Australia Privacy Notice
Australia Data Privacy Notice
INTRODUCTION
ComPsych and its partner in Australia, Converge International, (collectively “we”) are committed to protecting your privacy in accordance with the Australian Privacy Principles (“APPs”) contained in the Privacy Act 1988 (Cth) (“Privacy Act”). We are committed to respecting your privacy and wish to ensure that you are not only aware of our Privacy Policy but provide your informed permission for us to collect, use and disclose your personal information for the purpose of us providing you with services. We recognise that your privacy is very important to you and that you have a right to control your personal information. Unless you give us explicit consent to act otherwise, the following policy will govern how we handle your personal information and safeguard your privacy.
WHEN YOU USE OUR SERVICES
We collect personal information about you to help us deliver an Employee Assistance Program (“EAP”) service. This may include your name, address, contact details and information relevant to the purpose of providing the services or information, and sensitive information about you including your gender, date of birth, health, ethnic group which are relevant for the proper provision of the EAP services we deliver. We will only collect sensitive information about you with consent, or otherwise in accordance with the Privacy Act. We keep summary information about you electronically on our database. This electronic information is only used to assist us to provide services to you as well as to assist with administration activities such as quality management.
USING YOUR PERSONAL INFORMATION
We collect, hold and use your personal information so that we can:
A. verify your identity;
B. provide you with information, products and services, and manage our relationship with you;
C. contact you, for example, to respond to your queries or complaints, or if we need to tell you something important;
D. connect you with healthcare providers;
E. personalize your experiences, and improve our products and services ;
F. inform you about a potential new product and service development and innovation, as well as for other internal purposes, such as research and data analysis; and
G. comply with our legal obligations and assist government and law enforcement agencies or regulators.
If you do not provide us with your personal information, we may not be able to provide you with our products or services, communicate with you or respond to your enquiries.
We may also use your personal information to create Anonymous Data records by first de-identifying your personal information, which means removing any information that would allow the remaining data to be linked back to you. We may use Anonymous Data for internal purposes, such as analysing overall health patterns and preferences to improve our products and services.
Subject to applicable laws and regulations, we reserve the right to use and disclose Anonymous Data at our sole discretion.
STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
We store most personal information about you in computer systems and databases operated by either us or our external service providers.
We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorized access, modification or disclosure.
These processes and systems include:
- the use of identity and access management technologies to control access to systems on which information is processed and stored;
- the encryption of your personal information in transit via Transport Layer Security 1.2 (TLS 1.2) and AES 256 at rest;
- requiring all employees to comply with internal information security policies and keep information secure;
- requiring all employees to complete training about information security; and
- monitoring and regularly reviewing our practise against our own policies and against industry best practice.
When using ComPsych’s website, you acquire services directly from ComPsych, who offers them from the United States. By interacting with our website you choose to share your Personal Data to be stored or otherwise processed in servers and databases located in the United States.
When using services provided by Converge, in Australia, your Personal Data will be stored or otherwise processed in servers and databases located in Australia.
We always process your Personal Data in line with this Notice.
WHO DO WE DISCLOSE YOUR PERSONAL INFORMATION TO?
We may disclose personal information for the purposes described in this Policy to:
- our employees and related bodies corporate;
- third party suppliers and service providers (in connection with providing our services to you);
- our existing or potential agents, business partners or professional advisors;
- another health service provider – if you request that this occur; and
- other third parties, where required by law.
We only disclose, or share your personal information with third parties where indicated in this Privacy Policy, or with your consent, or as required or authorized by law.
Where we are permitted to disclose your personal information to other third parties, we will take reasonable steps to make sure such third parties will not breach the Privacy Act 1988 (Cth) and applicable privacy laws in their jurisdiction.
DATA QUALITY
We will take reasonable steps to ensure that personal information collected, used or disclosed is accurate, complete and up to date.
RETENTION OF YOUR PERSONAL INFORMATION
We retain your personal information only for the period necessary to fulfil the purposes set out in this Privacy Policy. When assessing the retention periods for any personal information we collect, we review our need to collect personal information at all and, subject to establishing a relevant need, only retain it for the shortest period possible to realise the purpose of collection, unless a longer retention period is required by law.
ACCESS TO INFORMATION COLLECTED
You have the right to request access to personal information that we hold about you. We have a procedure in place that allows you to have access to personal information that is collected about you. To gain access to your personal information, You will need to complete a Release of Information Request Form accessed by contacting us using the details below. However, there are some circumstances in which access to an individual’s personal information will be denied. If access to information is denied, we will provide reasons for the denial in writing. All requests for access will be acknowledged within 14 days. Access to any information requested will take place within 30 days.
CORRECTION OF INFORMATION
We endeavor to ensure that all information is accurate and kept up to date. Therefore you are encouraged to telephone or write to us to advise us of any change in your personal circumstances.
You also have the right to request correction of your personal information if it is inaccurate, out-of-date, incomplete, irrelevant or misleading. To request correction of your personal information, you can contact us using the details below. We will endeavor to respond to your request within 30 days. If we refuse to correct your information, we will provide reasons for the refusal in writing.
MANDATORY NOTIFIABLE DATA BREACHES
In case of an actual or suspected personal data breach, we will fulfil our legal obligations to notify of data and / or security breaches without undue delay, including managing the end-to-end process from the recognition of a breach up to notifying you.
We have put in place appropriate procedures to deal with any personal data breach and will notify the supervisory authority and / or data subjects where we are legally required to do so. In the event of a data breach, we will notify the supervisory authority and the affected individuals without undue delay and as soon as practicable after becoming aware of the situation.
If you know or suspect that your personal information may have been breached or otherwise compromised, or a personal data breach has occurred, please contact us at [email protected] to report it and obtain advice, and take all appropriate steps to preserve evidence relating to the breach.
WHAT TO DO
If you have further queries relating to our Privacy Policy, or you have a problem or complaint related to use of ComPsych’s website please contact:
ComPsych Corporation
Attn: Privacy Official
455 N. Cityfront Plaza Dr., NBC Tower, 13th Fl.
Chicago, IL, U.S.A. 60611
(312) 660-1076
If you have further queries relating to our Privacy Policy, or you have a problem or complaint related to services provided in Australia contact:
Converge International
Attn: Privacy Officer
Level 16, 180 Lonsdale St,
Melbourne, Victoria, 3000
[email protected]
1300 687 327
FUTURE CHANGES
From time to time, our policies will be reviewed and may be revised. We reserve the right to change this privacy policy at any time. If you would like to access prior versions of this Policy, please contact [email protected].
FURTHER INFORMATION ON PRIVACY
For more information about your privacy rights, or if you are dissatisfied with the outcome of a complaint you have made, you may approach an independent advisor or contact the Office of the Australian Information Commissioner http://www.oaic.gov.au.
HOW TO EXERCISE YOUR LEGAL RIGHTS
You have the right to understand how we collect, use, and disclose your personal information, to access your information, and to request that we correct certain information.
To exercise your rights or for additional information related to your rights, contact ComPsych’s Privacy Official at [email protected] for inquires related to use of ComPsych’s website or [email protected] related to services received in Australia. When contacting the Privacy Official, be sure to provide enough information for us to identify your records and contact you if we need to clarify or discuss your request and we will consider your request in accordance with applicable laws.