Privacy Policy

For Peak Fitness & Wellness Pty Limited NDIS Clients

Purpose

The Privacy Act 1988 (Cth) (Privacy Act) requires entities bound by the Australian Privacy Principles (APPs) to have a privacy policy.

Scope

Peak Fitness & Wellness Pty Limited (“Peak Fitness & Wellness”) policy is to respect and protect the privacy of all people including clients, the NDIA, employees, contractors, and community partners. This privacy policy outlines the practices we use at Peak Fitness & Wellness when handling personal information belonging to people who use or receive NDIS services from Peak Fitness & Wellness.

This policy and procedure applies to current and potential clients as well as their carers, guardians, and family members. It is designed to ensure that management of personal information for clients meets all relevant legislative and regulatory requirements.

This policy applies only to the handling and use of information held by Peak Fitness & Wellness and does not cover any State, Territory or Federal Government held databases. 

This policy is reviewed annually and will also be updated any time there is a change in our information management practices or the relevant Legislation. 

Peak Fitness & Wellness Privacy Policy is publicly available on its website.

Definitions

Privacy Act - The Privacy Act 1988 (Cth) (as amended)

APPs - Australian Privacy Principles

Personal information - Recorded information (including images) or opinion, whether true or not, from which the identity (including those up to thirty years deceased) could be reasonably ascertained.

Sensitive information - Information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political party, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preference or practices, or criminal record. 

Health information - Any information or an opinion about the physical, mental, or psychological health or ability (at any time) of an individual.

Risk

Risk to privacy and confidentiality arises from the collection, storage and sharing of client information. Access by non-authorised persons may expose clients to risk of harm. Safe information management, storage and access protects clients from harm, abuse, or exploitation. This policy addresses these issues.

There is also a risk that information will be shared inadvertently and without the intention to do harm. For example, information could be unintentionally disclosed by careless use of tablet- or phone-based software, shared with a client’s supporters against the client’s wishes, or disclosed to peers on the assumption that the information is publicly known. Cultural assumptions around sharing information are diverse and change rapidly. Social media platforms may allow clients to be identified. 

Risk is minimised by:

•   raising staff awareness and training in regards to privacy and confidentiality;

•   stringent information handling policies and procedures that are protective of personal information;

•   use of safe systems and storage that are safe and secure;

•   ensuring consent is obtained before gathering data (including audio and photographic data);

•   ensuring that consent is specific to the use of data, and that consent is current;

•   encouraging clients to provide feedback and complaints about the use of their information. 

Policy Statement

Peak Fitness & Wellness is committed to the transparent management of personal information about its clients and staff.

This commitment includes protecting the privacy of personal information, in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) and in accordance with the Privacy Policy, Department of Human Services, endorsed June 2002 (amended August 2005) and the National Disability Insurance Scheme Act 2013 (Cth) (NDIS Act).

The Privacy Act authorises our collection of personal information where this is required to facilitate access to Government agencies such as the NDIA and perform our other functions.

Collection of your Personal Information

Peak Fitness & Wellness collects personal information to enable the delivery of NDIS services, specifically allied health services and support worker services. Certain laws and contractual provisions relating to our services require specific information to be collected in order to deliver services within the National Disability Insurance Scheme.

Peak Fitness & Wellness will only collect personal information where the information is necessary for one or more of its functions or activities. Peak Fitness & Wellness will only collect personal information in a way that is fair, lawful, and not intrusive. Information may be collected from you orally or in writing, or from a representative, carer, or guardian or medical or health practitioner who has permission to provide us with your personal information and can include information provided by third parties, including Government agencies, or through documentation received from referring bodies, with the consent of the client. 

In collecting personal information, Peak Fitness & Wellness staff will inform you:

•   that the information is being collected;

•   the purposes for collection;

•   who will have access to the information;

•   the right to seek access to, and/or correct, the information; and

•   the right to make complaint or appeal decisions about the handling of your information.

Client information may be used to:

•   assess and provide services;

•   administer and manage those services;

•   evaluate and improve those services;

•   contribute to research;

•   contact family, carers, or other third parties if required; and

•       meet our obligations under the service agreement.

