EBOS Group Privacy Policy
1 Introduction
1.1 EBOS Group Australia Pty Limited ABN 38 125 401 247trading as Onelink Australia and its related bodies corporate (Onelink, we, our and us) are committed to responsible privacy practices and to complying with the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (Privacy Principles), Notifiable Data Breach Scheme contained in the Privacy Act, and where relevant, all applicable state and territory health records legislation and codes (Health Records Legislation) such as the Health Records Act 2001 (Vic), the Health Records (Privacy and Access) Act 1997 (ACT), and the Health Records and Information Privacy Act 2002 (NSW).
1.2 Where applicable, Onelink will handle personal information relying on the related bodies corporate exemption and the employee records exemption in the Privacy Act and any other applicable exemptions in the Privacy Act or other legislation.
1.3 This Privacy Policy sets out our policies on the management of personal information including how we collect and hold personal information, the purposes for which we use this information, and to whom this information is disclosed. We may change our Privacy Policy from time to time at our discretion. At any time, the latest version of our Privacy Policy is available by emailing us at privacy@ebosgroup.com.
1.4 Where it is practical for us to allow you to do so, you may deal with us anonymously (for example when enquiring generally about our services).
2 What is personal information?
2.1 In this Privacy Policy, ‘personal information’ has the meaning set out in the Privacy Act. Essentially, personal information is information or an opinion about an individual who is or can be reasonably identifiable.
2.2 A reference to ‘personal information’ in this Privacy Policy includes ‘health information’, as defined in the Privacy Act and applicable health records legislation. Essentially, health information is information or an opinion relating to the health or a disability of an individual who is reasonably identifiable.
3 What types of personal information does Onelink collect?
3.1 The types of personal information Onelink collects from you depends on the circumstances in which the information is collected.
3.2 Onelink may collect contact details including your name, occupation, address, email address, phone and fax numbers, your date of birth, tax file number, forklift licence number and details of police checks and court searches. We may collect answers you provide to questions we ask and other information in relation to your dealings with Onelink. If you acquire services from us, we may also collect certain transactional information and financial details to process the transaction.
3.3 If you are an individual contractor to Onelink, in addition to the information referred to in section 3.2 we may also collect information relevant to your engagement with Onelink including qualifications, resume, reference information from your nominated referees, tax file number, bank details, feedback from supervisors and training records.
3.4 When you use our websites, we may collect website usage information such as the IP address you are using, the name of your Internet service provider, your browser version, the web site that referred you to us and the next website you go to, the pages you request, the date and time of those requests and the country you are in.
3.5 In certain circumstances we are required to collect government identifiers such as tax file numbers, or forklift licence numbers of our employees. We only collect, use and disclose such information as permitted or required by law.
3.6 In addition to the types of personal information identified above, Onelink may collect personal information as otherwise permitted or required by law.
4 How do we collect and hold your personal information?
4.1 Onelink collects personal information in a number of ways. The most common ways we collect your personal information are:
(a) directly from you when you provide it to us or our agents or contractors;
(b) if you are an individual contractor to Onelink, from your employer or recruitment agency;
(c) from publicly available sources;
(d) from credit reporting agencies;
(e) from our related companies; and
(f) from third parties in connection with your employment (eg from your referees), or when providing services to you.
4.2 Most of the information that we hold about you will usually be stored electronically. We may store some of your information in secure data centres that are located in Australia or in other secure data centres of our contracted service providers (including cloud storage providers) that may be located outside of Australia. We may also store information that we hold about you securely in paper files or other hardcopy formats.
5 For what purposes do we collect, use and disclose your personal information?
5.1 The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. Whenever practical we endeavour to inform you why we are collecting your personal information, how we intend to use that information and to whom we intend to disclose it at the time we collect your personal information.
5.2 We may use or disclose your personal information:
(a) for the purposes for which we collected it (and certain secondary purposes where permitted by law);
(b) for other purposes to which you have consented; and
(c) as otherwise authorised or required by law.
5.3 In general we collect, use and disclose your personal information so that we can do business together and for purposes connected with our business operations.
5.4 Unless otherwise required or permitted by law, we will only collect health information about you with your consent and we will only use that information for the primary purpose for which it was collected. In some circumstances, we may collect your health information through third parties (e.g. from health care professionals, such as pharmacists, or other health professionals who are treating you). We will only do this if you have consented or where otherwise permitted or required by law.
5.5 Some of the specific purposes for which we collect, use and disclose personal information are:
(a) to respond to you if you have requested information (including via our websites or via an email or other correspondence you send to us);
(b) to provide goods or services to you, to assist a health professional or service provider to provide you with certain services (e.g. health services) or to receive goods or services from you;
(c) to administer and manage services, including charging, billing and collecting debts;
(d) to improve our services and keep you up to date on such improvements;
(e) to understand our customer base and help tailor our services;
(f) to allow performance reporting and benchmarking of your business, if applicable;
(g) to contact you (directly or through our service providers) to obtain your feedback, to find out your level of satisfaction with our services and for other market research activities;
(h) to verify your identity;
(i) to address any issues or complaints that we or you have regarding our relationship; and
(j) to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone, by fax or in any other lawful manner.
