We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au
Types of personal information we collect
The kinds of personal information we may collect from you will depend on what type of interaction you have with us. Personal information we may collect from you includes, among other things:
- identity particulars – such as your name, address, date of birth, occupation, telephone numbers and e-mail address
- personal information we collect from you when assessing, processing and managing an application by you for commercial credit;
- personal information you provide to us when you participate in a promotion, competition, promotional activity, survey, market research, subscribe to our mailing list;
- your bank, credit or debit account details when you make a purchase;
- your records of communication with us;
- if you visit our website, your website usage information such as your IP address.
- in collaboration with healthcare professionals in a therapeutic capacity to recommend and supply specific products for individual cases the following may be required and collected:
photographs to detail individual cases by way of showing an issue or situation;
ii. NDIS specific details;
iii. DVA specific details;
iv. personal details pertaining to an insurance claim; and
v. personal details when supplying via a Government contract arrangement.
Why does HPA collect personal information?
We will generally only collect and use your personal information for the primary purposes of:
- our general business operations;
- effectively providing you with our goods and services;
- where applicable, assessing and processing an application for commercial credit, and for administrative purposes in relation to the ongoing management of your commercial credit arrangement;
- communicating with you;
- responding to your inquiries or complaints;
- meeting our legal and regulatory obligations;
- conducting, improving and developing a relationship with you;
- direct marketing (such as providing you with information about our products, events and activities related to your industry or profession and promotional notices and offers); and;
- improving our websites
Your personal information is only collected by lawful and fair means and where practicable, only from you or from a person acting or authorised to act on your behalf. Where you have applied for commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent. This could include persons nominated by you as trade references, credit reporting bodies (“CRBs”) and your bankers.
We will take reasonable steps to ensure that you are aware of:
- the likely use of the information;
- the right of access to the information;
- the identity and contact details of our employee/representative collecting your personal information;
- any law requiring collection of the information; and
- the main consequences of failure to provide your personal information.
“Sensitive information” is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
If we collect sensitive information, it will only be used by us:
- for the primary purpose for which it was obtained;
- for a secondary purpose that is directly related to the primary purpose; and
- with your consent, or where required or authorised by law.
How your personal information is stored and secure
We take reasonable steps to protect your personal information from loss, misuse or unauthorised access by restricting access to the information in electronic format and by appropriate physical and communications security.
If a substantial data breach has or may have occurred (for example, your personal information was shared with unauthorised persons) we will notify you as soon as is practicable.
We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. We will take appropriate measures to destroy or permanently de-identity your personal information if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.
Where reasonable and practicable to do so, we will collect your personal information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party and/or that you authorised its collection.
Disclosure of personal information
Your personal information may be disclosed in a number of circumstances including the following:
- third parties where you consent to the use or disclosure; and
- where required or authorised by law.
In certain circumstances, we may be required to disclose personal information overseas for a primary purpose or secondary purpose. Overseas locations may include the United States of America, Taiwan, Germany and New Zealand.
Security of personal information
Your personal information is stored and transferred in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.
When your personal information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal information. However, most of the personal information is or will be stored in client files, which will be kept by us for a minimum of 7 years.
Access to your personal information
You may access the personal information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your personal information, please contact us in writing.
HPA will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your personal information.
In order to protect your personal information we may require identification from you before releasing the requested information.
Maintaining the quality of your personal information
It is an important to us that your personal information is up to date. We will take reasonable steps to make sure that your personal information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you. We will use all reasonable means to protect the confidentiality of your personal data whilst it is in our possession or control.
Business Address: Unit 4, 6-8 Byfield Street, Macquarie Park, NSW 2000
Email Address: firstname.lastname@example.org
Phone Number: 1300 472 878
Last updated 11th June 2020