Updated June 2021
About us and this Policy
Work Healthy Australia (Optimum Corporate Health Pty Ltd, ABN 54 600 246 820) of Suite 13, 18 Prince Street Gisborne VIC 3437, we are committed to the protection of your personal information. WHA provides workplace health services for businesses and their employees, such as:
- onsite injury management and care, and workplace health checks;
- pre-employment screening;
- ‘fit-for-task’ screenings (assesses whether employees are safe to carry out particular roles at a workplace); and
- risk assessments of activities performed at a workplace.
Our legal obligations
We will handle your personal information according to law, and we are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) and other applicable laws relating to privacy and health records.
The APPs set out strict requirements for the handling of your personal information.
What is ‘personal information’?
This Policy applies to our handling of personal information. ‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.
Personal information includes ‘sensitive information’, which is a particular type of personal information. Sensitive information includes identifying health information about you (such as details of your health and medical history, the results of any preemployment screenings or work-related assessments, or the health services you have received).
Why do we collect your personal information?
We may collect your personal information for the following purposes:
- to provide you with the health assessment, screening and treatment services outlined above;
- to advise your employer of any issues, such as those relating to health status or physical performance on screening tests, that may affect your health and safety in performing your role (to ensure your health and safety and also for your employer to meet their occupational health and safety obligations under law and provide a safe workplace);
- to obtain your feedback on our services (for example, through surveys provided to you after you have completed your services); and
- obtaining your consent to the above services and activities.
If the purpose of collection is to provide you with health-related services, your health and personal information is collected and stored in a secure medical record by WHA.
You are not obliged to disclose your personal or health information to us. However, if you do not provide the information requested, we may not be able to provide you with appropriate health care, provide a screening service to which your employment may be subject, or fulfil any other applicable purposes of collection.
In some circumstances we may use de-identified health information as part of our research aimed at improving health outcomes but we will not use personal information in this process.
How do we collect your personal information?
We will only collect your personal information where it is reasonably necessary for our organisation’s activities in providing you with the health assessment, screening and treatment services, and advising your employer of any issues that may affect your health and safety in performing your role (as outlined above).
We will collect your personal information in a lawful and fair way and in a manner that is not unreasonably intrusive.
We will only collect your personal information and sensitive information where you have consented, or otherwise in accordance with the law.
We will usually collect your personal information directly from you through your interactions with us.
We will usually ask for your consent and collect your personal information through our staff health professionals that attend your workplace to provide services.
We may also collect your personal information from third parties, such as family members or other persons you have authorised to provide your personal information to us.
When we collect your personal information, we will take reasonable steps to ensure that you are made aware of the details of the collection, including the purposes for which the information was collected, the organisations (if any) to which the information will be disclosed, and notify you that this Policy contains details on how you may access or correct your information, or raise any complaints.
What types of personal information do we usually collect?
We collect personal information such as:
- your name;
- your contact details (e.g. address, email, phone number);
- your age; and
- the details of your health and medical history (such as your physical performance on screening tests, any current health conditions and prognosis, any restrictions on your work activities
How do we use your personal information?
We use your personal information for the main purposes of:
- providing you health assessment, screening and treatment services;
- advising your employer of any issues that may affect your health and safety in performing your role; and
- seeking your feedback on our services (for example, through surveys provided to you after you have completed your services). We may de-identify your feedback, in order to evaluate our services.
We may also use your personal information for purposes which are directly related to these main purposes, in circumstances where you would reasonably expect us to use your information for these purposes.
Do we disclose your personal information to others?
We respect the privacy of your personal information and we will take reasonable steps to keep it confidential and protected.
We will not disclose your personal information to any third parties unless you have consented, or we are otherwise permitted or required to do so by law.
With your prior consent, we may discuss your physical performance on screening tests, your health status and any injuries, any restrictions on your work activities, your prognosis and your treatment, with persons including other medical providers, your workplace’s occupational health and safety staff, human resources staff, supervisors, and rehabilitation coordinators.
