| Policy Title | Privacy Policy |
| Policy Number | HRM004 |
| Effective Date | 02/12/2021 |
| Review Date | No later than December 2022 |
| Version Number | 1.0 |
Policy Statement
Body Smart Health Group Pty Ltd, its subsidiaries and controlled entities are proud to deliver high quality, evidence-based healthcare services to our clients. In doing so, we respect your right to privacy and your right to control your personal information. Body Smart Health is committed to complying with the Australian Privacy Principles (APPs) in the Privacy Act 1988. This Privacy Policy explains:
- What kind of information we collect and hold about our clients (prospective, current and past).
- How and why, we collect this information.
- What we do with that information and who we share it with (and when).
- Your right to seek access to, and if required correction of, the records we hold about you.
- Your right to make a privacy complaint, to us and others.
Please note that any reference made to “we”, “our”, or “us” refers to Body Smart Health Group and our staff.
Scope
This statement discloses our current privacy policy. We aim to be as transparent as possible in this privacy policy and we review this privacy policy annually. If we make any changes to this policy, it will be announced on our website. If you have any questions or concerns pertaining to this policy, please email enquiries@bodysmarthealth.com.au
Your personal information will not be shared or disclosed to any party other than what is outlined in this policy, nor will it be used for any other purpose than what it was originally intended.
This policy applies to:
- All current and past clients of Body Smart Health whose personal information we have collected
- All individuals whose personal information is collected in relation to the services offered by us
- All individuals whose personal information is collected by us in the course of our functions and activities, such as service providers, contractors and prospective employees.
Definitions
Personal Information: Any information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
Sensitive Information: Information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation of practitioners, criminal record, health information, genetic information, biometric information that is to be used for the purpose of automated biometric verification.
Throughout this policy, and unless otherwise stated, all references to ‘personal information’ include ‘sensitive information’.
Types of Information we may collect
The types of personal information we may collect depends on our relationship with you, and mya include:
- Identifying information such as name and date of birth
- Identification information for identity verification, such as your Medicare Number, DVA Card number, NDIS number
- Contact information such as your address, home and mobile phone numbers and email address
- Information about your family, relatives or key contact people
- Financial information, such as bank account and credit card details
- Sensitive information, including:
- Information about your health, health services provided to you, biometric information
- Information about lifestyle, hobbies, employment, diet, exercise and health related information as disclosed as part of an assessment with our health practitioners
- Information about your medical history including specialist reports, test results, medication history
- Other sensitive information – such as your race, ethnicity and cultural preferences
- Information about products you have purchased from us
- Any information that relates to you, that you provide to us directly via our website, email, written correspondence, and phone conversations.
- Information about your usage of our website for the purposes of analytics (including when you use our website and what you do, the information you input, your IP address or domain name), and subject to your marketing preferences – to target marketing to you (based upon your demographic information and use of our website). To gain this information we will use cookies, if the privacy settings you have chosen on your device allow it to accept our cookies. You can, if you wish, access the content on our website without accepting cookies, but will find navigation and returning to our website easier if you accept cookies.
How we collect your personal information
We will only collect personal information about you by lawful and fair means.
We will collect personal information about you through the following methods:
- Directly from you when you provide us your details (when you complete a Patient Intake form, face-to-face, over the phone or an online form, by entering a competition or leaving your information on a message system)
- From a person responsible for you
- When you make an enquiry or complaint
We may also collect personal information about you from other sources, such as:
- A third party such as a hospital or other health service provider who has treated you;
- An employer, educational institution, government agency, or adviser who has dealt with your
- A service provider engaged by us – or a third party who partners with us – to assist us in providing goods and services (such as IT service providers and platforms, or marketing, planning and service development)
- Publicly available sources or networking services
- CCTV cameras in operation in our reception areas of our clinics
How we hold your personal information
We aim to store your information securely and have a range of security controls in place designed to protect your personal information.
Our employees receive training in privacy and confidentiality and are bound by our Code of Conduct and Ethics Agreement. Body Smart Health takes privacy and confidentiality very seriously and view unauthorised disclosure of your personal information as a serious misconduct of our employees and either disciplinary or legal action would be taken.
We take reasonable steps to make sure that the personal information about you is accurate, complete, up to date, and relevant.
