Privacy Policy

Policy Statement

Helix Support Services is strongly committed to ensuring the privacy of personal information that it collects as part of the services it offers. We place great importance on protecting the privacy of our employees, valued participants, customers and other stakeholders.  

We“, “us” and “our” means Helix Support Services Pty Ltd (ABN 28 665 389 015) (ACN 665 389 015), trading as ‘Helix Support Services’.  “You” and “your” means employees, participants, customers and stakeholders of Helix Support Services 

This policy sets out how we will comply with our obligations under the Privacy Act 1988 (Cth) (Privacy Act). We are also bound by the Australian Privacy Principles (APPs), which regulate how we may collect, use, disclose and hold your personal information, and how you may access and correct personal information we hold about you.

We will ensure that all Helix Support Services officers, employees, subcontractors and volunteers are aware of and understand our obligations and their own obligations under the Privacy Act and are provided with training to enable them to fulfil these obligations.

We will also achieve this through maintaining internal policies and processes to prevent personal information being improperly collected, held, shared/exchanged, accessed or disposed of.

You consent to us collecting, holding, using and disclosing your personal information in accordance with this policy.

Purpose

The purpose of this policy is to:

  • provide you with an understanding of the kinds of personal information that we collect and hold;

  • clearly and concisely communicate how and when your personal information is collected, disclosed, used, held and otherwise handled by us;

  • inform you about the purposes for which we collect, hold, use and disclose personal information;

  • provide you with information about how you may access your personal information and seek correction of your personal information; and

  • provide you with information about how you may make a complaint and how we will deal with any such complaint.

Scope

This policy applies to all Helix Support Services employees and contracted staff (permanent, temporary and casual) employed in Helix Support Services’s divisions and service lines and relates to the management of privacy.

Principles

Helix Support Services has aligned its Privacy Policy to the APPs.

Risk Management

Helix Support Services is committed to effectively managing risks through compliance with legislation, alignment with best practice and through a practical approach that carefully plans for and prioritises risks and balances the costs and benefits of action.

What is personal information?

Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true.

It includes your name, date of birth, age, gender and contact details as well as health information (which is also sensitive information). In this policy, the reference to personal information includes sensitive and health information.

What personal information do we collect and hold?

We do not collect personal information unless it is reasonably necessary for, or directly related to, one of more of our functions or activities.

We do collect information about you and your interactions with us, for example, when you become an employee, purchase or use any of our services, call us or visit our website. 

Personal information collected by us will usually fall into one of the following categories:

  • contact information (name, age, address, email address and telephone numbers);

  • Commonwealth identifiers (e.g. CRN, TFN);

  • employment information (e.g. employment history, work performance, next of kin information);

  • financial information (e.g. bank account details);

  • sensitive information (e.g. health or medical history); and/or

  • information obtained to assist in managing participant and business relationships.

Where personal information is sensitive information, we will only collect that information where:

  • it is reasonably necessary for one or more of our functions;

  • we have the individual’s consent to the collection of that information; or

  • we are required or authorised by law to collect the sensitive information.

We may also collect non-personal information about how you access, use and interact with the website, via website analytic tools. This information may include:

  • the location from which you have come to the site and the pages you have visited; and 

  • technical data, which may include IP address, the types of devices you are using to access the website, device attributes, browser type, language and operating system. 

Please refer to our Cookies Policy for further information regarding MyIntegra’s use of cookies on our website and other third-party analytic tools used to collect information and improve the performance of our website and online campaigns.

Why do we collect, hold and use your personal information?

We collect, use and store your personal information so that we can:

  • deliver our products and services;

  • manage our relationship with you;

  • contact you, for example, to respond to your queries or complaints, or if we need to tell you something important;

  • comply with our legal obligations and assist government and law enforcement agencies or regulators;

  • identify and tell you about other products or services that we think may be of interest to you (including for marketing and promotional purposes); and/or

  • act as your employer.

If you do not provide us with your personal information, we may not be able to provide you with our services, communicate with you or respond to your enquiries. 

How do we collect your personal information?

