Privacy Policy

Purpose

Path Allied Health (Path Allied Health) is committed to operating ethically at all times, in accordance with relevant legislation and regulation, in accordance with internal policies, protocols and procedures.

We understand that your privacy is important.

This document sets out how we protect your privacy and manage your personal information. It applies to all people who deal with us, including our workers.

We may change or update our Privacy Policy from time to time. If we do, we will post the amended or updated version on our website. We encourage you to visit our website regularly so that you are familiar with the most recent version. Any updates or changes will apply from the time they are posted on our website.

Applies to

This policy applies to all workers, clients and their families.

Definitions

Cookie

A cookie is a small text file placed on your computer by a web server when you access a website. Cookies in themselves do not identify the individual user, just the computer used.

Consent

Means your permission. Your consent can be express or implied. Express consent can be written (eg, when you sign a form) or verbal (eg, when you give us your permission over the phone or in a face to face conversation). Your consent will be implied where we can reasonably form a conclusion that you have given consent by taking action or deciding not to take action. 

Health information

Information or an opinion about: the physical, mental or psychological health (at any time) of an individual; or a disability (at any time) of an individual; or an individual's expressed wishes about the future provision of health services to him or her; or a health service provided, or to be provided, to an individual that is also personal information; or other personal information collected to provide, or in providing, a health service.

Person we support

Means a person who is currently receiving or has previously received services from us or has made inquiries to us about receiving services from us.

Personal Information

Means information about you, where your identity is clear or identifiable from the information (for example, your name, address, phone number, date of birth). It does not include de-identified information (for example, information about the number of people using a service that you use, where your identity is not disclosed or otherwise identifiable).

Sensitive Information

Is a category of personal information and includes your health or medical information.

Path Allied Health, we or us

Refers to Path Allied Health PTY LTD

Unsolicited personal information

Unsolicited personal information is personal information that we receive but have taken no active steps to collect. Examples include: misdirected mail; unsolicited correspondence; a petition that contains names and addresses; an employment application on an individual’s own initiative and not in response to an advertised vacancy; a promotional message containing personal information, sent by an individual promoting the individual’s business or services.

Workers

Means all people undertaking work for or engaged by Path Allied Health in either a paid or unpaid capacity, collectively referred to as 'workers' for the purpose of this procedure.

Policy

1. Collection of your personal information

1.1 What kind of personal information do we collect and hold?

a. The amount and type of personal information we collect from you and hold about you will vary depending on how you deal with us.

b. If you are a Path Allied Health client, nominated client representative or a client referrer the personal information that we hold about you may include:

• your name, address, telephone and email contact details;
• your gender and date of birth; and
• records relating to your service agreement including renewal and billing information

c. If you are a person we support or are connected to a person we support (eg family member, carer, advocate or nominated representative), the personal information that we hold about you may include:

• your name, address, telephone and email contact details;
• your gender, date of birth and marital status;
• information about your disability and support needs (see Section 1.2 below);
• health and medical information (see Section 1.2 below);
• things that are important to you, e.g., your likes and dislikes;
• your living arrangements and accommodation needs;
• your learning and educational needs;
• details concerning your daily life and routine;
• details concerning your employment goals and other life goals;
• details concerning your social and community activities;
• your visual image, via photograph or otherwise;
• any other information obtained from you when you use the National Disability Insurance Scheme Planning Tool (NDIS Planning Tool) which will enable us to provide you with a report of your needs and provide you with our disability support services;
• your Medicare number and other identifiers used by Government agencies or other organisations to identify you;
• financial information;
• records of our interactions with you such as system notes and records of conversations you have had with our employees;
• information about the services you are funded to receive, whether under the National Disability Insurance Scheme or otherwise and the current supports you are using;
• information about the services we provide to you including details of the outcomes or goals we are working with you to achieve, and other plans relating to the services you have asked for and the way in which we will deliver those to you; and your billing details.
  
   

d. If you are an employee, job applicant or contractor, the personal information we hold about you may include:

• your name, address, telephone and email contact details;
• your gender and date of birth;
• your tax file number and other identifiers used by Government agencies or other organisations to identify you;
• information about your qualifications, training and work history;
• information from police checks, working with children checks (or similar), and information about your right to work in Australia; and
• records relating to your contractor work with us.
  
