Privacy of Personal Information 

Purpose 

EMP Onsite is committed to ensuring the privacy and confidentiality of your personal information. In this document, EMP Onsite is variously referred to as EMP, Us and We. This Privacy Policy (Policy) is intended to clearly describe how EMP handles your personal information, including its collection, use, disclosure and security, and including any personal information that we collect through our website(s). EMP complies with the Privacy Act 1988 (Cth) (Privacy Act), the associated Australian Privacy Principles (APPs) and state or territory legislation that governs how private sector health service providers should handle your personal information, including, but not limited to, health information. EMP may, from time to time, amend this Policy, in whole or part, at our sole discretion. 

 

Consent 

By providing personal information to us, you consent to us collecting, using and disclosing your personal information as described in this Policy. 

 

Collection of personal information 

Who does EMP Onsite collect personal information about? 

We may collect personal information from clients, employees, contracted service providers, students and other individuals with whom we engage in the course of our usual business operations. You are not required to provide personal information to us. However, if you do not provide us with all the information we request, the services we provide to you may be affected. If you provide incomplete or inaccurate information to us, or withhold personal information from us, we may not be able to provide you with the services you are seeking, or otherwise engage with you. 

 

How do we collect personal information? 

We will usually collect your personal information directly from you by email, telephone, in writing or in person, or through our website(s). 

 

What types of information do we collect and hold? 

The type of personal information we collect about you depends on the nature of our interaction with you. The personal information we collect about you will include only the information that is: 

  • Reasonably necessary for us to engage with you in the usual course of our business 
  • Necessary to provide you with services 
  • Required for administrative and internal business purposes related to the services we provide to you. 

The personal information we collect may include: 

  • Your name, age, gender, date of birth, contact details 
  • Health information relating to your lifestyle and medical history relevant to providing our services 
  • Video and photos of you working and performing functional (physical) tests 

 

Anonymity and pseudonymity 

In certain circumstances, you may have the option of not providing us with any personal details, however, this may limit the services that we can provide to you or the manner in which we engage with you. In some circumstances, it may be impracticable for us to deal with you in such an unidentified manner. 


How does EMP Onsite use your information

We will not use or disclose your personal information for any purpose other than the primary purpose for which it was collected (or a related secondary purpose). The exceptions to this are if you have consented to another purpose, or if we are permitted/required to do so by law, which may include: 

  • To coordinate and/or communicate with healthcare providers involved in your care 
  • To conduct activities related to quality assurance/improvement processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training 
  • To fulfil regulatory and public health requirements, including liaising with regulatory or health authorities, as required by law 
  • To send you standard reminders (for example, for appointments for follow-up care) by text message, phone call or email to the number or address which you have provided to us 
  • To handle a complaint or respond to anticipated or existing legal actions 
  • To obtain feedback about our services or provide advice or information to you about other services, that are relevant to you 
  • To engage you (as a contractor) to provide products or services to us 
  • To consider your application for employment with us. 

We may anonymise (de-identify) or aggregate the personal information that we collect for the purpose of carrying out research, quality assurance or customer service, health outcome and other business analytics. EMP Onsite may use electronic processes when we use your personal information as specified above. We will not seek your consent to use your personal information for the purposes listed above. 

 

Use of Video / Photo for Marketing Purposes 

EMP may seek your permission to use video or photos for marketing purposes. EMP will provide details of the specific video / photos and also how these will be used. You will not be penalised in any way if you do not consent to use. 

 

Disclosure of personal information 

During the course of providing services to you, or otherwise engaging with you, we may disclose your personal information to trusted third parties including: 

  • Other third parties or organisations, if required by, and in order to comply with, our legal obligations 
  • Approved and trusted contractors, under agreement, as engaged by us to provide professional services (such as information and communication technology providers) 

Sensitive information is only ever disclosed for the purposes for which you gave it to us or for directly related purposes you would reasonably expect, or if you agree, for example, to handle a complaint. Our employees, and any third-party organisations engaged by EMP are required, under contract, to comply with the Privacy Act, or other relevant privacy legislation and, where applicable, our Privacy Policy. 

We may use electronic processes to disclose your personal information as specified above, where available or relevant. We will not seek your additional consent to disclose your personal information for the purposes listed above. 

We may enter into arrangements with other related entities or third parties outside of Australia to store, access or use data we collect, including personal information, in order to provide services to us (such as data processing, analysis, interpretation or the performance of specialised tests). In such cases, we will take reasonable steps to ensure that the third parties do not breach the APPs, including by requiring that the third party has information security measures and information handling practices in place that are of an acceptable standard and approved by us. 
 

