This Privacy Policy applies to Iconic Care Group Companies (Iconic Care) i.e., Iconic Care Pty Ltd (ICPL) or Iconic Rehab Pty Ltd (IRPL), Iconic Plan Manager, Iconic Disability Services herein referred to as Iconic Care.

Iconic Care’s collection, use, disclosure, and storage of your personal information is regulated by the Privacy Act 1988 (Cth) (the Privacy Act), the Australian Privacy Principles and related legislation.

The Privacy Act applies to all private sector health service providers anywhere in Australia.

In NSW, Victoria, and the Australian Capital Territory (ACT), private-sector health service providers must comply with Australian and state or territory privacy laws when handling personal information.

Queensland, the Northern Territory, and Tasmania have privacy legislation that applies only to their public sector, including public sector health service providers.

Western Australia and South Australia do not have specific privacy legislation.

Updates to this Privacy Policy will be published on our website.

If you have any questions regarding this Policy or our privacy practices generally, please do not hesitate to contact Iconic Care’s Privacy Officer at info@iconiccaregroup.com.au.

Purpose

The purpose of this Privacy Policy is to:

• Give you an understanding of the kinds of personal information that we collect and hold.
• Communicate how and when your personal information is collected, disclosed, used, held, and otherwise handled by us, including when mitigating a conflict of interest.
• Inform you about the purposes for which we collect, hold, use and disclose personal information.
• Provide you with information about how you may access your personal information and seek correction of your personal information.
• Provide you with information about how you may make a complaint, and how we will deal with any such complaint.

What is personal information?​

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. It includes your name, date of birth / age, gender, and contact details as well as health information (which is also sensitive information). In this Privacy Policy, a reference to personal information includes sensitive / health information.

Health information is any personal information about your health or disability. It includes information or opinion about your illness, injury or disability.

Collection of personal information​

Personal information collected by us will usually fall into one of the following categories:

• Contact information (name, age, address, email address and telephone numbers).
• Commonwealth identifiers (e.g., CRN, TFN).
• Employment information (e.g., employment history, work performance, absences, workplace incidents, next of kin information).
• Financial information (e.g., bank account details).
• Sensitive information (e.g., information about your health, medical history, criminal history, religious beliefs, trade union activity).
• Information obtained to assist in managing participant, client and business relationships.

We may collect your information from you in a variety of ways including when:

• we provide services to you.
• you visit our website.
• you submit your information in response to Iconic Care marketing events or activities including social networking sites or digital advertising; or
• you contact us by any method, such as face-to-face, over the telephone, through an online form or portal, through a paper form or by email.

Sometimes we will collect personal information from a third party or a publicly available source, for example where we have your consent, where we are required by law to do so, or if it is unreasonable or impracticable to collect the personal information directly from you (e.g., checking a candidate’s work history).

You may choose to deal with us anonymously or under a pseudonym. However, in some circumstances, anonymity or the use of a pseudonym will render us unable to provide the relevant service or reasonably conduct our business, and we may request that you identify yourself. For example, it would not be practical to deal with you anonymously if we are providing assistance in securing paid employment for or providing rehabilitative services to you.

You may also choose not to provide us with your personal information. Depending on the circumstances in which you do so, however, we may be unable to provide you with our services as a result.

Where we are collecting personal information from a child or young person, we will use our judgement to determine if that person has the capacity to consent. Where we are unsure, we will seek consent from a parent or guardian.

Your consent in relation to your personal information

Iconic Care operates in line with applicable State and Territory legislation (see further at ‘How can I access further privacy information?”) and the NDIS Practice Standards. To record your consent to store, use, provide or exchange your information, Iconic Care will ensure:

• Consistent processes and practices are in place that respect and protect your personal privacy and dignity;
• You are advised of policies using the language, mode of communication and terms that you tell us you are most likely to understand; and
• You acknowledge your understanding and agreement to what personal information will be collected by Iconic Care and why – this may be in recorded material including in an audio and/or visual format.

You, your representative or nominee can tell us in writing or in person that you consent. We can accept consent both in writing or verbally, including with the use of a translation service.

If you are a Iconic Care Support Coordination participant you can tell us of your consent in person or in writing and we will record this consent in our Salesforce client management system, under your NDIS participant “Case Notes” section. If you are a NDIS participant that receives Iconic Care’s plan management services, your consent can also be provided over the phone and can be recorded or updated by you or your Nominee in the Iconic Care online portal at any time.

We also have a NDIS Consent Form that you, or your Nominee can use to give us your consent to use and share your personal information.