   

e. If you use our websites, the personal information we hold about you may include:

• your name, address, telephone and email contact details;
• any details you provide to us through your use of the website – for example, if you register to be on our mailing list or use the website to send us messages or comments; and
• any details you provide to us as part of a payment via the website.
  
   

f. If you do not fall into one of these categories, we generally do not hold your personal information.

 

1.2 Do we collect sensitive information?

a. We understand that protecting your privacy in relation to sensitive information is particularly important.
 

b. To provide our services or to respond to inquiries about our services, we may be required to collect and hold your sensitive information including health and medical information and information relating to your disability or ailment and support requirements where you have consented to provide such information.
 

c. You can ask us to withdraw or amend your prior consent at any time. Simply contact us (our contact details are listed below in Section 5.1) to make your request.
 

d. We will limit the collection of sensitive information to the minimum amount required in the circumstances to provide you with, or a person with whom you are connected with, our services.

 

1.3 Your health information

a. The privacy and security of your health information is a key priority for us.
 

b. When we collect and store your health information, we will ensure:

• that you are aware that we have this information, the full scope of the information we have, and the purpose for which we hold it
• that you are aware that you can access the information and correct errors in it at any time
• that you have the opportunity to require us to provide this information to another health provider upon your instruction to do so.
  

1.4 How do we collect personal information?

a. We may collect personal information from you in a range of ways including:

• when you inquire about services;
• when you apply to receive services or supports from us;
• when you apply for or are successful in obtaining employment role with us;
• when you contact us in person, by phone, via mail, email or online (or when we contact you through any means);
• through our direct marketing activities.

b. Where possible, we will collect your personal information directly from you or your nominated representatives. However, there may be circumstances in which we need to collect your information from other people or organisations.

• For example, if you have asked us to manage and co-ordinate the supports you receive from Path Allied Health and other organisations, we may collect information about you from your other service providers. If you are receiving funding for your Path Allied Health supports, we may also collect information about you from the funding agency.

c. If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, we will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we have collected your personal information.
 

d. If you have provided us with information about another person, then you need to tell that other person that you have done so, that they have a right to access their information and that they can refer to the Privacy Policy for information on how Path Allied Health will handle their personal information.

 

1.5 Unsolicited personal information

a. Sometimes we may receive personal information that we did not request. This is known as unsolicited personal information.
 

b. If the information is such that we could have lawfully collected it for an allowed purpose (see Section 2 below), then we will deal with the information in the same way as solicited information.
 

c. If the information is such that we could not have lawfully collected it, we will destroy or de- identify it as soon as practicable if it is lawful and reasonable to do so.
 

d. Personal information provided to us that is additional to the information that we requested will be treated as unsolicited personal information. For example, if an individual completes an application form but attaches financial records that we did not ask for, these are treated as unsolicited personal information.

 

1.6 If you do not provide us with your personal information.

a. If you do not provide us with the personal information we reasonably request, we may be unable to provide you with the information, services or supports that you are requesting.

 

2. Use of your personal information

2.1 Why does Path Allied Health Group need your personal information?

a. The purposes for which we collect, hold, use, or disclose your personal information depends on how you deal with our organisation.
 

b. If you are a Path Allied Health client, nominated client representative or a client referrer, we may collect, hold, use, and disclose your personal information to:

• comply with laws and regulations and to meet Path Allied Health corporate governance requirements;
• send you information about our organisation, services and supports;
• conduct surveys, research and analysis;

c. If you are a person we support or are connected to a person we support (eg, family member, advocate or nominated representative), we may collect, hold, use, or disclose your personal information to:

