Healthy Business Performance Group Pty Ltd (ACN 075 007 500) (“HBP Group”, “we”, “us” or “our”) is committed to providing quality products and services to clients and this policy outlines our ongoing obligations to you in respect of how we manage Personal Information. We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your personal information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/
By accessing HBP Group services you agree to be bound by this Privacy Policy and HBP Group’s Terms and Conditions (link to terms and conditions).
When used in this privacy policy, personal information has the same meaning given to it in the Privacy Act. In general terms, it is information that can be used to identify you, such as your name, address, telephone number, email address, profession or occupation. If the information we collect personally identified you, or you are reasonably identifiable from it, the information will be considered personal information.
When used in this privacy policy, sensitive information has the same meaning given to it in the Privacy Act. In general terms, it is a sub-set or personal information and includes information about your health, genetics, racial or ethnic origins, political beliefs, religious or philosophical beliefs, sexual preferences and criminal history. This information is afforded a higher level of protection under the law due to its sensitive nature. Unless required by law, we will only collect sensitive information with your consent.
Sensitive information will be used by us only:
As a client of HBP Group, certain personal information will be required to establish and maintain your records and to provide you with our services. The personal information we collect will vary depending on the services we provide. However, the type of personal information we may collect includes:
Your Personal Information may be obtained in various ways including: on site consultations and coaching, phone coaching and interviews, program registration and personal profile information, user approved API connection to external data sources such as wearable devices, and individual survey data through our unlockinglife web and mobile app platforms. We don’t guarantee any website links or policies of authorised third parties.
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties including your employer. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
If we receive information about you that we have not sought out (referred to as ‘unsolicited information’) we will determine whether we would have been permitted to collect that information as part of providing our services in accordance with the law. If so, we will handle this information in accordance with this policy. If we would not have been permitted to collect this information, it will be destroyed or de-identified as soon as is practicable, but only if it is lawful to do so.
We collect your Personal Information for the primary purpose of providing personalised client services that help to measure and manage an individual’s health concerns, and direct organisational health focus through executive summary. No identifiable personal information is shared outside of HBP Group without the express consent or disclosure to the individual, except where required by law. Explanation of our duty of care would be provided where it is deemed the individual is at imminent risk to themselves or to others.
When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it. The terms of this agreement are subject to an individual’s consent via recorded acknowledgement via the app, web, or verbal confirmation. Each time you interact with HBP Group, additional information may be included to your profile. Providing HBP Group with personal or sensitive information in voluntary. If this information is not provided or consent is not obtained, or is removed, the ability of HBP Group to provide assistance will be limited.
The information we collect will be kept strictly confidential and secure at all times. Where your personal information is disclosed, it will be disclosed in a manner consistent with applicable privacy laws and regulations and only for a purpose that is consistent with the reason it was originally collected. This may include:
Further:
We may be required to use your personal information in a de-identified form (de- identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) to assist us in running our business. Such use is strictly regulated by privacy laws and generally requires approval from an ethics committee. We may also provide de-identified information in an aggregated form to third parties that we have engaged for research, marketing, strategy or other purposes, including:
When your personal information and health information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.
Your contact information may be used to notify you of new services or promotions being offered by us and other related services and products, if we have your permission, a legitimate interest or are otherwise permitted to do so by law. If at any time you no longer wish to receive this information, you can request to “opt out” from receiving this
information by using the unsubscribe link in any email, by replying to any text with “STOP” or by otherwise contacting us using the details in this privacy policy.
Where we market to prospective clients, we are happy to disclose to you how we have obtained this information and will provide the option to ‘opt out’.
We will not sell your personal information to any organisation outside of HBP Group.
HBP Group conducts its business operations within Australia and most of your information is stored by means of electronic storage within Australia. However, we may be required to disclose your personal information to our various service providers who may be located or store your information outside of Australia. In such circumstances we will always ensure that they adhere to our privacy policy and to strict confidentiality obligations in accordance with Australian Privacy Law. We commit to review the terms of services of any service of any service provider of cloud or networked data storage to ensure that the security of your personal information is addressed in any service level agreement.
