Privacy Policy
We appreciate you taking the time to read this notice carefully. This notice applies to anyone who interacts with us about our products and services in anyway, for example, via email, via our website, our telephone helpline or through our App
1. Who we are
2. Collection of Information
3. Cookies
4. Website analytics
5. Collection of Information (Business)
6. Monitoring of telephone calls
7. Sensitive Information
8. Use of Personal Information
9. Direct Marketing (External Parties)
10. Direct Marketing (Group Members)
11. Disclosure of Personal Information
12. Employee Information
13. Access and amendment requests
14. Complaints
15. Storage and Security of Personal Information
16. Data Retention
17. Wisdom App
Who we are
All of the Peninsula Group’s Australian members (Group or us), which includes Wisdom Wellbeing Pty Ltd (Wisdom Wellbeing) and its subsidiaries, must follow the Privacy Act and Australian Privacy Principles (APPs). This group includes: Peninsula Business Services Limited, Peninsula Business Services (Ireland) Limited, Croner Group Ltd, Croner-i Limited, Croner Taxwise, Employsure PTY Limited (Australia), Employsure Limited (New Zealand), BrightHR Limited and Graphite HRM. The Group handles personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs). Personal information includes information relating to you. References in this Privacy Policy to “you” are references to the individual reading this Privacy Policy or an individual on whom the Group has collected information. References to the terms “Australian Privacy Principles”, “personal information” and “sensitive information” have the meaning attributed to those terms in the Privacy Act.
Collection of Information
The types of information the Group collects will depend on the nature of your dealings with the Group. The Group will only collect personal information if it is reasonably necessary for one or more of its functions or activities. The Group will generally collect personal information about you when you: • instruct the Group to provide advice; • visit its website; • provide personal information via an the Group web form; • subscribe to a newsletter or to receive the Group publications; • apply for employment with the Group; • attend seminar provided by the Group; and • engage in business dealings with the Group. If you are a client or a subscriber to the Group’s mailing lists or online services, the personal information that will ordinarily be collected about you will include your name, business or residential address, email address and contact numbers.
You have the option of not providing personal information to the Group. However, if you decide not to provide the requested information, the Group may not be able to provide you with certain services.
Cookies
Our website, online services, apps and email messages may use cookies. Cookies help us to better understand user behaviour and tell us which parts of the website people have visited. The Group uses cookies to improve the navigational experience of visitors on its website by making it more user-friendly. If you wish to disable cookies, your browser should allow you to opt out of receiving cookies. If you are not sure whether your browser has this capability, check with your service provider to find out how to disable cookies. Please note that certain features of The Group’s website may not be available once cookies are disabled.
Website Analytics
Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. The Group uses reports provided by Google Analytics to help understand website traffic and webpage usage. By using this website, you consent to the processing of data about you by Google in the manner described in Google’s Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google. Our website may use interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or “share” information from this website through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your visits to this site with other personal information.
Information in the Course of Business
The Group may collect personal information about you in the ordinary course of its business, including your name, address, contact details and occupation. This information may be collected through meetings, face to face interviews, business cards, seminars, telephone calls and from third parties in accordance with the Privacy Act.
Monitoring of telephone calls
When the Group speaks to you on the phone, calls may be monitored and recorded for security, training and quality assurance purposes.
Sensitive Information
The Group will only collect sensitive information about you (e.g. information about your membership of a professional body, race, religion, ethnicity, political opinion or individual health information) with your consent and if the collection is reasonably necessary for one or more of its functions or activities.
Use of Personal Information
The Group may use personal information it collects about you for a number of purposes including to: • compile statistical data and to maintain its database; • develop/improve its website • respond to any email inquiries; • notify you of any upcoming training or other events; • provide you with publications; • manage quality control; • manage systems administration; • comply with compliance policies; • provide you or your employer with advice; • direct marketing; • receive services from you or your employer; and • assist with employment purposes or to consider suitability of employment. The Group will not use or disclose your personal information for any purpose which is not related (or in the case of sensitive information, directly related) to the above purposes without your consent, or unless otherwise authorised, required or permitted under Australian law or regulation.
Direct Marketing (External Parties)
The Group will not use or disclose personal information it holds for direct marketing purposes to any third party outside of the Group unless you consent to its use for this purpose. If you no longer wish to receive information about the Group’s services, or other marketing communications, please send an email to the Group’s marketing team at marketing@employsure.com.au advising that you do not wish to receive such information.
Direct Marketing (Group Members)
From time to time, we may also use your information to tell you about products or services provided by the Group that we think you might be interested in. To do this, Group Members may contact you by: • Email; • Phone; • SMS; • Social media; • Advertising through our apps, websites, or third-party websites; and • Mail. The Group may use or disclose personal information it holds for direct marketing purposes to any group member. If you do not consent to this and / or you don’t want to receive direct marketing messages or want to change your contact preferences, please opt out by: • Emailing: marketing@employsure.com.au
Disclosure of Personal Information
The Group may disclose your personal information (excluding sensitive data) in the following ways: • on a confidential basis to external service providers that provide services such as financial or administrative services in connection with the operation of its business;
• to members of the Group for the purposes of Direct Marketing; • to any person (where necessary) in connection with its services, such as to regulatory authorities, partners or advisors; or • to related entities of the Group overseas, including in the UK, Canada and New Zealand, but in all such cases in accordance with the AAPs.
