What is Personal Information?
- The Privacy Act defines Personal Information to mean:“information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not.”
What is Sensitive Information?
- “Sensitive information” is a subset of personal information and means:“information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information or templates.”
What kinds of personal information do we collect and hold?
- The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include:
- Your contact information such as full name (first and last) and e-mail address
- Details relating to your employment (if applicable) such as your department or team
- Other information specific to our products or services such as your opinions, statements and endorsements collected personally or via surveys and questionnaires
- The type of sensitive information we may collect generally includes:
- Health information
How do we collect and hold personal information?
If we collect details about you from someone else, we will, take reasonable steps to make you aware of the collection in accordance with the APPs.
We may obtain personal information indirectly and who it is from can depend on the circumstances. We will usually obtain it from your employer, health care workers and publicly available sources.
We attempt to limit the collection and use of sensitive information from you unless we are required to do so in order to carry out the services provided to you. However, we do not collect sensitive information without your consent.
We hold the personal information we collect within our own data storage devices or with a third party provider of data storage. We discuss the security of your personal information below.
The purposes for which we collect, hold, use and disclose your personal information
- We collect, hold, use and disclose your personal information where it is reasonably necessary for, or directly related to, giving you access to the ErgoAssess website so that you may use the ErgoAssess software to complete an online survey and answer the questionnaires relating to how you interact with your workplace environment at your employer.We do not use or disclose personal information for any purpose that is unrelated to our services and that you would not reasonably expect (except with your consent). We will only use your personal information for the primary purposes for which it was collected or as consented to. We will only use your health information for the express purposes set out herein or with your express written consent.
We usually disclose personal information to third parties who assist us or are involved in the provision of our services and your personal information is disclosed to them only in connection with the services we provide to you or with your consent.
The third parties can include our related companies, employees, our agents or contractors, medical service providers, lawyers and accountants, prospective purchasers of our business and our alliance and other business partners.
If we do propose to disclose or use your personal information other than for the purposes listed above, we will first obtain your express consent prior to such disclosure or use.
If we give third parties (including their agents, employees and contractors) your personal information, we require them to only use it for the purposes we agreed to.
What if you do not provide some personal information to us?
- If the required personal information is not provided, we or any involved third parties may not be able to provide appropriate services or products. If you do not provide the required personal information we will explain what the impact will be.
What do we expect of you/ third parties we deal with when providing personal information about another person?
Unless an exemption applies or we agree otherwise, you must meet the requirements of the Privacy Act, when collecting, using, disclosing and handling personal information on our behalf.
You must also ensure that your employee meets the above requirements, if applicable.
How do we manage the security of your personal information?
- We take reasonable steps to ensure that your personal information is safe. We retain personal information in hard copy records and electronically with us or our appointed data storage provider(s). You will appreciate, however, that we cannot guarantee the security of all transmissions of personal information, especially where the internet is involved.Notwithstanding the above, we endeavor to take all reasonable steps to:
- protect any personal information that we hold from misuse, interference and loss, and to protect it from unauthorised access, modification or disclosure both physically and through computer security measures;
- destroy or permanently de-identify personal information in accordance with the Privacy Act.
We maintain computer and network security; for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to computer systems.
- We take reasonable steps to ensure that personal information is current, accurate, up-to-date and complete whenever we collect or use or disclose it.Throughout our dealings with you we will take reasonable steps to confirm the details of your personal information we hold and ask you if there are any changes required.
The accuracy of personal information depends largely on the information you provide to us, so we rely on you to:
- let us know if there are any errors in your personal information you become aware of; and
- keep us up-to-date with changes to your personal information (such as your name or address).Please contact us if there is a change in your circumstances that requires an update to be made to our data.
Access to and correction of your personal information
- You are entitled to have access to any personal information relating to you which we possess, except in some exceptional circumstances provided by in law. For example, we may refuse access where the:
- information may have an unreasonable impact on the privacy of others;
- request is frivolous or vexatious;
- information relates to existing or anticipated legal proceedings and would not be accessible by the process of discovery in those proceedings;
- information would reveal our intentions in relation to negotiations in such a way as to prejudice those negotiations.
- Where providing access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process, we will provide an explanation for the decision rather than direct access to the information.If we refuse access or to give access in the manner requested by you we will let you know why in writing and provide you with details about how to make a complaint about the refusal.
If we make a correction to your personal information we may retain a copy of the previous information for our records or as required by law.
If you wish to access your personal information please write to our Director on the contact details listed below.
In most cases, and unless we are lawfully permitted to do so, we do not charge for receiving a request for access to personal information or for complying with a correction request.
Sale or restructure of business
- In the future we may consider the sale or restructure of our business or the purchase of the business of other health and well-being service providers. In such circumstances it may be necessary for your personal information to be disclosed to permit the parties to assess the sale or restructure proposal for example through a due diligence process. We will only disclose such of your personal information as is necessary for the assessment of any sale or restructure proposal and subject to appropriate procedures to maintain the confidentiality and security of your personal information. In the event that a sale or restructure proceeds, we will advise you accordingly.
We recognise and acknowledge the European Union’s General Data Protection Regulation (GDPR). We are committed to providing a consistent approach to data protection and ensuring the security and protection of personal information and, insofar as the GDPR applies to our operations in Australia, we will act in accordance with the requirements of the GDPR.
16 Data Breach
We are aware of and will comply with the data breach obligations as set out in the Privacy Act. If you wish to make a complaint to us about a possible breach of privacy, please provide full details of your complaint in writing, and send it to firstname.lastname@example.org. If we do not deal with your complaint to your satisfaction, you may lodge a complaint directly with the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au ).
17 Cross Border
We operate only within Australia and will not provide your information to parties in any other country. We do from time to time, however, use web-based programs for particular activities such as email broadcast which may be hosted offshore, or cloud service providers but only when the supplier agrees with us to be bound by Australian privacy laws or where the jurisdiction in which the data is located has laws that are equal to or better than Australian privacy laws.
18 Links to other websites
19 On-line transactions
Our website may be enabled for online transactions using a certified secure payment gateway. However, despite the security on the site, you should be aware that there are inherent risks in transferring information across the internet and we cannot accept liability for any breaches. When an internet payment is made, your credit card number is used only to make a debit and not retained by us.
- If you do have a complaint about privacy we ask that you contact our office firstto help us to assist you promptly.
In order to resolve a complaint, we:
- Will liaise with you to identify and define the nature and cause of the complaint;
- May request that you detail the nature of the complaint in writing;
- Will keep you informed of the likely time within which we will respond to your complaint;
- Will inform you of the reason for our decision in resolving such complaint; and
- Keep a record of the complaint and any action taken in the Register of Complaints.
If you have a complaint please either call us at 1300 374 696 or write to us at Ergoworks Physiotherapy and Consulting Pty Limited, GPO Box 1951, Sydney, NSW, 2001, Australia and our Director will then attempt to resolve the issue or complaint.
When we make our decision, we will also inform you of your right to take the matter to the Office of the Australian Information Commissioner (OAIC) if you are not satisfied. In addition if you have not received a response from us of any kind to your complaint within 30 days, then you have the right to take the matter to the OAIC (contact details are provided below).
How to contact us and opt out rights
Mail: Att: The Director
Ergoworks Physiotherapy and Consulting Pty Limited
GPO Box 1951, Sydney, NSW, 2001, Australia
- We welcome your questions and comments about privacy.