Website 

If you use our website, we do not identify you as an individual user and do not collect personal information about you, unless you specifically provide this to us. Our website(s) may use cookies that allow us to gather anonymised statistics relating to the management of our website(s). These analytics may include, but are not limited to, your internet service provider (ISP), domain name, browser type and the pages you visit. Our website(s) and our email communications may contain links to third-party websites. We do not control these websites or any of their content and if you visit these websites, they will be governed by their own terms of use (including privacy policies). You should satisfy yourself of the personal information handling policies of third-party website operators. 

 

EMP App (IOS and Android) 

The EMP app is available from the App store (Apple) and Google Play (Android). The app will collect and hold information relating to your personally and is bound by the Privacy Policy of Physitrack. Physitrack is the primary developer and is responsible for the maintenance of the EMP App. See Physitrack’s privacy policy below. 

 

Physitrack takes your privacy very seriously and treats all your personal data with great care. This document sets out Physitrack’s policy regarding privacy and security. It is recommended that you read this policy carefully. The capitalised words are defined in the Terms of Service

 

1. Who is Physitrack? 

Physitrack Ltd. is a company with limited liability established and existing under the laws of The United Kingdom, having its registered office at 65 Gresham Street, London EC2V 7NQ, and active on the website of Physitrack. 

Physitrack has developed a platform used by healthcare providers to gather information from, and/or provide information to their patients. Physitrack is not a healthcare provider and does not screen Content posted by healthcare providers, nor does it select or screen specific exercise programs that are displayed to patients. 

Physitrack as processor on behalf of healthcare providers 

In the case of patients, Physitrack will store and process your personal data on behalf of its customers, the healthcare providers. For this processing, your healthcare provider will have access to your personal data and act as the "data controller" within the meaning of the European Privacy Directive (1995/46) and the Data Protection Act 1998 and will be responsible to you for the lawful processing of your personal data. Please refer to your healthcare provider for information on the way the healthcare provider will process your personal data. Whilst Physitrack takes the protection of personal data very seriously, Physitrack is not responsible for your healthcare provider’s compliance with applicable privacy laws. 

Physitrack as controller 

In certain circumstances Physitrack may also process your personal data for its own purposes, in which case Physitrack will be the “data controller” of your personal data and responsible for the lawful processing of this personal data. Physitrack is the controller for the processing of payments by healthcare providers, the processing of account information and the use of Intercom cookies as set out below (under 3). Physitrack shall only act as a controller with regard to personal data of healthcare providers and shall never act as controller with regard to personal data of a medical nature. 

 

2. What personal data does Physitrack collect and process? 

Account 

In order to make use of the Service, it is necessary to create a personal Account. For this you are required to enter certain information about yourself. Your name, gender, e-mail address, phone number and country of residence are obligatory. For healthcare providers who register on behalf of an entity, information about that entity (name and contact details) are also required. 

The information contained in your Account is not visible to third parties. For patients, only the healthcare provider that has sent you an invitation to use the Service and has been accepted by you can see your Account information. 

Use of the Service 

By using the Service, the patient or healthcare provider may provide information about their patient’s medical condition, exercise and treatment program and information about the patient’s compliance with the exercise and treatment program and the patient’s experiences while doing the exercises and treatment program. This information is treated on the Service to be private between the patient and the healthcare provider. Physitrack will store and process this information only on behalf of the healthcare provider and will never process medical information for our own purposes except as otherwise stated in this privacy policy. Once a patient grants access to their healthcare provider, the healthcare provider will have access to review their patient’s Account information, assign and modify exercise and treatment programs for the patient and use the information for the provision of health services and to contact the patient. 

 

3. Cookies   

When using Physitrack, cookies are saved on your computer. Cookies are small pieces of information (in the form of text) that a server sends to your browser (such as Internet Explorer or Firefox) with the intention that the browser sends this information back to the server the next time a user makes use of the Service. Cookies cannot damage your computer or the files saved on it. 

When you use the Service, first party cookies are saved on your computer. First party cookies are made by or for Physitrack and are stored on your computer by Physitrack and only Physitrack has access to these cookies. Such cookies are used by Physitrack, for example, to remember your login information. 

In order to collect data on the usage of Physitrack’s website (the marketing website, not the platform used for access to the Service), Physitrack uses Google Analytics. Google Analytics stores a permanent cookie on your computer which is subsequently used to register your use of the website. This data is then analyzed by Google and the results are given to Physitrack. This enables Physitrack to get more insight in the way in which the website is used and, based on this information, to make adjustments to the website or the provided services. 

You can configure your browser so that you do not receive any cookies the next time you use the Service. However, it is then possible that you will no longer be able to make full use of Physitrack. 

 

4. For what purposes will Physitrack use personal data about you? 

Physitrack may use your personal data for the following purposes: 

- To allow the healthcare provider to use the Service, including the management of the home exercise programs for patients, the management of the patients’ compliance with the exercise program and the exchange of exercise program templates with other users of Physitrack. 