Vulnerable Groups and Children

As some of our Services are specifically designed for and cater to vulnerable groups and children, we will need to collect personal information from individuals within those groups. This is for the purpose of the delivery of our services and so that we can deliver an accessible, well-rounded, culturally safe, physically safe, individualised experience for all our clients. 

Where a carer or guardian has access to or the responsibility of providing information on behalf of someone, we ensure that this is clearly recorded on the file and that identity is verified prior to any dealings or disclosure of information in relation to someone else. 

Kinds of Personal Information 

The kinds of personal information we collect varies, however is likely to include: your name, birth date and contact details, and may include your relationship status, social welfare information and health or identity information and documentation. 

Sensitive Information

As an NDIS Provider, Peak Fitness & Wellness may also collect and handle ‘sensitive information’ including: information about your racial or ethnic origin, information about criminal convictions or health and medical or disability information. Other personal information such as kinship details are also handled. We need this information to identify our clients, tailor our services, overcome obstacles, maintain compliance records, and assist you.

Peak Fitness & Wellness will not collect sensitive and personal information unless: the individual has consented, it is required by law or a permitted general situation or health situation exists in relation to the collection of the information. 

Peak Fitness & Wellness services will collect sensitive information: 

•   only with client consent, unless an exemption applies: e.g. the collection is required by law, court/tribunal order or is necessary to prevent or lessen a serious and imminent threat to life or health;

•   fairly, lawfully, and non-intrusively;

•   directly from client, if doing so is reasonable and practicable;

•   giving the client the option of interacting anonymously, if lawful and practicable; and

•   only where deemed necessary in order to support ·       service delivery to clients and staff activities and functions.

Peak Fitness & Wellness Website Visit Data

Various types of online data may be collected, such as:

1. Visitor logs and statistics so that we know how busy our site is and which parts of the site are visited most.

2. Your device’s IP address (collected and stored in an anonymised format).

3. Search terms and pages visited on our website.

4. Date and time when pages were accessed.

5. Downloads and time spent on web pages.

6. Geographic location of visitors. 

7. Information provided by users through feedback forms on this site. If you complete a feedback form, we will collect your first and last name, organisation (if applicable), and email address. 

8. Registration details entered in the enrolment form online.

9. Emails and Electronic Forms.

Your email address will only be recorded if you supply it to us and tick that as your preferred method of correspondence. The information collected by email or electronic forms will be used only for the purpose for which you have provided it, and we will not disclose it without your consent, except where authorised or required by law. 

The main purpose of collecting your data in this way is to improve your experience when using our site. We take every possible measure to ensure your information transmitted online is secure, however we cannot guarantee the complete and total security of such information transmitted to the website.

Social Media

We use social networking sites and applications such as Facebook and Instagram to communicate widely and publicly about our services. When you engage with us using these services, your personal information is collected. The social networking service will also handle your personal information according to their own privacy policies.

Anonymity

Where possible, we will endeavour to allow you to engage in aspects of our Services anonymously or using a pseudonym, if requested.

However, for most of our functions and activities we usually need your personal information to efficiently and effectively offer you our services.

Disclosure of Information

Peak Fitness & Wellness respects the right to privacy and confidentiality, and will not disclose personal information except:

•   If required for the purpose for which it was collected;

•   where disclosure would protect the client and / or others;

•   where necessary for best service practice; or

•   where obligated by law.

For these purposes, Peak Fitness & Wellness services may disclose clients’ personal information to other people, organisations, or service providers, with client consent, including:

•   medical and allied health service providers who assist with the services we provide to clients;

•   a 'person responsible' if the client is unable to give or communicate consent e.g. next of kin, carer, or guardian;

•   the client’s authorised representative/s e.g. legal adviser;

•   qualified interpretive and relay service providers, such as those used through the National Relay Service or similar initiatives;

•   our professional advisers, e.g. lawyers, accountants, auditors;

•   government and regulatory authorities, e.g. Centrelink, government departments, and the Australian Taxation Office;

•   organisations undertaking research where information is relevant to public health or public safety; and

•   when required or authorised by law.

