Happy Health privacy policy

Purpose and Scope

Happy Health Australia Pty Ltd (“we”, “us”, “our”) is committed to protecting the privacy and confidentiality of all personal and health information we collect. We comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act), including the Health Privacy Principles (HPPs), as well as any other applicable health privacy or records legislation. This Policy explains how we collect, use, disclose, store, secure, access, correct and otherwise manage your personal information, including sensitive and health information. By engaging with us— including using our website, receiving our services, accessing our systems, or providing personal information to us—you agree to this Policy.

Definitions

• Personal Information – Information or an opinion that identifies or could reasonably identify an individual, whether true or not and whether recorded in a material form or not.
• Health Information – As defined under the HRIP Act, includes health status, medical history, disabilities, expressed wishes about future health services, genetic information, and information collected in relation to a health service.
• Sensitive Information – As defined in the Privacy Act, including health information, racial or ethnic origin, political opinions, religious beliefs, membership of associations, sexual orientation or practices, criminal record, and biometric information.
• Health Service – Any activity intended or claimed to assess, record, maintain or improve an individual’s health, including diagnosis, treatment, health assessments, and screenings.

Collection of Personal and Health Information

We collect personal and health information when reasonably necessary to provide our services or comply with legal obligations. This includes services related to:

• Pre-employment medicals
• Drug and alcohol testing
• Fitness-for-work assessments
• Injury management
• Rail safety medicals
• Functional and audiometry assessments
• Immunisation and vaccination services
• Mining and occupational health services

Information may be collected directly from you (in person, electronically, verbally, forms or questionnaires); with your consent from third parties (e.g., treating practitioners and specialists); from your employer or prospective employer where authorised; through our website or online systems (e.g., cookies, analytics); and from regulators when required by law. Collection will be lawful, fair, not unreasonably intrusive, and limited to what is reasonably necessary (APP 3; HPP 1).

We collect sensitive and health information only with your consent unless an exemption applies (APP 3; HPP 4).

Where lawful and practicable (APP 2), you may interact with us anonymously or using a pseudonym, noting some services cannot be provided anonymously.

Use and Disclosure of Information

We will only use or disclose information for: the primary purpose of collection; a secondary purpose that is related (or for health information, directly related) to the primary purpose and within reasonable expectations; purposes required or authorised by law; or purposes to which you have expressly consented (APP 6; HPP 10–11).

Typical disclosures include:

• You or any person you authorise
• Treating healthcare professionals (GPs, specialists, allied health providers)
• Your employer or prospective employer (where authorised or required for service delivery)
• Pathology, radiology and diagnostic providers
• Insurers and workers compensation bodies (e.g., iCare) and SafeWork NSW
• Regulators and law enforcement where legally required
• Our contracted service providers subject to confidentiality and privacy safeguards

We will not disclose sensitive or health information to third parties for direct marketing.

Direct Marketing

We may use personal information (but not sensitive/health information) to inform you about our services where permitted by law. You may opt out at any time by following the instructions in our communications or contacting us directly (APP 7).

Government Identifiers

We will not adopt, use or disclose government-related identifiers (e.g., Medicare numbers) as our own identifiers except as permitted by law (APP 9).

Data Quality and Security

We take reasonable steps to ensure personal information is accurate, up to date, complete and relevant (APP 10; HPP 8). We implement physical, administrative and technical safeguards to protect information from misuse, interference, loss, and unauthorised access, modification or disclosure (APP 11; HPP 5). Measures include restricted access, secure storage, encryption where appropriate, staff training and audits.

We retain information only for as long as necessary for lawful purposes or as required by law and then take reasonable steps to destroy or de-identify it (APP 11.2; HPP 11).

Notifiable Data Breaches

We assess suspected data breaches and, where an eligible data breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC), and take steps to mitigate harm, consistent with the Notifiable Data Breaches scheme.

Access to Information

You may request access to your personal and health information (APP 12; HPP 7). Requests must be in writing, specify the information sought, and include proof of identity. We will respond within 45 days as required under the HRIP Act. Access may be refused in limited circumstances where permitted by law, and reasons will be provided.

Correction of Information

You may request correction if information is inaccurate, out of date, incomplete, irrelevant or misleading (APP 13; HPP 8). If we do not agree to a correction, you may request that a statement be associated with your record.

Overseas Disclosure and Cloud Services

We may disclose or store information overseas where necessary for service provision, with your consent, or where we have taken reasonable steps to ensure the overseas recipient does not breach the APPs (APP 8). Where cloud services are used, we impose contractual and technical safeguards. If server locations change, we will update this Policy as required.

Website, Cookies and Analytics

We may collect technical information such as IP addresses and usage data. We use cookies and similar technologies to improve site functionality and analytics. You can disable cookies in your browser, which may affect some features. Third-party websites linked from our site are not governed by this Policy.

Credit Information (if applicable)

If we offer you credit (payment deferred by more than 7 days), we may handle credit information and credit eligibility information in accordance with Part IIIA of the Privacy Act and the Privacy (Credit Reporting) Code. This may include identification details, information about credit accounts and repayment history. You may request access and correction to such information and make complaints in accordance with this Policy.

Contact, Complaints and Escalation

To request access or correction, make enquiries, or lodge a complaint about how we handle your information, contact:

Privacy Officer

Happy Health Pty Ltd

310 Hillsborough Road

Warners Bay NSW 2282

Phone: 02 4965 8199

Email: hello@happyhealth.com.au

We will acknowledge and respond to complaints as soon as reasonably practicable and in accordance with our complaints process. If you are unsatisfied, you may contact the Office of the Australian Information Commissioner (www.oaic.gov.au) or, for NSW health information matters, the NSW Privacy Commissioner (www.ipc.nsw.gov.au).

Changes to this Policy

We may update this Policy from time to time to reflect legislative changes or operational updates. The latest version will be available on request. Policy review: annually or earlier if required.