Your privacy is important to SRC Solutions.  We are bound by the Privacy Act 1988 (Cth) and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 in relation to the personal information that you provide, and give effect to these laws by following the Australian Privacy Principles (APPs) which came into effect on 12 March 2014.

Purpose

The purpose of this policy is to:

  • clearly communicate the personal information handling practices of SRC Solutions
  • provide information about the collection and storage of personal information that is necessary to provide our services.

The types of information collection covered in this policy are:

  • personal health information
  • information collected to fulfill our business commitments.

Collection of Information (APP 3)

We collect information that is necessary to offer, provide and improve our services. While all information collected by SRC Solutions is regarded as confidential, we may be obligated to release information through other legislative requirements (court subpoena, Department of Human Services, Comcare etc.).

Personal information

Personal information is any information or an opinion (whether true or not) about a person.  It may range from the very sensitive (e.g. medical history or condition) to the everyday (e.g. address and phone number).  Personal information includes sensitive information (see below).

What is sensitive information?

Sensitive information is a special category of personal information.  It can include personal information collected to provide a health service.  It is defined as information or opinion about a person’s:

  • racial or ethnic origin
  • political opinion
  • membership of political associations or religious beliefs, affiliations or philosophical beliefs
  • membership of a professional or trade association or membership of a trade union
  • sexual preferences or practices
  • criminal record
  • health or disability (at any time)
  • expressed wishes about the future provision of health services.

Sensitive information can, in most cases, only be disclosed with the written consent of the person.

What is health information?

Health information is:

  • information or an opinion about:

–        your health or a disability (at any time), or

–        your expressed wishes about the future provision of health services to you, or

–        a health service provided, or to be provided, to you.

  • other personal information collected to provide, or in providing, a health service.

A health service is:

  • an activity performed in relation to you that is intended or claimed (expressly or otherwise) by the person performing it:

–        to assess, record, maintain or improve your health, or

–        to diagnose your illness or disability, or

–        to treat your illness or disability or suspected illness of disability.

  • the dispensing or prescribing of a drug or medicinal preparation by a pharmacist.

Personal information collected and held by SRC Solutions

The kinds of personal information that SRC Solutions collects and holds usually falls into the following categories:

  • title, name, postal address, email address and other contact details
  • credit information including billing details, identification information and other information as needed to invoice you for services
  • details of current/most recent duties and relevant employment history
  • health information (when appropriate and with consent of the individual).

Information relevant to your relationship with us may also be collected such as transaction details, services used, preferred report formats and timeframes for response.  From time to time, we may seek your opinion on our services through customer feedback surveys and other interactions.

How SRC Solutions collects and holds personal information (APP 1 and 5)

SRC Solutions usually collects personal information directly from individuals.  SRC Solutions may sometimes collect information from a person acting on your behalf, where you have consented to such collection or it is unreasonable or impractical to collect the information directly from the individual.

We only collect personal information where it is reasonably necessary for, or directly related to, one or more of SRC Solutions’ functions or activities, including the delivery of work health and safety or return to work services.  This might include, but is not limited to Workstation Assessments, Initial Needs Assessments, Vocational Assessments, Functional Capacity Evaluations and Return to Work Programs.

We may also collect information from:

  • telephone, email and written communications we have directly with you
  • registration information you provide to SRC Solutions in the course of registering for or purchasing one of our services
  • comments or content that you post about SRC Solutions through a third party social media service
  • you visiting our website.

At, or before the time, or, if that is not practicable, as soon as possible after SRC Solutions collects personal information about you, we will take all necessary steps to tell you the purposes for which the information is being collected,  the main consequences if some or all of the personal information is not collected and to provide a copy of SRC Solutions’ Privacy Policy.

Activity Information – cookies and other technologies

When you look at SRC Solutions’ website (www.srcsolutions.com.au), our service provider makes a record of your visit.  The information that may be collected includes:

  • IP (Internet Protocol) address of the machine which has accessed it.
  • top-level domain name (eg. .com, .gov, .au, .uk etc)
  • IP Address of your server
  • date and time of your visit to the site
  • pages accessed
  • previous website visited
  • type of browser and operating system you have.

The information collected during each visit will be used for statistical purposes only, mainly for the purpose of producing reports in order to identify patterns of usage of our website, which assist SRC Solutions in improving the site for users.

Where there are links to other websites on the SRC Solutions website, these have been inserted for convenience and do not constitute endorsement by SRC Solutions.

Newsletters and information emails

Information may be collected from subscribers to our newsletter, which may include:

  • IP (Internet Protocol) address of the machine which has accessed it.
  • top-level domain name (eg. .com, .gov, .au, .uk etc)
  • IP Address of your server
  • date and time of your visit to the newsletter
  • newsletter pages accessed
  • click through access to the SRC Solutions website.

The information collected during each visit will be used for statistical purposes only, mainly for the purpose of producing reports in order to monitor how many people open the newsletter and read the various articles, with the aim of ensuring that our newsletter can be appropriately directed and include relevant information for subscribers.