If you consent for us to ask other people for information, Iconic Care will check:

• You understand what you are agreeing to and why;
• You know which people or organisations we will talk to or share your information with;
• That no one is pressuring you to agree to share your personal information; and
• What information you consent for us to collect from other people.

You can choose how long you consent for us to ask other people for information. For example, you can choose to consent for just one time only, or for any time we need to ask for information in the future.

You can also take away your consent at any time. You can let us know by post, email, in person, over the phone or web chat that you no longer consent to us sharing or using your personal information.

Why do we collect, use, and store your personal information?

We collect, use, and store your personal information to provide you with our services which include:

• Services under the National Disability Insurance Scheme
• Services under the My Age Care
• Recruitment / Employment Services
• Employee Management
• Injury Management and Assessment
• Labour Market Research
• Ergonomic Assessments and Advice
• Occupational Safety and Health
• Psychological Assessments / Counselling
• Insurance Claims and Assessments
• Training / Education
• Research
• Client and Business Relationship Management

We may also collect, use and store your personal information:

• For marketing purposes, in order to provide you information about the services we offer. These products or services may be offered by us, our related companies, our business partners or our service providers and are offered to you without any obligation;
• To respond to your questions or suggestion;
• To improve the quality of our services;
• To improve the quality of your visit to our website;
• To undertake employee recruitment activities; or
• To assist with data analytic processes.

You may opt out of receiving marketing information by notifying us accordingly, or by using any unsubscribe facility we provide for that purpose. If you opt out of receiving marketing information, we may still contact you in connection with the services we provide to you, such as for appointment reminders and follow-ups.

Our services, functions and activities, as well as those of our contracted service providers, may change from time to time.

Protecting and storing your personal information​

Protecting and storing your personal information​ We understand the importance of keeping personal information secure and safe. Some of the ways we do this are:

• Requiring employees and contractors to enter into confidentiality agreements.
• Securing hard copy document storage (i.e., storing hard copy documents in locked filing cabinets).
• Implementing security measures for access to computer systems to protect information from unauthorised access, modification or disclosure and loss, misuse, and interference.
• Ensuring data storage devices such as laptops, tablets and smart phones are password protected.
• Providing discreet environments for confidential discussions.
• Implementing access control for our buildings including waiting room / reception protocols and measures for securing the premises when unattended; and
• Implementing security measures for our website(s).

Personal information may be stored in documentary form but will generally be stored electronically on our software or systems.

Who will we disclose your personal information to and what is a conflict of interest?

Like most businesses in Australia, we contract out some of our functions and rely on third party suppliers or contractors to help us conduct our business, for example to provide specialised services such as “cloud computing” technology and data storage services, legal advice, insurance broking, security services, business advisors and financial services. We may disclose personal information to these third parties in connection with their provision of goods or services to us.

We may also disclose your personal information to other related entities within our corporate group for our own business purposes (please see below for our approach to “Conflicts of Interest”).

We may also disclose your personal information to government agencies, private sector organisations or other entities where required or permitted by law, which may include the following circumstances:

• You have consented to such disclosure.
• We believe that you would reasonably expect, or have been told, that information of that kind is usually passed to those individuals, bodies, or agencies, and it is being disclosed for a purpose related (or directly related, in the case of sensitive information) to the reason we collected the information.
• We are required or authorised to make such disclosure by law or the requirements of any professional bodies, including where we are required to do so in accordance with child safety obligations.
• A permitted general situation or permitted health situation (as these terms are defined in the Privacy Act) exists in relation to the disclosure.
• We believe it is reasonably necessary for enforcement related activities conducted by, or on behalf of, an enforcement body (e.g., police, ASIC, Immigration Department).

Conflicts of interest

We may disclose your personal information to other related entities within our corporate group for our own business purposes.

A conflict of interest can arise when a business does not inform you of their relationship to another division of the same business that they may be referring you to. Iconic Care manages any potential conflict of interest very seriously.

Iconic Care and the APM Group, has strict policies to prevent either real or perceived conflict of interest and firmly upholds the NDIA principle of ‘choice and control’.

Iconic Care will always provide you, as our customer, with multiple options including those outside our corporate group, for services that may be of benefit to you if requested and will not seek to solely promote our own group businesses or provide services that are neither required nor requested by you, as our customer.

Accuracy of personal information​

We take steps to help ensure that all personal information we collect, use, or disclose is accurate, complete and up to date. Please contact our Privacy Officer (details below) if you are aware that personal information that we hold about you does not meet this objective.

How can I access my personal information and contact Iconic Care?