Why we collect your personal information
The personal information we collect and hold about you will depend upon your interaction with us. Generally, we collect, use, and hold your personal information for the purposes of:
- Delivering safe and appropriate allied health services to you, or someone else you know
- Responding to your enquiries and managing your appointments
- Providing you with information about our services and programs
- Providing you with information that may be of interest to you
- Facilitating our internal business operations, including the fulfilment of any legal requirements
- Analysing our services and customer needs with a view to improving these services
- Advertising and providing testimonials for us
- Quality Improvement and training opportunities
If the personal information provided to us is incomplete or inaccurate, we may be unable to provide you, or someone else, with the services you require.
Disclosure of personal information
At times, we may be required to disclose your personal information, to:
- Comply with our legal obligations (such as mandatory reporting under legislation, responding to a court order or subpoena)
- Collaborate with other health professionals involved in your healthcare, including those external to Body Smart Health
- Receive copies of referrals, test results and imaging from diagnostics and pathology services
- Claim on insurance
- Communication with your health fund, or government bodies such as NDIS and Medicare
- Manage our accounts and administrative services (debt collection etc)
Where both possible, and in our view – appropriate, we may seek to de-identify your personal information to further protect your privacy.
Body Smart Health may outsource some of our services which may involve sharing your personal information with third parties. Body Smart Health does not sell, trade or rent personal information to others.
Disposing of personal information
We seek to keep your personal information for only as long as it is required to provide you with services or to comply with our business and legal obligations. When it is no longer needed, we may destroy or permanently de-identify this personal information. Consequently, if you request access to your old personal information, we may not be able to provide you with your records where they have been destroyed or de-identified.
Accessing personal information
You can request access to the information we hold about you at any time by submitting a formal request in writing addressed to the General Manager – Operations. We will endeavour to respond in a reasonable time.
We may charge you a fee for processing your request. We will let you know in advance of any fee to confirm that you still wish to proceed with your request.
We may decline a request for access to personal information in situations as described in the Privacy Act and in the following circumstances:
- We no longer hold the information as it has either been destroyed or de-identified
- Providing access would be unlawful
- We are required or authorised by law to deny access
- Providing access would impact on the privacy of others
- We are unable to confirm your identity
If upon receiving the personal information, or at any other time, you believe the personal information we hold about you is inaccurate, incomplete, or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete, and up to date.
Direct Marketing
Body Smart Health may collect and utilise your personal information so that we can promote our services to you. We may contact you in relation to these promotions by direct mail, SMS, MMS, social media, phone, and email.
You can opt out of marketing by contacting us. If at any time you wish to change your communication preferences, please let us know.
Complaints and Feedback
If you have any concerns or feedback about the manner in which your personal information is being handled, please contact our General Manager of Operations whose contact details are provided below.
If you wish to make a formal complaint, please provide your complaint in writing, addressed to the General Manager of Operations. We will endeavour to contact you to acknowledge receipt of the complaint within five (5) business days and will attend to your complaint and respond to your concerns within 30 business days.
If we have not responded to you within a reasonable time, or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner and can find more information on the Commission’s website: www.privacy.gov.au
Responsibilities
| Role | Responsibilities |
| Executive Management (CEO, GM) | Establish and communicate policies and procedures pertaining to privacy and confidentiality. Ensure policies and procedures for privacy and confidentiality are kept up to date and in line with relevant legislation and guidelines.Review the effectiveness of policies and procedures and training materials pertaining to privacy and confidentiality.Provide staff with easy access to all policies and procedures.Promptly, confidentially, and sensitively respond to all complaints made.Ensure fairness and make no biased decisions when resolving the issue. |
| All Staff | Comply with this policy & procedure and support the executive management in identifying areas for improvement.Participate actively in initial and ongoing training in privacy and confidentiality. Ensure that if data breach occurs or is suspected, that it is immediately escalated to the General Manager of Operations. |
Supporting Documentation
- Code of Ethics and Conduct Agreement
- Feedback, Complaints and Grievances Policy and Procedure
- Complaint Forms
- Complaint Register
- Performance Management Policy and Procedure
References
- Privacy Act 1988 (Cth); Privacy Amendment (Private Sector) Act 2000 (Cth)
- Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)
Version Control
| Version No | Date | Owner | Approver | Nature of Change |
| 1.0 | 04/11/2021 | Alicia Edwards | Kieran Bairstow | Finalised |