(a) In this Privacy Policy, (together, we, our, or us) means Shriz Pty Ltd ACN 151 348 739 as trustee for the Shriz Family Trust.

(b) We understand that your privacy is important to you and we are committed to respecting your privacy. This Privacy Policy sets out how we will collect, use, store and disclose your personal information.

(c) By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us.

 2.1 Personal information 

(a) We may collect the following types of personal information about you: 

(i) your name; 

(ii) your mailing or residential address; 

(iii) your email address; 

(iv) your telephone number and other contact details; 

(v) your age or date of birth; 

(vi) gender;

(vii) your position, job role and typical duties performed at work, industry and organisation;

(viii) personal information you provide to us through completing our subjective assessments, questionnaires, surveys or forms; or 

(ix) any other personal information that may be required in order to facilitate your dealings with us. 

(b) We will endeavour to collect information from you directly, rather than from third parties such as your employer, unless it is unreasonable or impractical to do so. 

2.2 Health information 

In addition to collecting your personal information, we may collect the following types of sensitive information (including health information) about you: 

(a) information or opinions about your health, including about any illness, disability or injury you have, may have had in the past, or may have in the future; 

(b) information about your physical health and wellbeing; 

(c) diagnosis of your injury

(d) whether your injury was sustained at work;

(e) information about your progress to recovery from any injury or health problem; 

(f) information or an opinion about what health services you may want or need to receive in the future, whether or not these services relate to injuries / health problems which you disclose to us; 

(g) the physiotherapy and associated services we are, have, or may provide to you; and 

(h) information we collect by providing you with physiotherapy and associated services, or which we need to collect to provide you or your employer with physiotherapy and associated services. 

2.3 Time of collection 

(a) We may collect your personal information and health information when: 

(i) you complete a questionnaire, survey or form provided by us; 

(ii) communicate with us in any way, including in person or by email; 

(iii) you attend with us for a consultation or assessment; 

(iv) we provide you with physiotherapy and associated services; or 

(v) your employer notifies us to provide our services to you, or to its employees/ contractors more generally, in which case we may collect such information about you from your employer and its medical staff. 

(b) Where we collect personal information from a third party, such as your employer, and the information is reasonably necessary for our functions or activities, we will notify you as soon as practicable that we have collected the information in accordance with this Privacy Policy. 

2.4 Voluntary collection 

(a) We collect information from you on a voluntary basis. You are not under any obligation to provide information to us. 

(b) We may collect your personal information (including from your employer) where it is reasonably necessary for our functions.

(c) If we do not collect your personal and health information, we may not be able to provide our physiotherapy and associated services to you and your employer. Depending upon the circumstances, we either might not be able to provide our services at all, or only partly provide our services. 

2.5 Who collects your information 

We use subcontractors to provide physiotherapy and associated services on our behalf to you and your employer. We will disclose your personal and health information to our subcontractors so that they can provide these services. Our subcontractors will disclose to us (and we will collect) your personal and health information that they collect. We require our subcontractors to comply with the Australian Privacy Principles and any other applicable privacy laws when collecting and handling your personal information. 

We may collect, hold, store, use and disclose your personal information and health information for the following purposes (collectively, the Primary Purposes): 

(a) to provide you with physiotherapy, health intervention, injury prevention and associated services; 

(b) to provide advice to third parties, including your employer, WorkSafe Victoria and WorkCover Victoria or to workplace injury legislation in your state or the equivalent agency or organisation in your state of residence (if relevant), in relation to: 

(i) your employment; 

(ii) providing and maintaining a safe and healthy work environment; 

(iii) injury prevention; 

(iv) injury rehabilitation; and 

(v) complying with occupational health and safety requirements; 

(c) for any other purpose set out in the consent and collection notice that applies as part of your interaction with us; 

(d) to provide information to your employer: 

(i) to your employer on a personally identifiable and individual level with details of our assessment of both workplace and non-workplace related injuries (including your name, injury type and whether treatment is required) as well as via anonymised and aggregated reports (containing statistics on types of injuries sustained in the workplace); 

(ii) to registered medical practitioners (that are employed or contracted by your employer) on a personally identifiable and individual level (through our website or via detailed reports regarding your return to work). This includes specific information regarding any injury you may have told us about and your progress to recovery; 

(iii) where required to effectively communicate with other persons including legal advisers, insurers, and other professional advisers or consultants of your employer or to other persons as required, authorised or permitted by law; or

(iv) where permitted under the law to our external service providers such as entities that process and store our data.

