Privacy | Unlocking Life

Our privacy commitment to you

Healthy Business Performance Group Pty Ltd (ACN 075 007 500) (“HBP Group”, “we”, “us” or “our”) is committed to providing quality products and services to clients and this policy outlines our ongoing obligations to you in respect of how we manage Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your personal information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/

By accessing HBP Group services you agree to be bound by this Privacy Policy and HBP Group’s Terms and Conditions (link to terms and conditions).

What is Personal Information?

When used in this privacy policy, personal information has the same meaning given to it in the Privacy Act. In general terms, it is information that can be used to identify you, such as your name, address, telephone number, email address, profession or occupation. If the information we collect personally identified you, or you are reasonably identifiable from it, the information will be considered personal information.

What is Sensitive Information?

When used in this privacy policy, sensitive information has the same meaning given to it in the Privacy Act. In general terms, it is a sub-set or personal information and includes information about your health, genetics, racial or ethnic origins, political beliefs, religious or philosophical beliefs, sexual preferences and criminal history. This information is afforded a higher level of protection under the law due to its sensitive nature. Unless required by law, we will only collect sensitive information with your consent.

Sensitive information will be used by us only:

For the primary purpose for which it was obtained
For a secondary purpose that is directly related to the primary purpose
With your consent; or where required by law.

What personal information do we collect?

As a client of HBP Group, certain personal information will be required to establish and maintain your records and to provide you with our services. The personal information we collect will vary depending on the services we provide. However, the type of personal information we may collect includes:

identification information such as your name, date of birth, contact phone details, residential, postal and email addresses, gender, your family/single status, your next of kin, guardian, power of attorney, emergency contacts, Medicare numbers, Individual Healthcare Identifiers, health insurance details and your occupation;
sensitive information such as health information, and other information we consider necessary to provide health care services to you including your personal medical history, current health issues, health goals, medications, allergies, immunisations, social history, family history, risk factors, areas of interest, ethnic origins and lifestyle patterns;
information about persons who have been designated by you to act on your behalf such as your carer or family members;
information about how you use our services, technical information about the services you access, the location of where you use our services; and
any other information that you provide to us directly, or that is provided to us by the business that employs or engages you to facilitate your use of our services.

How do we collect your personal information?

Your Personal Information may be obtained in various ways including: on site consultations and coaching, phone coaching and interviews, program registration and personal profile information, user approved API connection to external data sources such as wearable devices, and individual survey data through our unlockinglife web and mobile app platforms. We don’t guarantee any website links or policies of authorised third parties.

Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties including your employer. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

What happens if we receive unsolicited personal information?

If we receive information about you that we have not sought out (referred to as ‘unsolicited information’) we will determine whether we would have been permitted to collect that information as part of providing our services in accordance with the law. If so, we will handle this information in accordance with this policy. If we would not have been permitted to collect this information, it will be destroyed or de-identified as soon as is practicable, but only if it is lawful to do so.

Why do we collect your personal information?

We collect your Personal Information for the primary purpose of providing personalised client services that help to measure and manage an individual’s health concerns, and direct organisational health focus through executive summary. No identifiable personal information is shared outside of HBP Group without the express consent or disclosure to the individual, except where required by law. Explanation of our duty of care would be provided where it is deemed the individual is at imminent risk to themselves or to others.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it. The terms of this agreement are subject to an individual’s consent via recorded acknowledgement via the app, web, or verbal confirmation. Each time you interact with HBP Group, additional information may be included to your profile. Providing HBP Group with personal or sensitive information in voluntary. If this information is not provided or consent is not obtained, or is removed, the ability of HBP Group to provide assistance will be limited.

Use of Personal Information

The information that you provide to HBP Group is only used for purposes that you would reasonably expect in providing you with our services. This may include the following:
to identify you or verifying your authority to act on behalf of a client;
to establish and maintain your participation;
to confirm your eligibility for a service;
to update our records and keep contact details up to date;
to provide you with services appropriate to your needs;
to process invoices that relate to services provided;
to answer your enquiries and to provide information to you about our services;
to process and respond to any complaint made by you;
to provide effective risk management;
to provide analysis of information for service development and marketing purposes;
to meet internal functions such as administration and accounting systems;
information technology maintenance and development;
to train staff;
to investigate and resolve complaints relating to services provided by/or on behalf of HBP Group;
to comply with any law or legislative requirements;
to keep you informed about your participation and other relevant information relating to HBP Group; and
for any purpose for which you have given your consent.

