Injurynet Australia Pty Ltd (Injurynet) is committed to complying with its obligations under the Privacy Act 1988 (Cth), the Australian Privacy Principles (APP’s) and all relevant state based health records and information privacy legislation.
This policy applies to the services provided by Injurynet and binds all of our employees and health professionals.
Personal information is information or an opinion about someone we can identify or who we can reasonably identify from the information we have, whether it is true or not and whether it is recorded or not. It includes ‘sensitive information’ such as your information about your health
Injurynet will collect personal information directly from you where it is reasonable and practicable to do so
Injurynet will only collect information that is necessary for these purposes.
Where practicable, we will collect your personal information directly from you. However, we may also need to collect information about you from others such as companies employing you, insurance companies, financial institutions, medical or health service providers and other similar organisations that are permitted to share your personal information with us for the purposes of providing our services.
The protection of your personal information is a priority and we take reasonable precautions to ensure your personal information is protected from misuse, unauthorised access, modification or disclosure.
We may store your personal information in both, or either, hard copy or electronic format.
Hard copy information is kept under lock and key with restricted access either on our premises or in secured external storage. Information stored in electronic format is protected from unauthorised access through the use of secure passwords and user log on or other security procedures. All data is stored within Australia.
When you enter sensitive information (such as credit card numbers) on our website, we encrypt that information using secure socket layer technology (SSL). When Credit Card details are collected, we simply pass them on in order to be processed as required. We never permanently store complete Credit Card details.
The Injurynet website may contain links to other websites. These are provided as a convenience to you and not as an endorsement by Injurynet of the contents of other websites.
We collect information from our website using server logs and data analytics service providers. When you visit the site to read, browse or download information, our system will record/log your IP address (the address which identifies your computer on the internet and which is automatically recognised by our web server), date and time of your visit to our site, the pages viewed and any information downloaded. This information will only be used for the purpose of site analysis and to help Injurynet offer you improved online services. We may automatically collect non-personal information about you such as the type of internet browsers you use or the site from which you linked to our websites. You cannot be identified from this information and it is only used to assist us in providing an effective service on our website
For more information about eWAY and online credit card payments, please visit www.eway.com.au
Injurynet takes steps to protect your information from misuse, interference, loss, and from unauthorised access, modification or disclosure. Your information may be stored in hard copy documents or electronically on Injurynet’s internal servers. These servers are protected with high level security protocols.
To prevent unauthorised access or disclosure, we have put in place physical, electronic and managerial procedures to safeguard and secure the information, including the information we collect online. Examples include keeping hardcopy information within secured premises, using daily encrypted backups that are stored offsite, and restricting access to information provided to us by third parties to relevant personnel only
An eligible data breach occurs where there is a reasonable person would conclude that there is a likely risk of serious harm to any of the affected individuals as a result of the breach. Serious harm could include serious physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation and other forms of serious harm that a reasonable person in the entities position would identify as a possible outcome of the data breach.
Where a reasonable person could conclude that, as a result of the remedial action taken, the eligible data breach is not likely to result in serious harm to the affected individuals, the breach would no longer be considered an eligible data breach.
Whether an entity has reasonable grounds to believe that there has been an eligible data breach will vary depending on the circumstances. If the situation merely provides an entity with reasonable grounds to suspect that there has been an eligible data breach, the Privacy Act requires that entity to undertake reasonable and expeditious assessment (situation assessment) of whether there are reasonable grounds to believe that an eligible data breach has taken place.
As required by the Privacy Amendment (Notifiable Data Breaches) Act 2017, Injurynet has developed a data breach response plan that sets out the steps that Injurynet will follow when it becomes aware or suspects that a data breach has occurred
You may, in most cases, access the personal information we hold about you by making a request in writing to our Privacy Officer (firstname.lastname@example.org) or via mail.
Your employers or prospective employers may also request certain information we hold about you however we will only provide this information to them where it is appropriate and we have obtained your prior written consent.
When making this request, please provide as much detail as possible regarding the information you require access to, including the person to whom the information has been provided and when. We also need information to positively identify you.
We may also charge you a reasonable administration fee for the provision of the information.
Injurynet will acknowledge your request within 10 business days and providing Injurynet has the personal information requested, access should be granted within 10 business days. Injurynet will inform you if this timeframe is not achievable in the particular circumstance.
We will endeavour to provide you with access in the manner requested, however in some circumstances the nature of the information or the record it is contained in may mean that we can only provide you with access in a particular manner. Depending on the circumstances, this may be by mail, email, or you may personally be given access to inspect the information.
If access is refused to some or all of the information, our reasons will be provided to you in writing with details of the complaint mechanisms available to you if you are not satisfied with our decision.
If Injurynet has collected your personal information on behalf of a third party, we recommend that you approach the third party directly for access to your information
If you are not satisfied with our handling of your complaint, you can refer your concerns to the Office of the Australian Information Commissioner (www.oaic.gov.au).