your privacy

Policy 

 

This privacy statement defines how Green Shoots Human resources consulting, Green Shoots Investigations Services and Green Shoots Rehabilitation Services (Green Shoots) collects, holds, uses and discloses (shares) your personal information. Our leadership team is committed to ensuring that we comply with the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy and health records laws in relation to the management and storage of personal and sensitive information. 

Personal and Sensitive Information 

 

Personal information: 

Personal information includes a broad range of information, or an opinion, that could identify an individual. What is personal information will vary, depending on whether a person can be identified or is reasonably identifiable in the circumstances. Personal Information can include: 

  • An individual’s name, signature, address, phone number or date of birth 
  • Sensitive information 
  • Credit information 
  • Employee record information 
  • Photographs 
  • Internet protocol (IP) addresses 
  • Voice print and facial recognition biometrics (because they collect characteristics that make an individual’s voice or face unique) 
  • Location information from a mobile device (because it can reveal user activity patterns and habits)

Sensitive information is personal information that includes information or an opinion about an individual’s: 

  • Racial or ethnic origin 
  • Political opinions or associations 
  • Religious or philosophical beliefs 
  • Trade union membership or associations 
  • Sexual orientation or practices 
  • Criminal record 
  • Health or genetic information 
  • Some aspects of biometric information

Generally, sensitive information has a higher level of privacy protection than other personal information. 

Information collected and how we collect it 

 

The types of personal information we collect about you will depend on the activities and functions we are undertaking. We may collect the information directly from you or from other people or organisations with which we interact.  

The types of personal information we may collect, and hold includes the following:  

  • Names, email addresses, age, contact details, mail addresses, correspondence (including emails, facsimiles, text messages and postal mail), gender information, occupation details and work history, lifestyle activities, education, and training information
  • Depending on your interaction with us, Green Shoots may also collect medical, and health related information provided by individuals to Green Shoots or to its service providers in acquiring, using or receiving Green Shoots services or in interactions with Green Shoots
  • Financial information such as information provided when applying for Green Shoots services and credit arrangements including, but limited to, credit card/banking details
  • Information from health service providers, including private health insurance membership number
  • Photographic identification  
  • Information from Green Shoots websites including website registration, surveys, and information related to the behaviour or users for example, IP addresses (not server addresses), previous sites visited, type of browsers used, nature of electronic devices used, internet pages accessed, cookies and location information
  • Information collected by Green Shoots from internal systems, internet and social media sites including, but not limited to, Facebook and LinkedIn 
  • Data obtained from third parties including, but not limited to, research and marketing information available within the public domain and purchased on behalf of Green Shoots 
  • Information collected from persons attending Green Shoots conventions, seminars and functions  
  • Information collected from persons applying for or attending training courses conducted by Green Shoots 

Informed consent  

 

Green Shoots will collect and share your personal information in accordance with the requirements of the Privacy Act. We will collect and share your health information after we obtain your informed consent, or as permitted under the Privacy Act. Where required, we will obtain your consent at the commencement of our interactions with you, such as when we commence providing services to you. If we will provide services to you, at our first meeting with you, we will inform you about the information we will collect and with whom it will be shared. You will be asked to sign a consent form to confirm your understanding and provide consent. Once completed, this form will be stored in your secure electronic file in our case management database. 

Our primary purpose for collecting personal information  

 

Green Shoots collects personal information for the following purposes:  

  • To contact you to provide information about, and to deliver, our services to you and/or the person or organisation that referred you to us, such as your employer or insurer  
  • To manage our business  
  • To access and obtain medical records and history from treating healthcare providers  
  • To engage healthcare providers to assist in the provision of our services and assess medical conditions and/or diagnoses  
  • To provide seminars, conventions and educational training and work trial placement services  
  • To collate data for research and statistical purposes  
  • To meet compliance requirements under the terms of deeds and contracts Green Shoots enters and/or administers on behalf of statutory and legislative bodies and government departments  
  • To review, evaluate, develop and improve our services  
  • To meet our statutory and regulatory obligations  
  • To recruit personnel  
  • For other purposes required or authorised by or under law, including purposes for which you have provided your express or implied consent 

Use and disclosure of personal information 

 

Green Shoots uses and discloses personal information for the purposes for which it was collected – that is, in accordance with details of the relevant primary purpose outlined above. We may also use and disclose personal information for other purposes where the individual provides consent for a use or disclosure or where use or disclosure is required or authorised by or under an Australian law or court/tribunal order.  

