Australia Data Privacy Notice
INTRODUCTION
ComPsych and its partner in Australia, Converge International, are committed to respecting your privacy and wish to ensure that you are not only aware of our Privacy Policy but provide your informed permission for us to collect, use and disclose your personal information for the purpose of us providing you with services. We recognise that your privacy is very important to you and that you have a right to control your personal information. Unless you give us explicit consent to act otherwise, the following policy will govern how we handle your personal information and safeguard your privacy.
WHEN YOU USE OUR SERVICES
We collect personal information about you to help us deliver an EAP service. This may include your name, address, contact details and information relevant to the purpose of providing the services or information, and sensitive information about you including your gender, date of birth, health, ethnic group which are relevant for the proper provision of the EAP services we deliver.
We keep summary information about you electronically on our database. This electronic information is only used to assist us to provide services to you as well as to assist with administration activities such as quality management. Individuals accessing services under an employee assistance program are electronically registered as numbers to ensure anonymity.
USING YOUR PERSONAL INFORMATION
We collect, hold and use your personal information so that we can:
A. verify your identity;
B. provide you (or your employer organization, if they have a contract with us) with information, products and services, and manage our relationship with you (or your employer organization);
C. contact you, for example, to respond to your queries or complaints, or if we need to tell you something important;
D. inform you about a potential new product and service development and innovation, as well as for other internal purposes, such as research and data analysis; and
E. comply with our legal obligations and assist government and law enforcement agencies or regulators.
If you do not provide us with your personal information, we may not be able to provide you with our products or services, communicate with you or respond to your enquiries.
We may also use your personal information to create Anonymous Data records by first de-identifying your personal information, which means removing any information that would allow the remaining data to be linked back to you. We may use Anonymous Data for internal purposes, such as analysing overall health patterns and preferences to improve our products and services.
Subject to applicable laws and regulations, we reserve the right to use and disclose Anonymous Data at our sole discretion.
STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
We store most personal information about you in computer systems and databases operated by either us or our external service providers.
We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorized access, modification or disclosure.
These processes and systems include:
- the use of identity and access management technologies to control access to systems on which information is processed and stored;
- the encryption of your personal information in transit via Transport Layer Security (TLS) and at rest;
- requiring all employees to comply with internal information security policies and keep information secure;
- requiring all employees to complete training about information security; and
- monitoring and regularly reviewing our practise against our own policies and against industry best practice.
WHO DO WE DISCLOSE YOUR PERSONAL INFORMATION TO?
We may disclose personal information for the purposes described in this Policy to:
- our employees and related bodies corporate;
- third party suppliers and service providers (in connection with providing our services to you);
- our existing or potential agents, business partners or professional advisors;
- another health service provider - if you request that this occur.
We only disclose, or share your personal information with third parties where indicated in this Privacy Policy, or with your consent, or as required or authorized by law.
Where we are permitted to disclose your personal information to other third parties, we will take reasonable steps to make sure such third parties will not breach the Privacy Act 1988 (Cth) and applicable privacy laws in their jurisdiction.
DATA QUALITY
We will take reasonable steps to ensure that personal information collected, used or disclosed is accurate, complete and up to date.
RETENTION OF YOUR PERSONAL INFORMATION
We retain your personal information only for the period necessary to fulfil the purposes set out in this Privacy Policy. When assessing the retention periods for any personal information we collect, we review our need to collect personal information at all and, subject to establishing a relevant need, only retain it for the shortest period possible to realise the purpose of collection, unless a longer retention period is required by law.
ACCESS TO INFORMATION COLLECTED
We have a procedure in place that allows you to have access to personal information that is collected about you. To gain access to this information, You will need to complete a Release of Information Request Form. However there are limited circumstances in which access to an individual’s personal information will be allowed. If access to information is denied, we will provide reasons for the denial. All requests for access will be acknowledged within 14 days. Access to any information requested will take place within 30 days.
CORRECTION OF INFORMATION
We endeavour to ensure that all information is accurate and kept up to date. Therefore you are encouraged to telephone or write to us to advise us of any change in your personal circumstances.
MANDATORY NOTIFIABLE DATA BREACHES
In case of an actual or suspected personal data breach, we will fulfil our legal obligations to notify of data and / or security breaches without undue delay, including managing the end-to-end process from the recognition of a breach up to notifying you.
We have put in place appropriate procedures to deal with any personal data breach and will notify the supervisory authority and / or data subjects where we are legally required to do so. In the event of a data breach, we will notify the supervisory authority and the affected individuals without undue delay and within 72 hours of becoming aware of the situation.
If you know or suspect that your personal information may have been breached or otherwise compromised, or a personal data breach has occurred, please contact us at privacy@convergeintl.com.au to report it and obtain advice, and take all appropriate steps to preserve evidence relating to the breach.
WHAT TO DO
If you have further queries relating to our Privacy Policy, or you have a problem or complaint please contact:
Post: Privacy Officer, Converge International, Level 16, 180 Lonsdale St, Melbourne, Victoria, 3000;
Email: privacy@convergeintl.com.au; Phone: 1300 687 327
FUTURE CHANGES
From time to time, our policies will be reviewed and may be revised. We reserve the right to change this privacy policy at any time. If you would like to access prior versions of this Policy, please contact privacy@convergeintl.com.au.
FURTHER INFORMATION ON PRIVACY
For more information, you may approach an independent advisor or contact the Office of the Australian Information Commissioner http://www.oaic.gov.au for more information.
HOW TO EXERCISE YOUR LEGAL RIGHTS
You have the right to understand how we collect, use, and disclose your personal information, to access your information, to request that we delete certain information, and to not be discriminated against for exercising your privacy rights.
- You may contact privacy@convergeintl.com.au to exercise your rights.
If you require further assistance regarding your rights, please contact privacy@convergeintl.com.au, and we will consider your request in accordance with applicable laws.