Any information released for evaluation or research purposes will be de-identified.

No personal information of a Peak Fitness & Wellness client will be shared or disclosed to a third party, for any reason whatsoever, without the express consent of the participant, unless it is in circumstances related to public interest such as law enforcement or public health, where the required authorisation and checks have been undertaken. 

Peak Fitness & Wellness does not disclose information to overseas recipients. 

Obtaining Consent

Peak Fitness & Wellness will endeavour to receive an individual’s consent for disclosure of personal information by way of writing. If necessary and appropriate, verified verbal consent will be accepted and a file note or database record taken.

NDIS Clients are to be provided with the most current Client Consent Form at the time of commencing a service with Peak Fitness & Wellness. This form is to be signed and placed in the client’s file and held securely, with access limited to staff members in the performance of their role and for the permitted purpose.

Marketing 

Where it is consented to or requested, we may occasionally use personal information to

communicate with individuals via email or other means in order to provide updated information about Peak Fitness & Wellness, details of newly available services or invitations to further training, seminars or events. This will not occur without consent. 

An individual can opt out of receiving such information at any time after originally giving consent by simply replying “stop”.  

Peak Fitness & Wellness does not ever disclose personal information to a third party for their own or others’ marketing purposes, nor does Peak Fitness & Wellness ever sell or trade personal information at any time, under any circumstances. 

Privacy Breach

Should a breach in privacy occur, potentially exposing client information (e.g. computer system hacked or compromised) we will immediately act to rectify the breach in accordance with organisational policy and procedures. Peak Fitness & Wellness has a stringent response procedure for any potential privacy breach. 

Peak Fitness & Wellness is required to disclose a data breach to the Office of Australian Information

Commissioner if the data contains personal information that is likely to result in “serious harm”, which includes any of the following: physical, psychological, financial, or reputational harm. Personal information is information about an identified individual, or an individual who is reasonably identifiable. Peak Fitness & Wellness also has responsibilities and reporting obligations to our overseeing Government Department in the instance of privacy breaches.

Quality of Personal Information 

To ensure that the personal information we collect is accurate, up-to-date and complete we:

•   ensure that editing permissions for information databases are monitored, and used only by trained personnel;

•   record information in a consistent format;

•   where necessary, confirm the accuracy of information; 

•   add updated or new personal information to existing records;

•   regularly audit our databases to check for accuracy.

We also review the quality of personal information before we use or disclose it.

Storage and Security of Personal Information 

Peak Fitness & Wellness staff are required to take all reasonable steps to protect personal information against loss, interference, misuse, unauthorised access, modification, or disclosure. Peak Fitness & Wellness will destroy, or permanently de- identify personal information that is:

•   no longer needed for the purpose for which the information may be used or disclosed;

•   unsolicited and could not have been obtained directly; or

•   not required to be retained by, or under, an Australian law or a court/tribunal order.

Peak Fitness & Wellness has appropriate Information security measures in place to protect stored electronic and hard-copy materials. Peak Fitness & Wellness has an archiving process for client files which ensures files are securely and confidentially stored and destroyed in due course. Refer to Peak Fitness & Wellness Information Security Management Policy for further information. 

Personal information stored digitally is done so with rigorous access and permissions limitations, and secure systems. Where the information is stored in hard copy, appropriate security measures are taken to avoid inappropriate access or loss. 

The following physical and electronic storage security measures exist:

•   No personal information is to be given over the phone unless it has been established that the caller has legitimate grounds and the right to access the information and has given authentication of identity that meets the authentication and verification criteria. 

•   Digital storage must be on secure, Government-approved IT systems and protected by password and/or encryption, as required. 

•   No personal information should be left on voicemail unless requested by the owner of the voicemail on the basis that the voicemail is secure. 

•   Mail containing personal information is labelled “Private and Confidential: Attention…” 

•   Only authorised individuals are to receive personal information and are not permitted to forward such information without consent. 

•   Paper records containing personal information should not be copied unless it is essential to do so. 

•   All paper records to be kept in lockable storage, in a non-communal area of the workspace when not in use and shredded when no longer required. 

