The Occ Health Group Privacy Policy

The Occ Health Group, comprising Bodycare Injury Management Pty Ltd, Bodycare Injury Management (New Zealand) Pty Ltd, Bodycare Health & Wellbeing Pty Ltd, My Occ Health Record Pty Ltd, Healthbook Pty Ltd and Bodycare Work Pty Ltd respects your privacy.

We will only use the information you provide to undertake the client Services we offer (see our Services link on our site: https://www.bodycare.com.au (the Website) for a list of our Services (the Services). We will only collect personal information that is reasonably necessary to achieve this.

We may also disclose your information to our IT providers, lawyers, auditors, accountants, and in the case of contact details, to contracted marketing agents.

Our Privacy Policy, available below, contains further details regarding how you can access or correct information we hold about you, how you can make a privacy related complaint, how that complaint will be dealt with and the extent to which your information may be disclosed to overseas recipients.

We may change our Privacy Policy from time to time by publishing changes to it on our Website. We encourage you to check our Website periodically to ensure that you are aware of our current Privacy Policy.

INTRODUCTION
The Occ Health Group respects and upholds your rights under the Australian and New Zealand Privacy Principles contained in the Privacy Act 1988 (Cth) and the Privacy Act 1993 (Privacy Act). This Privacy Policy lets you know what personal information of yours we hold, what we do with it, who we will disclose it to and how you can access the personal information we hold about you. You can also find out here how to change inaccurate personal information and how to opt out of receiving communications from us.

While this Privacy Policy has been developed to comply with the Privacy Act we have also taken steps to ensure that, if you tell us you are located in the European Union, we will seek to give you the protections available to you under the General Data Protection Regulation (“GDPR”). Together, we refer to these two pieces of legislation as “Privacy Law”. We set out later in this policy those additional rights.

DEFINITIONS
The following terms have the following meanings:

Cookies means a small text file that is stored on a user’s computer/phone for record keeping purposes.

Information means either Personal Information or Non-personal Information.

Non-personal Information means any information that does not reveal your specific identity or does not directly relate to an individual.

Personal Information has the same meaning as under the Privacy Act and may include information such as:
(a) name;
(b) postal address or street address;
(c) email address;
(d) telephone number and other contact details;
(e) age or date of birth;
(f) credit card information;
(g) your device ID, device type, geo-location information; and
(h) other information you provide to us in using our services.

Primary Purposes include, but are not limited to, those purposes listed in Section 6 (a)-(e) of this Privacy Policy.

Secondary Purposes include the use of Information for any purpose that is not defined as a Primary Purpose.

Sensitive Information means Personal Information as defined in the Privacy Act.

WHY DOES THE OCC HEALTH GROUP COLLECT YOUR PERSONAL INFORMATION?
The Occ Health Group only collects Personal Information for the purposes of conducting the Services. The Personal Information The Occ Health Group collects from you will include Information you give us when you:

(a) register or subscribe to the Website;

(b) communicate with us through correspondence, chats, emails or when you share information with us from other social applications, Services or Websites;

(c) interact with our sites, Services, app content and advertising;

(d) complete a transaction with us; or

(e) contact us.

The Occ Health Group may collect, hold, use and disclose your Personal Information for the following purposes:

(a) to enable you to access and use our Services or Website;

(b) to operate, protect, improve and optimise our Service, Website, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;

(c) to send you service, support and administrative messages, reminders, technical notices, updates, security alerts and information requested by you;

(d) to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;

(e) to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;

(f) to comply with our legal obligations, resolve any disputes we may have with any of our users, and enforce our agreements with third parties; and

(g) to consider your employment application.

The Occ Health Group only collects Personal Information in circumstances where you consent to the collection of this Information, or it is reasonably necessary for, or directly related to, the purposes outlined above.

HOW DOES THE OCC HEALTH GROUP COLLECT AND HOLD YOUR PERSONAL INFORMATION?
Where possible, The Occ Health Group will generally collect your personal information directly from you. We may also collect personal information from publicly available sources, our Website, direct sales and service enquiries or events with which you request further information.

If, The Occ Health Group holds Personal Information that was collected for a Primary Purpose, then The Occ Health Group must not disclose the Personal Information for a Secondary Purpose, unless users have consented to the use of the Personal Information or the users would reasonably expect that The Occ Health Group would use the Information for the Secondary Purpose which is directly related to the Primary Purpose.

At times, your Personal Information may be processed via a third-party plugin or integrated third party gateway provider(s).