Green Shoots may disclose your personal information to:  

  • The organisation who referred you to our services (such as your employer or insurer)  
  • Medical practitioners and / or allied health professionals engaged by us to provide services  
  • Your treating healthcare providers  
  • Our related bodies corporate  
  • Persons or organisations assisting Green Shoots in carrying out our functions  
  • Parties involved in a prospective or actual transfer of our assets or business  
  • Other organisations engaged or contracted by Green Shoots to assist us to carry out our functions and / or provide services  

Such organisations may include recruitment agencies, previous employers, credit agencies, state or federal police, state or federal government agencies or departments, or personal referrers.  

We may also disclose team member profiles (including, but not limited to, sensitive information regarding memberships of trade and professional associations) and general information to government agencies, insurers, lawyers and other third parties who deal with Green Shoots as part of its delivery of services. 

What happens if personal information is not provided? 

 

If you do not provide us with accurate or complete personal information when requested, Green Shoots may not be able to provide you with the relevant service or information you require. 

How we protect your personal information  

 

We may store your personal information in hard copy or electronic format on controlled systems which are secured against unauthorised access. We safeguard your personal information via robust security measures, including (but not limited to):  

  • Use of strong passwords and multifactor authentication on phones and computers 
  • Mobile phones, laptops and files to be kept with staff or in a safe place 
  • All data servers are hosted in secure data centres 
  • Regular security testing of our IT systems  

Updating or correcting your personal information  

 

Your personal information needs to be up to date for us to perform our services. For this reason, it is important that the information we collect is accurate, complete and up to date. During our relationship with you, we will endeavour to ask you to tell us of any changes to your personal information. You may request correction of your personal information by writing to our Privacy Officer. We will take all reasonable steps to correct personal information to ensure it is accurate, up-to-date, complete, relevant, and not misleading, either when the inaccuracy is identified by Green Shoots or when the individual requests Green Shoots to correct or update the information. If we correct the information, all relevant stakeholders will be advised of the correction and notice will be provided to the individual including reasons and available complaint mechanisms if the correction is refused. 

How you can access your personal information  

 

You may access the personal information we hold about you by making a request in writing addressed to our Privacy Officer at admin@greenshoots.au detailing the information you are requesting and providing sufficient proof of identity. The Privacy Officer will confirm further details regarding associated costs, procedure and timeframes. We will typically respond to requests within 30 days, however there may be delays associated with the nature of the information requested. We may also charge you a reasonable administration fee for provision of the information. If we withhold access in accordance with the Privacy Act, we will give you written reasons. 

Telehealth and videoconferencing 

 

Where appropriate, Green Shoots services may be provided by telephone or videoconferencing. Clients and customers responsible for setting up the technology needed so they can access telehealth services. Green Shoots employee providing services can assist with this if required. The Group will be responsible for the cost of the call to the client and the cost associated with the platform used to conduct telehealth services. 

To access telehealth services, client’s will be instructed that they require a quiet, private space; an appropriate device, i.e. smartphone, laptop, iPad, computer, with a camera, microphone, and speakers; and a reliable internet connection. 

The privacy of any form of communication via the internet is potentially vulnerable and limited by the security of the technology used.  

Green Shoots uses video conferencing technology that encrypts all video, audio, and text traffic upon departure from the video conference endpoint, remains encrypted whilst in transit, and can only be decrypted by authorized attendees on their endpoint. Attendees must be invited to video conferences by Green Shoots team members. 

Limitations of telehealth and videoconferencing 

 

A telehealth appointment or video-conference consultation or meeting may be subject to limitations such as an unstable network connection which may affect the quality of services. In addition, there may be some services for which this platform is not appropriate or effective. Green Shoots will consider and discuss with clients and customers the appropriateness of ongoing telehealth or video-conferencing sessions. 

Data breaches 

 

Green Shoots has policies and procedures in place for handling any suspected privacy breaches. We will investigate suspected breaches to ensure that the cause is identified, and corrective actions are implemented. Where applicable, we will notify affected individuals and the Office of the Australian Information Commissioner.  

