Introduction

In this Privacy Policy we will refer to Fit4work Systems Pty Ltd (ACN 634 540 051) as “Fit4Work”, “we”, “us” and “our”.

This is our Australian Privacy Principles’ compliant privacy policy. We may also reference to related, third-party service providers’ relevant privacy policies and associated documents. It explains how we approach the important issues of privacy and the management of your Personal Information.

Please contact Fit4Work’s Privacy Officer (details are at the end of this Privacy Policy) if you require any further information regarding our Privacy Policy.
Fit4Work provides a platform on by which we can assess your mental, physical and medical fitness for particular job roles to minimise the risk of injury or harm in the workplace and help prospective employers consider whether you need a formal physical and/or medical assessment (our “Services”). By choosing to participate in our Services, and/or by using our App, or our Website, you consent and agree to the Privacy Policy of Fit4Work Systems (“Policy”) as follows

 

The Australian Privacy Principles

The Australian Government introduced updated legislation in 2014 to the Privacy Act (1988), to further enhance the protection and handling of an individual’s privacy and personal information. These principles replace the previous National Privacy Principles that operated from 2001. You can find out more about the Australian Privacy Principles by calling the Office of the Australian Information Commissioner on 1300 363 992 or through their website at www.oaic.gov.au. “App” means the application software (including accessible via web browser) owned by us through which we provide the Services to our clients, and into which you may be requested or required to enter your Personal Information.

Personal Information” means information or an opinion about an identified individual, or anindividual who is reasonably identifiable:

(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.

“Sensitive Information” means:
(a) information or an opinion about an individual’s:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional trade association; or
(vii) membership of a trade union; or
(viii) sexual orientation or practices; or
(ix) criminal record
that is also personal information; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information;
(d) biometric information that is to be used for the purpose of automated biometric verification
or biometric identification; or
(e) biometric templates

Website” means our website located at www.fit4worksystems.com.au We respect and uphold your right to privacy protection under the Australian Privacy Principles in regulating how we collect, use, disclose and hold your Personal Information. We have procedures so only our authorised staff (being System Administrators) have access to your Personal Information, that it remains confidential and is only used and disclosed for appropriate purposes, where you have consented, and in accordance with this policy. In addition to the Australian Privacy Principles, individuals located in the European Union (EU) may also have rights under EU based rules known as the General Data Protection Regulations (GDPR). The GDPR has harmonised the data privacy laws of each individual EU country, giving more rights to individuals located in the EU and more obligations to organisations holding their personal information. Details of additional rights of individuals located in the EU and how we meet them are outlined in the relevant section below. Lastly, please note however this policy is not intended to cover categories of personal information which are not covered by the Privacy Act or the GDPR.

THE PERSONAL INFORMATION WE COLLECT, AND WHY WE COLLECT IT

Information We Receive When You Use Our Services or Site
The types of Personal Information we collect and hold are derived from your answers to our questionnaire, which contains questions about your medical history, as well as your current mental, medical and physical fitness; and include:

● your contact details, including your name, biological gender, birth year, address, telephone
numbers and email address; and
● the particular job role; and
● photographs and videos of yourself,
as well as Sensitive Information about your may include details of your:
● medications;
● body mass index;
● certain diseases, including sleep disorders that may affect your alertness at work;
● physical strength and fitness;
● colour blindness;
● hearing loss; and
● cardiovascular diseases including hypertension.
We also collect information about your mental health, including details relating to:
● depression, PTSD and anxiety that require professional medical attention.

We will otherwise not collect Sensitive Information about your racial or ethnic origin, political opinions or membership, religious or philosophical beliefs, trade association or union membership, sexual preferences or criminal record unless you have consented to give this information and it is relevant to our Services. We will always collect such information in a non-intrusive, lawful and fair manner, and only when you have consented to the collection of such information. Your Personal Information and Sensitive Information is only collected as is necessary for us to carry out our work and deliver our Services.
Usage Information. We collect information about your activity through our Services. For example, we may collect information about how you purchase or interact with our Services or which queries you submit
 Content Information. We collect content, queries and responses that you engage with via our Services and Website, such as custom content, and information about the content you create or provide, such as if the recipient has viewed the content and the metadata that is provided with the content.
Information Collected by Cookies and Other Technologies. Like most online services and mobile applications, we may use cookies and other technologies, such as web beacons, web storage, and unique advertising identifiers, to collect information about your activity, browser, and device. We may also use these technologies to collect information when you interact with our Website we may offer through one of our partners, such as advertising and commerce features.
Most web browsers are set to accept cookies by default. If you prefer, you can usually remove or reject browser cookies through the settings on your browser or device. Keep in mind, though, that removing or rejecting cookies could affect the availability and functionality of our Services. To learn more about how we use cookies and your choices, please check out our “Cookie Policy” (see below under ‘Visiting our Site’) below. To learn more about how third parties use these technologies on our Services, please read the “Analytics” section of this Policy
Log Information. We also collect log information when you use our Website or Services. That information includes, among other things: o details about how you have purchased or used our Services; o device information, such as your web browser type and language; o access times; o pages viewed; o IP address; o identifiers associated with cookies or other technologies that may uniquely identify your device or browser; and o pages you visited before or after navigating to our Website.
When the Law Authorises or Requires us to Collect Information
We may collect information about you because we are required or authorised by law to collect it. There are laws that affect financial institutions which may require us to collect personal information, like the National Consumer Credit Protection Act and The Anti-Money Laundering and Counter-Terrorism Financing Act.
Information We Collect from Third Parties

