Summit Industry Health
About this policy
SIH Pty Ltd ABN:25 623 667 505 (“Summit Industry Health”, “we”, “us” and “our”) is committed to the protection of your personal information and privacy.
Summit Industry Health provides workplace health services for businesses and their employees, such as, but not limited to:
Onsite Injury Treatment, Injury Management and related services;
Functional Capacity Evaluations;
Fit for Duties Screenings; and
Risk Assessments of activities performed at a workplace.
Summit Industry Health provides these services onsite at workplaces through our contracted health professionals.
To effectively provide our services, Summit Industry Health needs to collect certain personal information to ensure the health and safety of individuals participating in its services and to assist in determining the type of services it should be providing for a particular client.
Our Legal Obligation
We will handle your personal information according to law, and we are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) and other applicable laws relating to privacy and health records.
The APPs set out strict requirements for the handling of your personal information.
What is ‘personal information’?
This policy applies to our handling of personal information. ‘Personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.
Personal information includes ‘sensitive information’, which is a particular type of personal information. Sensitive information includes identifying health information about you (such as details of your health and medical history, the results of any pre-employment screenings or work-related assessments, or the health services you have received).
Why do we collect your personal information?
We collect your personal information for the following purposes:
To provide you with the health assessment, screening and/or treatment services outlined above;
To advise your employer of any issues, such as those relating to health status or physical performance on screening tests, that may affect your health and safety in performing your role (to ensure your health and safety and also for your employer to meet their occupational health and safety obligations under law and provide a safe workplace); and obtaining your consent to the above services and activities.
If the purpose of collection is to provide you with health-related services, your health and personal information is collected and stored in a secure medical record by Summit Industry Health.
You are not obliged to disclose your personal or health information to us and will only be collected with your consent.
However, if you do not provide the information requested, we may not be able to provide you with appropriate health care, provide a screening service to which your employment may be subject, or fulfil any other applicable purpose of collection.
In some circumstances we may use de-identified health information as part of our research, reporting and/or other aimed at improving health, treatment and injury outcomes.
How do we collect your personal information?
We will only collect your personal information where it is reasonably necessary for our organisation’s activity in providing you with the health assessment, screening and/or treatment services, and advising your employer of any issues that may affect your health and safety in performing your role (as outlined above).
We will collect your personal information in a lawful and fair way and in a manner that is not unreasonably intrusive.
We will only collect your personal information and sensitive information where you have consented, or otherwise in accordance with the law.
We will usually collect your personal information directly from you through your interactions with us.
We will ask for your consent and collect your personal information through our contracted health professionals that attend your workplace to provide services.
We may also collect your personal information from third parties, such as family members or other persons you have authorised to provide your personal information to us.
When we collect your personal information, we will take reasonable steps to ensure that you are made aware of the details of the collection, including the purposes for which the information was collected, the organisations (if any) to which the information will be disclosed, and notify you that this Policy contains details on how you may access or correct your information, or raise any complaints.
What types of personal information do we usually collect?
We collect personal information such as:
Your contact details (e.g. address, email, phone number);
Your age; and
The details of your health and medical history (such as your physical performance on screening tests, any current health conditions, prognosis, any restrictions on your work activities, any past health conditions, and the types of health services you have received or seek).
How do we use your personal information?
Summit Industry Health uses your personal information it collects for the purposes of providing, managing and administering our service(s). This includes, but is not limited to:
Providing your health assessment, screening and/or treatment services;
Scheduling and booking activities;
Advising your employer of any issues that may affect your health and safety in performing your role.
Identify health risk factors for individuals;
Quality assurance and client satisfaction;
Marketing, research and statistical analysis;
Practicing effective risk management;
Complying with relevant laws and regulations.
We may also use your personal information for purposes which are directly related to these main purposes, in circumstances where you would reasonably expect us to use your information for these purposes.
Do we disclose your personal information to others?
We respect the privacy of your personal information and we will take reasonable steps to keep it confidential and protected. With your consent, sensitive information may be provided to health services providers, your employer and/or prospective employer or where otherwise required by law.
Also with your prior consent, we may discuss your physical performance on screening tests, your health status and any injuries, any restrictions on your work activities, your prognosis and your treatment, with persons including other medical providers, your workplace’s occupational health and safety staff, human resources staff, supervisors, and rehabilitation coordinators.
Summit Industry Health may also report information to its corporate clients in a de-identified format. Where we engage contractors, service providers or others to act on our behalf, Summit Industry Health will take reasonable steps to protect the privacy of all information disclosed and requires such parties to comply with any relevant privacy laws.
We will only disclose your information without your consent where we are authorised or required to do so under law, such as where we reasonably believe this is necessary to prevent or lessen a serious threat to the life, health or safety of any individual, or to public health or safety.
