Last updated: 30 October 2024
This policy applies to the collection, retention and dissemination of personal information (whether past, present or future) obtained from individuals in the course of its business and is not limited to clients, their families or significant others.
MeasureUp acknowledges and respects the privacy of individuals and protects the privacy of clients and their families, in line with relevant Commonwealth and State legislation. It is the policy of MeasureUp that information is managed appropriately with regard to collection, security, storage, use and disclosure, as identified throughout all processes.
In abiding by the Australian Privacy Principles (APP’s) and the Freedom of Information Act, MeasureUp aims to provide effective and efficient services, whilst respecting the confidentiality and privacy rights of the organisation’s clients and staff, and clearly demonstrates MeasureUp’ commitment to the wellbeing of all persons.
This Policy pertains to Personal Information and Health Information and excludes information about staff contained in Personnel Records.
MeasureUp considers the collection of relevant, personal data as fundamental to the provision of individualised quality care and relevant to perform our service. Information is collected throughout each phase of health intervention, treatment, and health research initiatives that often extend beyond the client contact. This may be taken in the form of direct contact, telephone enquiries, email, internet & web interactions, surveys and other forms of communication.
Typically, the information collected by MeasureUp includes but is not limited to:
• Names
• Addresses
• Telephone numbers
• Email addresses
• Personal details relating to items such as gender, Date of Birth etc.
• Details of emergency contact details
• Relevant medical, health & exercise histories
This information is only collected from individuals with their prior knowledge and consent and for the primary purpose for which it was collected.
The main purposes for which MeasureUp collects, holds and uses personal information is:
• to provide required services to its clients;
• to send our clients reports and results to them or their GP’s
• in responding to individual requests;
• to be able to maintain contact with clients and duly authorised persons such as doctors and personal trainers;
• provision of online email subscription services i.e. MeasureUp’ email alert service;
• to comply with duties imposed by legislation.
Additionally, MeasureUp may use personal information about individuals in marketing and promoting our services, including email, however individuals always have the opportunity to elect not to receive marketing materials or have their information used by writing/emailing to MeasureUp (info@measureup.com.au).
When visiting MeasureUp’ web site a record is logged capturing the following non personal information:
• the users server address and operating system (e.g. Windows, Mac etc.)
• the users top level domain name (e.g. .com, .gov, .au, .uk etc.)
• the type of browser used
This data is captured for statistical purposes only and enables the enhancement, optimisation and interaction of MeasureUp’ web pages with different systems and web browsers.
At no stage does MeasureUp attempt to identify users or their browsing activities, except in the unlikely event of an investigation by a law enforcement agency exercising its legal authority within the laws of Australia.
Cookies are pieces of information that a website can transfer to your computer when you access information on that site. Cookies can make websites easier to use by storing information about your preferences on a particular website. This information remains on your computer after you close your browser. The only exception being where session specific cookies are used. These types of cookies are used for basic web metrics and only last until the browser is closed.
Individuals can choose to remove or block cookies by changing their settings within their browser – refer to the browsers’ Help feature.
MeasureUp does not disclose personal information to other third parties or organisations unless:
• use and disclosure is required under this policy
• is required or permitted by law
• prior consent has been given by the individual(s) concerned
• to reasonably protect the rights or safety of any member of the public or client(s) of MeasureUp
MeasureUp in the normal course of its operations does not provide personal information to third parties. Any information used for the purposes of research shall be de-identified and limited to items such as age, gender, body composition results or bone density results, and other generic information.
MeasureUp will take all reasonable steps to protect personal information collected, held and stored from misuse, interference, loss and unauthorised access whether it be in electronic or hard copy form. Destruction of personal records is performed in accordance with MeasureUp’ Retention and Disposal of Records procedure. All personal information not actively being used is stored in accordance with the prescribed periods contained within legislative instruments.
The APP’s provide individuals with an enforceable right of access to their information held by MeasureUp. All requests for access to information should proceed through the MeasureUp in writing to info@measureup.com.au. MeasureUp will provide access to personal information held by it to an individual, provided it is authorised to do so, upon request. When making a request to access personal information we will require the individual to provide evidence of their right to access the information, unless otherwise previously provided. MeasureUp will respond to all such requests within 30 days of the date upon which it was made. If MeasureUp refuses to provide an individual with personal information it will do so stating why in writing within the above specified time frame. In providing the information, MeasureUp may also charge a reasonable administrative fee to cover the access or provision of copies of the documentation requested.
We will manage the process of dealing with an actual or suspected Data Breach in accordance with the Notifiable Data Breach (NBD) Scheme pursuant to Part IIIC of the Privacy Act.
An NBD will be considered to have occurred when the following three criteria are satisfied:
Within 30 days of a suspected Data Breach occurring, we will assess the breach to determine if it is likely to cause serious harm, using the NDB Scheme list of relevant matters, including:
We will take all reasonable steps to ensure an assessment is completed within 30 days and a notification submitted to the Office of the Australian Information Commissioner (OAIC).
As soon as is practicable after a Notifiable Data Breach is confirmed, we will provide a statement to each individual whose data was breached or who are at risk, including details of the breach and recommendations of the steps you should take in the circumstances.
Additionally, Where we collect and/or hold Heath Information (within the meaning of section 6 of the Health Records and Information Privacy Act 2002 (Cth) as a result of our contractual relationships with Health Provider Organisations (being those organisations that are a health service provider or that collects, holds or uses health information and are required to comply with the Health Records and Information Privacy Act 2002 (Cth)) (Health Provider Organisations) we will treat Health Information in compliance with the Privacy Act and all applicable State and Territory legislation governing privacy of Health Information. We will only use or disclose health information for the purpose for which it was collected or a directly related purpose that is expected.
In the event of a Data Breach or suspected Data Breach, we will provide the Health Provider Organisation within 14 days of the Data Breach of suspected Data Breach:
The identity and contact details of the relevant client/s of the Health Provider Organisation (if identifiable by us);
Unless otherwise agreed between us and the Health Provider Organisation in writing, we will not identify whether the Data Breach is an NDB in circumstances where we are in possession of Health Information as a result of providing services to a Health Provider Organisation. The Health Provider Organisation will be responsible for making an assessment as to whether the Data Breach constitutes an NDB and to report the NDB in compliance with the NDB Scheme.
We are not otherwise bound by the privacy policies and procedures of Health Provider Organisations unless we have had prior notice of the same and provided written acceptance of those policies and procedures to the Health Provider Organisation.
If you believe information held by MeasureUp is incorrect or out of date please contact us in writing to info@measureup.com.au to have the record amended or corrected.
If you wish to have personal information held about you deleted, we will require this request be made in writing, unless MeasureUp is required to maintain such records as prescribed in legislation or for litigation purposes.
Specific complaints or concerns relating to the handling of personal information may be referred internally to the MeasureUp COO Jarrod Meerkin (info@measureup.com.au) or externally to the New South Wales Privacy Commissioner.
Contact Details
Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001 Tel: 1300 363 992, enquiries@oaic.gov.au
MeasureUpTM uses the power of science to help you improve your health and performance.
MeasureUp Pitt Street Lab:
Level 9/84 Pitt Street
Sydney NSW 2000:
Mon to Fri: 08:00 – 17:15
02 8188 9730
Sign up to our newsletter to receive educational resources and to stay up to date with any news, events, and promotions.
Book easily using our online portal.
MeasureUp Brisbane Lab
Shop 27/76 Doggett St
Newstead QLD 4006
Mon to Fri: 09:00 – 17:00
07 4891 9999