We may collect Personal Information about you from other users, our clients, and third parties such as recruiters, or your employer if

● you consent to us collecting Personal Information from them; or
● we are authorised to do so under the law, or a court or tribunal order; or
● it is unreasonable or impracticable to do so.

Opting-Out or Modifying Your Information

If you want to change any information that you have previously given us, or if you want to opt out of future communications please contact Fit4Work’s Privacy Officer as detailed below.

How We Collect Your Personal Information

We collect your Personal Information when you provide it to Fit4Work in a number of ways including but not limited to:
● directly from you through the Website or the App;
● as authorised or consented to by you providing us with your Personal Information;
● by voluntary completion of questionnaires and provision of photographs and videos on our Website or App;
● from public domain;
● from authorised third-party data sources and data lists for the purposes of providing our Services;
● from your personal or business, advisors, partners, associates, employers, recruiters, and potential employers; and
● by your usage of the Website e.g. the pages that you visit, what links you click by contacting us by post, telephone, email, or other electronic methods.

Sometimes we collect information about you from other sources. We do this only if it is necessary to do so. Instances of when we may need to include where:

▪ its is provided to us by a prospective employer or business, in which case we ask them to obtain your consent prior to disclosing it to us;
▪ we cannot readily contact you and we rely on publicly available information to update your contact details; and
▪ at your request, we exchange information with your accounting, legal or financial advisors or other representatives.

Also:
we may ask for other information from you from time to time to enable us to improve the Services.

In some cases, you might provide Personal Information to us by entering it into forms which stores the information in our cloud-based servers. Alternatively, your information may be disclosed to us by an organisation with whom you interact and to which we provide a cloud-based Service.

When we collect or hold Personal Information in this way, it is only used or disclosed for the primary purpose as described in this Privacy Policy, or the organisation that has disclosed that information to enable us to provide the Services.

Personal Information may be stored on our web servers but will only be accessed by us to provide technical support, or to carry out other functions reasonably necessary to provide the Services. This Personal Information will not be disclosed in any other way without the your written consent.

What Do We Do When We Get Information We Did Not Ask For?

People sometimes share information with us we have not sought out (referred to as ‘unsolicited information’).

Where we receive unsolicited Personal Information about you, we will check whether that information is reasonably necessary for our Services, functions or activities. If it is, we will handle this information the same way we do with other information we seek from you. If not, we will ensure we do the right thing and destroy or de-identify it.

When Will We Notify You That We Have Received Your Information?

When we receive Personal Information from you directly, we either have already taken or we will take reasonable steps to notify you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint. Sometimes we collect your Personal Information from third parties. You may not be aware that we have done so. If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection.

How do we use your Personal Information?

We may use your Personal Information when:

Providing our Service to our clients, including:

  1. Providing a summary report of an assessment of your mental, medical or physical fitness for a particular role;
  2. where we have your express consent, the answers to the questionnaire and associated photographs and videos;
  3. considering whether you may be suitable for a particular role in that regard;
  4.  processing your Personal Information and compiling a report for our clients; or
  5. administering the Services we provide to our clients.

● we may send you information about our Services. Each time we send you a direct marketing communication we will provide you with a simple way to “opt out” of receiving similar communications in the future.

● assisting in arrangements with other organisations in relation to a service we make may
available in future;
● allowing us to run our business and perform administrative and operational tasks, such as:

  • training staff;
  • developing and marketing products and services;
  • risk management;
  • systems development and testing, including our Website and other online channels;
  • undertaking planning, research and statistical analysis;
  • preventing or investigating any fraud or crime, or any suspected fraud or crime;
  • as required by law, regulation or codes binding us;
  •  managing our relationship with our clients;
  • investigating and dealing with suspected or actual unlawful activity;
  •  assisting with recovering amounts owing to us; and
  •  for any purpose for which you have given your consent.

