Privacy Policy

Greenlight Human Capital understands that confidentiality of injured workers’ personal information must be maintained at all times, both from legal and moral/ethical perspectives.

The Australian Privacy Principles are a set of rules set down by the Privacy Amendment (Private Sector) Act 2000, amended from the Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy Protection) Act 2012. This Act is designed to protect an individual’s personal information that may be held or used by an organisation. The Privacy Principles aim to ensure that organisations that hold information about people will manage that information responsibly. They also give people some control over the way information about them is handled.

The Principles regulate the collection, handling, use, disclosure, transfer and management of personal information. Protecting individuals’ privacy and the confidentiality of their personal information is important to us, as it is fundamental to the way we conduct business. Greenlight Human Capital is sensitive to privacy issues and treats very seriously the ongoing trust our customers have placed in us. Greenlight Human Capital believes it has best practice procedures and some of the most robust systems in place for handling and protecting private and sensitive information. In line with this, a privacy policy has been developed and implemented. All employees and subcontractors engaged to work with Greenlight Human Capital are required to follow the terms in this policy. Additionally, Greenlight Human Capital only deals with subcontractors that comply with the Privacy Amendment Act 2012.

Greenlight Human Capital understands that enhanced privacy legislation took effect in March 2014, which, among other things, increased penalties for breaches of privacy by companies and individuals, and introduced a new credit reporting system. In preparation for these enhancements, Greenlight Human Capital has made its privacy statement available to all through our website, provides copies of our privacy statement to all clients, and continuously reviews all privacy and data gathering processes to ensure full compliance.

Greenlight Human Capital’s Privacy Policy currently addresses each privacy principle as follows:

Australian Privacy Principle 1—open and transparent management of personal information

Greenlight Human Capital is open and transparent with its customers as to what information is collected and how it is used. As part of the legislation we are required to advise individuals who deal with us:

  1. What information we are collecting (even if we are collecting it from someone else) – such as name, address, financial information, health information etc.
  2. Why we collect it (for what purpose)
  3. Who else we may give the information to
  4. The customer's rights in relation to accessing the information
  5. The customer’s right to ensure the information we collect is accurate, up to date and complete
  6. The customer’s right to complain if they believe their privacy has been breached

We communicate our policy on privacy by providing a copy of our Privacy Policy, which informs our customers of our obligations under Privacy legislation.

Australian Privacy Principle 2—anonymity and pseudonymity

Greenlight Human Capital ensures that where it is lawful and practicable, we provide an individual with the option of dealing with us anonymously or by using a pseudonym. As an example, if individuals want to enter our web site, we would not need to ask them for any personal information.

Australian Privacy Principle 3—collection of solicited personal information

Greenlight Human Capital considers ‘collection’ to mean the gathering, acquisition or obtaining of personal information from any source and by any means. Collection also includes when an organisation obtains personal information it has come across by accident or has not asked for. In the collection of personal information, Greenlight Human Capital undertakes to comply with the provisions of the Privacy Act 1988 (Cth) and the appropriate amendments. In doing so, Greenlight Human Capital will only collect personal information where it is necessary for one or more of our functions or activities, and, where practicable, will collect the information directly from the individual.

We will also only collect personal information in a fair and bona fide manner (without deception or intimidation).

Personal Information

Greenlight Human Capital considers, in most cases, personal information as items of knowledge or opinion, whether true or not and regardless of medium, about a natural person whose identity is apparent or can be reasonably ascertained from the information or opinion.

With this in mind, Greenlight Human Capital considers the following examples to constitute personal information:

  • Sensitive information
  • Name
  • Address
  • Date of birth
  • Email address
  • Fax number
  • Telephone number
  • Contents of a file note
  • Health information
  • Banking details
  • Claim form
  • Certificate of earnings
  • Medical report

Greenlight Human Capital considers sensitive information as the following:

  • Racial or ethnic origin
  • Political opinion
  • Membership of a political association
  • Religious beliefs, affiliations or philosophical beliefs
  • Membership of a professional or trade association or trade union
  • Sexual preferences or practices
  • Criminal record
  • Health information about an individual

It is our aim to only collect sensitive information if the customer has consented to the collection. If it is necessary to collect sensitive information without a person’s consent, we will only do this where the collection is required by law or to establish, exercise or defend a legal or equitable claim.

Health information

As a general rule, Greenlight Human Capital classifies health information as the following:

  • Health or disability of an individual
  • An individual’s expressed wishes about the future provision of health services
  • Health service provided or to be provided to an individual
  • Donation, or intended donation of body parts or body substances

It is our aim to only collect health information where we have an individual’s consent. We will only collect health information without an individual’s consent if the information is necessary to provide a health service and is required to be collected by law or in accordance with rules established by professional medical bodies; for public health purposes or to monitor a health service; and, if it is impracticable to get consent and de-identified information would not be sufficient. In addition, Greenlight Human Capital only intends to use or disclose health information for public health research if it is de-identified or with the consent of the customer.