We may use a third party digital service company located in Australia to securely scan and convert our hard copy records containing your personal information into digital format, and then securely destroy the hard copy records, in accordance with the law. We will disclose the hard copy records containing your personal information to this third party for these scanning and destruction purposes only, and this third party is also bound by the APPs when handling your personal information.
We will only disclose your personal information without your consent where we are authorised or required to do so under law, such as where we reasonably believe this is necessary to prevent or lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.
Will we disclose your personal information overseas?
We will not disclose your personal information to any recipient that is located overseas.
How do we hold and protect your personal information?
We will protect your privacy and the security of your personal information by taking steps to ensure that your personal information is protected against misuse, interference and loss, and unauthorised access, modification or disclosure.
We also use a variety of physical and technological security measures to protect the personal information we hold.
We may hold your personal information in a number of ways including electronically and in physical format.
Your personal information will be stored in secure electronic servers located in Sydney and provided by a third party, but the personal information will remain under our control and the third parties will not have access to it.
When your personal information is no longer required (and in the case of health information, the information has been retained for the required periods under health records laws) we will take steps to securely destroy the information or to ensure that the information is de-identified.
Quality of the personal information we hold
We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, up-to-date, complete and relevant. You can assist us in keeping your accurate by informing us of any updates to your personal information using our contact details below.
Can you access and correct your personal information?
You may request to access the personal information that we hold about you using our contact details below.
In certain circumstances, we may refuse to allow you access to your personal information where this is authorised by the law, such as where the request is frivolous or vexatious; providing access would have an unreasonable impact on the privacy of other individuals; or providing access would pose a serious threat to the life or health of any person or to public health or safety; or giving access would be unlawful.
We take all reasonable steps to ensure that the personal information we collect, use and disclose is accurate, up-to-date and complete, relevant and not misleading.
If you believe that the personal information we hold about you requires correction, you may request that the information be corrected using our contact details below.
If we refuse your request for access or correction, we will provide you with reasons for the refusal in writing, and details about how you may complain about the decision.
Our Website and cookies
We may collect your personal information through our website (www.workhealthyaus.com.au), such as your email address or other contact details when you make an enquiry with us. We will deal with this personal information in accordance with this Policy and the law.
We may also collect data through our use of ‘cookies’. ‘Cookies’ are small data files that your internet browser stores on your computer or other mobile device. Cookies are stored in order for your internet browser to navigate a website and the cookies themselves cannot collect any information stored on your computer or other device.
Some of the cookies may be ‘session’ cookies, which will be deleted when you have ended your internet session and close your browser. Other cookies are ‘persistent’ cookies which are stored on your computer or device until its designated expiration date (e.g. 6 months or 2 years).
The default setting of most internet browsers is to accept cookies automatically, but you can actively delete or disable cookies by changing your browser settings.
We are required to comply with mandatory ‘notifiable data breach’ scheme (the NDB scheme) under the Privacy Act. The NDB scheme applies when an ‘eligible data breach’ of personal information occurs.
An ‘eligible data breach’ occurs when:
- there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds; and
- this is likely to result in serious harm to one or more individuals; and
- the organisation has not been able to prevent the likely risk of serious harm with remedial action.
An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.
Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner (Commissioner) about the breach in accordance with the Privacy Act.
We respect your privacy and we take all complaints and concerns regarding privacy very seriously.
If you have any complaints or concerns regarding the way we handle your personal information please contact us using the details below.
We will investigate your complaint using our internal processes, under which we will assess your complaint and respond to you within a reasonable time.
If you are not satisfied with the outcome of our investigation, you may wish to contact the Commonwealth Office of the Australian Information Commissioner (OAIC) (see www.oaic.gov.au), or if your complaint or concern relates to your health information, you may wish to contact the health complaints authority in the applicable State or Territory.
Our contact details
- would like to request access to or correction of your personal information;
- would like further information about our privacy policies and procedures; or
- have any complaints or concerns regarding your privacy,
please contact us using the following details:
Work Healthy Australia
PO Box 672, Gisborne VIC 3437
1300 734 643
Changes to this Policy
We may revise this Policy from time to time. We will update you on any changes to this Policy through our website at www.workhealthyaustralia.com.au.