If we collect Information about an individual or company from a third party, we will take reasonable steps to ensure that the individual is made aware of the matters above. In the event that The Occ Health Group receives unsolicited Personal Information, then Bodycare Workplace Solutions will, as soon as practicable but only if lawful, destroy the Information or ensure the Information is kept confidential.

WHAT PERSONAL INFORMATION ABOUT YOU DOES THE OCC HEALTH GROUP COLLECT AND HOLD?
The Occ Health Group collects two distinct types of Personal Information:

(1) information relating to our commercial clients/suppliers and the contact people in those organisations; and

(2) information about individuals who consent to providing Personal Information to us (including Sensitive Information) as part of The Occ Health Group providing Services to its commercial clients (such as from employees or prospective employees of those clients)

We may also collect Personal Information, including Sensitive Information, from you if required by the Services we are performing for our clients. This can include health information which will be only collected with your consent.

For commercial clients, credit information may also be collected for establishing a client account with us (but this will usually be corporate and commercial, rather than Personal Information).

WHAT DOES THE OCC HEALTH GROUP DO WITH YOUR PERSONAL INFORMATION?
We may use your Personal Information for Primary Purposes, including:

(a) to provide functionality of our Services and related support, including to provide our contracted Services or receive products or Services from you;

(b) to provide you with marketing and promotional materials and opportunities;

(c) to provide administrative information to you, for example, information regarding our Services and changes to our terms, conditions and policies;

(d) to further our reporting and trending, to improve our products and Services;

(e) to accomplish our business purposes, including:

(i) ensuring our internal processes function as intended and are compliant with legal, regulatory and contractual requirements;

(ii) ensuring that fraud and security monitoring purposes are effective in detecting and preventing cyberattacks or attempts to commit identity theft;

(iii) responding to legal duties, such as requests from public and government authorities.

If you no longer wish to use our services, you can cease to provide us with your information.

Your information will normally be stored in our internal database and our domestic IT system.

WHO WILL THE OCC HEALTH GROUP DISCLOSE YOUR PERSONAL INFORMATION TO?
The Occ Health Group may disclose your Personal Information:

(a) to our employees and related bodies corporate;

(b) to our affiliates for Primary Purposes and Secondary Purposes.

(c) to third-party service providers or suppliers who provide Services such as Website hosting, data analysis, payment processing Services, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, credit card processing, auditing and other similar Services;

(d) to professional advisers, dealers and agents;

(e) to third parties to permit them (or their own customers) to send you marketing communications;

(f) to you, through message boards, chat, profile pages, blogs and other Services to which you are able to post information and materials;

(g) Where you use our app to meet the public health monitoring requirements of a client of ours, we may provide details collected about your health to that client..

(h) to business partners in the context of a corporate transaction. If The Occ Health Group is involved in a sale or business transaction, The Occ Health Group will retain a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of reorganization, merger, sale, joint venture, assignment, transfer of other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings). Such third parties may include, for example, an acquiring or target entity and its advisors; and

(i) as required by law.

With your consent, sensitive information may be provided to health Services providers, your employer and/or prospective employer or where otherwise required by law.

OPENNESS
You may request to access, correct, object to the use of, restrict or delete Personal Information (including your credit information) we hold about you by contacting the Privacy Officer at the address below. Where we hold information that you are entitled to access, we will endeavour to provide you with a suitable range of choices as to how access is provided (e.g., emailing or mailing it to you). A fee may be charged to cover the cost of retrieval. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you used to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
If at any time you believe that Personal Information we hold about you is incorrect, incomplete or inaccurate, then you may request amendment of it and we will either amend the information or make a record of your comment, as we think appropriate.
We may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

If you are under 18 years of age, you may also be entitled to ask us to remove content or Information that we hold about you by contacting the Privacy Officer. Please note that your request does not ensure complete or comprehensive removal of the content or Information.

MARKETING
Where we have obtained your consent to do so, or in circumstances where you would reasonably expect that your personal information would be used or disclosed for this purpose, we may contact you from time to time with marketing material about our other products or Services (note: this only applies to commercial clients and prospective clients), not individuals who provide sensitive information as part of our Services to our clients. At any time, you may opt out of receiving this material at any time by contacting us by email to enquiries@bodycare.com.au or on the contact numbers below:

Melbourne
Phone: 1300 222 369

NON-PERSONAL INFORMATION
The Occ Health Group may collect Non-personal Information on the Website including but not limited to, which sections of the Website are most frequently visited, how often the Website and Website sections are visited, and for how long the Website is visited. This data is always used as aggregated, Non-personal Information and may be shared with The Occ Health Group agents and employees to provide them with information relating to how The Occ Health Group visitors access and use the Website. This is done for the purpose of providing you with the best and most efficient Services.