We will collect your personal information directly from you whenever you interact with us, such as through face-to-face discussions, over the telephone, an on-line form or portal, paper form, social media channel, or email.  Sometimes we will collect personal information from a third party or a publicly available source if it is unreasonable or impracticable to collect the personal information directly from you, such as:

  • Government agencies (such as the NDIA);

  • insurance companies; or

  • previous employers.

When you use our website, Helix Support Services automatically collects certain computer information by the interaction of your mobile phone or web browser with our website. Such information is typically considered non-personal information.  

This information is generally collected through the use of third-party website analytics tools, cookies, tracking and other information gathering technologies.  We do this to:

  • help deliver, optimise, personalise and analyse our services, and for advertising purposes;

  • analyse trends and your use of the website and other technologies and how you respond to any advertising or content;

  • serve targeted advertising to you via our website or other technologies on the basis of your use and preferences; and

  • administer products and services and gather demographic information about your use of the website and other technologies in order to target and personalise advertising and offers to you.

Please refer to our Cookies Policy for additional information on Helix Support Services use of cookies on our website other third-party analytic tools used to collect information.

How do we store and hold personal information?

We store most information about you in computer systems and databases operated by either us or our external service providers. Some information about you is recorded in paper files that we store securely.

We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.  

These processes and systems include:

  • the use of identity and access management technologies to control access to systems on which information is processed and stored;

  • requiring all employees to comply with internal information security policies and keep information secure;

  • requiring all employees to complete training about information security; and

  • monitoring and regularly reviewing our practise against our own policies and against industry best practice.

We will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the APPs.

Although we take all reasonable steps to secure personal information from loss, misuse and unauthorised access, there is an inherent risk of loss of, misuse of or unauthorised access to such information. Helix Support Services will not be held responsible for such actions where the security of the personal information is not within our control or we cannot reasonably prevent such an incident.

Who do we disclose your personal information to, and why?

We will only use and disclose personal information for the primary purpose for which it was initially collected, or for purposes which are directly related to one of our functions or services.

Like many other businesses in Australia, we contract out some of our functions and rely on third party suppliers or contractors to provide specialised services (such as employment services, ‘cloud computing’, technology and data storage services, legal services, insurance broking, security services, organisations that assist with our product planning, analytics, research and development, information technology tools providing analytics and reporting services, marketing and advertising services including printers, mailing and distribution houses, or emailing services, telemarketing agencies, media organisations who assist us to communicate with you including media or social media sites and business advisors and financial services).  We may disclose personal information to external service providers so that they may perform services for us or on our behalf.

We may transfer or disclose your personal information to our related companies.

We may also disclose your personal information to others outside our group of companies where:

  • we are required or authorised by law to do so;

  • it is reasonably necessary for enforcement related activities conducted by, or on behalf of, an enforcement body (such as the police);

  • you may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or

  • we are otherwise permitted to disclose the information under the Privacy Act. 

If the ownership or control of all or part of our business changes, we may transfer your personal information to the new owner.

Do we disclose personal information to overseas recipients?

We may disclose your personal information to a recipient which is located outside Australia.  Some of our service providers and contractors are located in other countries including the US and India. Where we use a service provider that hosts personal information in other countries, we take steps that are reasonable in the circumstances to ensure that the host does not breach the APPs. The steps we take include:

  • adding provisions in our contract with the service provider that require them to protect the personal information they hold; and

  • when choosing a service provider, including in our considerations the privacy law or scheme (if any) that applies in the country in which the service provider operates.

If we have your consent, or the overseas recipient is located in a country whose privacy laws are the same or substantially similar to those of Australia, we comply with the APPs when disclosing your personal information to that overseas recipient.

If a privacy breach occurs that involves a service provider located outside of Australia, we support and work with you to handle the breach appropriately.

Do we use your personal information for marketing?

We may use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to. These products and services may be offered by us, our related companies, our other business partners or our service providers.  

Where you receive direct marketing communications from us, such as telemarketing, advertising via email, SMS or post, you may choose not to receive further marketing communications by following the opt-out instructions provided in the communication. Alternatively, you may advise us by calling 1300 769 894 or 1300 768 332. These instructions are set out in our Terms of Use Policy.

