This policy was last updated on 22 December 2021
The latest version of this policy is published online at www.wha.net.au
Throughout this policy we are referred to as WHA, we or us. We refer to an individual as you.
WHA is committed to ensuring your privacy is protected. WHA complies with the Privacy Act 1988 (Cth), the Privacy Act 2020 (NZ) and the Health Information Privacy Code 2020 (NZ), as applicable.
In Australia this includes complying with the Australian Privacy Principles (APPs) [LINK]. These 13 principles detail how organisations such as WHA should collect, update, use, keep secure or where required disclose and give access to personal information, as well as how complaints are handled and how, in some circumstances, anonymity can be maintained.
In New Zealand this includes complying with the New Zealand Information Privacy Principles (IPPs) [LINK]. These 13 principles detail how an agency such as WHA should collect, use, store, provide access and correct personal information, and use unique identifiers. This also includes complying with the New Zealand Health Information Privacy Rules (HIPRs) [LINK]. These 13 rules detail how health agencies such as WHA should collect, use, store, provide access and correct personal information, and use unique identifiers.
We recognise the importance of protecting your privacy and our policy is designed to assist you by explaining how we collect, use, disclose, store and destroy the personal information you provide to us and to assist you in making informed decisions when contacting us or using our websites, portals and apps. This policy will be regularly assessed against new technologies, business practices and our client’s and candidate's needs.
This policy applies to WHA, WHA Screening Pty Ltd trading as Quescreen and RiskScreen Pty Ltd trading as VisitScreen.
What personal information (under Australian law) does this policy cover?
Health information is:
- information or an opinion about:
that is also personal information;
- the health, including an illness, disability or injury, (at any time) of an individual; or
- an individual’s expressed wishes about the future provision of health services to the individual; or
- a health service to be provided, to an individual;
other personal information collected to provide, or in providing, a health service to an individual;
other personal information collected in connection with the donation, or intended donation, by an individual of his or her body parts, organs or body substances;
genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Personal information may include sensitive information about the individual such as racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic or biometric information.
What personal information (under New Zealand law) does this policy cover?
Health information as defined in the Health Information Privacy Code 2020 (NZ) is information or classes of information about an identifiable individual which is:
information about the health of that individual, including his or her medical history;
information about any disabilities that individual has, or has had;
information about any health services or disability services that are being provided, or have been provided, to that individual;
information provided by that individual in connection with the donation, by that individual, of any body part or any bodily substance of that individual or derived from the testing or examination of any body part, or any bodily substance of that individual; or
information about that individual which is collected before or in the course of, and incidental to, the provision of any health service or disability service to that individual.
Personal information is information about an identifiable individual; and includes information relating to a death that is maintained by the Registrar-General pursuant to the Births, Deaths, Marriages, and Relationships Registration Act 1995, or any former Act (as defined by the Births, Deaths, Marriages, and Relationships Registration Act 1995).
WHAT PERSONAL INFORMATION DO WE COLLECT?
WHA only collect personal information that is necessary to provide our services. In some circumstances this may include sensitive information.
If you do not provide us with this information, we may not be able to provide our services. This could include but is not limited to:
personal details including your name, date of birth, gender, drivers license details
contact details including address, telephone number, email address
medical history and assessment results
employer and potential employer contact and payment details
website use information collected on an aggregate basis as potential and current candidates and clients who browse our website.
HOW PERSONAL INFORMATION IS COLLECTED
WHA collects personal information including sensitive information in a number of ways. This may include:
from candidates when they complete an online or paper-based questionnaire, or respond verbally or via email to provide additional details
throughout the medical assessment process and from the medical assessment results
from other WHA facilities (an allied health business in Australia or New Zealand who enter a License Agreement with WHA to conduct pre-employment medicals to candidates)
from employees and potential employees
through marketing activities, trade expos, email and online enquiries and similar mechanisms where interested persons provide personal information in order to find out about services provided and opportunities to partner with us.
At or before the time we collect your personal information, we will take reasonable steps to ensure that you are made aware that we are collecting your personal information. We will use your personal information for the purpose for which we collected it. We may also use your personal information for related purposes which you would reasonably expect. We only collect sensitive information with your consent and where permitted by the Privacy Act (Cth) or NZ privacy laws, as applicable. We will not use your personal information outside its intended purpose without your consent.
If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses. We provide the same protection for these electronic communications that we use in the storage of information received by mail and telephone.