We use, in addition to our own proprietary technologies and systems, various third-party software and technologies, each of which may have their own privacy policies and terms of use.
Please also note, owing to the ever-changing nature of technology and to provide optimal support to you, we may use different third-party support software and platforms from time to time. To that, any such Personal Information data stored or processed will also subject to the privacy policies ofthose relevant individual third parties and platforms as may vary.

We may use your Personal Information to the extent that is reasonably necessary to carry out the Services including for the following purposes:

to deliver and improve our Services, the Website, and the App;

● to provide personalised and direct marketing content to your email address, mobile phone, portable computing and other digital technology devices;
● to compile analytics in sizing or quantifying market opportunity;
● to predict market opportunity forecasting and resource allocation;
● to disclose to other businesses who assist us or our customers in providing services or who perform functions on our customers’ behalf; and
● to conduct credit checks (if and where necessary).

How We Keep Your Personal Information Secure
Our IT infrastructure is in secure buildings with restricted access. Our IT systems are password protected and we conduct regular audit and data integrity checks.

We frequently update our anti-virus and malware software in order to protect our systems (and the data contained in those systems) from computer viruses. In addition, all our employees are required,
as a condition of employment, to treat Personal Information held by Fit4Work as confidential.

We store your Personal Information in cloud-based servers. These cloud servers are situated in Australia.

If we store your Personal Information on a remote, “Cloud” or offsite server we will endeavour to protect your Personal Information through security measures such as password protection and encryption.

Where you are an individual who uses our Services, shortly after completion of the screening process, we de-identify the Personal Information (so it is no longer capable of identifying you).

In other cases, we retain and store your Personal Information (whether onsite, offsite or on the cloud) indefinitely, unless you instruct us otherwise.

Destroying Personal information

We may destroy or de-identify the Personal Information provided by you once it is no longer needed for our Services. However, we may, in addition to the reasons already disclosed in this Privacy Policy, in certain circumstances be required by law to retain Personal Information after our Services havebeen completed.

In this case, the Personal Information will continue to be protected in accordance with this Privacy Policy. If we destroy Personal Information we will do so by taking reasonable steps and using up-to-date techniques and processes.

Disclosing your Personal Information

Where we collect Sensitive Information, we will only disclose Personal Information to the individual from whom we collect it, and some of that information to the prospective employer, via the Services.

We may disclose your Personal Information to third parties but only for the purposes of providing the Services and for the purposes contemplated by your use of the Site.

These third parties may include:

▪ industry bodies of which we are a member;
▪ those involved in providing, managing or administering the product or service we provide to you;
▪ authorised representatives and staff of Fit4Work who sell products or services on our behalf;
▪ other financial institutions, such as banks;
▪ organisations involved in debt collecting, including purchasers of debt;
▪ fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime, or misconduct of a serious nature);
▪ government or regulatory bodies (including ASIC and the Australian Tax Office) as required or authorised by law (in some instances these bodies may share it with relevant foreign authorities);
▪ our accountants, auditors or lawyers and other external advisers;
▪ organisations that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems;
▪ organisations that participate with us in payments systems including merchants, payment organisations and organisations that produce statements for us;
▪ organisations that assist with our product planning, research and development;
▪ other organisations involved in our normal business practices, including our agents and contractors;
▪ where you’ve given your consent;

other digital technology services and platform-providers;

● our partners, agents or contractors (worldwide);
● data collection and marketing providers (worldwide);
● our related entities; and
● our professional advisers.
We may disclose your personal information:
● when specifically authorised by you;
● to professional and insurance advisors;
● to regulatory bodies and government agencies;
● to training partners;
● to your guardian; and
● as required by law or court order.
We may disclose Personal Information for the following purposes:
● reporting to government agencies;
● to obtain professional or insurance advice;
● to comply with training requirements;
● to comply with regulatory or legal requirements;
● credit reporting and checks; and
● to comply with laws or court orders.

When we disclose your Personal Information with a third party, we will require the third party to handle your Personal Information in accordance this Policy and the Australian Privacy Principles.

Fit4Work may sometimes use third party service providers to conduct surveys and facilitate information collection. Some of these service providers conduct all or part of their business overseas and so your personal information may be transferred overseas as a result.

Fit4Work conducts a due diligence process before entering into an agreement with these service providers and will take all reasonable steps to ensure that your information is not used in a manner inconsistent with the Australian Privacy Principles.

