Integra is strongly committed to ensuring that it collects and uses information provided to us in accordance with privacy laws. Integra places great importance on protecting the privacy of its employees, valued clients, customers and other stakeholders. The Australian Privacy Principles, which were established by the Privacy Act 1988, apply to Integra.
Integrated Care Pty Ltd trading as Integra and its related companies is strongly committed to maintaining the privacy of personal information it collects as part of the services it offers. Integra places great importance on protecting the privacy of its employees, valued clients, customers and other stakeholders.
This policy relates to personal information collected through the course of Integra’s business or by any other means and assumes that the information is acquired from an Australian resident.
The purpose of this policy is to:
- Give individuals a better and more complete understanding of the kinds of personal information that Integra collects and holds
- Clearly and concisely communicate how and when personal information is collected, disclosed, used, stored and otherwise handled by Integra
- Inform individuals about the purposes for which Integra collects, holds, uses and discloses personal information
- Provide individuals with information about how they may access their personal information and seek correction of their personal information
- Provide individuals with information about how they may make a complaint and how Integra will deal with any such complaint
- Advise individuals of the circumstances in which Integra is likely to disclose personal information to overseas recipients
- Enhance the transparency of Integra’s operations
This policy sets out how Integra will comply with its obligations under the Privacy Act 1988 (Cth) (Act). Integra is bound by the Australian Privacy Principles, which regulate how Integra may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them.
Integra will ensure that all officers, employees and sub-contractors are aware of and understand Integra’s obligations and their own obligations under the Act and are provided with training to enable them to fulfil these obligations.
Integra will also achieve this through maintaining internal policies and processes to prevent personal information being collected, retained, shared/exchanged, accessed or disposed of improperly.
For the purpose of this policy, the following terms will have the following meanings, as attributed to them by Section 6 of the Act:
(a) Information or an opinion about:
(i) The health or disability (at any time) of an individual; or
(ii) An individual's expressed wishes about the future provision of health services to him or her; or
(iii) A health service provided, or to be provided, to an individual that is also personal information; or
(b) Other personal information collected to provide, or in providing, a health service; or
(c) Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
(d) Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual
means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
(a) Information or an opinion about an individual's:
(i) Racial or ethnic origin; or
(ii) Political opinions; or
(iii) Membership of a political association; or
(iv) Religious beliefs or affiliations; or
(v) Philosophical beliefs; or
(vi) Membership of a professional or trade association; or
(vii) Membership of a trade union; or
(viii) Sexual orientation or practices; or
(ix) Criminal record; or
(b) Health information about an individual; or
(c) Genetic information about an individual that is not otherwise health information; or
(d) Biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) Biometric templates
This policy applies to all Integra officers, employees and sub-contractors. For clarity, throughout this policy, where there is reference to the "individual", it is taken to include that individual's duly appointed authorised representative (where appropriate).
Collection of Personal Information
Personal information collected by INTEGRA will usually fall into one of the following categories:
Sensitive information collected by INTEGRA will usually fall into one of the following categories:
- Medical records and assessments
- Information submitted and obtained in relation to absences from work due to illness, religious beliefs, or trade union activity
- Criminal records checks
Where practicable, INTEGRA collects personal information directly from the individual. However, due to the nature of Integra’s business, i.e. we work with third-party intermediaries, e.g. insurance companies, employers, etc., personal information is provided to INTEGRA by these intermediaries.
The third party intermediary collecting and exchanging the information has an obligation to ensure that the individual, about whom information is being exchanged with INTEGRA, has consented to the collection and provision of such information. Only in circumstances where "sensitive information" has been provided to INTEGRA by the third party intermediary will INTEGRA be required to seek direct consent from the individual to retain or use this information.
Sometimes INTEGRA will collect personal information from a third party or a publicly available source if it is unreasonable or impracticable to collect the personal information directly from the individual (e.g. checking a candidate's work history).
INTEGRA does not collect personal information unless it is reasonably necessary for, or directly related to, one or more of Integra’s functions or activities.
Where personal information is sensitive information, INTEGRA will only collect that information where:
- It is reasonably necessary for one or more of Integra’s functions or activities; and
- The individual consents to the collection of the information; or
- INTEGRA is required or authorised by law to collect the sensitive information
If INTEGRA receives personal information that it did not solicit from an individual and if INTEGRA determines that it could not have lawfully collected that information as part of its functions or activities, then INTEGRA will (if it is lawful and reasonable) destroy the information or ensure that its contents cannot be identified.
An individual may choose to deal with INTEGRA anonymously or under a pseudonym where lawful and practical. Where anonymity or the use of a pseudonym will render INTEGRA unable to provide the relevant service or reasonably conduct business, INTEGRA may request that the individual identify himself or herself.