Examples of services provided by external service providers include mailing houses, payment processors, archiving services, research organisations and consultants who conduct research on behalf of the Group so it can better meet the needs of clients and staff. If the Group engages external service providers, it will take reasonable steps to ensure those entities comply with their obligations under the APPs when they handle your personal information. The Group will also ensure external service providers are only authorised to use personal information for the limited purposes specified in the Group’s agreement with them. The Group will also take reasonable steps to ensure that any overseas related entities or service providers comply with the applicable sections of the APPs in relation to how your personal information is held, managed and accessed.
Employee Information
The Group may collect the following personal information about an individual employed (Employee) by a client (Employer) of the Group member: • name and address; • email address • date of birth; This information may include sensitive information (including information relating to an employee’s health or ethnic origin). Any information about Employees will be collected and stored at the request of, and with the consent of, the Group’s clients. Clients may collect, store, use and disclose this information for the purpose of staff administration and management, equal opportunities monitoring and other employment related matters. The Group’s staff may also use information collected in the provision of its services. An Employee’s personal information will only be used for purposes related to (or in the case of sensitive information, directly related to) providing the services, or as otherwise authorised, required or permitted under law, or for another purpose to which the employee consents. The Group will not disclose any Employee’s personal information to third parties without consent from the Employee, unless such disclosure is to an appropriate authority, government body, regulator, law enforcement agency or other party required, authorised or permitted under law. Employees may request copies of their personal information, request amendments to their information and make a complaint in accordance with this Privacy Policy.
Access and amendment requests
If you wish to obtain access to any personal information that the Group has collected about you, please make a request in writing to the Group’s Business Risk Officer compliance@wisdomwellbeing.au. A reasonable fee may apply for the provision of this information (ordinarily, an electronic print out or photocopy). Identification will be requested for security purposes. The Group will take reasonable steps to make sure that any personal information it collects, uses or discloses is accurate, complete and up-to-date. If you believe that any information held by the Group is inaccurate, incomplete, out of date, irrelevant or misleading, please contact the Group’s Business Risk Officer at compliance@wisdomwellbeing.au. Request for access and/or amendments will be responded to within a reasonable period of time in accordance with the APPs. The Group will notify the Employer if the Group receives a request from an Employee. The Group may refuse a request for access or amendment to personal information in the circumstances outlined in the APPs. If access is refused, the Group will provide you with a written reason for the refusal.
Complaints
If you have any complaints about the Group’s dealings with your personal information, including any breaches by the Group of the APPs, please email the Group’s Business Risk Officer with: (a) details of your complaint including relevant dates and names of third parties (if any); and (b) provide any relevant documents or correspondence. The Group will acknowledge receipt of your complaint within two days and investigate the issue. The Group will advise you in writing of the outcome of the investigation within a reasonable period of time in accordance with the APPs. If you are not satisfied with the outcome, the Group will advise you of further options including, if appropriate, review by the Privacy Commissioner within the Office of the Australian Information Commissioner (see http://www.oaic.gov.au/ for further information).
Storage and Security of Personal Information
The Group takes all reasonable steps to ensure that personal information is kept secure and protected against unauthorised access, modification or disclosure and from misuse, interference and loss. Any information which the Group holds is stored on secure servers, either in Australia and/or overseas (UK, Canada and New Zealand) that are protected in controlled facilities. Only certain authorised employees of the Group and/or contractors who provide services in relation to its information systems will have access to the secure servers. Although the Group have put in place certain checks and measures in relation to system security, the Group cannot guarantee that data transmitted over the internet will be 100% secure. The Group will not be responsible for the security of information you send to, or receive from the Group, over the internet. In the event of a data breach, the Group is committed to complying with the requirements of all the Privacy Laws and where required, the provisions of the General Data Protection Regulation.
Data Retention
The Group retains information you provide to it and information which it collects about you, including personal information, for as long as the Group continues to provide services to you. The Group will retain all information relating to services provided to clients for a minimum of seven years after the date that a client ceases to use its services.
Wisdom App
During registration with the Wisdom App, we collect your name, gender, phone number, date of birth and email address. This will enable Wisdom Wellbeing to administer the Wisdom app.
When registering for the Wisdom app, users are informed about our Terms and Conditions and Privacy Policy at the point of registration and no data is stored until the user agrees to the Terms and Conditions.
The Wisdom app also allows users to submit additional data through the Enquiry Form or Live Chat functions. This will be sent directly to wisdom Wellbeing for the purpose of administering the requested services. This data is collected for the purpose of providing the services and will then be securely stored in our CRM and retained in line with our retention policy.
To ensure functionality and user administration the organisation that provides you with access to the app (such as your employer) and the app developer, have access to limited app usage data. This allows them to see your registration details in order to confirm that the intended users are able to access the resource. Neither will be able to see how you have used the app or what content has been accessed.
Wisdom does not use tracking software to collect data about the users or their online actions. The information contained in the ‘Health Trackers’ feature of the app (i.e. user’s steps, sleep, weight etc.) is retrieved from Apple Health application for iOS and Google Fit for Android devices and displayed within Wisdom, on the Health Hub & Health tracker screens. Users must give the device permission before the app can access this data from the Apple Health or Google Fit. Wisdom's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Other permissions required in order to access certain features are:
A. permission to send the user push notifications B. permission to access camera, camera roll and saved pictures to upload a profile picture to the app C. permission to access the camera for biometric login.
Wisdom Wellbeing will not share your personal data with any third parties without your consent. Wisdom Wellbeing do, however, collect anonymised usage information and statistics for the purposes of monitoring app and web site use. This helps us develop our service and show utilisation to the contract holder.