- To allow the patient to use the Service, including the access to home exercise programs provided by the healthcare provider and monitoring the compliance and providing feedback to the healthcare provider. - To process payments by healthcare providers.   

- To verify your identity, respond to your enquiries and contact you when necessary. 

– To communicate with you about the Service and/or other services of Physitrack. 

- To configure Physitrack to your wishes and needs. 

– For protection purposes and to generate anonymous statistical data. 

For a patient, Physitrack will only provide your medical information to a third party if you or your healthcare provider has given its consent for your medical information to be disclosed (for instance, to an insurance company) and, if such information can be aggregated, will use reasonable endeavours to de-identify the information. 

Physitrack may in addition to any other rights set out in this privacy policy, provide your personal data to third parties in the following cases:   

- To any person that you authorise us to disclose your personal information to. 

- To our partners, affiliates, contractors and consultants, who are under an obligation to protect your personal information and who assist us or our related body corporates in provision of the Service or as otherwise set out in this this privacy policy. 

- To your organisation, if you are acting on behalf of an organisation. 

- To government and regulatory authorities, as required or authorised by law. 

- To our professional advisors. 

- To your healthcare provider. 

- If it is obliged or otherwise permitted to do so on account of national or international laws, case law and/or regulations including to government and regulatory authorities. 

- If Physitrack considers it necessary to do so in defense of its own rights. 

Physitrack may post customer testimonials/comments/reviews on the website, which may contain personal information. Physitrack shall obtain the the individual’s consent via email prior to posting the testimonial.   

You can contact us at support@physitrack.com if you do not wish to have your personal information used for any particular purpose. However, it is then possible that you may not be able to access or use all or part of the Service or our website. If Physitrack later advises you of an intended use or disclosure and you do not object to that use or disclosure or Physitrack is permitted or required by law to do so, Physitrack may do so. 

Customer.io   

Physitrack uses third-party analytics services to help understand the usage of the Service by healthcare providers. No patient information is shared through these services.   

In particular, we provide a limited amount of the personal data of the healthcare provider (such as your email address and sign-up date to Peaberry Software, Inc. (“Customer.io”) and utilize Customer.io to collect data for analytics purposes when you visit the Website or use the Service. Customer.io analyzes your use of our Website and/or Service and tracks our relationship so that Physitrack can improve its service to you. We may also use Customer.io as a medium for communications, either through email, or through messages within the Service.   

Customer.io is a company that is based in the United States. Physitrack Limited and Customer.io have an EC Data Protection Agreement to protect the privacy of Physitrack's users. 

 

5. How does Physitrack protect your personal data? 

Physitrack takes appropriate technical and organizational measures to protect your personal data against loss or any form of unlawful use, but cannot guarantee that data transmission over the Internet will be wholly secure. Physitrack is also unable to warrant the security of any information provided to us over the Internet. Because of the medical nature of some of the personal data provided through the Service, Physitrack uses reasonable endeavours to incorporate a high level of security. 

To protect the confidentiality and integrity of your personal data, we: 

- Have internal policies to keep your data private and confidential in accordance with this privacy policy. 

- Encrypt all communications between Physitrack and our users (http: via SSL, email via TLS). 

- Use reasonable endeavors to encrypt all appropriate patient health information in our database where practical to do so ("at-rest"). 

- Limit information access inside our company. 

- Use an electronically and physically secured data center. 

- Use a firewall which blocks access by attackers and unauthorized users. 

- Automatically logoff healthcare providers after a certain period of inactivity. 

- Require all of our users to choose strong passwords, and choose a new password every 90 days. 

- Use a CDN (content distribution network) which filters out possible attackers 

- Use up-to-date development and testing systems. 

- Use up-to-date server management technologies. 

Physitrack uses cloud web-hosting provided by Amazon Web Servers, Inc (“Amazon”) to store personal information collected (including encrypted medical information) on servers located in Australia, but may also use servers in Ireland to store back-ups of this information. For further information about the privacy practices of Amazon, please visit http://aws.amazon.com/privacy/. Your personal information (including medical information) may from time to time be disclosed overseas to Physitrack, its related bodies corporate and third parties in accordance with this privacy policy. Locations will include United Kingdom and Australia, as amended from time to time. 

 

6. Viewing, changing and deleting your personal data 

If you wish to know what personal data Physitrack has collected about you or if you wish to change data that you cannot change yourself in your Account, then you can send your request to support@physitrack.com.   

Before Physitrack provides you with access to your personal information, Physitrack may require some proof of identity. To the extent permitted by law, Physitrack will use reasonable endeavours to provide you with your personal information within 4 weeks of your request. In some circumstances where Physitrack corrects or updates a record, Physitrack may still require the retention of the original record. Physitrack will retain your personal data for as long as your Account is active or as needed to provide the Service to you, to resolve disputes, enforce agreements or comply with any legal obligations. If you wish to delete your Account or request that Physitrack no longer uses your personal data, you can contact us at support@physitrack.com

 

7. Can this policy be changed? 

It is possible for this policy to be amended in the future. Any changes to the policy will be mentioned on the Website, so it is recommended to regularly have a look at the Website. Your continued use of the Service and this Website after any changes to this policy means that you consent to such changes. 