Australian Privacy Principle 4—dealing with unsolicited personal information

If Greenlight Human Capital obtains personal information it has come across by accident or has not asked for, Greenlight will determine whether the information obtained is information that could have been obtained appropriately under Australian Privacy Principle 3 above. If this is so then all privacy principles apply as if the information was solicited. If the information is not information that could have been obtained appropriately under Australian Privacy Principle 3 above, then Greenlight will immediately destroy the information or ensure that the information is de-identified where it is legal to do so.

Australian Privacy Principle 5—notification of the collection of personal information

Accompanying its policy on information collection, Greenlight Human Capital will always disclose to individuals who we are, how we can be contacted, access rights, purposes of collection, who we may collect information from, who we usually disclose information to, laws requiring collection and the consequences to an individual for failure to provide information to us. As a result, we will only proceed with our service when the individual provides consent to do so.

Australian Privacy Principle 6—use or disclosure of personal information

The primary purpose for the collection of personal information by Greenlight Human Capital is to assist us in our functions of injury and disability management, training and consulting and the provision of rehabilitation services. Greenlight Human Capital will lawfully collect, use and disclose personal information for this purpose. However, we may use or disclose the information for related, secondary purposes if the individual could reasonably expect us to use the information in such a way - or if the individual has given consent. This may include following up a complaint, advising customers of a change of address, or disclosing information required by law.

Australian Privacy Principle 7—direct marketing

Greenlight will never disclose personal information to any party for the purposes of direct marketing without the specific and documented consent of each specific individual. Greenlight aims to only use personal information for direct marketing if we have given the customer a clear choice in each marketing communication as to whether he or she wishes to receive marketing communications.

Australian Privacy Principle 8—cross-border disclosure of personal information

Where we are required to transfer personal information to a non-Greenlight Human Capital entity or a related Greenlight Human Capital company in a foreign country, we will only do so if there are comparable privacy laws in that country, we have obtained the individual’s consent, or if the transfer were for the benefit of the individual and the individual would have consented to the transfer. If this transfer were to an individual, we would only transfer to the individual whom the personal information is about.

Australian Privacy Principle 9—adoption, use or disclosure of government related identifiers

An ‘identifier’ is a unique combination of letters and numbers used by businesses – including government organisations - to identify an individual. Examples include insurance policy numbers, Medicare numbers etc. Greenlight Human Capital will not use a Commonwealth Government identifier (such as a tax file number) to organise and match Greenlight Human Capital information, unless we are allowed to do so according to Privacy regulations. In other words, we use our own identifier to organise all information we hold about an individual. This could also include date of birth, name and address or date of referral.

Australian Privacy Principle 10—quality of personal information

Greenlight Human Capital will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date.

Australian Privacy Principle 11—security of personal information

Greenlight Human Capital will take reasonable steps to ensure that personal information we hold is protected from unauthorised use, access, modification and disclosure. These steps include technological measures, physical measures and training of all staff in the requirements of collection, use and storage of personal information. This obligation also extends to information we may disclose to our agents, contracted service providers or other third parties. In accordance with this, we intend to only disclose information to agents or contracted service providers if they agree to abide by the terms of Greenlight Human Capital's policies, as well as relevant privacy legislation.

In practice, Greenlight Human Capital has implemented a security policy covering all organisational systems used for processing, storing or transmitting personal information that is accessible by all staff. This involves ensuring secure destruction of information and adequate de-identification (i.e. removing identifiers), protection of all computer stored information through firewalls and password protection algorithms, and secure storage of portable electronic storage and information access devices such as tablets and smart phones. Additionally, all data and information is stored, managed and processed using a network of remote servers hosted in a data centre, rather than on a local server or personal computer. We also aim to protect personal information by developing an organisational culture, which respects an individual’s privacy.

Australian Privacy Principle 12—access to personal information

A customer of Greenlight Human Capital has the right to access most of the personal information that we hold about them. (Refer to exceptions listed in the Frequently Answered Questions Section below). Customers do not have to provide us reasons as to why they wish to access their information. In providing access to information, we ensure that an individual who seeks access to information is in fact the individual that the personal information is about.

When Greenlight Human Capital does receive requests for access to information, it is our intention to meet the following response times:

  • To acknowledge receipt of individual’s request for access within 10 working days from date of request. 
  • To provide access to simple requests for personal information within 15 working days from date of request.
  • To provide access to more complex requests for personal information within 20 working days from date of request.

