2. Personal information
"Personal information" is information or an opinion about a person that identifies the person or from which the person's identity can be reasonably ascertained.
EML (also referred to as "we", "us" and "our" in this document) is bound by the Privacy Act 1988 (Cth) (Privacy Act), including the 13 APPs which protect personal information. EML and its subsidiaries respect your right to privacy and value the trust you place in us to handle your personal and sensitive information. Maintaining the privacy of all personal and sensitive information entrusted to us is paramount.
In addition to the provisions of the Privacy Act, we are also bound by the relevant workers compensation legislation, regulations and guidelines in the collection, use and disclosure of information relating to workers compensation claims. In certain circumstances, EML may also be bound by privacy and privacy-related legislation applicable in different States and Territories in Australia, in particular where we hold personal information on behalf of government agencies. Some of these include:
For Victoria – The Privacy and Data Protection Act 2014 (Vic) which protects information held by the public sector in Victoria).
For NSW – The Information Protection Principles and Health Privacy Principles, regulate the way in which health information is collected, used and stored . These standards are set out in the Privacy and Personal Information Protection Act 1998 (PPIP Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).
Where it is lawful and practicable to do so, EML will give you the option of not identifying yourself or using a pseudonym when entering into transactions with us.
If you would like to transact anonymously or use a pseudonym with EML, please contact us and we will determine if we are lawfully and practicably able to engage anonymously with you. We will also provide you with information (if applicable) as to the potential consequences of transacting anonymously with us.
4. Collection of personal information, including sensitive information
EML only collects personal information that is needed to assist us in providing a service to you (and where applicable, your employees). Generally we keep a record of:
- information that identifies you, such as your name, address, employer details and information concerning your employment arrangements
- "sensitive information" concerning your claim including the details and circumstances of your injury ("sensitive information" includes, among other things, health information; personal information includes sensitive information). We will obtain your consent before we collect sensitive information about you, unless we are otherwise permitted by law to make the collection
- information from other service providers such as medical practitioners, rehabilitation providers, investigators, legal practitioners, Regulators and other experts or consultants collected for the purposes of assessing and managing your claim (which may include health information and medical history information including in connection with other health/injury-related claims), and
- banking and taxation details.
We will collect personal information, including sensitive information, directly from you or from your employer. If we need to collect personal or sensitive information from third parties (such as the service providers mentioned above), we will ask for your consent to do so. Please note that this may be in the form of an authority we ask - or arrange for - you to sign, in which you authorise the release of health or other information to us (or to a person or entity engaged by us for the purpose of obtaining the information to be made available to us).
EML may also record and monitor your telephone conversations with our staff for training and coaching purposes. EML shall only do so if at the start of the conversation, we have asked if you are prepared to proceed accordingly or, alternatively, have provided an opt out facility.
5. Use and disclosure of personal information
EML will only use or disclose personal information that you provide to us for:
- the purpose of assessing and managing your workers compensation claim, including determining liability, or
- in providing clinical services; or
- another purpose which has been disclosed to you, with your consent, or
- if we are required or authorised by law to do so (including as permitted by workers compensation and related laws such as where we are attending to the management of your claim or providing your information to another workers compensation insurer).
Following your consent, we may disclose your personal and sensitive information to the appointed service providers where this information will assist with processing the claim. If you have made a workers compensation claim, then we may disclose and provide your information to third parties in accordance with consent(s) that you have signed in connection with your claim – including for example consent provided in an injury claim form or in a certificate of capacity.
If we manage one or more claims in respect of you across one or more statutory workers compensation schemes through icare NSW then we will have access to all these claim records for the purposes of managing each of these claims in respect of you.
Please note that in the case of certain government agencies (including the NSW government agencies within the NSW icare self insurance claims portfolio), where such an agency is your employer in connection with a claim, then we may also provide your claim information to those agencies the purpose of their workplace injury risk assessment & management procedures. You can also request that we disclose information to another person acting on your behalf.
We may also disclose your personal information to our related companies.
We also use the National Relay Service (NRS) during telephone calls for hearing impaired people who may include our customers, service providers and our staff. The NRS is an Australian government initiative whereby a NRS relay operator assists in telephone calls. NRS operators comply with strict confidentiality requirements in the course of their work with the NRS and are legally bound not to disclose the nature or content of conversations to anyone. If we are using the NRS for an outbound call to you as an injured worker we will let you know about this during the call. We will accept calls from the NRS on behalf of customers and service providers; we may make calls to service providers or treatment practitioners through the NRS without contacting you in advance but please let us know at any time (details below) if you prefer that the NRS not be used in respect of your claim. More information concerning the NRS is available at www.relayservice.gov.au
6. Cross border disclosure of information
EML is committed to handling your personal information in accordance with the Privacy Laws and the Australian Privacy Principles. We operate all of our offices whether in Australia or our branch offices outside of Australia in line with the Australian Privacy Principles and our Australian Privacy compliance framework.
Please let us know if you have any queries or objections to such disclosures.
7. Government related identifiers
EML will not use Government related identifiers (such as a Medicare number) as our reference number for you in our systems. We will only use or disclose any government identifier that you provide to us as required or authorised by law.
EML will take reasonable steps to protect personal information entrusted to us from misuse and loss and from unauthorised access, interference, modification and disclosure. All information entrusted to us will be securely stored in physical and electronic form.
Where we no longer require your personal information, we will take reasonable steps to destroy or permanently de-identify that information.
EML has internal procedures which require our people to ensure the safe handling and storage of all private and confidential information including procedures for safe custody and transit of information both inside and outside of EML.
9. Access and correction of information we hold about you
EML is committed to keeping up-to-date records of your personal information. We will take reasonable steps to ensure that any personal information collected, used or disclosed by us is accurate, complete, and up-to-date.
If EML holds personal information about you, you might request access to that personal information. However, the law allows us to decline access in limited circumstances. We may charge you a reasonable fee for providing you with access to that personal information.
You may request access to your information from EML at any time and can find out what information we hold about you by contacting the EML Group Privacy Officer via email at: email@example.com. EML will deal with any access or correction request in a timely manner, within 30 days. If you establish that personal information held by us is not accurate, complete, relevant, up-to-date or is misleading, we will take reasonable steps to correct the information so that it is accurate, complete relevant, up-to-date and not misleading. If we refuse to provide you with access or to correct such information, we will provide you with written reasons for our denial of access or refusal to correct your personal information.
10. Contacting EML
General privacy enquiries should be directed to the EML Group Privacy Officer at: firstname.lastname@example.org
11. If you have a privacy complaint
EML takes a best practice approach to addressing privacy complaints. Upon receipt of a complaint, it will be immediately escalated to EML staff with the appropriate knowledge of the Privacy Act. We will then issue you with a timely response that, if appropriate, will outline the measures that EML will take to resolve the complaint.
You may make a privacy complaint directly to EML via:
- our website <eml.com.au> using the online complaint form (located under the "Contact us"), or
- directly to the office of the EML Group Privacy Officer through email@example.com
EML’s objective in all cases will be to resolve your complaint promptly.
However, if you feel that we have not satisfactorily addressed your complaint, you may also make a complaint to the Australian Government's Office of the Australian Information Commissioner (OAIC) via the following channels:
visit their website https://www.oaic.gov.au/ or
in writing to: GPO Box 5218 Sydney NSW 2001 or GPO Box 2999 Canberra ACT 2601
via telephone 1300 363 992 or by emailing firstname.lastname@example.org
Annexure – Privacy Statement
The EML Privacy Statement provides an overview of this policy.