•   The anonymity of participants is maintained during presentations, consultation with external parties, research activities and public events. 

•   Personal information must never be left unattended and must not be left in a visible, accessible way. 

•   Personal information must not be discussed in public areas. 

Online Learning Management System 

Participants undertaking online learning will have their information collected for training and assessment purposes. The information will be stored digitally and in accordance with our security measures. 

Confidentiality Agreements

All employees and other persons who are directly involved with the activities of Peak Fitness & Wellness and may come into contact with personal information, such as Contractors or visitors, are required to agree to confidentiality obligations in writing.

Records

We hold records of personal information for the period of time defined by the appropriate Government Department. After that time period, records are destroyed. Records relating to a complaint or dispute may continue to be held until the matter has been sufficiently resolved. 

Access and correction

Peak Fitness & Wellness upholds the privacy rights of individuals, and you may apply to access your personal information held by Peak Fitness & Wellness. Upon a request, that we are satisfied is genuine, Peak Fitness & Wellness will take reasonable steps to respond to the request for access to personal information. Such a request will not be unreasonably refused. 

Peak Fitness & Wellness may reasonably refuse access where the Act allows us to do so, which includes (but is not limited to) where: 

•   giving access would pose a threat to the life of any individual; or

•   giving access would have an unreasonable impact on the privacy of other individuals; or

•   the request for access is frivolous or vexatious; or

•   denying access is required or authorised by or under law or court/tribunal order. 

We will provide reasons for a refusal of access or a denial to amend personal information.

If an individual is able to establish that the information is not accurate, complete or up-to-date, we will take reasonable steps to correct the information so that it is accurate, complete and up-to-date.

To obtain access to your information, please make a request to Peak Fitness & Wellness. Before giving access to information, we will require that you provide proof of identification and this, along with details of your request, will be recorded on your file.

Updating Client Information

To ensure that client information is accurate, complete, current, relevant and not misleading,

Peak Fitness & Wellness staff confirm information accuracy whenever reviewing a client’s service, and will update information upon being informed of changes or inaccuracies by clients.

There will be no charge for any correction or update of personal information.

Where Peak Fitness & Wellness has previously disclosed client personal information to other parties, should the client request us to notify these parties of any change to the details, we take reasonable steps to do so.

Making a Complaint

If you wish to complain to us about how we have handled your personal information you should first complain to us in writing. If you need help lodging a complaint, you can contact us - see ‘contact us’ on our website.

If we receive a complaint from you about how we have handled your personal information we will determine what (if any) action we should take to resolve the complaint.

If we decide that a complaint should be investigated further, the complaint will usually be handled by the most senior personnel member of Peak Fitness & Wellness.

We will assess and handle complaints about the conduct of any personnel at Peak Fitness & Wellness using our internal policies and procedures, including our Employee Code of Conduct.

We will advise you that we have received your complaint and then respond to the complaint within 30 days.

If we are unable to satisfactorily resolve your complaint, we will use an external dispute resolution service, or you may wish to contact the Office of the Australian Information Commissioner. 

You will be advised either in writing, or in a face-to-face meeting, of the outcomes and actions arising from the investigation.

Summary of Key Points

•   Peak Fitness & Wellness accepts the general principles of confidentiality and privacy and is bound by the Australian Privacy Principles set out in the Privacy Act 1998 (Cth).

•   Peak Fitness & Wellness will only collect personal information where the information is necessary for its functions.

•   Peak Fitness & Wellness will only use or disclose an individual’s personal information for the purpose for which it was collected. 

•   No personal information of a Peak Fitness & Wellness client will be shared or disclosed to a third party without the express consent of the client unless a legal exemption applies.

•   An individual may apply to access their personal information held by Peak Fitness & Wellness. You may also complain about how your information has been handled. 

•   Peak Fitness & Wellness uses robust storage processes and mechanisms. Physical and electronic storage security measures exist to protect information we hold.

•   All employees and other persons who are directly involved with the activities of Peak Fitness & Wellness and may come into contact with personal information, are required to agree to confidentiality obligations in writing.