Web traffic information is disclosed to Google Analytics when you visit our Website. Google stores
information across multiple countries. When you communicate with us through a social network service such as Facebook or X/Twitter, the social network provider and its partners may collect and hold your personal information overseas.

Visiting our Site
Our Site may use ‘cookies’ to improve your experience on our site, to display content more relevant to you within the Site, and to display items added while using online facilities. If you are concerned about the use of these cookies, your browser can be configured to notify you when you receive a cookie, and provide you with the opportunity to accept or reject it. You may refuse all cookies from our Website, however some functions may be unavailable.

Our Website may use statistical information collection tools (such as Google Analytics) to track site visits, navigation and performance within our Site for the purpose of monitoring and improving the site. If you are concerned about the use of these tools, you can configure your browser to send a “Do Not Track” request with your browsing traffic.

Our Website may also use third party cookies and Google Analytics Advertising Features including: Remarketing with Google Analytics, and Google Analytics Demographics and Interest Reporting.

Visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads using the Ads Settings. Further information regarding behavioural advertising, including ways to manage your online privacy, is available at https://www.staysmartonline.gov.au/.

Where you provide your email address to us, we will only use it for the purpose provided unless you have consented to us using it for additional purposes, and we will not pass it on to any other person or organisation unless we have disclosed this to you. We may also disclose your information where
required by law to do so.

Our Website may contain links to other sites of interest. We do not control, and are not responsible for, the content or privacy practices of those websites. Please check the Privacy Policies on other websites before you provide your personal information to them.

Our Website’ Security

By using our Website you acknowledge and agree that the internet is inherently insecure and thatyou use the internet at your own risk. You acknowledge that you do not hold Fit4Work or its directors, representatives, employees, contractors, suppliers or clients liable for any security breaches, viruses or other malicious software that may infect your computer or other internet browsing device, or any loss of data, revenue or otherwise that may occur as a result of using our Website.
We strive to ensure the security of your Personal Information and we take reasonable steps to
protect your Personal Information from:
a) misuse, interference and loss; and
b) unauthorised access, modification or disclosure.

We will review and update our physical and data security measures in light of current technologies. Unfortunately, no data transmission over electronic, mobile data and communication services can be guaranteed to be totally secure.

For security purposes, any Personal Information that we receive and/or provide to third parties will be password protected.

In addition, our employees and contractors who provide services related to our information systems are obliged to respect the confidentiality of any Personal Information held by us.

We will do everything reasonably within our power and control to prevent unauthorised use or disclosure of your Personal Information. However, we will not be held responsible for events arising from any unauthorised use or access to your Personal Information. Certain sections of our Site are secured using industry-standard SSL/TLS technology to encrypt data between your browser and the Site. 

Social Networking Services

We may use social networking services such as Facebook, Instagram, and LinkedIn to communicate with you and the public about our Services. When you communicate with us using these social networking and digital media services we may collect your Personal Information, but we only use it to help us to communicate with you and the public.

The social networking and digital media services will also handle your Personal Information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Facebook, Instagram, LinkedIn and other social media platforms, on their respective websites.

Spam Act

We adhere to the Spam Act 2003 (Cth). The Spam Act prohibits the sending of unsolicited emails, SMS and MMS messages for commercial purposes from or within Australia or to people in Australia. The Spam Act also bans the supply and use of software designed to harvest email addresses.

ADDITIONAL RIGHTS FOR INDIVIDUALS LOCATED IN THE EUROPEAN UNION (EU)

The EU General Data Protection Regulation (GDPR) has harmonised the data privacy laws of each individual EU country, giving more rights to individuals located in the EU and more obligations to organisations holding their personal information. In this section, “personal information” means any information relating to an identified or identifiable natural person (the meaning given to the term “personal data” in the GDPR).

Personal information must be processed in a lawful, fair and transparent manner. As such, if you are located in the EU, the GDPR requires us to provide you with more information about how we collect, use, share and store your personal information as well as advising you of your rights as a “data
subject”. If you are located in the EU and have an enquiry relating to your rights under the GDPR, please contact our Privacy Officer (details below).

Please refer to the above section headed “The Personal Information We Collect, and Why We Collect It” for details of the personal information we collect.

Special categories of personal information

The GDPR provides additional protection for personal information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data (for example your fingerprints), or data concerning your health, sex life or sexual orientation. We will only process this type of personal information with your consent or where otherwise lawfully permitted.

How long we keep your personal information

We will keep your personal information while you are using our App or Website. We aim to keep your personal information for only as long as we need it.We generally keep your personal information for up to 7 years after you stop using our App or Website, but we may keep your personal information for longer to fulfil legal or regulatory obligations, for internal research and analytics, or to respond to a question or complaint.

