Benestar Group is part of the Cover-More group of companies, which was acquired by the Zurich Insurance Group in April 2017.
Benestar Group provides a range of health and wellbeing services to organisations. These include Employee Assistance Programs (EAP), Trauma counselling, HR consulting, Health Risk Assessments, and Organisational Development (coaching, training and facilitation).
For further information on privacy in Australia, please visit the website of the Office of the Australian Information Commissioner at www.oaic.gov.au
For further information on privacy in New Zealand, please visit the website of the Privacy Commissioner at www.privacy.org.nz
For further information on privacy in Singapore, please visit the website of the Personal Data Protection Commission at www.pdpc.gov.sg
3. What is personal and sensitive information?
Benestar Group regularly collects, holds, uses and discloses health information about individuals and is committed to protecting the privacy of this type of information to a higher degree than that of other personal information.
For the purpose of the Privacy Act 1988 (Cth), personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether or not that information or opinion is true or recorded in material form.
Sensitive information includes health information about an individual, and personal information about an individual’s racial or ethnic origin, religious, philosophical or political beliefs, membership of a union or a political, professional or trade association, sexual orientation or practices and criminal record.
Health information includes personal information collected to provide or in providing a health service and personal information about the health or disability of an individual, an individual’s expressed wishes about the future provisions of health services to the individual and a health service provided or to be provided to the individual. State and Territory laws relating to the protection of health records may also apply to the health information collected by us.
Personal information for the purposes of New Zealand’s Privacy Act 1993 is information about, or capable of identifying (on its own or with other information), a living natural person, and includes sensitive information and health information.
Personal information (described as “personal data” in Singapore) means information whether true or not about an individual who can be identified from that information or from that information and other information to which the organisation has or is likely to have access.
The Personal Data Protection Act 2012 and the relevant advisory guidelines issued by the Personal Data Protection Commission apply to the use and disclosure of personal information by organisations.
Your personal information
4. How we collect your personal information
Benestar Group collects personal information from and on behalf of clients, customers, business partners, suppliers, employers and third party service providers.
We will, if it is reasonable or practicable to do so, collect your personal information directly from you. This may happen when you fill out an application for one of our products, attend an assessment or participate in a service, become one of our contractors or associates or request assistance. This may occur over the phone, via email, a website, via our chat facility or through one of our agents, contractors or partners.
In certain cases we may collect your personal information from third parties as permitted under applicable privacy laws. For example, we may need to collect personal information from your representative (such as a legal guardian), your employer or any of the other organisations referred to below under “Use, transfer and sharing of your personal information” and identified in Appendix 2.
We may also collect information by other means and will take reasonable steps to inform you if and when we do.
5. Your sensitive information
- the fact that we may collect sensitive information about you (directly, or indirectly from third parties where appropriate);
- the purposes for which the sensitive information is collected;
- the intended recipients of the sensitive information;
- our name and address;
- that we will be the agency that is collecting and holding the sensitive information;
- whether or not the supply of sensitive information is voluntary or mandatory, and if mandatory the particular law under which it is required;
- the consequences (if any) for you if all or any part of the sensitive information we request is not provided; and
- your rights to access and correct your sensitive information that we hold.
We will only collect sensitive information directly from you, except where we believe on reasonable grounds that:
- you have authorised the collection of sensitive information about you from a third party;
- it would prejudice your interests;
- it would prejudice the health or safety of any person (including you); or
- for any other lawful reason under applicable privacy laws, including those contained in subrule 2(2) of the NZ Health Code and the Second Schedule of the Personal Data Protection Act 2012.
We will only collect sensitive information about you for a lawful purpose connected with a function or activity listed in Appendix 3, and only where the collection is necessary for that purpose.
We will not collect sensitive information about you by unlawful means, or by means that, in the circumstances, are unfair or intrude to an unreasonable extent upon your personal affairs.
Your health information (including your gender, age range, presenting issue, history of presenting issues, psychosocial background, family history, medical history and lifestyle information), is generally required to arrange assessment of your needs so we are able to provide you with the appropriate level of support and intervention.
6. What personal information does Benestar Group collect?
We will only collect personal information where it is necessary for us to perform one or more of our functions or activities. We collect the personal information we need to provide the services described in section 1 above. In addition, in accordance with our contractual obligations to your employer, we also collect your personal information to enable the provision of confidential and de-identified reporting in relation to organisational trends relating to the health and wellbeing services we provide. We shall seek your consent before collecting any additional personal information and before using your personal information for a purpose which has not been notified to you (except where permitted or authorised by law).
