Policy Title | Privacy Policy |
Policy Number | HRM004 |
Effective Date | 02/12/2021 |
Review Date | No later than December 2022 |
Version Number | 1.0 |
Policy Statement
Body Smart Health Group Pty Ltd, its subsidiaries and controlled entities are proud to deliver high quality, evidence-based healthcare services to our clients. In doing so, we respect your right to privacy and your right to control your personal information. Body Smart Health is committed to complying with the Australian Privacy Principles (APPs) in the Privacy Act 1988. This Privacy Policy explains:
Please note that any reference made to “we”, “our”, or “us” refers to Body Smart Health Group and our staff.
Scope
This statement discloses our current privacy policy. We aim to be as transparent as possible in this privacy policy and we review this privacy policy annually. If we make any changes to this policy, it will be announced on our website. If you have any questions or concerns pertaining to this policy, please email enquiries@bodysmarthealth.com.au
Your personal information will not be shared or disclosed to any party other than what is outlined in this policy, nor will it be used for any other purpose than what it was originally intended.
This policy applies to:
Definitions
Personal Information: Any information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
Sensitive Information: Information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation of practitioners, criminal record, health information, genetic information, biometric information that is to be used for the purpose of automated biometric verification.
Throughout this policy, and unless otherwise stated, all references to ‘personal information’ include ‘sensitive information’.
Types of Information we may collect
The types of personal information we may collect depends on our relationship with you, and mya include:
How we collect your personal information
We will only collect personal information about you by lawful and fair means.
We will collect personal information about you through the following methods:
We may also collect personal information about you from other sources, such as:
How we hold your personal information
We aim to store your information securely and have a range of security controls in place designed to protect your personal information.
Our employees receive training in privacy and confidentiality and are bound by our Code of Conduct and Ethics Agreement. Body Smart Health takes privacy and confidentiality very seriously and view unauthorised disclosure of your personal information as a serious misconduct of our employees and either disciplinary or legal action would be taken.
We take reasonable steps to make sure that the personal information about you is accurate, complete, up to date, and relevant.
Why we collect your personal information
The personal information we collect and hold about you will depend upon your interaction with us. Generally, we collect, use, and hold your personal information for the purposes of:
If the personal information provided to us is incomplete or inaccurate, we may be unable to provide you, or someone else, with the services you require.
Disclosure of personal information
At times, we may be required to disclose your personal information, to:
Where both possible, and in our view – appropriate, we may seek to de-identify your personal information to further protect your privacy.
Body Smart Health may outsource some of our services which may involve sharing your personal information with third parties. Body Smart Health does not sell, trade or rent personal information to others.
Disposing of personal information
We seek to keep your personal information for only as long as it is required to provide you with services or to comply with our business and legal obligations. When it is no longer needed, we may destroy or permanently de-identify this personal information. Consequently, if you request access to your old personal information, we may not be able to provide you with your records where they have been destroyed or de-identified.
Accessing personal information
You can request access to the information we hold about you at any time by submitting a formal request in writing addressed to the General Manager – Operations. We will endeavour to respond in a reasonable time.
We may charge you a fee for processing your request. We will let you know in advance of any fee to confirm that you still wish to proceed with your request.
We may decline a request for access to personal information in situations as described in the Privacy Act and in the following circumstances:
If upon receiving the personal information, or at any other time, you believe the personal information we hold about you is inaccurate, incomplete, or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete, and up to date.
Direct Marketing
Body Smart Health may collect and utilise your personal information so that we can promote our services to you. We may contact you in relation to these promotions by direct mail, SMS, MMS, social media, phone, and email.
You can opt out of marketing by contacting us. If at any time you wish to change your communication preferences, please let us know.
Complaints and Feedback
If you have any concerns or feedback about the manner in which your personal information is being handled, please contact our General Manager of Operations whose contact details are provided below.
If you wish to make a formal complaint, please provide your complaint in writing, addressed to the General Manager of Operations. We will endeavour to contact you to acknowledge receipt of the complaint within five (5) business days and will attend to your complaint and respond to your concerns within 30 business days.
If we have not responded to you within a reasonable time, or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner and can find more information on the Commission’s website: www.privacy.gov.au
Responsibilities
Role | Responsibilities |
Executive Management (CEO, GM) | Establish and communicate policies and procedures pertaining to privacy and confidentiality. Ensure policies and procedures for privacy and confidentiality are kept up to date and in line with relevant legislation and guidelines.Review the effectiveness of policies and procedures and training materials pertaining to privacy and confidentiality.Provide staff with easy access to all policies and procedures.Promptly, confidentially, and sensitively respond to all complaints made.Ensure fairness and make no biased decisions when resolving the issue. |
All Staff | Comply with this policy & procedure and support the executive management in identifying areas for improvement.Participate actively in initial and ongoing training in privacy and confidentiality. Ensure that if data breach occurs or is suspected, that it is immediately escalated to the General Manager of Operations. |
Supporting Documentation
References
Version Control
Version No | Date | Owner | Approver | Nature of Change |
1.0 | 04/11/2021 | Alicia Edwards | Kieran Bairstow | Finalised |