Purposes for which we collect, hold, use and disclose personal information (APPs 6 and 7)

We primarily collect, hold, use and disclose personal information for the following reasons:

  • management of a claim for workers’ or other compensation
  • management of rehabilitation and return to work programs
  • provision of services such as training, development and injury prevention activities such as Workstation Assessments
  • identifying and addressing Work Health and Safety issues.

We may disclose personal information for the purposes for which it is primarily held or for a related secondary purpose.  In some cases we may only disclose information with the consent of the person. We may disclose personal information where we are under a legal duty to do so, including circumstances where we are under a lawful duty of care to disclose information.

We may also use your personal information to inform you about the website, goods, services, offers or other matters which SRC Solutions believes would be of interest to you.  This may include, but is not limited to, monthly e-Newsletters, information about upcoming training courses and industry forums and general updates in relation to health and safety.  You may request not to receive these communications at any time.

Quality, access and correction (APPs 10, 12 and 13)

SRC Solutions will take reasonable steps to ensure that any personal information that we collect, use, disclose or hold is accurate, up-to-date and complete.

Subject to some exceptions that are set out in the Australian Privacy Principles, a person can gain access to the personal information that we hold about them.  We do refuse access if it would interfere with the privacy rights of other persons or if it breaches any confidentiality that attaches to that information.  If access is refused, then you will be provided with a written response outlining the reasons for the refusal and mechanisms available to complain about the refusal.

If a person wishes to request access to their personal information, they should be provided with a copy of our Privacy Policy and be advised to contact our Privacy Officer, who is Louise Hughes, Chief Executive Office.  Where reasonable and practicable, access will be given in the manner and timeframe requested.  A reasonable fee may be charged for the administration of information provision and access.

Similarly, a person may also request that we correct personal information about them.  Before providing access to or correcting personal information, we may require a person to verify their identity.  If we refuse to correct the personal information, then you will be provided with a written response outlining the reasons for the refusal and mechanisms available to complain about the refusal.

Complaints

If you believe that SRC Solutions has breached any of the Australian Privacy Principles, you may submit a complaint to SRC Solutions.  Complaints must be made in writing to the Privacy Officer by phone or postal address listed in this policy.

Post:

Privacy Officer

SRC Solutions

PO Box 770

Mawson ACT 2607

Phone:

(02) 6282 6122

 

Disclosure of personal information to overseas recipients (APP 8)

Personal information collected and held by SRC Solutions will not be disclosed to overseas recipients for any purpose.  SRC Solutions does not store any personal information offshore and uses only Australian based service providers, including IT support and backup services.

Anonymity and pseudonymity (APP 2)

In general, SRC Solutions will give you the option of not identifying yourself when dealing with us.  For example, when making a general enquiry about our services or if we seek feedback from you following the delivery of services, this may be provided on an anonymous or pseudonymous basis.

However, there are circumstances where it is impractical for SRC Solutions to deal with individuals without knowing their identity, including in the delivery of services to individuals.

Adoption, Use or Disclosure of Government Identifiers (APP 9)

We will not use government related identifiers, such as your Medicare or tax file number, as our own identifier to link you with your personal information.  We will not use or disclose any government related identifier of yours unless required or authorised by law.

However, due to the nature of the services provided by SRC Solutions, we may have knowledge of relevant government identifiers, which might include your Australian Government Service (AGS) number or your workers’ compensation claim number.

Return/Destruction of solicited and unsolicited Personal Information (APPs 1 and 4)

Personal information provided to SRC Solutions by the client agency (the employer), for the purpose of performing functions under a contractual agreement, remains the property of the employer.  This applies to information provided directly to or collected by SRC Solutions from other than the employer in relation to the agreed contractual functions.

On completion of the contractual agreement or as required by the employer, all personal information must be returned to the employer, permanently destroyed, or permanently de-identified.

If SRC Solutions receives personal information which we did not solicit and SRC Solutions determines within a reasonable period of time that we could not have otherwise collected the personal information, where lawful and reasonable to do so, we will destroy the information or ensure that the information is de-identified as soon as practicable.

We take reasonable steps to ensure that personal information which is no longer required for any lawful purpose is destroyed or permanently de-identified.  However, some personal information may be held for a specific period of time due to statutory requirements.

Storage and Security of Personal Information (APPs 1 and 11)

SRC Solutions maintain security and privacy of personal information collected in the course of workstation assessments, training, audits, return to work activities and any other services delivered by SRC Solutions.  Access to computerised data is controlled by server-based, password-controlled network arrangements.  Physical security of confidential material is managed through secure internal storage and handled only by staff directly involved, supported by our 24-hour monitored perimeter security system.

Further information on Privacy

The Office of the Privacy Commissioner handles privacy issues which involve a person’s personal information. This can include privacy issues associated with information about your location, your health and body and your communications with others. More information can be found on the Privacy Website at www.oaic.gov.auor call 1300 363 992.  The Privacy Act regulates ‘information privacy’. The Privacy Act covers a number of different activities and sectors but does not cover confidentiality, secrecy or freedom of information.