The type of information Benestar Group collects and holds varies depending on the type of product or service we provide to you. For example, Benestar Group will hold different information about you if you are being provided counselling services after a crisis event than if you are receiving counselling under an Employee Assistance Program or health coaching. This information may include information about a disability or medical condition that you have or health information in general.
If you contact us by telephone, these calls may be recorded for training, quality and business purposes.
For the type of personal and sensitive information Benestar Group generally holds please refer to Appendix 1.
7. Unsolicited information
In the event we receive unsolicited personal information, we will determine whether or not we should retain this information. This will depend on whether it is reasonably necessary for one or more of our functions or activities. If we determine that the personal information is not necessary for one or more of our functions or activities and that we should not retain it, then we will, as soon as practicable, either return it to you or whomever sent it to us, destroy it or otherwise ensure it is de-identified, provided that it is lawful to do so.
8. How accurate is your personal information
Benestar Group takes reasonable steps to ensure that the personal information collected, used or disclosed is accurate, relevant, complete and up-to-date. We will not use personal information that is sensitive information without taking such steps (if any) as are reasonable to ensure that, having regard to the purpose of the sensitive information’s collection, the information is accurate, relevant, complete, up-to-date, and not misleading.
If you believe your personal information is not accurate, complete or up to date, please contact the Benestar Group’s customer service team on 1300 360 364 in Australia, 0800 360 364 in New Zealand, +61 2 8295 2292 in Singapore or email@example.com.
9. Protecting your personal information
We take reasonable steps to securely store your personal information so that it is protected from unauthorised use, access, modification or disclosure. We store personal information in:
- Paper form on Benestar Group’s premises, document storage facilities and where services are provided by our contractors, on their premises.
- Electronic form, on Benestar Group’s cloud case management system hosted in Australia, on Benestar Group’s premises and in Benestar Group’s data-centres, which are managed by our outsourced IT service providers.
We maintain administrative, technical, and physical safeguards for the protection of personal information. Our security measures include, but are not limited to:
- Access to your personal information is limited to authorised personnel who have a legitimate need to know based on their job. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed.
- Only allowing access where the individual seeking access has satisfied our identification requirements, such as a security and identification check on the commencement of a call.
- Confidentiality requirements for our employees, contractors, agents and suppliers.
- Secure Document storage.
- Training and education is provided to all group employees in the handling of personal information.
- Security measures for systems access.
- Antivirus and anti-malware software, and regularly updated virus definitions.
- Third parties who we hire to provide services and have access to personal information agree to implement privacy and security practices that we deem adequate.
- Personal information provided on computer servers is secured in a restricted and controlled network environment.
- When transferring credit card numbers, via payment gateways the data is encrypted.
- Employing firewalls and intrusion detection systems.
- Third-party contractors who process personal information on our behalf agree to provide reasonable physical safeguards.
- Effectively and securely destroying information no longer needed, for example, by shredding or pulping in the case of paper records.
- Our security procedures and policies are audited on a regular basis to ensure they are updated in accordance with current legal requirements and current levels of security technology.
While Benestar Group has security measures in place to protect your information, no transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, Benestar Group cannot warrant or ensure the security of any information you transmit to us or we transmit on your behalf, or to you, in the course of providing services over the internet.
10. Using Government Identifiers
Benestar Group does not adopt any government identifiers.
11. If you are at risk of harm
If you are contacting us or receiving assistance from us and you or someone else are at possible risk of harm, Benestar Group has an obligation to intervene and provide the appropriate level of escalation. This may take the form of liaising with a third party (e.g. medical practitioner, family member, manager or work colleague) or in certain situations contacting emergency services.
Use, transfer and sharing of your personal information
12. How we use and disclose your personal information
We use your personal information to provide you with the relevant product or service you have requested. When disclosing information to your employer, Benestar Group only provides information in the following scenarios: in accordance with Section 11 above; if you have provided consent; if we provide musculoskeletal assessments and high risk intervention programs for your employer and you have undergone such an assessment which has determined that you are in a high risk category of musculoskeletal restrictions and are therefore eligible to participate in the high risk intervention program (in which case we will advise your employer of your eligibility for the program and your movement limitations); or in de-identified reporting as described in Section 6 above.
If you are a representative of one of our corporate customers, we may use your personal information (which is not also sensitive information) to send you material about other Benestar Group products or services as described below in Section 14 (Marketing our products and services).
