Corporate Work Health Australia Pty Ltd ACN 149 617 738 of 1 Hearn Street, Altona North, Victoria 3205 (“we”, “us”, “our” or “CWHA”), complies with the Privacy Act 1988 (Cth) (“Privacy Act”) and the applicable Privacy Principles in the Privacy Act when handling personal information, together with the together with all rel-evant State health records Legislation (“Health Records Acts”) and the applicable Health Privacy Principles in the Health Records Acts (as the case may be) when handling personal information which is health information, together with the General Data Protection Regulation (GDPR) to the extent it applies.
We take the protection of your personal information seriously. Personal information includes personal data (as defined in the GDPR) and means any information or opinion, whether true or not, about a person who is identi-fied or whose identity can reasonably be established or any information relating to an identified or identifiable natural person (“Personal Information”).
We collect Personal Information for the purposes of delivering our products and services (“Ser-vices”). We may collect information through the CWHA website located at https://corporateworkhealth.com.au (“Website”), or in the course of providing our Services from time-to-time.
We collect Personal Information:
• from clients – when they register an enquiry, book an assessment or training package, in the course of providing our Services in the workplace and/or at any other time from time-to-time in the course of providing our Services;
• from clients’ employees or other personnel in the course of providing our services in the workplace and/or at any other time from time-to-time in the course of providing our services;
• when they are engaged to supply services to us (such as Osteopathy, Physiotherapy, Exercise Physiologist or Occupational Therapist services), provide information to us or invoice us for the provision of their services;
• when we receive enquiries through the Website and when the Website is otherwise accessed or used;
• when we receive enquiries via email.
The kind of Personal Information we may collect will depend on who you are (e.g. a client, employee of a client or patient or third party service provider) and the nature of your interaction with us, and may include your full name, email address, postal or residential address, age, medical conditions, medical history, current or past in-juries, billing information and other Personal Information. If you do not provide us with all the information we request, we may not be able to deliver our Services.
Some Personal Information we collect may include health information. Health information includes any infor-mation collected about your health or disability, and any information collected in relation to a health service you have received (“Health Information”). We collect Health Information from clients’ employees or other person-nel in the course of providing our services in the workplace and/or at any other time from time-to-time for the purposes of providing our Services in the safest and most appropriate way, and to optimise the quality of our Services.
We may use any Personal Information collected (excluding Health Information) to provide our Services, oper-ate the Website, send you our newsletter, respond to feedback and complaints, communicate with third party service providers, develop new Services, or if needed to enforce our client terms and conditions with you. If you are a third-party service provider, we will use your Personal Information to email you to accept your offer to provide Services, correspond with you in relation to the provision of Services and to pay your invoices.
In all cases, unless you have opted out, you consent to us using your Personal Information (excluding Health Information) for direct marketing purposes by us alone in order to tell you about our Services. We may contact you by mail, telephone, email or SMS to market our products and Services. We will always give you the oppor-tunity to opt out of receiving any future direct marketing correspondence.
We comply with the Health Privacy Principles and the GDPR in the collection, use and disclosure of all Health Information. We collect Health Information:
• from our clients or patients when they attend our practice for the purposes of Osteopathy treatments or otherwise incidentally volunteer information about their medical conditions, injuries or general health and wellbeing;
• as necessary for the provision of our Services, but only as necessary for the provision of our Services, or as otherwise in accordance with your consent, or as may be required by law including Court order;
• only from you (or from someone authorised by you) (including your caregiver if you have one);
• with accuracy, on the basis that you may at any time request a copy of the Health Information that we hold by emailing us at firstname.lastname@example.org
In the event our records are found to be inaccurate, we will rectify any inaccuracies on the basis of the further information you provide.
Disclosure and sharing:
You expressly agree that we may disclose Personal Information (excluding Health Information) to third parties for purposes associated with the provision of our Services and to third party service providers we engage to help us deliver our Services and for our own marketing purposes. We will only disclose Personal Information to additional third parties with your consent or if permitted or authorised to do so by law.
You expressly agree that we may disclose your Health Information to our Osteopathy services provid-ers (who may be third party contractors) for the provision of Osteopathy services to you, PROVIDED ALWAYS that such third party Osteopathy service providers are subject to the restrictions of this Pri-vacy Policy and a legal obligation of non-disclosure of your Personal and Health Information.
You may authorise us to stop processing your Personal Information at any time.
Data security, protection and quality:
We will protect the Personal Information we collect and hold from misuse, loss and interference and from unau-thorised access and modification, and to make sure it is accurate, complete and up-to-date when we collect, use or disclose it.
We have procedures of monitoring the security and safety of data as well as procedures in place for dealing with any data breaches, and the associated requirements of notifying you and appropriate authorities where that data security of your Personal Information is breached.
To assist us, please ensure you provide us with your correct details, and let us know if you believe the infor-mation we have about you is inaccurate, incomplete, out of date or misleading (and we will take reasonable steps to correct the information). We may take steps to destroy or permanently de-identify information when it is no longer needed for any purpose for which it may be used or disclosed.
Your right to erasure:
The right to erasure (which encompasses the ‘right to be forgotten’) gives you a right to require us to delete your Personal Information in certain circumstances, and/or to return it to you including, but not limited to where your Personal Information is no longer necessary for the purpose for which it was collected, or where you withdraw your consent and there is no other legal ground for processing your data. If you wish to have your Personal In-formation erased and/or returned to you please notify us at email@example.com
You can modify your browser to prevent cookie use – but if you do this our service (and our Website) may not work properly. The information stored in the cookie is used to identify you. This enables us to operate an effi-cient service and to track the patterns of behaviour of visitors to our Website.
Access, correction and complaints:
You can request, and we will provide you with access to, and a copy of any Personal Information we hold about you (including any health information) (subject to any applicable legal exceptions). Please also let us know if you have any concerns or complaints about the way we are handling your Personal Information so we can address them. Requests should be submitted by email firstname.lastname@example.org
Where our records are found to be inaccurate, or if you wish to modify the Personal Information we hold about you, we will promptly make these changes on the basis of the further information you provide.
Transfer in certain circumstances:
For further information on your privacy rights go to: www.privacy.gov.au
For further information on the Health Records Acts, go to:
For further information on the GDPR, go to:
Last Updated 10 April 2019