For example, it would not be practical to deal with an individual anonymously if INTEGRA is providing assistance in securing paid employment for or providing rehabilitative services to the individual.
Use and Disclosure of Personal Information
INTEGRA will only use and disclose personal information for the primary purpose for which it was initially collected, or for purposes which are directly related to one of Integra’s functions or activities.
INTEGRA will not disclose personal information about an individual to government agencies, private sector organisations or any third parties unless one of the following applies:
- The individual has consented
- The individual would reasonably expect, or has been told, that information of that kind is usually passed on to those individuals, bodies or agencies
- It is otherwise required or authorised by law
- It is reasonably necessary for enforcement-related activities conducted by, or on behalf of, an enforcement body (e.g. police, government department, government agency)
Personal information provided to INTEGRA may be shared with its related companies. INTEGRA will take all reasonable and practical measures to keep such information strictly confidential.
The collection by and use of personal information by third parties may be subject to separate privacy policies and/or the laws of other jurisdictions.
INTEGRA may transfer personal information to overseas countries including, but not limited to, the UK and New Zealand in order to perform one or more of Integra’s functions or activities. In these circumstances, INTEGRA will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the information.
Like many other businesses in Australia, INTEGRA contracts out some of its functions and relies on third-party suppliers or contractors to provide specialised services such as employment services, cloud computing technology and data storage services, legal advice, insurance broking, security services and financial services. If personal information is provided to these suppliers and contractors in order to enable them to perform the agreed tasks, INTEGRA will take reasonable measures to ensure that the supplier or contractor handles the personal information in accordance with the Act and the Australian Privacy Principles.
INTEGRA will also require all suppliers and contractors to provide privacy undertakings and enter confidentiality agreements where suppliers and contractors may have access to personal information.
INTEGRA will take active steps to ensure that all transfers of personal information to a third party and use of such information by a third party is secure and compliant with the Act. For example, all out going email transmissions from INTEGRA are SSL encrypted. However, INTEGRA will not be held responsible for the theft of data by a third party, or the consequences resulting from the loss of data where that loss is associated with technical malfunction, computer viruses, third-party interference or any action or event that is beyond the reasonable control of INTEGRA.
Accuracy of Personal Information
INTEGRA will ensure that all personal information it collects, uses or discloses is accurate, complete and up-to-date. Please contact Integra’s Privacy Officer (contact information below) if you are aware of any personal information that does not meet this objective.
If INTEGRA is aware that it holds personal information that (having regard to the purpose for which it was collected) is inaccurate, out of date, incomplete, or irrelevant, it will take reasonable steps to correct that information.
An individual may also seek access to, and correction of, personal information held by INTEGRA in accordance with the "Access to Personal Information" procedures, set out below.
INTEGRA is committed to keeping personal information secure and safe. Security measures are in place to protect information from unauthorised access, modification or disclosure and loss, misuse and interference.
INTEGRA will review and update these measures from time to time to ensure security is maintained. In addition, personal information and sensitive information held by INTEGRA will be destroyed or have identification removed when it is no longer needed for a purpose for which it was initially collected.
Personal information may be stored in documentary form, but will generally be stored electronically on Integra’s software or systems.
INTEGRA maintains physical security over its documentary and electronic data stores by using locks and security systems. Although INTEGRA takes all reasonable steps to secure personal information from loss, misuse and unauthorised access, there is an inherent risk of loss of, misuse of or unauthorised access to such information. INTEGRA will not be held responsible for such actions where the security of the personal information is not within Integra’s control or INTEGRA cannot reasonably prevent such an incident.
Protecting and Storing Personal Information
INTEGRA is committed to keeping personal information secure and safe. Some of the ways we do this are:
- Requiring employees and contractors to enter into confidentiality agreements
- Secure hard copy document storage (i.e. storing hard copy documents in locked filing cabinets)
- Security measures for access to computer systems
- Password protected data storage devices such as lap-tops, tablets and smart-phones
- Providing a discreet environment for confidential discussions
- Access control for our buildings including waiting room/reception protocols and measures for securing premises when unattended
- Security measures for our websites
Roles and Responsibilities
All INTEGRA officers, employees and sub-contractors are aware of their responsibility to comply with the Act
INTEGRA will ensure that all employees and sub-contractors required to manage personal information are appropriately trained and supervised
- INTEGRA will conduct regular reviews to ensure that personal information is managed correctly
- Breaches of policy or personal information management processes will be dealt with appropriately
- INTEGRA will provide appropriate assistance to individuals and relevant third parties to make enquiries regarding personal information management
- Personal information will be retained according to the requirements of the Act
Access to Personal Information and Correction
An individual may request access to personal information that INTEGRA holds about them.