Yes, you can deal with us anonymously or using a pseudonym where it is lawful and practicable to do so. For example, if you were making a general inquiry as to the services we provide or as a visitor to our website.
In general, HBP Group will not be able to deal with you anonymously or where you are using a pseudonym when:
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to de-identify your Personal Information.
HBP Group prioritizes the security and protection of personal information by employing various measures and adhering to professional standards. Access to personal information is restricted through password-protected computer systems and controlled premises. Our staff is well-informed and obligated to follow a formal code of conduct, which includes handling information in compliance with privacy laws and our Privacy Statement. To safeguard information, HBP Group utilizes industry-standard practices, such as Secure Sockets Layer (SSL) Certificate, data in-transit encryption multifactor authentication, VPN and firewall for securing data submitted through our website and application. We employ both physical and electronic safeguards, including access control to the data centre and login/password requirements for our databases. Access to the database is through the use of a VPN to allow access through our server firewall. Users are advised to sign out or close their browsers after using our website or use browser in incognito or private mode to prevent unauthorized access to their personal information and correspondence. All our workstations are protected by Antivirus and Remote Monitoring Agent Software, which allow for continuous monitoring and management of the device's performance, security, and health.
You may access the personal information we hold about you and to update and/or correct it, subject to certain exceptions allowed by law. These include where:
If we cannot provide your information in the way you have requested, we will advise you of the reasons in writing.
If you are currently involved in a program, you are able to access your personal information via the HealthCi mobile application or Unlockinglife web portal. If you have withdrawn from a program you can access your personal information for 30 days after withdrawal by emailing: admin@healthybusiness.net.au. After 30 days your data will be de-identified and we will be unable to provide you access to your data.
We may charge a fee for your access to personal information, but we will inform you of this prior to any such fee being charged.
In order to protect your Personal Information, we may require identification from you before releasing the requested information.
It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete, and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you. We will need to verify your identity before we are able to action any request to correct information.
If we are able to correct your information, we will let you know within five business days of deciding to do this. If you ask us to do so, we will advise any relevant third parties of the correction, unless it is impracticable or unlawful for us to do so.
If we are unable to correct your information, we will let you know in writing within five business days of making this decision. If you are dissatisfied with our decision, you can refer your complaint to the Office of the Australian Information Commissioner. Contact details are listed at the end of this policy.
If we agree to correct your information, we will do so within 30 days from when you requested the change, or a longer period that has been agreed with you.
If we cannot make the correction within a 30-day time frame or the agreed time frame, we must:
If we become aware that the personal information we hold about you is out of date or inaccurate, we may correct the information or ask you to review and correct your information. It is important that you help us by keeping your contact details up-to-date.
Any suspected breach of our privacy agreement or concerns you may have can be directed immediately via the contact details below.
If you have any queries or complaints about our Privacy Policy please contact us at:
54a Main Road Moonah, Tasmania, 7009
admin@healthybusiness.net.au
1300 655530
We will endeavour to resolve the issue with you amicably in accordance with our complaints resolution procedure. However, if you believe that we have not resolved the issue you may refer the matter to the Office of the Australian Information Commissioner:
Mail: GPO Box 5218,
Sydney, Online: www.oaic.gov.au/privacy
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
This Policy may change from time to time to keep up to date with laws, technology and industry changes. We recommend that you visit our website regularly to keep up to date with any changes. An up-to-date copy of the policy is available on our website.
We will let you know about any material changes to our privacy policy by emailing you at the email address provided by you to us (if any). Your continued use of our services indicates that you accept those changes. Through this document we will always let you know the information we collect, how we use it, and the circumstances under which such information may be disclosed by us.
For more information on your privacy, you can visit www.oaic.gov.au