• provide you with information about our services and supports;
• provide you with a consolidated report of your (or the person you provide support to) personal information for the purposes of the NDIS Planning Tool;
• administer our services and supports;
• process payments;
• answer your inquiries and deliver customer service to you;
• conduct quality assurance activities;
• carry out internal functions including administration, training, accounting, audit and information technology;
• resolve complaints;
• comply with laws and regulations and to report to funding and government agencies;
• send you information about our organisation, services and supports;
• conduct surveys, research and analysis;
• enable third parties, such as the National Disability Insurance Agency, to conduct audits;
• invite you to participate in research projects and activities; and

d. Also, information collected about you that does not identify you may be used for research, evaluation of services, quality assurance activities, and education. If you do not wish for your de-identified data to be used this way, please contact us. Our contact details are at the end of this Privacy Policy.

e. If you are an employee, job applicant or contractor, we may collect, hold, use, or disclose your information to:

• process your recruitment application and manage your recruitment as an employee.
• comply with laws and regulations 
• send you information about our organisation, services and supports;
• conduct surveys, research and analysis;

f. Also, information collected about you that does not identify you may be used for research, evaluation of services, quality assurance activities, and education. If you do not wish for your de-identified data to be used this way, please contact us. Our contact details are set out in Section 5.1 of this Privacy Policy.

g. If you use our websites, we may collect, hold, use, or disclose your information to:

• personalise your website visit or to enable remarketing website functionality;
• enable you to use the NDIS Planning Tool;
• answer your inquiries;
• process payments;
• provide you with the goods and services you have asked us for;
• resolve complaints; and
• conduct research, market research and analysis.

h. We may use your personal information for the purposes we collect it for. We may also use it for purposes related to (or in the case of health or sensitive information, directly related to) the purpose of collection where you would reasonably expect us to.

 

2.2 Direct marketing, support communications, and invitations to participate in research

a. Where we use your personal information that we have collected directly from you to send you marketing material, and invitations to participate in research by post, email or telephone, we will provide you with an opportunity to opt-out of receiving such information.

b. By electing not to opt-out, we will assume we have your consent to receive similar information and communications in the future. We will always ensure that our opt-out notices are clear, conspicuous and easy to activate.

c. If you do not wish to receive direct marketing communications or research invitations from us, please contact us. Our contact details are in Section 5.1 of this Privacy Policy.

 

2.3 Who does Path Allied Health disclose your information to?

a. In order to operate an efficient and sustainable organisation and to enable us to carry out our activities and provide our services and supports, we may be required to disclose your personal information to third parties. This may include disclosure to:

• people engaged by us or acting on our behalf in relation to our business, such as our service providers/suppliers, including web developers, web hosting partners, and marketing and communications consultants. Suppliers are required to handle your personal information in accordance with this Privacy Policy;
• Government and regulatory bodies, including the National Disability Insurance Agency, Medicare, the Department of Social Services, the Department of Health & Human Services, the Commonwealth Department of Human Services, and the Australian Taxation Office;
• people acting on your behalf including your nominated representatives, legal guardians, executors, trustees and legal representatives;
• lawyers, auditors, banks and other advisors appointed by us or acting on our behalf; and
• where disclosure is required by law, including where required to the police, or to the Disability Services Commissioner, or to comply with compulsory notices from courts of law, tribunals or government agencies.

b. In the event of unauthorised access, unauthorised disclosure or loss of your personal information, we will investigate and may notify you and the Office of the Australian Information Commissioner in accordance with the Privacy Act.

c. We take reasonable steps to make sure that external organisations will protect the privacy of your personal information, in accordance with this Privacy Policy.

d. We will not sell your personal information.

 

2.4 Will your personal information be transferred offshore?

a. Our technology infrastructure primarily uses cloud infrastructure or servers located within Australia, but we may on occasion use a platform or service located offshore. Apart from this, we do not typically transfer personal information offshore. By providing your personal information to us or using our services and supports, you are taken to have consented to this transfer.

b. You can ask us to withdraw or amend your prior consent at any time. Simply contact us (our contact details are listed below in Section 5.1) to make your request.

c. If we transfer information offshore for other purposes, we will only do so with your consent or otherwise in accordance with Australian law.

d. Overseas recipients may have different privacy and data protection standards. However, before disclosing any personal information to an overseas recipient, we will take steps reasonable in the circumstances to ensure the overseas recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme unless you consent to the overseas disclosure or it is otherwise required or permitted by law.

e. If you have any queries or objections to such disclosures, please contact us via the details set out in Section 5.1.