Disclosure of Personal Information

The information we collect will be kept strictly confidential and secure at all times. Where your personal information is disclosed, it will be disclosed in a manner consistent with applicable privacy laws and regulations and only for a purpose that is consistent with the reason it was originally collected. This may include:

where you would reasonably expect us to in order to provide the service in respect of which the information was originally collected;
where you have authorised us to do so;
where we need to enforce or apply any terms of use or contract regarding use of our services to which you have agreed (or other terms that have been agreed to apply to our relationship with you);
to your family, carer, legal representative, guardians and attorneys in accordance with the law. We require a written authority from you, or from an authorised representative (such as an Attorney under a Power of Attorney) if you would like someone to deal with HBP Group on your behalf;
where a third party has a confidentiality agreement with HBP Group and it is required to perform a core business function on behalf of HBP Group. For example, an agent transacting business for and on behalf of us or a mailing house. Organisations that deliver services on behalf, or to HBP Group may require your personal information for accounting and auditing purposes, claims assessment, review and analysis or for providing other services and products; and
when it is authorised by law or we are legal required to do so, for example, in response to a subpoena, court order or other legal process.

Further:

for operational reasons for maintaining, reviewing and developing our business systems (including teaching and training, procedures and infrastructure including testing or upgrading our computer systems in order to securely and efficiently deliver our services to you and others;
for accreditation, safety, quality assurance and improvement activities;
for risk management activities (including communication with insurers and legal representatives);
to respond to complains or inquiries from authorised professional bodies, or to seek advice from consultants and professional advisors;
in exceptional circumstances disclosure of personal information may be deemed necessary when there are grounds to believe that the disclosure is necessary to prevent a threat to an individual’s health and safety, for law enforcement purposes or to protect public health and safety; and
for compliance reasons to ensure compliance with relevant laws and regulations.

De-identified information

We may be required to use your personal information in a de-identified form (de-identification being a process by which a collection of data or information is altered to remove or obscure personal identifiers and personal information) to assist us in running our business. Such use is strictly regulated by privacy laws and generally requires approval from an ethics committee. We may also provide de-identified information in an aggregated form to third parties that we have engaged for research, marketing, strategy or other purposes, including:

to gain insights into how customers are using our services,
to provide customers with additional information about the benefits and uses of our services,
to improve business productivity,
to enhance the quality of our services in various ways.

When your personal information and health information is included in de-identified, aggregated data, it is not possible to identify you or anything about you from that data.

Do we use your personal information for direct marketing?

Your contact information may be used to notify you of new services or promotions being offered by us and other related services and products, if we have your permission, a legitimate interest or are otherwise permitted to do so by law. If at any time you no longer wish to receive this information, you can request to “opt out” from receiving this information by using the unsubscribe link in any email, by replying to any text with “STOP” or by otherwise contacting us using the details in this privacy policy.

If you opt out of receiving marketing communications from us, we may still contact you in relationship with you.

Where we market to prospective clients, we are happy to disclose to you how we have obtained this information and will provide the option to ‘opt out’.

We will not sell your personal information to any organisation outside of HBP Group.

Do we disclose your personal information to anyone outside of Australia?

HBP Group conducts its business operations within Australia and your information is stored by means of electronic storage within Australia. We commit to review the terms of services of any service of any service provider of cloud or networked data storage to ensure that the security of your personal information is addressed in any service level agreement. We may be required to disclose your personal information to our various service providers who may be located outside of Australia, but we will always ensure that they adhere to our privacy policy and to strict confidentiality obligations.

Can you deal with us anonymously or using a pseudonym?

Yes, you can deal with us anonymously or using a pseudonym where it is lawful and practicable to do so. For example, if you were making a general inquiry as to the services we provide or as a visitor to our website.

In general, HBP Group will not be able to deal with you anonymously or where you are using a pseudonym when:

it is impracticable to do so (including, but not limited to, where you are actively using our services or are participating in one of our programs); or
we are required or authorised by law to deal with you personally.