Will we disclose your personal information overseas?
In the event that your personal and sensitive information is disclosed to an overseas recipient (that is not a related body corporate), such as cloud storage or a IT services provider, we will also endeavour to take adequate measures to ensure that the personal and/or sensitive information is handled by the overseas recipient in accordance with the Privacy Act 1988 and our instructions for the purposes described above. By providing Summit Industry Health with your personal and sensitive information, you consent to this disclosure of your personal information for purposes related to our provision of services to you or contractual relationship with you.
How do we hold and protect your personal information?
Summit Industry Health holds personal information in a combination of secure electronic and hard copy formats. We take all reasonable steps to ensure that any personal information held by us is protected from misuse, loss and unauthorised modification or disclosure. Such steps include, but not limited to:
Secure physical storage of documents
Premises security measures
Network and communications security measures
Quality system procedures
Your personal information will be stored in secure electronic servers located overseas, provided by a third party, but the personal information will remain under our control.
When your personal information is no longer required (and in the case of health information, the information has been retained for the required periods under health records laws) we will take steps to securely destroy the information or to ensure that the information is de-identified.
Quality of the personal information we hold
We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, up to date, complete and relevant. You can assist us in keeping your information accurate by informing us of any updates to your personal information using our contact details below.
Can you access and correct your personal information?
You may request to access the personal information that we hold about you, using our contact details below.
In certain circumstances, we may refuse to allow you access to your personal information where this is authorised by the law, such as:
Where the request is frivolous or vexatious;
Providing access would have an unreasonable impact on the privacy of other individuals;
Providing access would pose a serious threat to the life or health of any person or to public health or safety; or
Giving access would be unlawful.
We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, up to date, complete, relevant and not misleading.
If you believe that the personal information we hold about you requires correction, you may request that the information be corrected using our contact details below.
If we refuse your request for access or correction, we will provide you with reasons for the refusal in writing, and details about how you may lodge a complaint about the decision.
Our Website and Cookies
We may collect your personal information through our website (www.summitindustryhealth.com.au), such as your email address or other contact details when you make an enquiry with us. We will deal with this personal information in accordance with this Policy and the law.
We may also collect data through our use of ‘cookies’. ‘Cookies’ are small data files that your internet browser stores on your computer or other mobile device. ‘Cookies’ are stored in order for your internes browser to navigate a website and the cookies themselves cannot collect any information stored on your computer or other device.
We will not use ‘cookies’ to collect your identifying personal information. The ‘cookies’ may collect statistical information about your visit to the website (such as pages you visit on the website) in order to remember your preferences and provide you with a more user-friendly experience.
Some of the ‘cookies’ may be ‘session cookies’, which will be deleted when you have ended your internet session and close your browser. Other ‘cookies’ are ‘persistent cookies’ which are stored on your computer or device until its designated expirations date (e.g. 6 months or 2 years).
The default setting of most internet browsers is to accept ‘cookies’ automatically, but you can actively delete or disable ‘cookies’ by changing your browser settings.
We are required to comply with mandatory ‘notifiable data breach’ scheme (NDB Scheme) under the Privacy Act. The NDB Scheme applies when an ‘eligible data breach’ of personal information occurs.
An ‘eligible data breach’ occurs when:
There is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds; and
This is likely to result in serious harm to one or more individuals; the organisation has not been able to prevent the likely risk of serious harm with remedial action.
An organisation may take remedial steps to prevent the likelihood of serious harm occurring for any affected individuals after a data breach has occurred, in which case, the data breach is not an ‘eligible data breach’.
Where we have reasonable grounds to believe that we have experienced an eligible data breach (and remedial action cannot be used), we will promptly notify affected individuals and the Office of the Australian Information Commissioner (Commissioner) about the breach in accordance with the Privacy Act 1988.
We respect your privacy and we take all complaints and concerns regarding privacy very seriously. If you have any complaints or concerns regarding the way we handle your personal information, please contact us using the details below.
We will investigate your complaint using our internal processes, under which we will assess your complaint and respond to you within a reasonable time.
If you are not satisfied with the outcome of our investigation, you may wish to contact the Commonwealth Office of Australian Information Commissioner (OAIC) (see www.oaic.gov.au) , or if your complaint or concern relates to your health information, you may wish to contact the Health Complaints Authority in the applicable State or Territory.
Our Contact Details
Would like to request to, or make correction to your personal information;
Would like further information about our privacy policies and procedures; or
Have any complaints or concerns regarding your privacy;
Please contact us using the following details:
Summit Industry Health
1300 429 164
Changes to this Policy
We may revise this Policy from time to time. We will update you on any changes to this Policy through our website: www.summitindustryhealth.com.au