The procedure for requesting and obtaining access is:
- All requests for access to personal information must be made in writing and must be addressed to Integra’s Privacy Officer (see below for contact details). All requests should specify how the information is proposed to be accessed (photocopies, electronic copy, or visual sighting)
- Any party making a request must provide as much detail as possible regarding the INTEGRA department or person to whom it believes the personal information has been provided and when (this will allow INTEGRA to process requests more efficiently)
- INTEGRA will acknowledge a request within 14 days of the request being made
- Access will usually be granted within 14 days of Integra’s acknowledgment; if the request cannot be processed within that time for whatever reason, INTEGRA will let the party who has made the request the anticipated time-frame for a response to be provided
- The party making the request will need to verify identity and authority before access to personal information is granted
- INTEGRA may charge a reasonable fee for access to personal information, which will be notified and required to be paid prior to the release of any information
- Once the request has been processed by INTEGRA, the party making the request will be notified of Integra’s response and proposal for suitable access (provision of photocopies, digital copies or visual sighting, where appropriate)
- INTEGRA may refuse to grant access to personal information under certain circumstances (see below)
- If, as a result of access being granted, you are aware that INTEGRA holds personal information that you regard as being no longer accurate or incorrect, you may request the deletion or correction of such information
- Upon receipt of a request to correct or delete personal information, INTEGRA will either make such corrections or deletions or provide written reasons as to why it declines to make such alterations (see below)
Under the Act, INTEGRA may refuse to grant access to personal information if:
- INTEGRA believes that granting access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
- Granting access would have an unreasonable impact upon the privacy of other individuals
- Denial of access is required or authorised by law or by a court or tribunal order
- Giving access would be unlawful
- The request for access is frivolous or vexatious
- Legal proceedings are underway or anticipated and the information would not be accessible by way of the discovery process in those proceedings
- Giving access would reveal the intentions of INTEGRA in relation to negotiations between INTEGRA and the party making the request in such a way as to prejudice those negotiations
- Giving access is likely to prejudice enforcement-related activities conducted by, or on behalf of, an enforcement body
- Giving access is likely to prejudice action being taken or to be taken with respect to suspected unlawful activity or serious misconduct relating to Integra’s functions or activities
- Giving access would reveal information in connection with a commercially sensitive decision-making process
If INTEGRA does not agree to make a correction to personal information, the party making the request may provide a statement about the requested corrections and INTEGRA will ensure that the statement is apparent to any users of the relevant personal information.
If INTEGRA does not agree to provide access to personal information or to correct the personal information, INTEGRA will provide the party making the request with written reasons for the refusal and the mechanisms available to complain about the refusal.
INTEGRA has a designated Privacy Officer who is responsible for the management of:
1300 937 187
PO BOX 371
West Perth WA 6872
If you consider that there has been a breach of the Australian Privacy Principles, you are entitled to complain to INTEGRA.
All complaints are to be in writing and directed to the Privacy Officer. A Privacy Complaint Form can be completed. INTEGRA will acknowledge receipt of a written complaint within two business days.
Integra’s Privacy Officer will investigate the complaint and attempt to resolve it within 20 business days after the written complaint was received. Where it is anticipated that this time-frame is not achievable, INTEGRA will contact the person making the complaint to provide an estimate of how long it will take to investigate and respond to it.
If an individual considers that INTEGRA has not adequately dealt with a complaint, he or she may complain to the Privacy Commissioner:
Officer of the Australian Information Commissioner
1300 363 992
GPO Box 5218
Sydney NSW 2001
Australian Privacy Principles - Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)
- Principle 1 – Open and transparent management of personal information
- Principle 2 – Anonymity and pseudonymity
- Principle 3 – Collection of solicited personal information
- Principle 4 – Dealing with unsolicited personal information
- Principle 5 – Notification of the collection of personal information
- Principle 6 – Use or disclosure of personal information
- Principle 7 – Direct marketing
- Principle 8 – Cross-border disclosure of personal information
- Principle 9 – Adoption, use or disclosure of government-related identifiers
- Principle 10 – Quality of personal information
- Principle 11 – Security of personal information
- Principle 12 – Access to personal information
- Principle 13 – Correction of personal information
Refer to Privacy Fact Sheet 17 for further details on the 13 Australian Privacy Principles.
Communication and Review
This policy is to be reviewed as follows:
- Annually (as a minimum)
- Following an information security incident
- Following significant changes to INTEGRA systems
- Following changes to the relevant state/territory and Commonwealth legislation
Monitoring and Training