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to de-identify your Personal Information.

HBP Group prioritizes the security and protection of personal information by employing various measures and adhering to professional standards. Access to personal information is restricted through password-protected computer systems and controlled premises. Our staff is well-informed and obligated to follow a formal code of conduct, which includes handling information in compliance with privacy laws and our Privacy Statement.

To safeguard information, HBP Group utilizes industry-standard practices, such as Secure Sockets Layer (SSL) Certificate, data in-transit encryption multifactor authentication, VPN and firewall for securing data submitted through our website and application. We employ both physical and electronic safeguards, including access control to the data centre and login/password requirements for our databases. Access to the database is through the use of a VPN to allow access through our server firewall. Users are advised to sign out or close their browsers after using our website or use browser in incognito or private mode to prevent unauthorized access to their personal information and correspondence. All our workstations are protected by Antivirus and Remote Monitoring Agent Software, which allow for continuous monitoring and management of the device's performance, security, and health.

Access to your Personal Information

You may access the personal information we hold about you and to update and/or correct it, subject to certain exceptions allowed by law. These include where:

access would pose a serious threat to the life or health of an individual;
access would have an unreasonable impact on the privacy of others;
the request is frivolous or vexatious;
the information relates to a commercially sensitive decision-making process;
access would be unlawful;
access would prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security or negotiations with you;
access would jeopardise the conduct of existing or anticipated legal proceedings;
denying access is required or authorised by or under law.

If we cannot provide your information in the way you have requested, we will advise you of the reasons in writing.

If you are currently involved in a program, you are able to access your personal information via the HealthCi mobile application or Unlockinglife web portal. If you have withdrawn from a program you can access your personal information for 30 days after withdrawal by emailing: admin@healthybusiness.net.au. After 30 days your data will be de-identified and we will be unable to provide you access to your data.

We may charge a fee for your access to personal information, but we will inform you of this prior to any such fee being charged.

In order to protect your Personal Information, we may require identification from you before releasing the requested information.

Maintaining the quality of your personal information

It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete, and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you. We will need to verify your identity before we are able to action any request to correct information.

If we are able to correct your information, we will let you know within five business days of deciding to do this. If you ask us to do so, we will advise any relevant third parties of the correction, unless it is impracticable or unlawful for us to do so.

If we are unable to correct your information, we will let you know in writing within five business days of making this decision. If you are dissatisfied with our decision, you can refer your complaint to the Office of the Australian Information Commissioner. Contact details are listed at the end of this policy.

If we agree to correct your information, we will do so within 30 days from when you requested the change, or a longer period that has been agreed with you.

If we cannot make the correction within a 30-day time frame or the agreed time frame, we must:

let you know about the delay, the reasons for it and when we expect to resolve the matter;
ask you to agree in writing to give us more time; and
let you know you can complain to the Office of the Australian Information Commissioner.

If we become aware that the personal information we hold about you is out of date or inaccurate, we may correct the information or ask you to review and correct your information. It is important that you help us by keeping your contact details up-to-date.

Any suspected breach of our privacy agreement or concerns you may have can be directed immediately via the contact details below.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:

54a Main Road Moonah, Tasmania, 7009
admin@healthybusiness.net.au
1300 655530

We will endeavour to resolve the issue with you amicably in accordance with our complaints resolution procedure. However, if you believe that we have not resolved the issue you may refer the matter to the Office of the Australian Information Commissioner:

Mail: GPO Box 5218,
Sydney, Online: www.oaic.gov.au/privacy
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

Policy Updates

This Policy may change from time to time to keep up to date with laws, technology and industry changes. We recommend that you visit our website regularly to keep up to date with any changes. An up-to-date copy of the policy is available on our website.

We will let you know about any material changes to our privacy policy by emailing you at the email address provided by you to us (if any). Your continued use of our services indicates that you accept those changes. Through this document we will always let you know the information we collect, how we use it, and the circumstances under which such information may be disclosed by us.

For more information on your privacy, you can visit www.oaic.gov.au

Head Office:	54a Main Rd, Moonah TAS 7009
Phone:	1300 655 530
Email:	admin@healthybusiness.net.au