There are situations in which Greenlight Human Capital will not be required to grant customer access to information. These situations may prejudice legal dispute resolution proceedings or negotiations; pose a threat to life, health or safety; pose a threat to national security; be unlawful; or impact the privacy of another individual. In the situations where we are withholding access to information, we will always provide an explanation to the customer (except when we are investigating unlawful activity). We would also give the customer access to the parts of the record that are not exempt.

Australian Privacy Principle 13—correction of personal information

Greenlight takes all reasonable steps to correct personal information where an individual establishes that the information is inaccurate, incomplete, or not up-to-date. If an individual requests that a report is to be modified, in their belief that it contains inaccuracies, the consultant has two options:

  1. If the consultant agrees with the individual’s requested correction, the consultant will amend the report and distribute it again.
  2. If the consultant disagrees with the individual’s requested correction, the consultant will attach a supplementary report to the original report, detailing what corrections the individual had requested, and circulate the supplementary report to recipients of the original report.

FREQUENTLY ASKED QUESTIONS

What happens if a worker requests access to their file?

If a worker requests access to information, please bring this to the attention of a Managing Partner. It is not uncommon that if a worker requests access to their file, they have some concern. it is our intention to meet the following response times:

  • To acknowledge receipt of individual’s request for access within 10 working days from date of request.
  • To provide access to simple requests for personal information within 15 working days from date of request.
  • To provide access to more complex requests for personal information within 20 working days from date of request.

There are situations in which Greenlight Human Capital will not be required to grant customer access to information. These situations may prejudice legal dispute resolution proceedings or negotiations; pose a threat to life, health or safety; pose a threat to national security; be unlawful; or impact the privacy of another individual. In the situations where we are withholding access to information, we will always provide an explanation to the customer (except when we are investigating unlawful activity). We would also give the customer access to the parts of the record that are not exempt.

We will also take reasonable steps to correct personal information where an individual establishes that the information is inaccurate, incomplete, or not up-to-date. In the situations where we are withholding access to information, we should always provide an explanation to the customer (except when we are investigating unlawful activity). We would also give the customer access to the parts of the record that are not exempt. We are also required to take reasonable steps to correct personal information where an individual establishes that the information is inaccurate, incomplete, or not up-to-date.

If an individual requests that a report be modified due to their belief that it contains inaccuracies, the consultant has two options:

  1. If the consultant agrees with the individual’s requested correction, the consultant should amend the report and distribute it again.
  2. If the consultant disagrees with the individual’s requested correction, the consultant should attach a supplementary report to the original report, detailing what corrections the individual had requested, and circulate the supplementary report to recipients of the original report.

What do I do if there is information on the file that I perceive as sensitive in relation to a third party?

If an individual requests to access their file under privacy legislation, Greenlight Human Capital is responsible for insuring that providing the access does not breach a third party’s privacy. If there are file notes that disclose sensitive information about a third party, it is appropriate to redact this information prior to providing access to the individual. Costs related to compensable cases are considered confidential information in relation to the provider/insurer relationship, hence the client is not entitled to access this information without the consent of the insurer. Independent medical reports held on our file can, in some instances, be accessed by the client under privacy legislation. However it is prudent to let the insurer, and independent medical examiner know about the request. If there is a court case pending, all information on the file is only able to be accessed via a subpoena.

What happens if the client refuses to sign the information consent form?

Sometimes clients are reluctant to sign information consent forms as they are unsure how their information is going to be used. If this is the case, a reassuring explanation of the purpose for collecting and disclosing the information will overcome this concern. Some clients have been told by their solicitor not to sign anything. If this is the case, a phone call to the solicitor will usually overcome this barrier. If possible, the solicitor can be contacted during the initial interview, if this issue arises.

Some clients persist in refusing to sign consent forms. Fundamentally, if the consent form is not signed, we are not able to provide the service we have been requested to undertake. If this scenario arises, it can be a sensitive issue to deal with and it is crucial that a managing partner be made aware of the situation. The managing partner will provide advice on how best to deal with this scenario.

What happens if a solicitor requests that wording in the consent form be changed?

If a client and / or solicitor requests that any wording on the information consent form be changed, it must be brought to the attention of a managing partner. As a general rule, the wording on the consent form should not be changed. However, depending on the circumstances, it may be appropriate in some instances, but any changes must be ratified by a managing partner.

What happens if someone rings requesting sensitive information?

When a caller is requesting private and / or sensitive information, three questions need to be asked to identify the caller and ensure they are entitled to receive the requested information.

  1. Name
  2. Address or Date of Birth
  3. Another question relating to the case e.g. ‘Who is your  insurer? ‘ or ‘What is your claim number?’, etc.

Greenlight hopes that this document has helped aid your understanding of the Privacy Principles and the steps and actions Greenlight Human Capital has put in place to protect an individual’s privacy. If you wish to discuss any aspects of this policy, please contact a Greenlight Human Capital managing partner.