(e) to improve our services, educational materials and customer experience; and 

(f) to provide data analytics and reporting services to your employer. 

(a) You may elect to remain anonymous or use a pseudonym in your dealings with us. For the sake of clarity, we request that you do so in writing. Please note that it may be difficult for us to provide physiotherapy and associated services to you if you remain anonymous. 

(b) You may also choose to remain anonymous or use a pseudonym for any information that we disclose to your employer (as set out in this Privacy Policy). 

We may disclose your personal information, and health information (where relevant) to: Privacy Policy | Page 4 of 6 3445-4981-3518, v. 4 

(a) our employees, subcontractors and related bodies corporate; 

(b) anyone to whom our assets or businesses (or any part of them) are transferred; 

(c) specific third parties authorised by you to receive information held by us; 

(d) to our legal advisers, insurers, IT service providers, and other professional advisers or consultants (and we will ensure, as far as possible, these people are bound by confidentiality and privacy obligations); 

(e) to the legal advisers, insurers, IT service providers, and other professional advisers or consultants of your employer if reasonably required for their purposes; and / or 

(f) other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law. 

6.1 Personal information 

We may use and disclose personal information for the purpose for which it was collected, including the Primary Purposes listed above, or a related purpose (as permitted by law), in circumstances including where you provide consent or would reasonably expect us to use or disclose the information for that purpose. 

6.2 Health information 

If you provide consent, or would reasonably expect the use or disclosure, we may also use or disclose your health information for a purpose directly related to the Primary Purposes. 

(a) We may disclose your personal information and health information to our IT server providers located both inside and outside of Australia for storage, processing or transferring between parties or websites located both inside and outside Australia. 

(b) These server providers include, but are not limited to, Salesforce and ‘BxC’ (or Business Experience Consulting), who provide web hosting solutions which allow us to deliver our services to you. 

(c) We may disclose your personal information and health information to your employer, in any country in which your employer operates. 

(d) By providing your personal information and health information to us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information and health information in compliance with Australian Privacy Law. We will take reasonable steps to ensure that any overseas recipient will deal with such personal information and health information in a way that is consistent with the APPs. 

(a) We may hold your personal information and health information in either electronic or hard copy form. We will take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. 

(b) You acknowledge that you submit information to us at your own risk. We cannot and do not warrant the security of such information. There is no guarantee that such information will not be accessed, disclosed, altered, or destroyed by a breach of any of our security safeguards. 

(c) To the extent that it is legal and reasonable to do so in the circumstances, where we no longer require your information we will destroy the information or ensure it is de-identified. 

9.1 Access 

(a) You can access the personal information that we hold about you by contacting us using the below contact details. We will respond to your request within a reasonable period. 

(b) We will provide you with access to your information if it is reasonable and practicable to do so in the circumstances. We may charge you a reasonable fee for accessing your information. 

(c) If we cannot provide you access to all of your information for some reason, we will give you information about why. 

(d) We may require you to verify your identity when you request your personal information. 

9.2 Correction 

(a) We will take reasonable steps to ensure your information is accurate and not misleading in the circumstances. 

(b) If you think that any personal information that we hold about you is not correct, please contact us and we will take reasonable steps to ensure that it is corrected. We will respond to your request within a reasonable period, and we will not charge you a fee for correcting your information. 

(c) You may request that we notify third parties we had disclosed your information to of any corrections. To the extent it is reasonable and lawful to do so, we will take reasonable steps to comply with your request. 

(d) If we cannot correct your information, we will tell you why. Where we cannot correct your information, you may request that we associate a note with the information which informs anyone who accesses the information that it is inaccurate, out of date, incomplete, irrelevant, or misleading. If you make this request, we will take reasonable steps to ensure the statement is apparent to users of the information. Privacy Policy | Page 6 of 6 3445-4981-3518, v. 4 

(e) If you are not satisfied with our reasons for not correcting your information, we will provide you with information about the further steps you can take. 

(a) If you think we have breached the Privacy Act, including the APPs, or you wish to make a complaint about the way we have handled your personal information or health information, you can contact us using the below contact details. 

(b) Please include your name, email address and / or telephone number and clearly describe your complaint. We will do our best to respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take. 

We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of the terms of our current Privacy Policy. 

For further information about our Privacy Policy or practices, or if you need to contact us, please email us at strategichealthconsultancy@gmail.com. We will help you contact any of our subcontractors if necessary. 

Effective: October 2022