How we use your personal information

We can only collect and use your Personal Information if we have a valid lawful reason to do so. For
Fit4Work, these reasons are:
● if we need to process your Personal Information in order to provide our Services to our clients (contract performance);
● if we need to process your personal information for us to comply with the law (legal obligation);
● if you have given clear consent for us to process your personal information for a specific purpose (consent); and
● if we need to process your personal information for our legitimate interests or the legitimate
interests of a third party unless there is a good reason to protect your personal information which overrides these legitimate interests (legitimate interests).

In the table below, we have set out the relevant grounds that apply to each purpose of data processing that is mentioned in this Privacy Policy:

Purposes of the data processing Reasons/ uses
To provide and administer our Services ● contract performance ● legitimate interests (to allow us to perform our obligations and provide services to you)
For marketing purposes legitimate interests (in order to market to you) and consent (which can be withdrawn at any time)
To provide customer support ● contract performance ● legal obligation ● legitimate interests (to allow us to correspond with you in connection with our services)
To comply with our legal obligations legal obligation ● legitimate interests (to cooperate with the law and regulatory authorities) n
To conduct market, consumer and other research ● legitimate interests (to ensure that we understand our clients’ requirements)
To ensure website content is relevant legal obligation ● legitimate interests (to cooperate with the law and regulatory authorities) nlegitimate interests (to allow us to provide you with the content and services on our Site)

Your rights as a data subject

You have the following rights with respect to the personal information we hold about you.

The right to be informed how personal information is processed: You have the right to be informed how your personal information is being collected and used. If we require your consent to process your personal information you can withdraw consent at any time. If you withdraw consent, we may not be able to provide certain services to you. The right to withdraw only applies when the lawful basis of processing is consent.

The right of access to personal information: You can access your personal information that we hold by emailing our Privacy Officer (details below).

The right to rectification: You have the right to question any personal information we have about you that is inaccurate or incomplete. If you do, we will take reasonable steps to check the accuracy and correct it.

The right to erasure: You have the right to ask us to delete your personal information if there is no need for us to keep it. You can make the request verbally or in writing. There may be legal or other reasons why we need to keep your personal information and if so, we will tell you what these are.

The right to restrict processing: You have the right to ask us to restrict our use of your personal information in some circumstances. In this situation we would not use or share your personal information while it is restricted. This is not an absolute right and only applies in certain
circumstances.

The right to data portability: In some circumstances you have the right to request we provide you with a copy of the personal information you have provided to us in a format that can be easily reused.

The right to object: In some circumstances you have the right to object to us processing your personal information.

Rights in relation to automated decision making and profiling: We sometimes use systems to make automated decisions (including profiling) based on personal information we have collected from you or obtained from other sources such as credit reporting bodies. These automated decisions can affect the services we offer you. You can ask that we not make decisions based on automated score alone or object to an automated decision and ask that a person review.

The right to lodge a complaint with a supervisory authority: You have the right to complain to the regulator if you are not happy with the outcome of a complaint. Please refer to the European Commission Website for details of the relevant data protection authorities. The individual regulator’s websites will tell you how to report a concern.

Please note that while any changes you make to your personal information will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.

You may decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of our Services.
Changes to our Privacy Policy We may, without notice, amend or modify this Privacy Policy by posting the amended Privacy Notice to our Website or our App.

How to Access, Correct or Update Your Personal Information

If you have any complaints, questions or concerns about what information we hold or about the accuracy of that information, please contact Fit4Work’s Privacy Officer.
If you would like to access the information that we hold about you, or to complain about a possible breach of the Australian Privacy Principles, you can write to Fit4Work’s Privacy Officer at the address provided below.
We will respond to your complaint or endeavour to give you access to the information requested within two weeks. In order to maintain the confidentiality of your personal information, we will ask you to meet with you so we can review your specific identification documents before we give you access. If it is not practical for you to meet us in person, we will arrange to check your identification before we mail the information out to you.
If the information that we hold about you is incorrect or not up-to-date, we will update it as soon as possible after you have shown us how and why it is incorrect.

In the unlikely event that we are unable to provide you with access to your personal information for legal reasons as specified in the Privacy Act, we will provide you with reasons for denying access. If you are not satisfied with our response to your complaint, question or concern, you may wish to lodge a complaint with the Office of the Australian Information Commissioner. Further information can be found on the Commissioner’s website or by calling 1300 363 992.

Privacy Officer’s contact details Fit4Work’s Privacy Officer can be contacted by:

● Email: privacy@fit4worksystems.com.au
● Office Address: PO Box 427, Mount Hawthorn 6915 WA, Australia