Version date: April 2019
1.1 EBOS Group Limited and its subsidiaries (“EBOS”, “we”, “our” and “us”) are committed to responsible privacy practices and to complying with the Privacy Act 1988 (Cth) (“Privacy Act”) including the Australian Privacy Principles (“Privacy Principles”) and Notifiable Data Breaches scheme contained in the Privacy Act, and applicable state and territory health records legislation such as the Health Records Act 2001 (Vic), the Health Records (Privacy and Access) Act 1997 (ACT) and the Health Records and Information Privacy Act 2002 (NSW) and the Privacy Act 1993 (NZ).
1.2 Where applicable, EBOS will handle personal information relying on the related bodies corporate exemption and the employee records exemption in the Privacy Act and any other applicable exemptions in the Privacy Act or other legislation.
1.4 Where it is practical for us to allow you to do so, you may deal with us anonymously (for example when enquiring generally about our products and services).
2 What is personal information?
2.2 A reference to “personal information” in this policy includes “health information”, as defined in the Privacy Act and applicable health records legislation. Essentially, health information is information or an opinion relating to the health or a disability of an individual who is reasonably identifiable.
3 What types of personal information does EBOS collect?
3.1 The types of personal information EBOS collects from you depend on the circumstances in which the information is collected.
3.2 EBOS may collect contact details including your name, occupation, address, email address, phone and fax numbers and your date of birth. We may collect answers you provide to questions we ask and other information in relation to your dealings with EBOS. If you purchase products or services from us, we may also collect certain transactional information and financial details to process the transaction.
3.3 If you are an individual contractor to EBOS, in addition to the information referred to in section 3.2 we may also collect information relevant to your engagement with EBOS including qualifications, resume, reference information from your nominated referees, tax file number, bank details, feedback from supervisors and training records.
3.4 If we are providing you with, or assisting your health service provider or treating health professional (such as a doctor, pharmacist or hospital) to provide you with, a health related service we may collect your health information and, in such circumstances, you consent to us collecting that information and to us using and disclosing that information for the purpose for which you disclosed it to us and as permitted by the Privacy Act, applicable health records legislation and other relevant laws.
3.5 When you use our websites, we may collect website usage information such as the IP address you are using, the name of your Internet service provider, your browser version, the web site that referred you to us and the next website you go to, the pages you request, the date and time of those requests and the country you are in.
3.6 In certain circumstances we are required to collect government identifiers such as tax file numbers, Medicare numbers, health service provider numbers, pension numbers and Veteran’s Affairs numbers. We only collect, use and disclose such information as permitted or required by law.
3.7 In addition to the types of personal information identified above, EBOS may collect personal information as otherwise permitted or required by law.
4 How do we collect your personal information?
4.1 EBOS collects personal information in a number of ways. The most common ways we collect your personal information are:
• directly from you when you provide it to us or our agents or contractors;
• via our website or when you deal with us online (including through our social media pages);
• if you are an individual contractor to EBOS, from your employer or recruitment agency;
• from publicly available sources;
• from credit reporting agencies;
• from our related companies; and
• from third parties (for example, from your health service provider or treating health professional (such as a doctor, pharmacist or hospital) in connection with providing a health-related service to you or from referees if you apply for a position as an employee or contractor with us).
5 For what purposes do we collect, use and disclose your personal information?
5.1 The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. Whenever practical we endeavour to inform you why we are collecting your personal information, how we intend to use that information and to whom we intend to disclose it at the time we collect your personal information.
5.2 We may use or disclose your personal information:
• for the purposes for which we collected it (and certain secondary purposes where permitted by law);
• for other purposes to which you have consented; and
• as otherwise authorised or required by law.
5.3 In general we collect, use and disclose your personal information so that we can do business together and for purposes connected with our business operations.
5.4 Unless otherwise required or permitted by law, we will only collect health information about you with your consent and we will only use that information for the primary purpose for which it was collected. In some circumstances, we may collect your health information through third parties (e.g. from health care professionals, such as pharmacists, who are treating you). We will only do this if you have consented or where otherwise permitted or required by law.
