Privacy Policy
Servare Occupational Health Pty Ltd — how we collect, use, disclose, and protect personal information.
Servare Occupational Health Pty Ltd ("Servare", "we", "our", "us") is committed to protecting the privacy, dignity, and confidentiality of all individuals who engage with our onsite physiotherapy and workplace health services. This Privacy Policy explains how we collect, use, disclose, and protect personal information, including health information, in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and relevant state and territory legislation governing private sector health service providers.
By providing personal information to us, you consent to its handling as described in this Policy. Servare may update this Policy periodically to reflect changes in law, technology, or our service model.
1. Purpose of this Policy
This Policy outlines how Servare manages personal information, including:
- what information we collect
- how we collect and store it
- how we use and disclose it
- how we protect it
- how you may access or correct your information
- how to make a privacy complaint
This Policy applies to all individuals who interact with Servare, including workers receiving onsite physiotherapy, employer representatives, contractors, and website users.
2. Consent
By engaging with Servare or providing personal information to us, you consent to the collection, use, and disclosure of your information as outlined in this Policy. You may withdraw consent at any time, noting that this may affect our ability to provide services.
3. Collection of Personal Information
3.1 Who we collect information from
We may collect personal information from:
- workers receiving onsite physiotherapy or workplace health services
- employer representatives
- contractors and service providers
- job applicants
- individuals who contact us or use our website
You are not required to provide personal information; however, withholding information may limit our ability to deliver services safely and effectively.
3.2 How we collect information
We may collect information:
- directly from you (in person, by phone, email, online forms, or written communication)
- through our website or digital platforms
- from your employer (e.g., job role, workplace injury notifications)
- from treating practitioners (with your consent)
- through workplace observations relevant to your care
3.3 Types of information we collect
The information we collect depends on the nature of our interaction with you and may include:
Personal information
- Name, date of birth, gender, contact details
- Employment details (role, worksite, shift, employment type)
Health information (sensitive information)
- Injury details, symptoms, functional capacity
- Medical history relevant to treatment
- Assessment findings and treatment notes
- Information from other treating practitioners (with consent)
Health records are retained for the minimum period required under applicable health record retention laws.
Workplace information
- Job demands and functional requirements
- Workplace injury reports
- Video or photographs taken for functional assessment purposes
Optional information
- Feedback or service preferences
- Pseudonym or alias (where practical)
4. Anonymity and Pseudonymity
Where reasonable, you may choose not to identify yourself or to use a pseudonym. However, this may limit our ability to provide clinical services or maintain accurate health records.
5. How Servare Uses Personal Information
We use personal information only for the purpose for which it was collected, or for a directly related secondary purpose that you would reasonably expect. These purposes include:
- providing onsite physiotherapy and workplace health services
- coordinating care with treating practitioners (with consent)
- conducting assessments, treatment, and follow-up
- communicating functional capacity information to employers (with consent)
- quality assurance, accreditation, audits, and service improvement
- fulfilling legal, regulatory, or public health obligations
- managing risk, complaints, and incident responses
- sending appointment reminders or administrative communications
- engaging contractors or assessing employment applications
Use of anonymised or de-identified data
We may de-identify or aggregate personal information for:
- research
- service evaluation
- injury trend analysis
- quality improvement
- business analytics
This information cannot identify you. Aggregated data may be shared with employers to support workplace health and safety initiatives.
Use of video or photographs
Video or photographs may be collected for some of our services including but not limited to functional assessments, risk assessments, ergonomic assessments and early intervention treatment. Separate consent will be sought for any marketing use.
6. AI-Assisted Note-Taking Tools
Servare may use secure, AI-assisted tools to support accurate clinical documentation. These tools may transcribe or summarise consultations to assist clinicians.
Safeguards include:
- audio is not retained
- raw transcripts are deleted
- only clinician-verified summaries are stored
- AI tools do not make clinical decisions
- clients may request that AI not be used during their session
All information captured is handled in accordance with this Policy.
7. Disclosure of Personal Information
We may disclose personal information to:
- treating practitioners (with consent)
- your employer (with your consent)
- insurers or rehabilitation providers
- IT and cloud service providers
- auditors, legal advisers, and professional consultants
- regulatory or health authorities where required by law
Sensitive information is only disclosed:
- for the purpose for which it was provided
- for a directly related purpose you would reasonably expect
- with your consent
- where required or authorised by law
We do not disclose detailed clinical notes to employers.
8. Overseas Disclosure
Some third-party service providers may store or process information outside Australia. Where this occurs, we take reasonable steps to ensure that overseas recipients handle information in accordance with the APPs, including requiring appropriate security and privacy safeguards.
9. Website Use and Cookies
Our website may collect non-identifying information such as:
- browser type
- device information
- pages visited
- time spent on the site
Cookies may be used to support website functionality and analytics. Our website may contain links to third-party sites; we are not responsible for their privacy practices.
10. Protecting Your Personal Information
We take reasonable steps to protect personal information from:
- loss
- misuse
- unauthorised access
- modification
- disclosure
Security measures include:
- access controls
- encryption
- secure clinical systems
- staff training
- physical security measures
If we receive unsolicited personal information that we do not require, we will destroy or de-identify it where lawful and appropriate.
All Servare staff are required to comply with this Policy and professional confidentiality obligations.
11. Accuracy of Information
We take reasonable steps to ensure information is accurate, complete, and up to date. Please notify us if your details change.
12. Retention and Destruction
We retain personal information for as long as required by:
- law
- clinical recordkeeping standards
- operational requirements
Information no longer required will be securely destroyed or permanently de-identified.
13. Access to and Correction of Personal Information
You may request access to the personal information we hold about you. Access may be refused in limited circumstances permitted by law (e.g., where disclosure may pose a serious threat to health or safety).
You may also request corrections to your information. If we do not agree to amend the information, you may request that a statement be attached noting your requested changes.
Identity verification may be required before releasing information.
14. Complaints and Privacy Enquiries
If you have concerns about how your personal information has been handled, you may contact our Privacy Officer. We may request additional information to investigate your concern. We aim to respond within a reasonable timeframe.
Servare Privacy Officer
Servare Occupational Health Pty Ltd
Level 4, 110 George Street
Parramatta NSW 2150
Email: privacy@servare.com.au
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001
Email: enquiries@oaic.gov.au
Phone: 1300 363 992
Website: www.oaic.gov.au
If your concern relates specifically to health information, you may also contact the relevant state or territory privacy regulator.
15. Changes to This Policy
Servare may amend this Privacy Policy from time to time. The most current version will be available on our website or by request.