top of page

Privacy Policy

​Last Updated: 1 March 2025

​

1. Introduction

 

PERMA Recovery Pty Ltd (ABN 675 827 602) (referred to in this document as “PERMA Recovery,” “we,” “us,” or “our”) is committed to protecting the privacy of personal information in accordance with the relevant laws and principles that govern the handling of personal information in Australia.

​

We provide workplace rehabilitation and support services exclusively in workers’ compensation, Compulsory Third Party (CTP), and life insurance matters within New South Wales.
 

This Privacy Policy explains how we collect, use, disclose, store, handle, and protect your personal information. It also describes your rights to access and correct your personal information and to make a complaint if you believe we have breached any privacy obligations.

 

By engaging with us, or by otherwise providing your personal information to us, you acknowledge that you have read and understood this Privacy Policy.

 

2. Relevant Legislation & Principles

 

We comply with the following privacy laws and standards:

  • Privacy Act 1988 (Cth)

  • Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)

  • Australian Privacy Principles (APPs)

  • Health Records and Information Privacy Act 2002 (NSW)

 

These set out the rules for how we collect, use, store, and disclose personal information.

 

3. What Is “Personal Information”?

 

Under the Privacy Act 1988 (Cth), “personal information” is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and recorded in any form or not.

Some types of personal information are further classified as “sensitive information,” which includes health information, religious beliefs, racial or ethnic origin, and other sensitive details. Sensitive and health information are subject to higher standards of protection under the Privacy Act.

 

4. Collection of Personal Information

 

4.1 Types of Information We Collect

The personal information we collect will depend on the nature of your interaction with us and the requirements of our service. This may include, but is not limited to:

  • Identification & Contact Details: Full name, date of birth, address, phone number(s), and email address.

  • Employment Details: Work history, current employment status, and position description where relevant to your rehabilitation or claims process.

  • Health & Medical Information: Medical history, treatment details, rehabilitation progress, and any functional capacity evaluations that are directly relevant to your workplace injury or claim.

  • Insurance & Claim Details: Information about your claim (e.g., workers’ compensation claim numbers, CTP policy details, life insurance policy information).

  • Financial Details: May be collected as necessary for processing reimbursements or related matters.

 

We will only collect sensitive information if it is directly related to, or reasonably necessary for, our functions or activities—specifically the delivery of rehabilitation, workplace health, and injury-management services within NSW.

​

4.2 How We Collect Information

Where possible, we will collect personal information directly from you. We may collect information through:

  • Telephone or in-person consultations and assessments

  • Electronic platforms (email, video conferencing, and secure online forms)

  • Written forms and questionnaires

  • Correspondence from your treating health professionals, employer, or insurer (where appropriate consent has been obtained)

 

In certain circumstances, we may also collect personal information about you from third parties, such as:

  • Insurers (e.g., workers’ compensation insurers, life insurers, or CTP insurers)

  • Employers or former employers, for the purpose of understanding your pre-injury duties and facilitating return-to-work services

  • Treating health and medical professionals (e.g., general practitioners, specialists, allied health providers)

 

We will take reasonable steps to ensure you are aware of the purpose for which we collect such information and the main consequences (if any) of not providing it.

 

4.3 Consent

Where required by law, we will seek your consent before collecting, using, or disclosing sensitive information (including health information). Consent is typically sought in writing, but in certain circumstances, verbal consent may be obtained and documented.

​

4.4 How We Protect Your Personal Information

We may store your personal information in hard copy or electronic format. To safeguard your personal information, we have in place a range of policies and procedures to ensure its protection. We will destroy, erase or de-identify any personal information that is no longer required for any purpose described in this Privacy Policy or under any applicable laws.

 

5. Use & Disclosure of Personal Information

 

5.1 Primary Purposes

 

We collect, use, and disclose personal information primarily to:

  1. Provide Rehabilitation & Return-to-Work Services:

    • Assess and monitor your injury, disability, or condition.

    • Coordinate return-to-work plans or ongoing functional upgrades.

    • Liaise with relevant stakeholders (e.g., insurers, employers, treating health practitioners) to ensure appropriate support.