HOW PERSONAL INFORMATION IS USED
WHA uses personal information collected from an individual for the purpose for which it was collected. This usually is to perform its obligations in delivering WHA’s services, which include:
providing employers/potential employers or recruitment agencies with medical assessment results for individual candidates for an employment position, with the individual candidate’s express consent to disclosure of their personal information which may include sensitive information or health information;
providing WHA staff access to personal information to conduct medical assessment and related services
providing WHA facilities access to personal information to conduct medical assessment and related services
sending notifications of appointments to candidates, clients and WHA facilities
contacting appropriate next of kin in the event of an unforeseen emergency
employee engagement and management
WHA facility engagement and management.
We will take reasonable steps to ensure the personal information we use is accurate, up-to-date, complete and relevant, having regard to the reasons why it is being used. We will not use personal information for direct marketing.
Sensitive information will be used and disclosed only for the purpose for which it was collected, a directly related secondary purpose, with your consent or as required or allowed by law.
Health information will be used and disclosed only for the purpose for which it was collected, a directly related secondary purpose, with your consent or as required or allowed by law.
DISCLOSURE OF PERSONAL INFORMATION OVERSEAS
WHA will not disclose your personal information overseas unless it is necessary for the purpose for which is was collected, and:
we have taken reasonable steps to ensure that the overseas recipient does not breach the applicable Australian privacy principles or New Zealand privacy principles; or
you have provided your consent; or
we reasonably believe that the overseas entity is subject to a law or a binding scheme that has the same effect of protecting your personal information in a way that, is at least substantially similar to the way in which the applicable Australian or New Zealand information privacy principles protect the information, and that you can access mechanisms to enforce the provisions; or
the disclosure is otherwise authorised by the Australian or New Zealand privacy laws.
IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as traffic data so that data (such as the web pages you request) can be sent to you.
STORAGE OF PERSONAL INFORMATION
WHA stores personal information securely at all times. We take reasonable steps to protect the security of personal information including the physical security on our premises and use of access level permissions and passwords to restrict access to electronic records.
CORRECTING PERSONAL INFORMATION
WHA takes reasonable steps to ensure personal information it collects, uses and where specified above, discloses to others is accurate, complete, and up to date. If your personal information changes or you believe our records are not up-to-date, complete and accurate please contact us. If we agree the information needs correcting, we will take reasonable steps to correct the information. If instead we do not agree the information needs correcting, you can ask us to put a statement with your records explaining what you say needs to be corrected.
If we refuse to correct your personal information, we will provide you with a written explanation for that refusal. We will try to resolve all requests within 14 days of receipt of your written request or 30 days where the matter is more complicated. We may charge you a reasonable fee to correct that information.
PERSONAL INFORMATION ACCESS
Any individual has a right to access any personal information held by WHA about them. WHA will not disclose any personal information requested without first establishing the identity of the person requesting the information. Appropriate identification must be supplied to WHA before any personal information will be disclosed. WHA will try to provide you with access to your requested personal information within 14 days of your request but in no later than 30 days of your request. A reasonable fee may apply
WHAT ABOUT OTHER WEBSITES LINKED TO OUR WEBSITE?
HOW WE DESTROY PERSONAL INFORMATION
WHA securely destroys or de-identifies personal information when it is no longer required. WHA will upon written request from an individual that WHA holds personal information about, destroy or de-identify their personal information unless there is a legal or other requirement to retain that personal information.
QUESTIONS AND COMPLAINTS
If you have any questions or concerns about a possible interference with your privacy, this policy or the APPs, IPPs or HIPRs (as applicable) please submit a complaint in writing specifying the relevant details, marked to the attention of the Managing Director, Level 4, 15 Victoria Street Hobart, Tasmania, Australia 7000.
All complaints will be acknowledged within five (5) business days of receipt. The contact details of the person dealing with the complaint will be advised to the individual making the complaint at this time. We will consider and respond to a complaint within fifteen (15) business days. We will seek to resolve the complaint with you.
If WHA’s response does not resolve the complaint, you can make a complaint about interferences with your privacy:
* in Australia to the Office of the Australian Information Commissioner. Their contact details are:
Email: [email protected]
Post: GPO Box 5218 Sydney NSW 2001
Phone: 1300 363 992
Fax: 02 9284 9666
* in New Zealand to the Privacy Commissioner. Their contact details are:
Phone: 0800 803 909