5.5 Some of the specific purposes for which we collect, use and disclose personal information are:
• to respond to you if you have requested information (including via our websites or via an email or other correspondence you send to us);
• to provide goods or services to you, to assist a health professional or service provider to provide you with certain services (e.g. health services) or to receive goods or services from you;
• to administer and manage services, including charging, billing and collecting debts;
• to enable you to participate in any loyalty programs that we conduct;
• to improve our products and services and keep you up to date on such improvements;
• to understand our customer base and help tailor our products and services;
• to allow performance reporting and benchmarking of your business, if applicable;
• to contact you (directly or through our service providers) to obtain your feedback, to find out your level of satisfaction with our products and services and for other market research activities;
• to verify your identity;
• to address any issues or complaints that we or you have regarding our relationship; and
• to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone, by fax or in any other lawful manner.
5.6 We may also use and disclose your personal information for the purpose of direct marketing to you where:
• you have consented to us doing so; or
• it is otherwise permitted by law.
6 What happens if you don't provide personal information?
6.1 Generally, you have no obligation to provide any personal information requested by us. However, if you choose to withhold requested personal information, we may not be able to provide you with products and services that depend on the collection of that information.
7 To whom do we disclose personal information?
7.2 This may include disclosing your personal information to the following types of third parties:
• our related companies;
• health service providers or treating health professionals (such as your doctor, pharmacist or hospital), in connection with providing health-related goods or services to you or as otherwise required or authorised by law;
• our contractors and other third parties that provide goods and services to us (including suppliers, marketing agencies, data analysis specialists, data processing organisations, billing and debt recovery providers, website and data hosting providers, loyalty program administrators and other IT suppliers);
• our accountants, insurers, lawyers, auditors and other professional advisers;
• government and regulatory authorities, courts, tribunals and other bodies as required or authorised by law;
• in an emergency, to medical and health service providers;
• any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees);
• in the event that we or our assets may be acquired or considered for acquisition by a third party, that third party and its advisors;
• carefully selected third parties with whom we have data sharing arrangements;
• third parties that require the information for law enforcement or to prevent a serious threat to public safety; and
• otherwise as permitted or required by law.
7.3 Where we disclose your personal information to third parties we will take reasonable steps to ensure that such third parties only use your personal information as reasonably required for the purpose we disclosed it to them and in a manner consistent with the Privacy Principles and relevant health records legislation (e.g. by (where commercially practical) including suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your personal information).
7.4 If you post information to public parts of our websites or to our social media pages, you acknowledge that such information (including your personal information) may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.
8 Disclosure of information outside the State/Territory of collection
8.1 Some of the third parties to whom we disclose personal information may be located outside the state or territory in which the information was collected or outside Australia. The state/territories and countries in which such third parties are located will depend on the circumstances. For example, we may disclose personal information to our related companies overseas and to our overseas service providers.
8.2 In the ordinary course of business we commonly disclose personal information to third parties (for example, offshore data centres located in New Zealand, the USA, South Korea and Canada).
8.3 Except in some cases where we may rely on an exception under the Privacy Act or other law, we will take reasonable steps to ensure that such overseas recipients do not breach the Privacy Principles in relation to such information
8.4 In respect of health information covered by health records legislation, unless otherwise required or permitted by law, we will only disclose your health information to a third party outside the state/territory of collection if we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which upholds principles for fair handling of the information that are substantially similar to those in the applicable health records legislation.
9 How do we protect personal information?
9.1 EBOS will take reasonable steps to keep any personal information we hold about you secure. Please notify us immediately if you become aware of any breach of security.
10 Accuracy of the personal information we hold
10.1 We try to maintain your personal information as accurately as reasonably possible. We rely on the accuracy of personal information as provided to us both directly (from you) and indirectly.
11 Links, cookies and use of EBOS websites and applications
11.2 EBOS uses “cookies” and similar technology on its websites and in other technology applications. The use of such technologies is an industry standard, and helps us monitor the effectiveness of our advertising and how visitors use our websites/applications. We use such technologies to generate statistics, measure your activity, improve the usefulness of our websites/applications and to enhance the “customer” experience.
12 How can you access and correct personal information we hold about you?
13 Queries, comments and complaints about our handling of personal information
13.2 When contacting us please provide as much detail as possible in relation to your question, comment or complaint.
13.3 EBOS will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need.
13.4 If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner (click here for information) or other relevant regulators.
14 How can you contact us?
14.1 Please address all privacy complaints and requests to update or access information to:
Attention: Privacy Officer
EBOS Group Ltd
737 Bourke Street
Docklands, VIC 3008
Any requests to access, update or correct your health information should be made in writing.
14.2 To unsubscribe from our direct marketing, you can also contact us at firstname.lastname@example.org and set out the contact details that you no longer want used for direct marketing.