PRIVACY STATEMENT AND POLICY
Health Information Australia (HIA) is committed to protecting the privacy of subscribers and consumers and ensuring that personal and sensitive information collected by HIA remains secure and is only used in an authorised manner. In this regard, HIA endorses the Australian Privacy Principles (APP) set out in the Privacy Act 1988. This policy sets out how HIA complies with its obligations as an APP entity under the Privacy Act. HIA is committed to best practice in protecting the privacy of the personal information it collects and receives.
Personal and sensitive information
Both ‘Personal and Sensitive’ information is defined in the Privacy Act. We will use these terms as defined in the Privacy Act throughout this policy.
Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable. That information or opinion is protected regardless of whether it is true or not and whether recorded in a material form or not. Examples include an individual or business name, address, contact number and email address.
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information, information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record and some types of biometric information.
Collection of personal information
At all times we try to only collect the information we need for the particular purpose or activity we are carrying out. The main purposes for which we collect, hold, use and disclose personal information are to provide services and benefits to our health professional partners, to consumers, to sponsor partners and organisation partners.
The main way that we collect information is when you provide it to us personally or through an authorised representative. Sometimes HIA collects information from a third party or a publicly available source, but only if the individual has consented to such collection or would reasonably expect us to collect their personal information in this way, or if it is necessary for a specific purpose such as the investigation of a privacy complaint.
For those above purposes, our activities generally include:
- partnership management
- informing potential partners about the benefits provided by HIA
- processing applications for partnerships
- managing partnerships (for example, by sending out renewal notices and recording and updating partnership details and profile information)
- distributing our annual reports, and sending notices of events
- partner services and publications providing partners with access to and information about a range of current and future partnership services and benefits
- providing consumers with relevant information about their health interests and links to further information relevant to their interest, including information from our sponsor partners and organisation partners about their health interests
Credit card information is exclusively processed by authorised third party providers in the processing of your order and is not stored on our network or within our database systems.
The type of personal information we collect and hold
The type of personal information that we collect and hold about you depends on the type of dealing that you have with us.
For health professional partners, we collect contact information such as your business name, address, email and phone number and the name of the person we have regular contact with.
For consumers, we collect information about your health interests and contact details such as an email to provide further information about your health interests.
For our sponsor partners, we collect information about your business. This information is similar to that which is collected from health professional partners.
For our organisation partners, we collect information that is similar to our health professional and sponsor partners.
HIA’s policy is only to collect that sensitive information which is reasonably necessary for our purposes or activities. We collect sensitive information only if the you have consented, or we are required or authorised by or under law (including applicable privacy legislation) to do so.
What if you don’t want to provide your personal information to us?
HIA’s policy is to provide individuals with the option of not identifying themselves, or of using a pseudonym when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name. For example, our policy is to enable you to access our website and make general queries without having to identify yourself.
In some cases, however, if you don’t provide us with your personal information when requested, we may not be able to respond to your request or provide you with the service that you are seeking.
How we collect and hold personal information
It is our usual practice to collect personal information directly from the individual or their authorised representative. Sometimes HIA collects information from a third party or a publicly available source, but only if the individual has consented to such collection or would reasonably expect us to collect their personal information in this way, or if it is necessary for a specific purpose such as the investigation of a privacy complaint.
HIA collects information in a number of ways, including:
- online: through forms filled in on the HIA website
- in person: through forms filled in when an HIA representative visits or makes a presentation to you, or when a business card is provided to an HIA representative
- normal communication processes through email or over the telephone or through written correspondence with HIA
The use and disclosure of information
We only use personal information for the purposes it was provided to us, or for purposes which are directly related to one of HIA’s functions or activities. HIA does not give personal information to other organisations, government agencies or anyone else unless one of the following applies:
- the individual has consented
- the individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies
- it is otherwise required or authorised by law
- it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue
HIA does not disclose personal information to third parties located overseas.
Data quality and security
We hold personal information in a number of ways, including in electronic databases, email contact lists, and in paper files held in drawers and cabinets, locked where appropriate. Paper files may also be archived in boxes and stored offsite in secure facilities. HIA’s policy is to take reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant; and
- protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure
HIA takes reasonable steps to protect the personal information that it holds against loss, unauthorised access, use, modification or disclosure and against other misuse. When no longer required, personal information securely disposed of.
Data collected through our website
HIA implements IT security including password protection for accessing our electronic system and securing paper files in secure cabinets.
HIA strives to protect the personal information and privacy of website users, though we cannot guarantee the security of any information that is disclosed online, and users disclose that information at their own risk. If there are concerns about sending information over the internet, contact HIA by telephone, email or post. Users should also help to protect the privacy of their personal information by keeping passwords secret and by ensuring that they log out of the website when they have finished using it. In addition, if they become aware of any security breach, please contact us as soon as possible.
Third party websites
and security policies, which HIA encourages all users to read before supplying any personal information to them.
Access and correction of your personal information
Individuals have a right to request access to the personal information that HIA holds about them and to request its correction.
When individuals seek to access or correct information provided to HIA, we will endeavour to respond to your request within a reasonable period after the request is made, and to provide access to the information in the manner requested if it is reasonable and practicable to do so.
If HIA refuse your access or correction request, or if we refuse to give you access in the manner requested, HIA’s policy is to provide you with a written notice setting out the reasons for our refusal (except to the extent that it would be unreasonable to do so); and available complaint mechanisms.
If we refuse to correct personal information in the manner requested, a statement may be requested to be associated with the information, that it is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to associate the statement in such a way that will make it apparent to users of the information.
Please advise us of any changes to personal information, such as your email address or phone number. We take reasonable steps to ensure that the personal information that we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when HIA is advised by individuals that their personal information has changed and at other times as necessary.
If we correct personal information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Act, you may ask us to notify that other entity. If so, HIA’s policy is to take reasonable steps to do so, unless this would be impracticable or unlawful.
We will endeavour to acknowledge receipt of the Privacy Complaint Form within five business days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the facts, locating and reviewing relevant documents and speaking to relevant individuals.
Please contact HIA if you have any queries about the personal information that we hold about you or the way we handle that personal information.
Policy reviewed and approved: 23 August 2019.