Privacy Policy

1. About our Privacy Policy

Lawson Risk Management Services (“we”, “us” or “our”) recognises the importance of privacy and is committed to protecting the privacy of individuals when handling their personal information. Our staff have been provided with privacy training and all new staff employed by us will partake in privacy training as part of their induction process.

We handle personal information for purposes relating to our business operations and activities this includes; providing products and consulting services in the areas of Self-Insurance, Workers Compensation Claim Management and Work Health & Safety.

Our Privacy Policy outlines how we handle personal information in an open and transparent manner in accordance with the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988 (“Privacy Act”).

By providing us with your personal information you consent to us handling it in accordance with our Privacy Policy. If you provide us with any personal information about another individual then we rely upon you to inform him or her of the details contained in our Privacy Policy.

In addition to the Privacy Laws and the Australian Privacy Principles, we are also required to comply with the relevant sections of the Return to Work SA Act (2014) and other associated legislations with respect to the collection, holding, use and disclosure of your personal information relating to the management of workers compensation claims.

We collect, hold, use, and disclose personal information and, in some cases, sensitive information about you such as health information, in order to carry out our business operations and to comply with our regulatory obligations in the area of Workers Compensation Claim Management.

This use may include the disclosure of your personal information to service providers and other third parties where reasonably necessary to assist in the management of workers compensation claims.

Interpretations

“APPs” means the Australian Privacy Principles contained in the Commonwealth Privacy Act 1988.

“personal information” means information or an opinion about an identified individual or an individual who is reasonably identifiable. Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.

“sensitive information” means personal information about an individual’s health (including information collected to provide, or in providing, a health service), genetics, biometrics, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record.

“business operations and activities” means an employee and or group within our business that provides our products and consulting services in the areas of Self-Insurance, Workers Compensation Claim Management and Work Health & Safety to our client base.

“primary purpose” means the purpose for which Personal Information is collected.

“secondary purpose” means a purpose other than the Primary Purpose of collection.

2. Privacy consents by customers and/or clients under 18

The Privacy Act does not specify an age when individuals can make their own privacy decisions. As a general rule, a customer and/or client under the age of 18 has capacity to consent when he or she has sufficient understanding and maturity to understand what is being proposed. However, it will be necessary for a parent or guardian to consent on behalf of a customer and/or client who lacks the maturity or understanding to do so himself or herself.

Where it is not practicable or reasonable for us to assess the capacity of our customers and/or clients on a case-by-case basis then we will presume that customers and/or clients aged 16 or over have capacity to consent and customers and/or clients aged under 16 do not to have such capacity unless there is something to suggest otherwise.

3. Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information for purposes relating to our business operations and activities. For example, we may collect, hold, use or disclose your personal information for one or more of the following purposes:

  • Providing you with our products or services.
  • Carrying out our business operations and activities.
  • Complying with our legal or regulatory obligations.
  • Your attendance at or participation in our functions, activities or events.
  • Managing our customer / client relationship with you.
  • Providing you with information about our products, services, functions, activities or events.
  • Evaluating or improving our products, services, functions, activities or events.
  • Marketing or promoting our products, services, functions, activities or events.

4. What kinds of personal information we collect

The kinds of personal information about you that we may collect and hold would include, but not limited to your:

  • Personal details including name, address, email, telephone gender, and age.
  • Identity information including date of birth and driver’s licence details.
  • Business references, including Australian Business Numbers.
  • Payment information including bank account details and credit card details.
  • Product and service information including purchase & payment history.

If we are not provided with the personal information about you which we request then we may not be able to provide you with our products or services and you may not be able to attend or participate in our functions, activities or events.

We will not collect any sensitive information about you without your consent unless we are required to do so to enable us to carry out our business operations and activities, to comply with our regulatory obligations or authorised by law to collect the information.

Sensitive information includes information about a person’s health, biometrics, genetics, ethnic background, religious beliefs, religious affiliations, philosophical beliefs, professional memberships, trade memberships, political memberships, political opinions, sexual preferences or criminal record.

What kinds of website visitor information we collect

We also collect and hold information about visitors to our websites; www.lawsonrisk.com.au and www.expresswhs.com.au (“Website”) using a range of third party tools including cookies and session tools.

For example, when you visit our Website we may collect your;

  • server address, domain name, operating system, browser type, pages accessed, documents downloaded, previous visits, referring website and visit date and time.

We collect and hold this information for the purpose of maintaining and improving our Website and enhancing your experience browsing our Website.

You may set your browser to disable cookies but some parts of our Website may not function properly if cookies are disabled. Our Website does not set tracking cookies if a Do Not Track request is received from your browser.

5. How we collect personal information

We usually collect personal information directly from you in person or when you communicate with us by form, letter, telephone, facsimile, email, via our websites or other means.

For example, we may collect your personal information directly from you when:

  • You request us to provide you with our products or services.
  • You request us to provide you with information about our products, services, functions, activities or events.
  • You request us to provide you with assistance or support for our products or services.
  • You attend or participate in our functions, activities or events.
  • You complete a survey or provide feedback in respect of our products, services, functions, activities or events.
  • You subscribe to receive news or other information about our products, services, functions, activities or events.
  • You enter our competitions or promotions.
  • We may also collect your personal information from a third party or a publicly available source for the purpose of carrying out our business operations and activities.

