Background

We provide medical support services programs (Programs) for school-based excursions, particularly in remote areas in Australia and overseas.

To provide Programs, we handle personal information about the following categories of individual:

• Participants in excursions (Participants).
• Parents or guardians of Participants (Parent/Guardian).
• School staff administering/planning excursions (School Staff).
• Doctors and nurses who provide the medical support services for Programs (Medical Contractors).

Personal information is information or an opinion, in any form and whether true or not, about an identified individual or an individual who is reasonably identifiable. Special rules apply for collecting personal information which is sensitive information. This includes health information and information about a person’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual orientation or practices and criminal history.

Functions

We offer expert telehealth triage for school-based excursions. This helps to avoid unnecessary hospital trips and keep school staff on-site. This helps schools to maintain supervision ratios, reduce potential incidents (as a result of pre-excursion medical screenings), and enhance legal protection with thorough medical documentation.

In undertaking our functions and activities we may handle personal information about the categories of individual we have specified above. We comply with the thirteen Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (the Act) except where the Act does not require this. The APPs regulate how to handle personal information throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.

The kind of personal information we collect and hold

Depending on why we are dealing with you, we may collect one or more of the following items of personal information:

• name and contact details including postal and email address and telephone number.
• If you are a member of School Staff, your position.
• If you are a Parent/Guardian, your relationship with a Participant;
• If you are a Medical Contractor, details of your professional qualifications, memberships and healthcare identifiers;
• If you are a Participant:
  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors.
  • Medicare number (where available) for identification and claiming purposes.
  • healthcare identifiers.
  • health fund details.
  • clinical notes and assessments prepared during consultations.

How we collect and hold personal information

We may collect your personal information in several different ways, including the following.

• when a school uploads Participants’ medical information to our system prior to excursions;
• during pre-trip medical screening of Participants conducted by Medical Contractors;
• during the course of Medical Contractors providing medical services to individuals during an excursion (including telehealth consultations via video and audio conferencing), we may collect further personal information.
• in some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from a Participant directly. This may include information from:
  • a Participant’s Parent/Guardian.
  • other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services.

To the extent required by the Act:

• we will not collect personal information about you unless that information is reasonably necessary for one or more of our functions or activities; and
• we will collect personal information only by lawful and fair means.

When we collect personal information directly from you, we will take reasonable steps at or before the time of collection to ensure that you are aware of certain key matters, such as the purposes for which we are collecting the information, the organisations (or types of organisations) to which we would normally disclose information of that kind, the fact that you are able to access the information and how to contact us.

The purposes for which we handle personal information

If we use or disclose your personal information for a purpose (the “secondary purpose”) other than the main reason for which it was originally collected (the “primary purpose”), to the extent required by the Act, we will ensure that:

• the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that we would use or disclose your information in that way;
• you have consented to the use or disclosure of your personal information for the secondary purpose;
• the use or disclosure is required or authorised by or under law; or
• the use or disclosure is otherwise permitted by the Act (for example,
  • the information is necessary to provide a health service to the individual and the collection is required or authorised by or under an Australian law or the information is collected in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation; and
  • the recipient of the information is a responsible person for the individual and the individual is physically or legally incapable of giving consent to the disclosure or physically cannot communicate consent to the disclosure.)

The purpose for which we use your personal information depends on why we have collected your personal information. If you are a Participant or Parent/Guardian, we may also disclose personal information to Medical Contractors to facilitate the provision of medical services in the course of a school excursion.

We require our service providers (including Medical Contractors) not to use that personal information for any purpose other than to perform their services to us. We also require them to comply with appropriate data quality and security requirements.

Data quality and security

To the extent requires by the Act, we will take reasonable steps to:

• make sure that the personal information that we collect, use and disclose is accurate, complete, and up to date;
• protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
• destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Act.

Transfer of personal information overseas

In the ordinary course, the personal information (including health information) that we hold is held on our behalf by our Cloud-services provider on servers located in Australia. In some limited instances (including where a school excursion is overseas) we may need to transfer personal information to service providers located outside Australia. If we transfer personal information in this way, we will take reasonable steps to ensure that any overseas recipient does not breach the APPs in relation to the disclosed personal information.

This obligation will not apply if:

• we reasonably believe that the recipient of the information is subject to legal obligations that have the effect of protecting the information in a way that, overall, is at least substantially similar to protection under the APPs and there are mechanisms that you can access to enforce that protection;
• you give us consent to disclose your personal information to an overseas recipient, expressly or by implication, after you are expressly informed by us that if you consent we will not be required to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information; or
• we are legally required or authorised to transfer the information to the overseas recipient.

Access and correction of your personal information

Please contact us at [email protected] if you would like to access or correct the personal information that we hold about you. We will generally provide you with access to your personal information if practicable (although a fee may be imposed) and will take reasonable steps to amend any personal information that is incorrect. In some circumstances, we may not permit access to your personal information, or may refuse to correct your personal information, in which case we will provide you with reasons for this decision.

Questions or complaints

Please contact Geoff Oakley via e-mail [email protected] if you have any questions or complaints about the personal information that we hold about you or the way we handle that personal information. We will acknowledge your question or complaint as soon as possible and will seek to address any question or complaint within 14 days after that.

Notifiable data breaches

If there is a loss, or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, we will investigate and notify you and the Australian Information Commissioner as soon as practicable, in accordance with the Act.

Changes

We may change this Privacy Policy from time to time. You can find our up-to-date Privacy Policy posted on our website from time to time.

Website

When you use our website, we can identify your web browser but we do not identify you. We may use web browser data for website optimisation purposes.

We use “cookies” on our website. A cookie is a text file placed on your computer, to either improve the functionality of the website or help us analyse how users use our website. We do not link back to your identity from the information generated by the cookie about your use of the website (including your device’s IP-address). If you do not wish us to use cookies, you can configure the browser settings of your computer or your devices for that purpose.

Contact us

If you have any queries about our Privacy Policy, or about the way we manage your personal information, you can:

• Write to us at Guardiant, [email protected];
• Telephone our offices on 02 7258 2900; or
• Click Contact Us on our website.