacting us about your data: access, corrections and complaints

It is important to us that your information is accurate, up to date, complete and relevant.

We therefore encourage you to contact us by written request if you believe this may not be the case and if you would like:

  • to update, amend or correct inaccurate, incomplete or out of date data in our possession
  • to access, review or request a copy of your personal data
  • to remove, erase or delete your personal data
  • to limit or restrict the processing rights
  • to find out more information in relation to how we process your information, this privacy policy or your rights under this privacy policy
  • to withdraw previously given consent
  • to use a pseudonym for your data
  • to raise a concern of complaint about the way we have used or handled your information or
  • to exercise another right under the applicable data protections laws.

We endeavour to assist with your request within a reasonable time frame (and at the latest within 1 month of your request) unless it is unlawful to do so, if there are ongoing legal proceedings or if the request is deemed frivolous or vexatious.

If you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please use the contact link on our website or contact our Privacy Officer using the details set out below.

We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

You can obtain the information specified above or contact us using the following details below:

Privacy Officer
WA Ostomy Association Inc.
Post: PO Box 706, Mt Lawley, WA 6929
Tel: (08) 9272 1833
Email: [email protected]

Notifiable Data Breaches

In the event of a serious data breach involving personal information that is likely to result in serious risk of harm to an individual, we will promptly contain the breach and take remedial action including, where appropriate, an assessment of the suspected data breach. Where an eligible data breach has been identified we will,

a) notify all individuals of the breach; or if that is not practicable

b) notify only the individuals whose personal information is at risk of serious harm (together, Notified Users).

We will provide Notified Users the details of the data breach, the kinds of information concerned in the data breach, the best way to contact us and our recommended steps in response to the data breach.

As soon as practicable after we become aware of the breach we will report a statement of the breach to the Australian Information Commissioner through the online platform.

If we deem (a) or (b) above not to be practicable, we will publish a copy of the statement prepared for the Australian Information Commissioner on our website.

If the breach involves data covered under the European Union General Data Protection Regulation we will advise the relevant supervisory authority of the data breach without undue delay and at the latest within 72 hours of becoming aware of the breach (otherwise a written explanation will accompany the notice) unless the risk is unlikely to be a high risk to rights and freedoms of individuals. The effected individual will also be notified as soon as possible after the incident where the breach poses a high risk to those individuals (unless there is effective technical and organisational protection measure that will ensure the risk is unlikely to occur).


We will take all reasonable steps to protect the security of the personal information that we hold and store against misuse, interference and loss due to unauthorised access, modification or disclosure.

We will keep your information for no longer than is necessary for our business purposes.

Data that is no longer necessary or required to be kept will be securely destroyed, de-identified or permanently deleted in accordance with our practices and procedures.

Changes to our privacy policy

We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website.

This privacy policy was last updated in March 2019