For example, we may collect your personal information from:

  • Your authorised representatives in connection with providing you with our products or services or your attendance at or participation in our functions, activities or events.
  • Our service providers that assist us to carry out our business operations and activities including our information technology providers and credit report providers.
  • Government departments and agencies in connection with carrying out our business operations and activities.

6. When you will have the option of not identifying yourself

We will give you the option of not identifying yourself or using a pseudonym when dealing with us in relation to a particular matter except where it is impracticable or unlawful for us to do so.

For example, you may not need to identify yourself when you request that we provide you with general information about our products, services, functions, activities or events.

How we handle unsolicited personal information

If we receive any of your personal information that we have not requested then we will determine within a reasonable time whether or not we could have collected the information.

If we determine that we could not have collected the information then we will destroy or de-identify the information as soon as reasonable practicable but only if it is lawful and reasonable to do so.

7. How we disclose personal information

We will use and disclose your personal information for the primary purpose to which it was collected for. We disclose personal information to third parties for the purpose of carrying out our business operations and activities. For example, we may disclose your personal information to:

  • Your authorised representatives in connection with providing you with our products or services or your attendance at or participation in our functions, activities or events.
  • Our service providers that assist us to carry out our business operations and activities including our customer support providers, information technology providers, printing and mailing providers, sales and marketing providers, credit report providers, billing providers, debt recovery providers and professional and legal advisers.
  • Our related companies, agents, partners, affiliates and other trusted entities that assist us to carry out our business operations and activities.
  • Government departments and agencies in connection with carrying out our business operations and activities.

We will not use or disclose your information for another purpose (secondary purpose) unless:

  • You consent to the use or disclosure of the information for the secondary purpose;
  • You would reasonably expect the use or disclosure of the information for the secondary purpose which is directly related to the primary purpose of collection;
  • it is unreasonable or impracticable to obtain your consent to the use or disclosure of the information and we reasonably believe that the collection, use or disclosure of the information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety; or
  • We have obtained prior written approval from our Privacy Officer to use or disclose the information for the secondary purpose where required to comply with our regulatory obligations or authorised by law.

We will not disclose your personal information to any other third parties without your consent except to comply with our regulatory obligations or authorised by law.

For example, we will not sell, trade or rent your personal information to any third party for marketing purposes without your consent.

We will not disclose your personal information to any third parties located outside of Australia unless;

  • Our Privacy Officer states that he or she reasonably believes that the overseas recipient is subject to a law or binding scheme that protects the information in a substantially similar way to the way in which the APPs protect the information and the individual concerned can take action to enforce that protection;
  1. If we are likely to disclose the information to any overseas recipients – we will specify the countries in which such overseas recipients are likely to be located where practicable.
  2. The individual concerned has consented to us disclosing the information to the overseas recipient without taking such steps; or
  3. We have obtained prior written approval from our Privacy Officer to disclose the information to the overseas recipient where required to comply with our regulatory obligations or authorised by law.

8. How we use personal information for direct marketing

We may use your personal information to provide you with news or other information about our products, services, functions, activities or events that may be of interest to you. In each communication we will describe how you may at any time request to unsubscribe or opt out and not receive any further communications from us. We will give effect to your request not to receive any further communications from us as soon as practicable.

9. How we hold and protect personal information

We hold personal information that we collect in both physical and electronic storage facilities including; paper-based files, computer servers, desktop and laptop computers, tablets, mobile phones, cameras and other portable data storage devices.

We protect personal information that we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure using both physical and electronic security measures which include; secure premises, physical access restrictions, locked cabinets, secure databases, password access, anti-virus software, data encryption and firewalls.

If we hold any personal information that we no longer need for any of our purposes then we will take reasonable steps to destroy or de-identify the information unless we are required by our regulatory obligations or law to retain the information.

10. How you may access and correct your personal information

You have the right to request access to, and correction of, any of your personal information that we hold. You should promptly notify us if you become aware that any of your personal information that we hold is inaccurate or out-of-date.

We will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up-to-date.

We will give you access to your personal information in the manner that you request if it is reasonable and practicable to do so. If we decide not to give you access to your personal information then we will give you written reasons for our decision.

If you wish to access, correct or update any of your personal information that we hold, please contact our Privacy Officer in writing using the contact details below. You will be required to verify your identity before you will be permitted to access, correct or update any of your personal information that we hold.

11. How to make an enquiry or complaint

If you have an enquiry or complaint about our handling of your personal information, please contact our Privacy Officer in writing using the contact details below.

A complaint about our handling of your personal information should first be made in writing to our Privacy Officer setting out details of your complaint. Our Privacy Officer is responsible for dealing with all enquiries and complaints about our handling of personal information and will respond within 30 days after receiving an enquiry or complaint.

If you are not satisfied with our response to your complaint then you may take your complaint to the Office of the Australian Information Commissioner which may be contacted using the following contact details:

Office of the Australian Information Commissioner
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au
Address: GPO Box 5218, Sydney, NSW 2001

12. How we update our Privacy Policy

We may update our Privacy Policy from time to time to take into account changes in our information handling practices by publishing an updated version of our Privacy Policy on our Website.

You should regularly review the most recent version of our Privacy Policy available on our Website.www.lawsonrisk.com.au

13. How to contact us

You may contact our Privacy Officer using the contact details below:

Privacy Officer, Michelle Harris
Phone: 08 8210 2806
Email: privacy@lawsonrisk.com.au