 

8. Australian privacy rights   

If you are an Australian resident, you acknowledge and consent that Australian Privacy Principle 8.1 will not apply to an overseas disclosure of your personal information in accordance with this policy including in relation to Customer.io. In addition, if you have any requests or complaints about this policy, you may send these to support@physitrack.com

Physitrack may respond to your request within 4 weeks. If you are dissatisfied with the outcome, you may make a complaint to the Australian Information Commissioner at the Office of the Australian Information Commissioner via telephone to 1300 363 992 (if calling within Australia) or + 61 2 9284 9749 (if calling outside Australia) or online at www.oaic.gov.au. 

 

9. Questions? 

If you have any questions, please do not hesitate to contact us via support@physitrack.com

 

Protecting your personal information 

We take the protection of your personal information seriously and take all reasonable steps to ensure the information that we collect, use and disclose is accurate, secure and protected from misuse and loss and from unauthorised access, modification or disclosure. 

 

As per EMP employment contracts, all EMP staff are required to follow all company policies, including this Privacy Policy and the EMP Code of Conduct. Deliberate or unintentional misuse of personal information, including breaches of confidentiality, are taken very seriously and are managed according to our discipline and grievance policy. All EMP staff providing healthcare / prevention services are registered health practitioners and are also required to maintain membership of the relevant professional organisation. A condition of membership is to abide by professional standards, including client privacy.   

 

Accuracy 

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and current. To assist us, please ensure that the information you provide to us is accurate, up-to-date and complete, and let us know when your personal information changes. 

 

Security 

We will take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes including, but not limited to, access controls, network firewalls, encryption and physical security measures, in order to protect your privacy. This applies to information stored electronically on in hard copy. 

 

Retention 

We will destroy or permanently de-identify any of your personal information that is no longer needed for the purposes described in the Policy, provided we are not required, under relevant accreditation standards or an Australian law, to retain the information. 

 

Access to, and correction of, your personal information 

Access 

You have the right to request access to the personal information about you which is held by us. We will provide you with access to your information, unless there is a reason under the Privacy Act or other relevant law to refuse or limit such access, such as if we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or giving access would have an unreasonable impact on the privacy of other individuals. You may request access to the personal information we hold about you by contacting our Privacy Officer (see page 9). To protect your privacy, we will need you to verify your identity prior to providing access to your information. We may recover reasonable costs associated with supplying this information to you. In the specific case of obtaining access to your pathology or radiology results, the preferred method is in consultation with your treating practitioner, so that complex clinical information can be explained to you within the context of your individual circumstances. 

 

Correcting your personal information 

You have the right to request an amendment to the information we hold, should you believe it to be inaccurate. If we are satisfied that any part of the information we hold about you is inaccurate, incomplete, out of date, misleading or irrelevant, having regard for the purpose for which it is held, we will take reasonable steps to amend that information. If we do not agree to change your personal information in accordance with your request, we will permit you to make a statement of the requested changes and we will enclose this with your personal information. Should you wish to request changes to your personal information held by us, you can ask for our Privacy Officer (see page 9), who can give you more detailed information about our correction procedure. 

 

Contacting EMP Onsite about privacy issues and complaints 

If you have comments or concerns relating to this Policy, or wish to make a complaint about our handling of your personal information, please contact our Privacy Officer. We may need to verify your identity and ask for further information, in order to investigate and respond to your concern or complaint. We will aim to respond to you within a reasonable time, and generally within 21 days. 

 

EMP Onsite Privacy Officer Contact Details 

Address 
The Privacy Officer,
EMP Onsite 
3/148 Epsom Rd, Ascot Vale Victoria, 3032. 

 

Email 
privacyofficer@emponsite.com.au 

 

Telephone: 1800 367 669 

 

If we are unable to satisfactorily resolve your concern or complaint, you may wish to contact the Office of the Australian Information Commissioner (OAIC). The OAIC has the power to investigate the matter and make a determination. 

If your concern or complaint relates to health information, you may also contact the relevant state or territory privacy commissioner. 

 

Office of the Australian Information Commissioner (OAIC) 

Address 
GPO Box 5218
Sydney NSW 2001 

 

Email 
enquiries@oaic.gov.au 

 

Telephone 
1300 363 992 

Web 
www.oaic.gov.au 

 

 

Title: Privacy of Personal Information Policy 

Code: P0024-2019-10-31 

Last Updated: 20191031 

Approved by: MBlackburn 12/11/2019 

 


Share by: