PRIVACY POLICY PLAZA PHYSIOTHERAPY FOR MEN
- INTRODUCTION
This practice is committed to protecting the privacy of the individuals with whom it deals in the conduct of its business. This privacy policy sets out how this practice will manage the collection, use and disclosure, and storage of personal information about these individuals who include but are not limited to all clients; the general public; and prospective, current, and past employees.
This practice will be honest and open with individuals about its privacy policy and will make this document available to any individual who asks for it.
On request, this practice will also take reasonable steps to let an individual know, generally, what sort of personal information it holds, how and for what purposes it is collected, used and disclosed, and stored.
DEFINITIONS
2.1 Personal Information
Personal information is defined as any information (whether it be fact, opinion or evaluative material) about an identifiable individual that is recorded in any form.
2.2 Sensitive Information
Sensitive information is defined as any information that reveals an individual’s racial or ethnic origin, political religious or philosophical beliefs, opinions or affiliations, trade union membership, sexuality, criminal record or health.
- COLLECTION
3.1 General Principles
This practice will only collect the personal information about an individual that it requires to efficiently treat and manage clients in our care or required personal information for employees and will do so by lawful and fair means and in a manner that is not unreasonably intrusive.
This practice will give individuals the option of remaining anonymous in their dealings with the practice wherever it is lawful and practicable.
3.2 Type of Personal Information
The type of personal information collected by this practice about individuals generally includes
Clients
Name, addresses (including e-mail addresses) and telephone and facsimile numbers , date of birth, employment status, employer, emergency contact person / phone number, other relevant details
Prospective, Current and Former Employees
- Any information provided voluntarily by an individual in an application for employment with this practice.
- All information that constitutes the employee record*.
- Qualification(s)
- Registration
- Professional development
- Employment Resumes.
(*The employee record is currently exempt from the privacy legislation but is included voluntarily by this practice in its Privacy Policy).
3.3 Sensitive Information
Some of the personal information about an individual that this practice collects may be sensitive information. This information will only be collected with the individual’s consent or where:
- the collection is required or specifically authorised by law,
- the collection is necessary to prevent or lessen a serious and imminent threat to the life and health of any individual, where the individual is physically or legally incapable of giving consent,
- the collection is necessary for the establishment, exercise or defence of a legal claim.
3.4 Purposes of Personal Information
The purposes for which this practice uses personal information include:
Clients
- to have real record of contact details,
- to have adequate details of medical conditions/treatment/maintenance;
- to have accurate records of treatment provided.
- To be able to contact emergency person if the need arises
Employees
- to consider a prospective employee’s application for employment,
- to meet this practice’s statutory obligations as an employer,
- to comply with this practice’s human resources policies and procedures,
- to administer this practice’s human resources programs
- to be able to provide immediate assistance to a current employee in the case of a medical emergency involving that individual.
3.5 Data Quality
This practice will take reasonable steps to make sure that the personal information about an individual that it collects is accurate, complete and up to date.
3.6 Identifiers
This practice will not adopt as its own or use or disclose an identifier that has been assigned by a government agency or contractor.
This practice may assign its own identifier to an individual, usually a numeric, alpha or alphanumeric sequence.
3.7 Process of Collection
Wherever it is reasonable and practicable to do so, this practice will collect personal information about an individual only from that individual.
This practice will collect personal information about an individual principally electronically via telehealth apps and programs and e-mail system. From time to time this practice may collect personal information by telephone.
Whichever means is used to collect personal information, this practice will take reasonable steps to ensure that the individual is aware of:
- the fact that the individual is able to gain access to the information;
- the purposes for which the information is being collected;
- the organisations (or the types of organisations) to which this practice usually discloses information of that kind;
- any law that requires the particular information to be collected; and
- the main consequences (if any) for the individual if all or part of the information is not provided.
If this practice collects personal information about an individual from any other person, it will take reasonable steps to ensure that the individual is or has been made aware of the points above except where doing so may pose a threat to the life or health of any individual.
3.7 Process of Collection
Wherever it is reasonable and practicable to do so, this practice will collect personal information about an individual only from that individual.
- USE AND DISCLOSURE
4.1 Use and Disclosure for Primary Purposes
This practice will only use and disclose personal information about an individual for the primary purpose(s) for which it was intended except where:
- the secondary purpose is related to the primary purpose of collection and the individual would reasonably expect the practice to use or disclose the information for the secondary purpose
- the individual consents to the use or disclosure
- the practice has reason to suspect that unlawful activity has been or may be engaged in and uses or discloses the personal information as a necessary part of its investigation of the matter or reporting its concerns to relevant persons or authorities
- the use or disclosure is required or authorised by or under law
- this practice believes that the use or disclosure is reasonably necessary for a specified purpose by or on behalf of an enforcement body.
4.2 Disclosure to Other Organisations
The types of organisations that this practice may disclose personal information to include:
- other related medical practitioners;
- legal entities on subpoena.
Where this practice discloses personal information to another organisation it will take reasonable steps to ensure that the organisation is compliant with the NPPs.
4.3 Trans-border Data Flows
This practice will not transfer personal information about an individual to someone (other than this practice or the individual) who is in another country except where the individual consents to the transfer.
