Konekt Privacy (Information Handling) Policy

Introduction

This Policy applies to the operations of Konekt Limited and its related bodies corporate (as that term is defined in the Corporations Act 2001) (Konekt), and describes how we collect, hold, use and disclose personal information consistent with the Privacy Act 1988 and in particular the Australian Privacy Principles found in that Act.

This Privacy Policy is also notification to you of the matters required to be notified by the Australian Privacy Principles.

Personal information is any information about an identified individual, or an individual who is reasonably identifiable.

Overview

Konekt collects, holds, uses and discloses personal information to carry out its activities, and in particular to provide injury prevention, injury management and occupational rehabilitation services to public and private sector organisations.

How Konekt collects Personal Information

The types of Personal Information that Konekt collects includes personal and contact details, and identifying information such as drivers licence and passport information. Konekt also collects sensitive information, which might include information about health and criminal history. Konekt will not collect sensitive information about an individual unless that person has consented, or such collection is required or authorised by law.

Personal Information includes information held in any form (e.g. photograph, recording, email, document, and can include case notes, letters, faxes, medical reports we receive, job seeking logs, etc).

Usually Konekt collects Personal Information directly from individuals. If Konekt collects Personal Information from third parties, we will inform the individual concerned and give them an opportunity to validate the information collected, unless it is impractical to do so.

Konekt will endeavour to only collect Personal Information by lawful and fair means and not in an unreasonably intrusive way.

Konekt’s ‘How We Handle Your Personal Information’ brochure is provided to each Client at the time it collects personal information.

If the Client elects not to provide Konekt with Personal Information, Konekt may be unable to provide its services.

Konekt may also receive unsolicited Personal Information about Clients. This is Personal Information received by Konekt in circumstances where Konekt has not taken any steps to collect  it.  Where Konekt receives unsolicited information, it will determine whether or not it would have been permissible to collect that Personal Information. If Konekt determines that collection would have been permissible, it will handle that Personal Information in accordance with this Policy and the Privacy Policy which is accessible on its website. If Konekt determines that collection would not have been permissible, Konekt will destroy or de-identify that Personal Information as soon as practicable.

How Konekt uses and discloses Personal Information

Konekt uses and discloses personal information to carry out its functions and activities (“primary purposes”).

Konekt may use and disclose personal information for another (secondary) purpose if:

  1. the individual has consented;
  2. the individual would reasonably expect Konekt to use or disclose their personal information in that way, and it is related to the primary purpose of collection (or, in the case of sensitive information, directly related to the primary purpose);
  3. it is required or authorised by law; or
  4. a specific permitted situation exists (for example, to lessen or prevent a serious threat to a person’s life, health or safety).

Common situations in which Konekt discloses personal information include:

  • where we outsource some of our services, and in particular we may disclose personal information to medical practitioners and other healthcare providers;
  • to family members in the case of a medical emergency;
  • to organisations that provide banking facilities, for the purpose of arranging direct debit or other payment transactions or confirming payments made by individuals; and
  • to an individual’s employer or their employer’s insurer who is arranging their workers’ compensation payments, including for the purpose of confirming their personal and insurance details; and
  • when it is required to do so by law.

Access to personal information

Individuals have the right to request access to their Personal Information held by Konekt. This means that they have the right to inspect, make notes, and obtain copies of their Personal Information.

Individuals who wish to request access to their Personal Information held by Konekt must provide their request in writing. Requests for access should be addressed to the relevant Konekt manager. Konekt must respond within a reasonable period (30 calendar days).

If Konekt receives a request from an individual to give them access to their Personal Information, Konekt must give them access, unless there is a reason not to give access, in which case Konekt must provide reasons.

There are ten grounds on which Konekt can refuse to give access to Personal Information:

  • Konekt believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
  • Giving access would have an unreasonable impact on the privacy of other individuals;
  • The request for access is frivolous or vexatious;
  • The information relates to existing or anticipated legal proceedings between Konekt and the individual, and would not be accessible by the process of discovery in those legal proceedings;
  • Giving access would reveal Konekt’s intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;
  • Giving access would be unlawful; denying access is required or authorised by or under an Australian law or a court/ tribunal order;
  • Konekt has reason to suspect that unlawful activity, or misconduct or a serious nature, that relates to its functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
  • Giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; and
  • Giving access would reveal evaluative information generated by Konekt in connection with a commercially sensitive decision-making process (such as a scorecard to compare job applicants).

If Konekt decides not to give an individual access to their Personal Information, it will consider whether there are any alternative manners of access, such as giving a redacted version of the Personal Information, giving a summary, giving access in another format and/or facilitating access though a mutually agreed intermediary.

Konekt will notify the individual of its reasons for refusing access. It will notify the individual that he/she can make a complaint about the decision to Konekt or the Office of the Australian Information Commissioner.

Konekt may charge for the costs of providing access to Personal Information. Konekt will advise of any charges before proceeding with the request.

Correction and accuracy of Personal Information

Konekt will take reasonable steps to correct Personal Information that it holds to ensure that it is accurate, up to date, complete, relevant and not misleading.

Individuals who wish to seek correction of their Personal Information held by Konekt must provide their request in writing. Requests should be addressed to a Konekt manager. Konekt must respond within a reasonable period (30 calendar days).

If Konekt becomes aware that an individual’s Personal Information is incorrect, either through identifying an inconsistency in its records or receiving a request for correction from an individual, it must take reasonable steps to correct the information. These steps include making appropriate additions, deletions or alterations to a record, and destroying or de-identifying Personal Information.

It is Konekt’s policy that it will not destroy the document which includes incorrect Personal Information, but it will but save a copy of it within the case file alongside the corrected version of the document, clearly labelling the version which was incorrect.

If Konekt has previously disclosed the incorrect Personal Information to another organisation, Konekt should ask the individual if he/she requests that Konekt notify the other organisation of the correction, and if the individual says yes, then Konekt should notify the other organisation of the correction.

Konekt will not charge an individual for the correction of Personal Information.

If Konekt refuses to correct the Personal Information, it will notify the individual of its reasons. It will advise the individual that he/she has the right to request that a statement be associated with the personal information to the effect that the individual believes that the Personal Information is incorrect. It will also notify the individual that he/she can make a complaint about the decision to Konekt or the Office of the Australian Information Commissioner.

Security

Konekt takes reasonable steps to keep records of Personal Information secure and Konekt securely destroys or de-identifies Personal Information when it is no longer required.

Konekt also takes reasonable steps to protect any Personal Information that it holds from interference, misuse, loss or unauthorised access, modification or disclosure.

Konekt has information security policies in place to minimise the risk of unauthorised access to Personal Information.

Resolving issues and complaints related to privacy

Konekt has a documented internal dispute resolution process for dealing with privacy issues and complaints.

Complaints should be in writing and addressed to Konekt’s Privacy Officer at privacy@konekt.com.au.

If an individual is not satisfied with Konekt’s response to a written complaint, the individual can refer the issue to the Office of the Australian Information Commissioner– www.oaic.gov.au or 1300 363 992.