1. Purpose

HealthX is bound by the Australian Privacy Principles in the Privacy Act 1988. We follow the guidelines of the Australian Government Office of the Privacy Commissioner (OPC) in the collection, handling, use and disclosure of personal information. 

HealthX is strongly committed to protecting the personal information of those who interact with us.  This Policy details how HealthX meets this commitment and complies with the Australian Privacy Principles.

2. Scope

This policy applies to all HealthX systems and processes which may incorporate the collection, storage or retrieval of personal information provided by potential, current or past staff, candidates or clients.

This policy applies to all employees, including:

  • full time, part time, casual, permanent or temporary;
  • contract or commission workers;
  • volunteers, vocational and work experience placements.

It applies to employees whilst:

  • At the Company premises
  • Attending work-related interactions with fellow employees, and with clients, candidates and other stakeholders;
  • Fulfilling work-related obligations;
  • At the Host Company/stakeholder premises; and/or
  • At a Company sponsored or funded functions or activities during and/or outside working hours.

3. Policy

3.1 Personal Information Handling Practices

3.1.1. Why we collect personal information

HealthX only collects personal information for purposes which are directly related to our functions or activities and only when it is necessary for or directly related to those purposes.

HealthX collects personal information because:

  • an individual has provided it to us (eg a candidate applies for a position)
  • we need it to provide a product or service that an individual has requested, (eg a person subscribes to an email)
  • we would like to improve our services, for instance through the collection and analysis of statistical and research data and use of cookies (see below)
  • an individual works for us.

3.1.2 How we collect information 

There are two types of information or data that may be collected:

a.   Information that an individual gives us directly such as when they are filling in a form. This type of information may include an individual’s name, email address or other personal information.

b.  Information which tracks an individual’s activity such as personal information collected automatically to monitor the use of our online and mobile services, like the numbers and frequency of visitors to our website. This helps us identify what users of our site are most interested in and it can also help us identify if there are any problems that need fixing. Most of the data we collect is aggregated, and this information is effectively anonymous to us.

We may use third-party services (eg Google Analytics) to analyse browsing information and produce reports on how visitors use our website. These third-party providers may transfer this information to other parties where required to do so by law, or where such parties process the information on the provider’s behalf. Google will not associate your IP address with any other data held by Google.  You can opt out of the collection of information via Google Analytics by downloading the Google Analytics Opt-out browser add on. See also Google privacy policy.

When engaging with our social media content you can choose to not identify yourself by using a pseudonym.

3.1.3 How we use personal information

We only use personal information for the purposes for which we collected it – purposes which are directly related to one of our functions or activities.

We do not give personal information about an individual to anyone else unless one of the following applies:

  • The individual has consented to the disclosure
  • The individual would reasonably expect, that information of that kind is usually disclosed to individuals, bodies or agencies (to provide the service you wish to use, for example disclosure to a potential host employer or to a migration agent known to you),
  • Disclosure is required or authorised by law or is reasonably necessary for the enforcement
  • of the law, (eg AHPRA, Department of Immigration) or
  • Disclosure will prevent or lessen a serious and imminent threat to life or health.

HealthX collaborates with a variety of third parties to deliver the services we offer. These third parties change from time to time and include technology service providers for Internet, App services, cloud service, migration and legal services. These third parties may be located in Australia or overseas locations, including but not limited to the Philippines and the USA.

Wherever possible, HealthX imposes contractual restrictions equivalent to those imposed applicable to HealthX under the Privacy Act in respect of collection and use of personal information by those third parties.

Under no circumstances will HealthX sell or receive payment for licensing or disclosing an individual’s personal information.

3.1.4 Data quality

We take steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.

3.1.5 Security of personal information

HealthX takes steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. When the personal information that we collect is no longer required, we destroy or delete it in a secure manner.

There are inherent risks in transmitting information across the internet and we do not have the ability to control the security of information collected and stored on third party platforms. In relation to our own servers, we take all reasonable steps to manage data stored on our servers to ensure data security.

3.2 Accessing personal information

Individuals can access the personal information that we hold about them, and they can ask us to correct the personal information we hold about them. HealthX will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up-to-date unless we consider that there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes. If HealthX does not agree to make requested changes to personal information an individual may make a statement about the requested changes and HealthX will attach this to the record.

3.3 Complaint Handling Processes

An individual may complain to HealthX about the way we handled their personal information. A complaint should be handled in a timely manner and, where appropriate, resolved quickly and informally. Complaints about HealthX actions should be made in writing. On receipt, the complaint is referred to the Marketing Coordinator

A complaint received should always be examined to see whether HealthX acted appropriately. If not, it may be appropriate to provide an explanation or apology. If further action is deemed to be required, the matter may be referred to the Chief Executive for consideration. All responses to complaints will be made in writing.

Under the Privacy Act an individual can make a complaint to the Office of the Australian Information Commissioner about the handling of their personal information by private sector organisations covered by the Privacy Act.

4. Consequences of non-compliance 

Failure to comply may place HealthX in breach of state or federal law. 

Failure to comply with the policy may result in the application of the HealthX Disciplinary Policy with consequences which may include termination of employment. 

5. References 

 PrivacyAct 1988
Australian Privacy Principles