It is an offence under the Criminal Code Act 1995 for a person to intentionally obtain, make a record of, disclose to any other person, or otherwise use, protected information if the person is not authorised to do so or knows or ought to reasonably know that the information is Protected Information.  This means that the Group’s personnel may commit a criminal office if they: 

  • Search for or access Protected Information where not authorised 
  • Make copies of Protected Information where not authorised 
  • Disclose Protected Information to other staff or third parties who do not need to know that information 
  • Otherwise use Protected Information where not permitted 

A breach in confidentiality relates to a Notifiable Data Breach that is likely to cause serious harm to an individual or individuals impacted by that privacy breach following unauthorised access, disclosure and/or loss of personal information.  Where a breach in confidentiality has been identified, the following response plan will be activated: 

Step  Who  Details 
1) Identify and report  The person who becomes aware of a breach or suspected breach  Record and advise the Director/s immediately of the following: 

  • Time and date the suspected breach occurred or was discovered 
  • Type of personal information involved
  • Cause and extent of the breach
  • Context of the affected information and the breach
2) Contain the breach  Director/s and I.T Company  Act quickly to coordinate immediate steps to contain the breach. E.g. contacting incorrect recipients requesting them to delete the email or requesting information be removed from a website. Contact I.T to investigate and report. 

 

3) Assess further  Director/s and I.T Company 
  • Conduct initial investigation to establish the cause and extent of the breach
  • Assess priorities and risks based on what is known (e.g. how many people are affected and how likely it can cause them serious harm)
  • Respond further if needed (e.g. changing locks, alerting building security)
4) Decide who needs to be aware  Director/s 
  • Determine whether the breach constitutes a notifiable data breach  
  • If there are reasonable grounds to believe a notifiable breach has occurred, Green Shoots must promptly notify:  
  1. Any individual at risk of serious harm (and advise them how to respond to the breach)
  2. The AIC using the NDB form on the OAIC’s website (Office of the Australian Information Commissioner) 

 

An eligible data breach occurs when the following criteria are met: 

  • There is unauthorised access to or disclosure of personal information held by Green Shoots (or information is lost in circumstances where unauthorised access or disclosure is likely to occur)
  • This is likely to result in serious harm to any of the individuals to whom the information relates
  • Green Shoots have been unable to prevent the likely risk of serious harm with remedial action
5) Act to prevent further breaches  Director/s and I.T Company 
  • Fully investigate the cause of the breach 
  • Identify and address any weaknesses in Green Shoots’ data handling
  • Conduct a post-breach review including outcomes and recommendations
6) Record  Director/s 
  • Record the investigation outcomes, recommendations and actions taken and have the Directors sign it
  • Include rationale for why you concluded it wasn’t a notifiable incident, if applicable

Employees 

 

The Group respect the individual rights of its employees and consequently manages records it keeps in relation to employees in a careful and responsible manner.  The Group are required to keep personal records for seven years from the date an entry is changed or from termination of an employee’s employment, depending on what happens first. 

Access by an employee to his/her own personnel file is generally permitted.  An employee may have access to: 

  • His or her time and wages records, including overtime (if applicable) and remuneration 
  • His or her records of leave, including leave taken and available entitlement 
  • His or her records of superannuation contributions; and 
  • Workers’ compensation records if an employee has had an accident

Records are available via a written request to the HR Manager and access is controlled to ensure only approved employees can view an individual’s employee records.  

Access by an employee to records of other employees is generally not permitted.  If an employee believes that a special case exists, and the other employees involved do not object then the manager may permit such access.  The Director will make the final decision regarding one employee having access to another employee’s personnel file. 

An employee may request an interview with their Manager or a representative of Green Shoots in writing to discuss a record which has been made or is to be made by Green Shoots. 

When a third party, e.g., a bank or real estate agent requests information about an employee, that employee will be contacted and his/her permission will be required, in writing, before any information is released. 

Contractors 

 

All staff should be aware that personal information about contractors is not an ‘employee record’ and due care must be exercised in handling such information within the law. 

Unsuccessful job applicants 

 

In preserving the privacy of unsuccessful candidates by destroying records, it is difficult to prove a fair process.  Consequently, the practice outlined below is to be generally followed as part of the recruitment process. Applications and associated documentation will be held for a reasonable period after a position is filled, unless the candidate requests the information be filed in the event of other positions arising with the company.  If any dispute arises, both parties will have relevant evidence to refer to.  Candidates have the right to withdraw or ask for special treatment of their personal information if they do not agree with this stated practice. 

Complaints 

 

If you have a concern or complaint about your privacy or you have any query about how we manage your personal information, please contact us using the details below. If you are not satisfied with our response, you may also contact the Office of the Australian Information Commissioner. 

Privacy officer can be contacted in the following methods: 

Phone: (08) 9443 4737 

Email:  admin@greenshoots.au 

Review 

 

This Policy will be reviewed every two (2) years, or more frequently as required.