You can request access to personal information that we hold about you by contacting our Privacy Officer (see details below).

The procedure for requesting and obtaining access is as follows:

• All requests for access to personal information to be made in writing and addressed to our Privacy Officer (see contact details below). All requests should specify how the information is proposed to be accessed (photocopies, electronic copy, or visual sighting).
• Please provide as much detail as possible regarding the Iconic Care business, department and / or person to whom you believe your personal information has been provided and when. This will allow us to process your request more efficiently.
• We will endeavour to acknowledge your request within 14 days of the request being made.
• Access will usually be granted within 30 days of our acknowledgment. If the request cannot be processed within that time for whatever reason, we will let you know the anticipated timeframe for a response to be provided.
• You will need to verify your identity and authority before access to personal information is granted.
• We may charge a reasonable fee for access to personal information, which will be notified and required to be paid prior to the release of any information. Once the request has been processed by us, you will be notified of our response and proposal for suitable access (provision of photocopies, digital copies, or visual sighting, where appropriate).
• We may refuse to grant access to personal information if there is an exception to such disclosure which applies under relevant privacy legislation.
• If, as a result of access being granted, you are aware that we hold personal information that you regard as being no longer accurate or correct, you may request the deletion or correction of such information.
• Upon receipt of a request to correct or delete personal information, we will either make such corrections or deletions or provide written reasons as to why we declined to make such alterations.

We have a designated Privacy Officer who is responsible for the management of:

• Requests for access to personal information.
• Complaints regarding our management of personal information.

For information regarding privacy, our Privacy Officer can be contacted at:

Iconic Care Pty Ltd

126/4 Hyde Parade, Campbelltown NSW 2560 Australia

• Email: info@iconiccaregroup.com.au
• Phone:02 4604 8282 

How can I access further privacy information?

Australian Capital Territory

The Office of the Australian Information Commissioner (OAIC) exercises some of the functions of the Australian Capital Territory Information Privacy Commissioner. For more information see Privacy in the ACT.

The ACT Health Services Commissioner handles health record privacy complaints.

New South Wales

The NSW Information and Privacy Commission administers the Privacy and Personal Information Protection Act 1998 (NSW) and Health Records and Information Privacy Act 2002 (NSW).

Northern Territory

The Office of the Information Commissioner Northern Territory oversees the privacy provisions of the Information Act 2002 (NT) and accepts complaints from consumers relating to the privacy of health information.

The Health and Community Services Complaints Commission also accepts complaints about health, disability and aged services in the Northern Territory.

Queensland

The Queensland Office of the Information Commissioner receives privacy complaints under the Information Privacy Act 2009 (Qld) which covers the Queensland public sector.

Queensland’s Health Ombudsman can also receive and investigate complaints about health services and health service providers.

South Australia

The South Australian privacy committee handles privacy complaints related to state government agencies’ compliance with a set of Information Privacy Principles.

The Health and Community Services Complaints Commissioner also receives complaints about government, private and non-government health and community services.

Tasmania

The Tasmanian Ombudsman accepts complaints in relation to the Personal Information and Protection Act 2004 (Tas). This legislation covers the Tasmanian public sector, including public hospitals.

Victoria

The Office of the Victorian Information Commissioner (OVIC) administers the Privacy and Data Protection Act 2014 (Vic).

The Office of the Health Services Commissioner administers the Health Records Act 2001 (Vic) and conciliates complaints between consumers and health care providers.

Western Australia

The Office of the Information Commissioner (WA) administers the Freedom of Information Act 1992 (WA) which includes some privacy principles related to the disclosure and amendment of personal information held by Western Australian State and local government agencies.

The Health and Disability Services Complaints Office is an independent statutory authority that also handles complaints relating to health and disability services in Western Australia.

How do we handle complaints?

If you consider that there has been a breach of the Australian Privacy Principles, you are entitled to complain to Iconic Care.

All complaints are to be in writing and directed to the Privacy Officer using the contact details above. In most cases, a Privacy Complaint Form will need to be completed. The Privacy Officer will endeavour to acknowledge receipt of a written complaint within 2 business days.

The Privacy Officer will investigate the complaint and attempt to resolve it within 20 business days after the written complaint was received. Where it is anticipated that this timeframe is not achievable, we will contact the person making the complaint to provide an estimate of how long it will take to investigate and respond to it.

If you are unsatisfied with the outcome of Iconic Care’s investigation and decision, you are entitled to raise your complaint with the Office of the Australian Information Commissioner (OAIC) by phoning 1300 363 992 or by email at enquiries@oaic.gov.au.