HealthX is strongly committed to protecting the personal information of those who interact with us. This Policy details how HealthX meets this commitment and complies with the Australian Privacy Principles.
This policy applies to all HealthX systems and processes which may incorporate the collection, storage or retrieval of personal information provided by potential, current or past staff, candidates or clients.
This policy applies to all employees, including:
It applies to employees whilst:
3.1 Personal Information Handling Practices
3.1.1 Why we collect personal information
HealthX only collects personal information for purposes which are directly related to our functions or activities and only when it is necessary for or directly related to those purposes.
HealthX collects personal information because:
3.1.2 How we collect information
There are two types of information or data that may be collected:
When engaging with our social media content you can choose to not identify yourself by using a pseudonym.
3.1.3 How we use personal information
We only use personal information for the purposes for which we collected it – purposes which are directly related to one of our functions or activities.
We do not give personal information about an individual to anyone else unless one of the following applies:
HealthX collaborates with a variety of third parties to deliver the services we offer. These third parties change from time to time and include technology service providers for Internet, App services, cloud service, migration and legal services. These third parties may be located in Australia or overseas locations, including but not limited to the Philippines and the USA.
Wherever possible, HealthX imposes contractual restrictions equivalent to those imposed applicable to HealthX under the Privacy Act in respect of collection and use of personal information by those third parties.
Under no circumstances will HealthX sell or receive payment for licensing or disclosing an individual’s personal information.
3.1.4 Data quality
We take steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.
3.1.5 Security of personal information
HealthX takes steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. When the personal information that we collect is no longer required, we destroy or delete it in a secure manner.
There are inherent risks in transmitting information across the internet and we do not have the ability to control the security of information collected and stored on third party platforms. In relation to our own servers, we take all reasonable steps to manage data stored on our servers to ensure data security.
3.2 Accessing personal information
Individuals can access the personal information that we hold about them, and they can ask us to correct the personal information we hold about them. HealthX will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up-to-date unless we consider that there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes. If HealthX does not agree to make requested changes to personal information an individual may make a statement about the requested changes and HealthX will attach this to the record.
3.3 Complaint Handling Processes
An individual may complain to HealthX about the way we handled their personal information. A complaint should be handled in a timely manner and, where appropriate, resolved quickly and informally. Complaints about HealthX actions should be made in writing. On receipt, the complaint is referred to the Marketing Coordinator
A complaint received should always be examined to see whether HealthX acted appropriately. If not, it may be appropriate to provide an explanation or apology. If further action is deemed to be required, the matter may be referred to the Chief Executive for consideration. All responses to complaints will be made in writing.
Under the Privacy Act an individual can make a complaint to the Office of the Australian Information Commissioner about the handling of their personal information by private sector organisations covered by the Privacy Act.
Failure to comply may place HealthX in breach of state or federal law.
Failure to comply with the policy may result in the application of the HealthX Disciplinary Policy with consequences which may include termination of employment.
Australian Privacy Principles