Therapist, Contractor, Employee or Prospective Employee fair processing notice
What Personal Information Do We Collect?
We collect and maintain different types of personal information in respect of those individuals who seek to be, are, or were therapists, employed or contracted by us, including the personal information contained in:
- Responding to a patient questionnaire
- Booking sessions
- Adding details to waiting list
- Medical reports/letters
- CV’s and applications;
- references and interview notes;
- photographs and video;
- letters and contracts of offer and acceptance of employment/contracting;
- policy acknowledgement;
- training and personal development records;
- invoicing and wage information;
- forms relating to the application for, or in respect of changes to, reports, letters, employee health and welfare benefits; including, short and long term disability, medical and dental care; and
In addition to the examples listed above, personal information also includes information such as name, home address, telephone and mobile telephone numbers, personal email address, date of birth, marital status, gender and any other information necessary to Heather Wellbeing business purposes, which is disclosed in the course of an employee’s/contractor’s application for and employment with Heather Wellbeing.
As a general rule, Heather Wellbeing collects personal information directly from you. In most circumstances where the personal information that we collect about you is held by a third party, we will obtain your permission before we seek out this information from such sources (such permission may be given directly by you, or implied from your actions). An example of this would be sending information to your insurance company to process your medical expenses claim or an employment reference.
From time to time, we may use the services of third parties and may also receive personal information collected by those third parties in the course of the performance of their services for us. In that case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us.
Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.
Why Do We Collect Personal Information?
The personal information collected is used and disclosed for our business purposes, including establishing a working relationship, managing or terminating your employment/contract relationship with Heather Wellbeing. Such uses include:
- determining eligibility for initial employment/contracting, including the verification of references and qualifications;
- determining suitable contractors;
- administering pay and benefits;
- establishing training and/or development requirements;
- conducting performance reviews and determining performance requirements;
- assessing qualifications for a particular job or task;
- gathering evidence for disciplinary action, or termination;
- establishing a contact point in the event of an emergency (such as next of kin);
- complying with applicable labour or employment/contract statutes;
- compiling directories;
- ensuring the security of company-held information; and
- such other purposes as are reasonably required by Heather Wellbeing.
The work output of Heather Wellbeing employees and contractors, whether in paper record, computer files, or in any other storage format belongs to us, and that work output, and the tools used to generate that work output, are always subject to review and monitoring by Heather Wellbeing.
In the course of conducting our business, we may monitor employee/contractor activities and our premises and property, e.g. ensure working hours are met. Pursuant to the Heather Wellbeing IT Policy and your contract of employment, we have the capability to monitor all employees’ computer and e-mail use.
This section is not meant to suggest that all employees/contractors will in fact be monitored or their actions subject to constant surveillance. It is meant to bring to your attention the fact that such monitoring may occur and may result in the collection of personal information from employees/contractors (e.g. through their use of our resources). When using Heather Wellbeing equipment or resources employees/contractors should not have any expectation of privacy with respect to their use of such equipment or resources.
How Do We Use Your Personal Information?
We may use your personal information for the purposes described in this Policy, or for any additional purposes that we advise you of and where your consent is required by law we have obtained your consent in respect of the use or disclosure of your personal information.
We may use your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.
When Do We Disclose Your Personal Information?
We may share your personal information with our employees, contractors, members, contractors, consultants and other parties who require such information to assist us with establishing, managing or terminating our employment/contract/client relationship with you.
Also, your personal information may be disclosed:
- as permitted or required by applicable law or regulatory requirements. In such a case, we will not disclose more personal information than is required under the circumstances;
- to comply with valid legal processes such as search warrants, subpoenas or Court orders;
- as part of Heather Wellbeing regular reporting activities;
- to protect the rights and property of Heather Wellbeing;
- during emergency situations or where necessary to protect the safety of a person or group of persons;
- where the personal information is publicly available; or
- with your consent where such consent is required by law.
Notification and Consent
Privacy and employment laws do not generally require Heather Wellbeing to obtain your consent for the collection, use or disclosure of personal information for the purpose of establishing, managing or terminating your employment relationship. In addition, we may collect, use or disclose your personal information without your knowledge or consent where we are permitted or required by applicable law or regulatory requirements to do so.
To the extent that your consent is required, we will assume, unless you advise us otherwise, that you have consented to Heather Wellbeing collecting, using and disclosing your personal information for the purposes stated above. Where your consent was required for our collection, use or disclosure of your personal information, you may, at any time, subject to legal or contractual restrictions and reasonable notice, withdraw your consent. All communications with respect to such withdrawal or variation of consent should be in writing and addressed to the Chief Executive Officer of Heather Wellbeing.
How is Your Personal Information Protected?
Heather Wellbeing endeavours to maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorised access, copying, use, modification or disclosure.
How Long is Your Personal Information Retained?
Except as otherwise permitted or required by applicable law or regulatory requirements, Heather Wellbeing will retain your personal information only for as long as it believes is necessary to fulfil the purposes for which the personal information was collected (including, for the purpose of meeting any legal, accounting or other reporting requirements or obligations). We may, instead of destroying or erasing your personal information, make it anonymous such that it cannot be associated with or tracked back to you. In most cases your data will be deleted 6 years after you have left the company. If you have applied to work for Heather Wellbeing and have been unsuccessful we will retain your data. This will be deleted after 6 months.
Updating Your Personal Information
It is important that the information contained in our records is both accurate and current. If your personal information happens to change during the course of your employment, please keep us informed of such changes.
In some circumstances we may not agree with your request to change your personal information and will instead append an alternative text to the record in question.
Access to Your Personal Information
You can ask to see the personal information that we hold about you. If you want to review, verify or correct your personal information, please contact the Chief Executive Officer of Heather Wellbeing. Please note that any such communication may be required in writing.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you. We may charge you a fee to access your personal information; however, we will advise you of any fee in advance. If you require assistance in preparing your request, please contact the Chief Executive Officer of Heather Wellbeing.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed, erased or made anonymous in accordance with our record retention obligations and practices.
If we cannot provide you with access to your personal information, we will try to inform you of the reasons why, subject to any legal or regulatory restrictions.
Your other legal rights
Data protection legislation also provides you with certain other rights. These are not always absolute rights and must be considered in the wider scope of the legislation. These rights are:
- right to erasure, also known as the right to be forgotten. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. In some circumstances this is not an absolute right;
- right to restrict processing. You have the right to ‘block’ or suppress processing of personal data. Again this is not an absolute right and will depend on the circumstances and any other legal/statutory obligations Heather Wellbeing may have;
- right to data portability. This is unlikely to apply in the circumstances of employment;
- right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). This is unlikely to apply in the circumstances of employment;
- rights related to automated decision making including profiling. This is unlikely to apply in the circumstances of employment/contracting;
Any questions you may have regarding the processing of your personal data should be directed at the Chief Executive Officer of Heather Wellbeing.