- STORAGE
5.1 Data Security
This practice will take reasonable steps to protect the personal information that it holds from misuse and loss and from unauthorised access, modification or disclosure. This applies to information stored on site at the Practice, in electronic storage during travel (eg laptop) and in cloud-based servers of the practice and third party providers to the practice.
In general, personal information is stored on practice premises and may be held in electronic and/or hard copy format/or external hard drive.
Personal information that is no longer required will be de-identified or destroyed by shredding on site by the practice.
- ACCESS AND CORRECTION
6.1 Access
This practice will provide an individual with access to the personal information that it holds about that individual in accordance with its Access Policy.
6.2 Correction
Where an individual finds an error in this information this practice will make the necessary corrections. However, where there is a dispute between the individual and this practice about the accuracy of the personal information this will be annotated on the information.
- COMPLAINTS
7.1 Complaints Procedure
An individual whose personal information is held by this practice and has a privacy complaint should contact the principal of this practice. All complaints will be handled under the Privacy Complaints Policy.
ATTACHMENT 1
PRIVACY STATEMENT FOR EMPLOYEES
This practice acknowledges and respects the privacy of its employees.
- The information that you provide on this form is “personal information” as defined by the Privacy Act 1988.
- This information is being collected for the purpose of required employment information to certify current qualifications, insurance, etc. The intended recipients of the information are this practice and service providers associated with this practice.
- The provision of this information in voluntary but if this information is not provided, this practice may be unable to process your employment application.
- You have the right of access to and alteration of personal information concerning yourself in accordance with the Privacy Act. The information is being collected by this practice and will be held by this practice. Please direct any enquiries you may have in relation to this matter to our principal of this practice.
- The personal information of our clients and staff is of particular sensitivity and importance to us.
If, during the course of this agreement of during the period of employment with this practice, you receive any personal information relating to us or our members, customers and staff then, despite anything else in this agreement you must:
a) hold or use that information as our agent and as authorised by us
b) be responsible for and liable to us for ensuring that the information is only used and dealt with in accordance with our instructions
c) not store that information on a database in the form of computer disk, microfiche or any other form without prior approval
d) ensure that the information is protected against loss or unauthorised access, use, modification or disclosure, damage or destruction
e) ensure that the information is not reproduced or copied in whole or in part, and is only accessed by authorised staff; and
f) comply and ensure that yourself having access to that information complies with the Privacy Act 1988 and the obligations of confidentiality under this agreement as if they were a party to this agreement.
ATTACHMENT 2
PRIVACY STATEMENT FOR CLIENTS
The practice acknowledges and respects the privacy of its clients.
The information that you provide on our digital forms is “personal information” as defined by the Privacy Act 1988.
This information is being collected for the purpose of physiotherapy treatment. The intended recipients of the information are the practice and service providers engaged by this practice.
The provision of this information is voluntary but if this information is not provided, the practice may be unable to complete your treatment effectively and fully.
You have the right of access to and alteration of personal information concerning yourself in accordance with the Privacy Act. The information is being collected by this practice and will be held by the practice. Please direct any enquiries you may have in relation to this matter to the principle of the practice.
ATTACHMENT 3
PRIVACY COMPLAINTS POLICY
1. Introduction
This practice is committed to protecting the privacy of the individuals with whom it deals in the conduct of its business. This commitment is part of this practice’s
- Legal obligation under the Privacy Act
- Business and ethical obligations
- Service to its clients, employees and the general public.
2. General Principles
This policy will be governed by the following principles at all times
- All complaints will be taken seriously
- All complaints will be dealt with promptly
- All complaints will be treated as confidential
3. Who May Lodge a Privacy Complaint?
Any individual whose personal information is held by this practice has the right to make a complaint and have it investigated and resolved under this Policy.
4. What is a Privacy Complaint?
A privacy complaint relates to any concern or dispute that an individual may have with the practice’s privacy practices associated with that individual’s personal information. This may include:
- How personal information is collected
- How personal information is used or disclosed
- How personal information is stored
- How personal information is accessed
5. How to Make a Complaint?
An individual may lodge a complaint either verbally or in writing by contacting the principal of this practice at:
Plaza Physiotherapy Qld Pty Ltd
Buderim Qld 4556
Telephone: 07 54454248
Email: admin@redsok.com
All complaints will be logged in a complaints register.
6. Resolution of a Privacy Complaint
This practice will aim to provide an effective resolution of a privacy complaint within 30 days or as soon as is practicable.
Once a complaint has been lodged the principal may:
- Request further information and investigation
The principal may request further information from the individual making the complaint. The individual should be prepared to give as much detail as possible including relevant dates and documentation to facilitate a full investigation and an appropriate and satisfactory solution. All details provided by the individual will be kept confidential.
This practice may also need to contact other individuals in order to be able to proceed with the investigation.
- Discuss options
The principal will discuss options, including any suggested by the individual, for resolution of the complaint with the individual.
- Resolution
The individual will be informed of the outcome and the reasons for the decision. If this does not resolve the complaint to the individual’s satisfaction, the matter may be referred to a mutually agreed intermediary.
- Privacy Commissioner
If, after the above steps have been followed and the individual is dissatisfied with the outcome, the individual may refer the matter to the Privacy Commissioner.
7. Records
The practice will keep record of all privacy complaints and their outcome