|No later than December 2022
Please note that any reference made to “we”, “our”, or “us” refers to Body Smart Health Group and our staff.
Your personal information will not be shared or disclosed to any party other than what is outlined in this policy, nor will it be used for any other purpose than what it was originally intended.
This policy applies to:
Personal Information: Any information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
Sensitive Information: Information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation of practitioners, criminal record, health information, genetic information, biometric information that is to be used for the purpose of automated biometric verification.
Throughout this policy, and unless otherwise stated, all references to ‘personal information’ include ‘sensitive information’.
Types of Information we may collect
The types of personal information we may collect depends on our relationship with you, and mya include:
How we collect your personal information
We will only collect personal information about you by lawful and fair means.
We will collect personal information about you through the following methods:
We may also collect personal information about you from other sources, such as:
How we hold your personal information
We aim to store your information securely and have a range of security controls in place designed to protect your personal information.
Our employees receive training in privacy and confidentiality and are bound by our Code of Conduct and Ethics Agreement. Body Smart Health takes privacy and confidentiality very seriously and view unauthorised disclosure of your personal information as a serious misconduct of our employees and either disciplinary or legal action would be taken.
We take reasonable steps to make sure that the personal information about you is accurate, complete, up to date, and relevant.
Why we collect your personal information
The personal information we collect and hold about you will depend upon your interaction with us. Generally, we collect, use, and hold your personal information for the purposes of:
If the personal information provided to us is incomplete or inaccurate, we may be unable to provide you, or someone else, with the services you require.
Disclosure of personal information
At times, we may be required to disclose your personal information, to:
Where both possible, and in our view – appropriate, we may seek to de-identify your personal information to further protect your privacy.
Body Smart Health may outsource some of our services which may involve sharing your personal information with third parties. Body Smart Health does not sell, trade or rent personal information to others.
Disposing of personal information
We seek to keep your personal information for only as long as it is required to provide you with services or to comply with our business and legal obligations. When it is no longer needed, we may destroy or permanently de-identify this personal information. Consequently, if you request access to your old personal information, we may not be able to provide you with your records where they have been destroyed or de-identified.
Accessing personal information
You can request access to the information we hold about you at any time by submitting a formal request in writing addressed to the General Manager – Operations. We will endeavour to respond in a reasonable time.
We may charge you a fee for processing your request. We will let you know in advance of any fee to confirm that you still wish to proceed with your request.
We may decline a request for access to personal information in situations as described in the Privacy Act and in the following circumstances:
If upon receiving the personal information, or at any other time, you believe the personal information we hold about you is inaccurate, incomplete, or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete, and up to date.
Body Smart Health may collect and utilise your personal information so that we can promote our services to you. We may contact you in relation to these promotions by direct mail, SMS, MMS, social media, phone, and email.
You can opt out of marketing by contacting us. If at any time you wish to change your communication preferences, please let us know.
Complaints and Feedback
If you have any concerns or feedback about the manner in which your personal information is being handled, please contact our General Manager of Operations whose contact details are provided below.
General Manager – Operations
firstname.lastname@example.org | 1300 630 204
If you wish to make a formal complaint, please provide your complaint in writing, addressed to the General Manager of Operations. We will endeavour to contact you to acknowledge receipt of the complaint within five (5) business days and will attend to your complaint and respond to your concerns within 30 business days.
If we have not responded to you within a reasonable time, or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner and can find more information on the Commission’s website: www.privacy.gov.au
|Executive Management (CEO, GM)
|Establish and communicate policies and procedures pertaining to privacy and confidentiality. Ensure policies and procedures for privacy and confidentiality are kept up to date and in line with relevant legislation and guidelines.Review the effectiveness of policies and procedures and training materials pertaining to privacy and confidentiality.Provide staff with easy access to all policies and procedures.Promptly, confidentially, and sensitively respond to all complaints made.Ensure fairness and make no biased decisions when resolving the issue.
|Comply with this policy & procedure and support the executive management in identifying areas for improvement.Participate actively in initial and ongoing training in privacy and confidentiality. Ensure that if data breach occurs or is suspected, that it is immediately escalated to the General Manager of Operations.
|Nature of Change