top of page
Knowledge Website Banner

Privacy and Data Collection Policy

Last Updated: April 2025

Policy Statement and Purpose

At Health Generation, we are committed to safeguarding the privacy and security of all personal and sensitive information that we collect, hold, use, and disclose in the course of our operations.​

 

We are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and we adopt best practice standards to ensure compliance with relevant legislation and maintain trust with all stakeholders.

 

This policy outlines how Health Generation manages personal information to deliver services effectively, meet legal obligations, and ensure the privacy and security of data entrusted to us.

Scope

This policy applies to all persons and entities engaging with Health Generation, including:

  • Aged care providers and their employees;

  • Older persons receiving aged care services;

  • Their nominated representatives, carers, and family members;

  • Prospective employees and contractors;

  • Visitors to our website;

  • Event attendees and interested parties; and

  • Any individual who provides personal information to Health Generation.

Definitions

Personal Information: Information or opinion about an identifiable individual.

Sensitive Information: Includes health, racial or ethnic origin, sexual orientation, religious beliefs, criminal record, and biometric data.

APPs: Australian Privacy Principles under the Privacy Act 1988.

OAIC: Office of the Australian Information Commissioner.

AN-ACC: Australian National Aged Care Classification.

Types of Personal and Sensitive Information Collected

Clients (Aged Care Providers)

We may collect:

  • Names and contact details;

  • Older Person data;

  • Aged Care Assessment Team (ACAT) records;

  • Residency agreements;

  • Photographs (for inclusion in reports).

Older Persons and their Representatives

Information may include:

  • Name, date of birth, and contact details;

  • AN-ACC classification;

  • Care Plans, Progress Notes, Medication Charts;

  • Incident forms, mandatory reporting documentation;

  • Health, financial and clinical information;

  • Cultural, spiritual, and identity-related data (where relevant to service delivery).

Employees and Contractors

We collect:

  • Employment history and references;

  • Immunisation and health fitness records;

  • Police checks, working with children clearances;

  • Superannuation, tax file number, and bank details.

Website Users

Cookies and analytic tools may collect:

  • IP address, browser type, visit times;

  • Pages visited and interactions;

  • Email addresses via newsletter or contact forms.

Event Attendees and Enquiries

We may collect:

  • Name, occupation, email, and phone number;

  • Source of enquiry (e.g. events or third-party lists).

How Information is Collected

Information is collected:

  • Directly from individuals (via forms, interviews, interactions);

  • From aged care provider clients;

  • Through website usage (cookies, forms);

  • From referees, background checks, and public databases;

  • Via consented third-party data sharing.

Use and Disclosure of Information

We use personal information to:

  • Provide aged care consultancy services;

  • Assess, improve, and report on aged care delivery;

  • Recruit and manage personnel;

  • Respond to enquiries and improve our offerings;

  • Fulfil legal, regulatory, or contractual obligations;

  • Promote our services (with consent or opt-out available).

We may disclose information:

  • To aged care providers and their staff;

  • To subcontractors or service providers;

  • To government departments or regulatory bodies;

  • Where required or authorised by law;

  • In emergencies or to lessen serious threats to life or safety.

We do not sell personal information and do not disclose data outside of Australia unless legally compliant and with appropriate safeguards.

Storage and Security of Personal Information

Health Generation holds personal information in both electronic and paper-based records and implements a range of physical, technical, and administrative safeguards to protect this information.

We take all reasonable steps to protect personal data from misuse, loss, unauthorised access, modification, or disclosure. However, please be aware that no method of electronic communication is entirely secure, and Health Generation cannot guarantee the security of any personal information transmitted to us via the internet. Once we receive your information, we apply our robust internal controls to protect it.

If personal information is no longer required for the purpose for which it was collected, it is securely destroyed or de-identified in accordance with our data retention and destruction protocols.

Cybersecurity Tools and Technologies

To enhance our digital security and safeguard personal information, Health Generation employs industry-leading tools, including:

  • CrowdStrike Falcon – for endpoint detection, real-time threat intelligence, and proactive threat mitigation.

  • NinjaOne – for remote monitoring, patch management, and secure IT administration.

  • Bitdefender – for advanced antivirus and malware protection across all endpoints and systems.

These tools enable us to detect, prevent, and respond swiftly to cyber threats, ensuring a resilient and secure IT environment.

Additional Safeguards

Health Generation also uses modern data protection measures, including:

  • Firewalls, data encryption, and secure servers;

  • Role-based access controls and authentication protocols;

  • Regular audits, patching, and system updates;

  • Secure physical storage for paper-based records.

All personal information is stored securely in Australia. When the information is no longer needed, it is either de-identified or destroyed in a secure and compliant manner.

Access and Correction

You may request access to, or correction of, your personal information by contacting our Privacy Officer. We will respond within a reasonable timeframe (generally 30 days) and may charge a reasonable fee for access. Requests may be refused in limited circumstances, such as legal constraints or threats to safety.

Anonymity and Pseudonymity

Where lawful and practicable, individuals have the option to remain anonymous or use a pseudonym when interacting with us.

Overseas Disclosure

We do not routinely disclose information outside Australia. If necessary, we will ensure the recipient meets privacy standards equivalent to the APPs and, where practicable, secure appropriate legal agreements.

Complaints and Data Breaches

We take all complaints seriously and will investigate alleged breaches of this policy or the Privacy Act promptly. In the event of a data breach, we will act in accordance with the Notifiable Data Breaches (NDB) scheme by assessing the breach and notifying affected individuals and the OAIC if required.

 

To lodge a complaint or report a breach, please contact:

Privacy Officer

Health Generation

✉️ privacy@healthgen.io

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

📞 1300 363 992

🌐 www.oaic.gov.au

✉️ enquiries@oaic.gov.au

Policy Updates

This Privacy and Data Protection Policy may be updated periodically. The most recent version will always be available on our website.

Facing Challenges in Your
Aged Care Facility? 

Discover how HealthGen.io can provide the solutions you need. Our team specialises in addressing the unique issues faced by aged care homes, offering expert advice and tailored support to ensure your facility excels in care and compliance.

bottom of page