We may also market our products to you through third-party channels (such as social networking sites or digital advertising), or via other companies who assist us to market our products and services. We may use de-identified data to online advertisers which allows Helix Support Services to place communications in the media which are most relevant to you. 

Your personal information may be passed to other entities (including third party entities) for promotional purposes, including direct marketing. Those entities may use the personal information we provide to them to market to you, including by sending you information or contacting you (by telephone, post or electronically) about Helix Support Services services. These entities may be associated with us, or be third party agents, contractors or organisations.

Accuracy of personal information

We will ensure that all personal information we collect, use or disclose is accurate, complete and up to date. Please contact Helix Support Services Privacy Officer (details below) if you are aware of any personal information that does not meet this objective.

Access to and correction of your personal information

You may access or request correction of the personal information that we hold about you by contacting us. 

Our contact details are:
Helix Support Services
Suite 2036
8 HUGHES STREET
GATESHEAD NSW 2290
Karmen@helixsupport.com
0466 237 955

There are some circumstances under the APPs in which we are not required to give you access to your personal information. 

We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date and complete.  

If we do not agree to make a correction to personal information, you may provide a statement about the requested corrections and we will ensure that the statement is apparent to any users of the relevant personal information.

If we do not agree to provide access to personal information or to correct the personal information, we will provide you with written reasons for the refusal and the mechanisms available to complain about the refusal.

There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).

Complaints

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us.

All complaints are to be in writing and directed to the Privacy Officer using the contact details set out above. In most cases a Privacy Complaint Form will need to be completed.  

Helix Support Services will acknowledge receipt of a written complaint within 2 business days.

We will consider your complaint and determine whether it requires further investigation.  

We will notify you of the outcome of this investigation and any subsequent internal investigation.

If you remain dissatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.

Roles and Responsibilities

  • All Helix Support Services officers, employees and sub-contractors are aware of their responsibility to comply with the Privacy Act.

  • Helix Support Services will ensure that all employees and subcontractors required to manage personal information are appropriately trained and supervised.

  • Helix Support Services will conduct regular reviews to ensure that personal information is managed correctly.

  • Breaches of the Privacy Policy or personal information management processes will be dealt with appropriately.

  • Helix Support Services will provide appropriate assistance to individuals and relevant third parties to make enquiries regarding personal information management.

  • Personal information will be retained according to the requirements of the Privacy Act.

Monitoring and Training

From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our Privacy Policy will be published on our website.

You may obtain a copy of our current policy from our website or by contacting us at the contact details above.

All Helix Support Services staff will receive training with regard to privacy and the application of this Privacy Policy as part of their induction.

Legislative / Accreditation Requirements

  • Privacy Act 1988 (Cth)

  • Australian Privacy Principles (APPs)

  • ISO9001:2015 Quality Management Systems – Requirements

Supporting Documents / Resources

This document is to be used in conjunction with:

  • Privacy Collection Notice

  • Cookies Policy

  • Terms of Use Policy

  • Feedback and Complaints Policy

Definitions

Definitions of terms used in this policy and supporting documents

Term

Definition / Explanation / Details 

Participant

A person who currently, or has previously, received a service from Helix Support Services. Most commonly referred to as a Participant.

Health information

(a) Information or an opinion about: 
    (i) The health or disability (at any time) of an individual; or
    (ii) An individual’s expressed wishes about the future provision of health services to him or her; or
    (iii) A health service provided, or to be provided, to an individual that is also personal information; or
(b) Other personal information collected to provide, or in providing, a health service; or
(c) Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
(d) Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.

Sensitive information

(a) Information or an opinion about an individual’s:  
    (i) Racial or ethnic origin; or
    (ii) Political opinions; or 
    (iii) Membership of a political association; or
    (iv) Religious beliefs or affiliations; or
    (v) Philosophical beliefs; or
    (vi) Membership of a professional or trade association; or
    (vii) Membership of a trade union; or
    (viii) Sexual orientation or practices; or
    (ix) Criminal record; or
(b) Health information about an individual; or
(c) Genetic information about an individual that is not otherwise health information; or
(d) Biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) Biometric templates