QUESTIONS & COMPLAINTS
If you have any questions about this Privacy Policy or believe that we have at any time failed to keep one of our commitments to you to handle your personal information in the manner required by the Privacy Act, then we ask that you contact us immediately using the following contact details:

Matthew Fishman
Privacy Officer
Bodycare Workplace Solutions
Email: matthewfishman@bodycare.com.au or Telephone: 1300 222 639

We will respond and advise whether we agree with your complaint or not. If we do not agree, we will provide reasons. If we do agree, we will advise what (if any) action we consider it appropriate to take in response. If you are still not satisfied after having contacted us and given us a reasonable time to respond, then we suggest that you contact the Office of the Australian Information Commissioner by:
Phone: 1300 363 992 (local call cost, but calls from mobile and pay phones may incur higher charges). If calling from overseas (including Norfolk Island): +61 2 9284 9749
TTY: 1800 620 241 (this number is dedicated to the hearing impaired only, no voice calls)
TIS: Translating and Interpreting Service: 131 450 (If you don’t speak English or English is your second language and you need assistance and ask for the Office of the Australian Information Commissioner)

Post: GPO Box 2999 Canberra ACT 2601
Fax: +61 2 9284 9666
Email: enquiries@oaic.gov.au

INADVERTENT DISCLOSURE
If we inadvertently disclose your Personal Information and the (suspected or known) disclosure is reasonably likely to result in serious harm to any of the individuals involved, we will contact you to make you aware of the breach and our investigation processes.

THE OCC HEALTH GROUP WEBSITE
When visiting The Occ Health Groups’ web site, the site server makes a record of the visit and logs the following information for statistical and administrative purposes: the user’s server address – to consider the users who use the site regularly and tailor the site to their interests and requirements;

(a) the date and time of the visit to the site – this is important for identifying the Website’s busy times and ensuring maintenance on the site is conducted outside these periods;

(b) pages accessed and documents downloaded – this indicates to The Occ Health Group which pages or documents are most important to users and also helps identify important information that may be difficult to find;

(c) duration of the visit – this indicates to us how interesting and informative the The Occ Health Group site is to people; the type of browser used – this is important for browser specific coding; and

(d) Iin order to optimize The Occ Health Group web site and better understand it’s usage, we collect the visiting domain name or IP address, Computer Operating System, Browser Type and Screen Resolution.

RETENTION & DESTRUCTION OF PERSONAL INFORMATION
The Occ Health Group will destroy or de-identify your personal information as soon as practicable once it is no longer needed for the purpose for which it was collected. However, we may be required by law to retain your Personal Information after your relationship with us has expired. In this case your Personal Information will continue to be protected in accordance with this Policy. If we destroy Personal Information we will do so by taking reasonable steps and using up-to-date techniques and processes.

SECURITY OF INFORMATION
The Occ Health Group will take reasonable steps to protect your personally identifiable information as you transmit your information from your computer to our Website and to protect such information from loss, misuse, and unauthorised access, use, modification, disclosure, alteration, or destruction.

However, you should keep in mind that the transmission of information over the Internet is not completely secure or error-free. In particular, e-mail sent to or from this Website may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail.

LINKS
Our Website may contain links to Websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked Websites, and have no control over or rights in those linked Websites. The privacy policies that apply to those other Websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those Websites.

COOKIES
We may also use ‘cookies’ or other similar tracking technologies on our Website that help us track your Website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different Websites, Services, devices and/or browsing sessions. You can disable cookies through your internet browser but our Websites may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include Personal Information. For example, where a cookie is linked to your account, it will be considered Personal Information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

You may delete or decline cookies by changing your browser settings. If you do so, some of the features and Services of our Website/App may not function properly.

MISCELLANEOUS
We may change this policy from time to time. Although we intend to observe this Privacy Policy at all times, it is not legally binding on The Occ Health Group in any way. From time to time we may regard it as necessary or desirable to act outside the policy. The Occ Health Group may do so, subject only to any other applicable contractual rights you have and any statutory rights you have under the Privacy Act or other applicable legislation.