Pavilion Health Australia Pty Limited and all subsidiaries (Pavilion Health) are committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
We are compliant with the European Union General Data Protection regulation and adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). These govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
The EU General Data Protection regulation is available at the EU GDPR portal at www.eugdpr.org while the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
What is Personal Information and why do we collect it?
The Australian definition of Personal Information is information or an opinion that identifies an individual, while the EU defines personal data as any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person, including anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Pavilion Health information
- Data we collect directly to conduct our business
We collect and store identifiable personal information for our employees, our contractors, agents and our customers to conduct our business and to manage and support our staff. Pavilion Health only collections information that is needed, collected information is treated as confidential and is stored securely.
- Data we have access to on behalf of our customers
Under contract from our customers, we have access to anonymized personal health information. Where-ever possible we endeavour to avoid copying and storing data within our systems, preferring to access data within the customer’s infrastructure. If we store within the Pavilion Health infrastructure is required, we use aggregated data where ever possible and further anonymise and encrypt data to ensure identification of individuals is not possible.
The Personal Information we collect to run our business:
is obtained in multiple ways including user requests for access to our tools, exchange of business cards, interviews, correspondence, by telephone and by email.
We collect your Personal Information for the primary purpose of providing our services to you. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.
When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Personal data that we have access to on behalf of our customers is obtained and managed by the customer and made available to us under contract for the specific purpose of that contract.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Disclosure of Personal Information
Your Personal Information will not be disclosed by Pavilion Health.
Security of Personal Information
Personal Information we collect to run our business is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be kept by us for a minimum of 7 years.
Personal data we have access to on behalf of our customers may be stored 1) within the client’s infrastructure or 2) within Pavilion Health’ infrastructure. If we must store personal information we only store the minimum amount of information needed to meet our contracted obligations, we do not store patient or clinician names or addresses, we completely separate the identifying information from the information that will be used in any analyses.
Access to your Personal Information
Data we collect directly to conduct our business
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.
Pavilion Health will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.
In order to protect your Personal Information we may require identification from you before releasing the requested information.
Data we have access to on behalf of our customers
Pavilion Health will not provide access to these data on behalf of our customers, you must contact the project sponsor (our customer) directly to access your personal data.
Maintaining the Quality of your Personal Information
It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Reporting Privacy Breaches
In the event of a breach of privacy of personal data, Pavilion Health follow our Privacy Breach policy which includes that we will advise data subjects of the breach within 72 hours of Pavilion Health becoming aware of such breaches.
This Policy may change from time to time and is available on our website.
Data Protection Office
Unit 11, 1 Bradly Avenue
Kirribilli NSW, 2061 Australia
European General Data Protection Regulation
State of Victoria, Australia Advice for Business