  2. Comply with Legal and Regulatory Obligations:

    • Fulfill obligations under NSW workers’ compensation and CTP legislation.

    • Provide required data to relevant authorities, such as the State Insurance Regulatory Authority (SIRA) or other NSW regulatory bodies, if mandated.

  3. Administration & Management:

    • Manage and coordinate billing and payments.

    • Respond to enquiries or complaints.

    • Ensure quality assurance, compliance, and risk management.

 

5.2 Disclosure to Third Parties

We may disclose your personal information to third parties in connection with the services we provide, including:

  • Insurers: Workers’ compensation, CTP, or life insurers involved in your claim.

  • Employers: To facilitate return-to-work planning and coordinate any workplace adjustments.

  • Health Professionals: Treating doctors, physiotherapists, psychologists, or allied health providers involved in your care.

  • Legal or Regulatory Bodies: Where disclosure is required or authorized by law (e.g., in response to subpoenas, court orders, or regulatory investigations).

  • Service Providers & Contractors: External providers who assist us with IT support, data storage, or other administrative services. These providers are bound by contractual obligations that enforce privacy and confidentiality.

 

We do not disclose personal information to parties outside the scope of workers’ compensation, CTP, and life insurance matters in NSW, unless we have your consent or are otherwise legally permitted or required to do so.

 

5.3 Overseas Disclosure

PERMA Recovery does not routinely send personal information outside Australia. If an overseas disclosure is necessary for the provision of our services or to fulfil contractual or legal obligations, we will take reasonable steps to ensure the overseas recipient complies with Australian privacy laws or equivalent standards.

 

6. Data Quality & Security

 

We take reasonable steps to protect the security of your personal information. These steps include:

  • IT & Network Security: Secure servers, firewalls, encryption, and unique user IDs/passwords.

  • Access Controls: Limiting staff access to personal information strictly to those who require it for the provision of services.

  • Physical Security: Securely storing any physical documents containing sensitive data and disposing of them using secure methods.

  • Retention & Destruction: Retaining personal information only for as long as it is needed or required by law, and securely destroying or de-identifying it when no longer needed.

 

Despite our efforts, the internet is not a completely secure environment. We cannot guarantee the absolute security of any information transmitted to or from us online. You transmit and receive information at your own risk.

 

7. Access & Correction

 

You have the right to request access to, and correction of, any personal information we hold about you. If you believe any information we hold about you is inaccurate, incomplete, or out-of-date, please contact us (see Section 10 below).

 

In certain circumstances, we may refuse or limit access where:

  • Providing access would pose a serious threat to the life, health, or safety of any individual.

  • The information pertains to existing or anticipated legal proceedings.

  • Providing access would be unlawful.

  • Denial of access is authorised by law.

 

If we refuse access, we will provide you with written reasons for the refusal (unless it would be unreasonable to do so).

 

8. Anonymity & Pseudonymity

 

Where lawful and practicable, you have the option of not identifying yourself or using a pseudonym when dealing with us (e.g., making a general enquiry). However, in most circumstances relating to our workers’ compensation, CTP, and life insurance services, it will be impracticable for us to provide support or services if we cannot identify you.

 

9. Use of Our Website & Privacy 

When you use our website, PERMA Recovery may collect the personal information that you have provided. We use network tools to identify your web browser, this may include the use of cookies and other technologies. Cookies assist in enhancing your browsing experience. Cookies do not reveal your email address; however, we may record this if you transmit it to us electronically in an email message or through a web form. 

 

 

10. Complaints & Enquiries

 

If you have any questions, concerns, or complaints about how we manage your personal information, please contact us using the details in Section 10 below.

 

We take privacy-related complaints seriously. Upon receiving a complaint, we will:

  1. Acknowledge receipt of the complaint as soon as practicable.

  2. Conduct an investigation into the issues raised.

  3. Provide a written response within a reasonable time (typically 30 days).

  4. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner.

​​

 

12. Changes to This Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in legislation or our practices. Any updated version will be posted on our website with the date of the most recent revision. We recommend checking our website periodically to stay informed about how we handle your personal information.

​​​

​

​

​

We encourage you to contact us if you have any questions about this Privacy Policy or if you wish to access or correct your personal information.

bottom of page