We may also use or disclose your personal information for another purpose for which you may reasonably expect it to be used or disclosed by us and that secondary purpose is related or (if sensitive information) directly related to the purpose for which it was collected (Australia and New Zealand only). Otherwise we will only use your information for a secondary purpose if you have consented to this use or disclosure, the use or disclosure is required by law or an enforcement body or to provide assistance in a medical emergency.
For a list of the types of uses of your personal information by Benestar Group please refer to Appendix 3.
We may retain your personal information for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws including the 2015 Guidelines for the Retention Periods of Medical Records
13. Your personal information and our related companies
When providing our health and wellbeing services, we may refer to information provided by our third party medical and non-medical assistance providers, who include related entities.
14. Marketing our products and services
If you are a representative of one of our corporate customers, we may from time to time, provide you with information about other products, services and offers.
If you do not wish to receive this information, or wish to know the source of the information, please contact the Benestar Group customer service team on 1300 360 364.
You can change your mind about receiving information about our products and services at any time, by contacting us or using the opt-out process on our offers or promotional communication.
If you are an individual whose employer has acquired health and wellbeing services from us for you to use and you have contacted us to utilise those services, we may need to contact you in relation to those services (for example in relation to an appointment you have scheduled) and/or services that your employer wishes you to be made aware of.
We will not contact you for marketing purposes.
If you are an individual whose employer has acquired EAP services from us for you to use and you have contacted us to utilise those services, we may need to contact you in relation to those services (for example in relation to an appointment you have scheduled or your counselling records). We will not contact you for marketing purposes.
15. When we share your information with other parties
We will only share (disclose) your personal information with third parties if it is required to fulfil service or product obligations to you, or if it is required or permitted under law or in an emergency situation. Benestar Group will not disclose any personal information that we have collected from you (other than to the parties involved in providing our services to you), except in the situations set out below: in accordance with Section 11 above; if you, your parent or guardian, power of attorney or executor (as relevant) have provided informed consent; or in de-identified reporting as described in Section 6 above. For a list of the types of entities Benestar Group generally discloses your personal information to please refer to Appendix 2.
16. Transferring personal information overseas
If you are at any time located outside of the country from which you provided us with your information, you consent to us sending your personal information to overseas parties if required to provide you with our health and wellbeing services. We may also need to disclose your personal information to third parties who are located overseas when using your information for the purposes set out in Sections 12-15 above. Who those third parties are and where they are located may change from time to time. You can contact us for details.
While we are committed to protecting your personal information from misuse, loss or interference, when your personal information is sent overseas in some cases we may not be able to take reasonable steps to ensure that those third parties do not breach relevant privacy laws and the personal information may not be subject to the same level of protection that is offered under Australian, New Zealand or Singapore privacy laws. You may not be able to seek redress under laws in the overseas jurisdiction in the event of any misuse, loss or interference with your personal information.
By proceeding to acquire or use our products or services you consent to the use or disclosure of your personal information by or to third parties overseas as described in this section.
Your privacy on the internet
17. Collection of other information
Benestar Group may also collect non-personally identifiable information such as the type of browser, or operating system you use, your domain name, IP address, access times, referring website addresses and page views. Our Internet Service Provider (“ISP”) automatically identifies your computer by its IP address. When you visit pages on our website, our ISP may log your IP address. We do not link IP addresses to any personally identifiable information. Your IP address is used to gather broad demographic information only. A User Transaction ID is created each time you enter our website. This ID is used to keep track of your dealings with us, and other requests.
Our web pages may contain electronic images, known as web beacons or spotlight tags. These enable us to count users who have visited certain pages of our website. Web beacons and spotlight tags are not used by us to access your personal information, they are simply a tool we use to analyse which web pages customers view, in an aggregate number.
Links to other websites
Our web sites may contain links to non-Group web sites. Whilst such links are provided for your convenience, you should be aware that the information handling practices of the linked web sites might not be the same as ours.
Dealing with Benestar Group
18. Resolving your privacy issues
19. Gaining access to and correcting your personal information
You have the right to:
- receive a confirmation from us whether we hold any personal information or sensitive information about you;
- access any of your personal information or sensitive information; and
- request the correction of any of your personal information or sensitive information.
If charges are applicable for providing access we will disclose these charges to you prior to providing you with the information. In limited circumstances, a request for access may be denied, or restricted access given. We will provide reasons in writing for the denial of or limitation on access.
To arrange access please contact us (see the Contacting Us section). In some cases we may be able to deal with your request over the telephone.