5.6 We may also use and disclose your personal information for the purpose of direct marketing to you where:
(a) you have consented to us doing so; or
(b) it is otherwise permitted by law.
6 What happens if you don't provide personal information?
6.1 Generally, you have no obligation to provide any personal information requested by us. However, if you choose to withhold requested personal information, we may not be able to provide you with services that depend on the collection of that information.
7 To whom do we disclose personal information?
7.1 We may disclose your personal information to third parties in connection with the purposes described in section 5 of this Privacy Policy.
7.2 This may include disclosing your personal information to the following types of third parties:
(a) our related companies;
(b) health service providers or treating health professionals (such as your doctor, pharmacist or hospital), in connection with your employment, providing health-related goods or services to you or as otherwise required or authorised by law;
(c) our contractors and other third parties that provide goods and services to us (including suppliers, marketing agencies, data analysis specialists, data processing organisations, billing and debt recovery providers, website and data hosting providers, and other IT suppliers);
(d) our accountants, insurers, lawyers, auditors and other professional advisers;
(e) government and regulatory authorities, courts, tribunals and other bodies as required or authorised by law;
(f) in an emergency, to medical and health service providers;
(g) any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees);
(h) in the event that we or our assets may be acquired or considered for acquisition by a third party, that third party and its advisors;
(i) carefully selected third parties with whom we have data sharing arrangements;
(j) third parties that require the information for law enforcement or to prevent a serious threat to public safety; and
(k) otherwise as permitted or required by law.
7.3 Where we disclose your personal information to third parties we will take reasonable steps to ensure that such third parties only use your personal information as reasonably required for the purpose we disclosed it to them and in a manner consistent with the Privacy Principles and relevant health records legislation (e.g. by (where commercially practical) including suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your personal information).
7.4 If you post information to public parts of our websites or to our social media pages, you acknowledge that such information (including your personal information) may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.
8 Disclosure of information outside the State/Territory of collection
8.1 Some of the third parties to whom we disclose personal information may be located outside the state or territory in which the information was collected or outside Australia. The state/territories and countries in which such third parties are located will depend on the circumstances. For example, we may disclose personal information to our related companies overseas and to our overseas service providers.
8.2 In the ordinary course of business we commonly disclose personal information to third parties (for example, offshore data centres located in New Zealand, the USA, Germany, Austria, South Korea and Canada).
8.3 We will only disclose that information to a third party outside New Zealand if we reasonably believe that the recipient of the information is subject to comparable safeguards to those in the Privacy Act. If your personal information will not be protected by comparable safeguards to those in the Privacy Act, we will tell you that this is the case, and only disclose your personal information with your consent.
8.4 Except in some cases where we may rely on an exception under the Privacy Act or other law, we will take reasonable steps to ensure that such overseas recipients do not breach the Privacy Principles in relation to such information.
8.5 In respect of health information covered by health records legislation, unless otherwise required or permitted by law, we will only disclose your health information to a third party outside the state/territory of collection if we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which upholds principles for fair handling of the information that are substantially similar to, or provides comparable privacy safeguards to (as the case may be) those in the applicable health records legislation or Privacy Act (as applicable).
9 How do we protect personal information?
9.1 Onelink will take reasonable steps to keep any personal information we hold about you secure. Please notify us immediately if you become aware of any breach of security.
10 Accuracy of the personal information we hold
10.1 We try to maintain your personal information as accurately as reasonably possible. We rely on the accuracy of personal information as provided to us both directly (from you) and indirectly.
10.2 You may contact us if the personal information we hold about you is incorrect or to notify us of a change in your personal information. Our contact details are set out in section 13 of this Privacy Policy.
11 How can you access and correct personal information we hold about you?
11.1 You may seek access to personal information which Onelink holds about you by contacting us as described in section
13 of this Privacy Policy. We will provide access to that information in accordance with the Privacy Act and health records legislation, subject to certain exemptions which may apply. We may require that the person requesting access provide suitable identification and where permitted by law we may charge an administration fee for granting access to your personal information.
11.2 If you become aware that any personal information we hold about you is incorrect or if you wish to update your information, please contact us (see section 13 of this Privacy Policy).
12 Queries, comments and complaints about our handling of personal information
12.1 If you have any questions, comments or complaints about our collection, use or disclosure of personal information, or if you believe that we have not complied with this Privacy Policy, the Privacy Act or applicable health records legislation, please contact us (see section 13 of this Privacy Policy).
12.2 When contacting us please provide as much detail as possible in relation to your question, comment or complaint.
12.3 Onelink will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you cooperate with us during this process and provide us with any relevant information that we may need.
12.4 If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner (click here for information) or other relevant regulators.
13 How can you contact us?
13.1 Please address all privacy complaints and requests to update or access information to:
Attention: Privacy Officer
Onelink
(EBOS Group Ltd) Level 7
737 Bourke Street
Docklands, VIC 3008
OR
privacy@ebosgroup.com
Any requests to access, update or correct your health information should be made in writing.
13.2 To unsubscribe from our direct marketing, you can also contact us at donotcontact@ebosgroup.com and set out the contact details that you no longer want used for direct marketing.