 

2.5 How do we store personal information and for how long?

a. We take all reasonable steps to ensure that your personal information is securely stored and protected. These steps include password protection for accessing our electronic IT systems, securing paper files in locked cabinets and physical access restrictions to buildings where information is held. In addition, access to your personal information is restricted to those properly authorised to have access.

b. Unfortunately, there are inherent risks in the management of personal information, and we cannot and do not guarantee that unauthorised access to your personal information will not occur.

c. We keep your personal information for as long as it is needed for the purposes for which it was collected and to comply with legal requirements.

d. There may be instances where some personal information about you is collected on a mobile device that is not owned by Path Allied Health (eg. photographs taken on a worker’s personal mobile phone while out doing an activity). In such instances, Path Allied Health will reinforce to all workers the importance of removing the information or images from the personal device as soon as the content has been transferred into Path Allied Health’s systems for appropriate management.

e. When personal information we hold is no longer needed for any purpose, including legal purposes, and subject to our legal obligations, our information management policy and data retention schedule, we will take reasonable steps to destroy or alter that information so that it no longer identifies you.

f. In relation to health information, we take reasonable steps to destroy or permanently de-identify health information if it is no longer needed for the purpose for which it was collected or any other purpose authorised by the Health Records Act, the regulations made under the Health Records Act, or any other law.

 

3. Accessing and Correcting Your Personal Information

3.1 How can we keep your personal information up to date?

a. We take steps as are reasonable in the circumstances to correct personal information we hold. If any changes to your personal information are required, please let us know by contacting us using the details set out below in Section 5.1.

3.2 Can you access your personal information?

a. You can ask us for access to the personal information that we hold about you at any time. Simply contact us (our contact details are listed below in Section 5.1) to make your request. For security reasons we may ask you to put your request in writing.

b. We will not typically charge you for access to your personal information.

c. Generally (but subject to Australian law), we will provide you with access to your personal information within a reasonable time and in the manner requested by you. However, there may be some circumstances when this is not possible, including where:

• we no longer hold or use the information;
• providing access would have an unreasonable impact on the privacy of others;
• the request is frivolous or vexatious;
• providing access would be unlawful; or
• for any other permitted reason set out in the Privacy Act 1988 (Cth).

d. If we do not provide you with access to all of your personal information, we will tell you the reason why we have not done so.

 

4. Your Privacy Online

4.1 Online data collection and use

a. When you access a Path Allied Health website, anonymous technical information may be collected about user activities on the website, including via Google Analytics. This may include information such as the type of browser used to access the website, the pages visited, and geographical location.

b. This information is used by Path Allied Health to make decisions about maintaining and improving our websites and online services. This information remains anonymous and is not linked in any way to personal identification details.

4.2 Cookies

a. Like many websites, Path Allied Health’s websites may use cookies for various reasons, including to recognise a computer which has previously visited our websites and customise our websites according to previous preferences and site behaviour.

b. You can choose if and how a cookie will be accepted by configuring your preferences and options in your web browser. For example, you can set your browser to notify you when you receive a cookie or to reject cookies. However, if you decide not to accept cookies, then you may not be able to gain access to all the content and functionality of Path Allied Health's websites.

4.3 How we handle email and ‘contact us’ messages

a. We may keep the content of any email, or “Contact us” or other electronic message or form, that we receive. The message content may be monitored by our service providers or workers for purposes including troubleshooting, compliance, auditing and maintenance, or where email abuse is suspected. Personal information will be handled in accordance with this Privacy Policy.

 

5. Contact Us

5.1 Contact details

a. If you have any questions in relation to privacy, please contact our founder Robert Lord at Robert.lord@pathalliedhealth.com.au.

6. Privacy Complaints

a. Please direct all privacy complaints to Path Allied Heath using the contact details set out above at Section 5.1.

b. At all times, privacy complaints:

• will be treated seriously;
• will be dealt with promptly;
• will be dealt with in a confidential manner; and
• will not affect your existing obligations or affect the commercial arrangements between you and Path Allied Health.

c. Path Allied Health will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.