We will correct personal information if we discover, or you are able to show that the information is incorrect. If you seek correction and Benestar Group disagrees that the information is incorrect, we will provide you with our reasons for taking that view and advise you on the further steps you may take.20. Dealing with us anonymously or under pseudonym
You can deal with us anonymously or you may use a pseudonym where it is lawful and practicable to do so. For example, you may inquire about our products or receive generic information about how we may be able to provide support services to you. However we regret that we will not be able to offer any of our products or services if we cannot identify you.
21. Contact us
Benestar Group Pty Ltd
Private Bag 913, North Sydney, NSW 2059
Phone: 1300 360 364
Benestar Group Pty Ltd
Private Bag 913, North Sydney, NSW 2059
Phone: 1300 360 364
APPENDIX 1: Benestar Group typically collects and holds the following information
- Name and address
- Date of birth
- Contact details, which may include your telephone number and email address
- Your gender
- Emergency contact details
- Your employer
- Information about your personal history (which sometimes may include medical history) and the personal history of any other person you disclose to us in the course of us providing our service to you
- The type of medical and non-medical assistance you have been provided with either by us, our service providers or your own medical practitioner
- Health information you provide to us or is generated as part of your participation in one of our programs
- Background and security checks (for contractor, associates, representatives and suppliers only)
- Other information required to administer the product or services you have requested.
APPENDIX 2: Benestar Group typically discloses to and/or collects from the following entities
Below are the types of entities Benestar Group may collect your personal information from and may disclose your personal information to. This is not an exhaustive list.
- Medical practitioners and specialists
- Medical providers such as hospitals
- Emergency assistance providers
- Family members in the event of a medical emergency
- Record management and storage businesses
- Companies who we engage to collect data, perform statistical analysis, and generate health and wellbeing related reporting to support the services we provide to you.
- Accreditation or certification organisations
- Our professional advisors including lawyers, accountants, tax advisors and auditors
- Debt collection agencies and other parties that assist with debt-recovery functions
- Police and law enforcement bodies to assist in their functions
- Courts of Law or as otherwise required or authorised by law
- Regulatory or government bodies for the purposes of resolving customer complaints or disputes both internally and externally or to comply with any investigation by one of those bodies
- Credit providers or credit reporting agencies (if you are our supplier)
- Printing, mail and distribution companies
- Third party service providers engaged as our agent to provide specialised health and wellbeing services (including flu vaccinations and executive health checks)
- Your employer. (Collecting personal information from an employer could occur if your employer refers you to us for
- Trauma counselling* or mediation;
- A health risk assessment, vaccination, musculoskeletal assessment, high-risk intervention program or other services relating to physical health, in respect of which information is usually provided back to employers on a de-identified basis.
- In these cases we would need to obtain your consent before we disclose any further personal information to your employer. In the case of services relating to physical health, we may seek your consent prior to providing the service.)
*This does not refer to EAP counselling, which is generally self-referred. EAP counselling is provided on a confidential basis in accordance with the professional codes of ethics to which we are required to adhere.
APPENDIX 3: Benestar Group’s list of uses and disclosure of personal information
We use and in some instances disclose your personal information when we, or third parties appointed by us, provide the following services:
- To identify you
- Arranging and managing the support services we provide to you
- To assess an application for a product, including assessing any existing medical conditions
- Evaluating emergency care
- Providing medical and non-medical assistance
- Dealing with enquiries or complaints
- To monitor and improve the services provided by us and our agents or service providers, the products we provide or our operations
- For planning, product development and research purposes and to seek feedback on products and services (including those products and services offered by others on our behalf)
- Carrying out market analysis and research and product analysis and development
- Enhancing our services for our website visitors
- Conducting internal investigations in relation to crime and fraud prevention, detection or prosecution
- Training our staff
- Providing de-identified health information as well as identifiable health information to employers who have purchased health risk assessments, vaccinations, musculoskeletal assessments, high-risk intervention program services and other services relating to physical health. We would seek your consent before we disclose any further personal information to your employer or, in some cases, prior to providing the service.
- Providing to your employer details relating to your participation in some services we provide (eg trauma counselling*, mediation, seminars, education sessions), where your prior consent has been obtained.
- To identify and develop products or services that may interest you and market them to you (unless you ask us not to do so)
- Carrying out accreditation or certification activities
- Carrying out credit checks, credit reporting and compliance checks through ASIC on our contractors and suppliers
- Carrying out debt-recovery functions
- For any other purposes that would be reasonably expected.
*This does not refer to EAP counselling, which is usually self-referred. EAP counselling is provided on a confidential basis in accordance with the professional codes of ethics to which we are required to adhere.