Privacy Policy

The Privacy Act 2001 comprises of 10 National Privacy Principles that set the standard for how private sector organisations are to handle personal information. Corporate Bodies International is committed to complying with this standard.

Privacy & Consent Position Statement

The Privacy Amendment (Private Sector) Act 2000 was passed by Federal Parliament to ensure the protection of an individual’s personal information, held by organisations in the private sector. This Privacy Act comprises of 10 National Privacy Principles that set the standard for how private sector organisations are to collect, use and disclose personal information. It also outlines how information should be securely stored, how attention should be paid to the information’s quality and accuracy and about the need for openness when someone wishes to access their personal information. Corporate Bodies International (CBI) is committed to complying with this standard. As part of this commitment, our Privacy and Consent Policy has been developed to clearly show how we gain a person’s consent to participate and release medical data for the purpose of their Health Assessment/s and how we collect, use, disclose and hold an individual’s personal information (1).

Consent to Participate and Release of Medical Data

Health Assessment participants must give written consent to acknowledge their understanding of the following;

  • That they are participating at their own risk. They acknowledge that they understand there is minor risk of injury when undertaking some of the assessments.
  • That they release their personal health information to be used by CBI to compile an anonymous health report in statistical format. The population report will be forwarded onto company management and cannot be tracked back to an individual. CBI is bound by the Privacy Act 1988 and its amendments.
  • That their health assessment is not a replacement for a thorough medical assessment or regular medical care advised by their General Practitioner (GP). 

Capacity and Consent

If a participant does not have the capacity to consent to a Health Assessment or make decisions about their personal and health information, a nominated/appointed representative (i.e. a family member or friend) or guardian may be required. For the purpose of a minor (person under 18 years of age), Privacy Law states consent is valid if that person can understand both the nature and effect of a proposed action (such as the specific handling of their personal information). CBI ensures consent for all Health Assessment participants is well informed, voluntary, specific and current (2).

Purpose for Collecting Personal and Health Information

CBI only collects personal and health information when it is necessary to carry out its work. We are in the business of providing health services to corporate clients and their staff, individuals and community groups. Our services include but are not limited to;

  • Provision of worksite healthy lifestyle programs
  • Health screenings
  • Health promotion events
  • Workplace health audits
  • Private practice (dietetics and exercise science)


In order to provide such services effectively, CBI needs to collect certain personal and health information. This serves to ensure the health and safety of individuals partaking in its services and assists in determining the type of services it should be providing for corporate clients.

CBI will not collect any personal or health information unless a person has consented to give this information and it is relevant to our work. We will always collect personal information in a non-intrusive, lawful and fair manner.

Type of Information Collected

Personal information that may be requested by CBI includes and is not limited to;

  • Name, address, phone number(s)
  • Date of birth
  • Health information including medical history and health indicators
  • Preference for particular health promotion activities and/or events
  • Feedback on our services


Use of personal and health information

CBI is required to maintain the privacy of an employee’s personal and health information from their employer (and any other person).  Data is released to the employer with prior written consent from the employee for the reporting of progress of results. For example, where CBI is providing rehabilitative services that require progress reporting.

The employee (program participant) can trust that their personal information will be kept confidential as though they were visiting their own General Practitioner.  Although the employer outlays costs for population reporting, the data remains the individual’s property and is held by CBI to ensure the safe handling, privacy and security of such information.

Under no circumstances will CBI provide a program participant’s personal information to their employer (or any other person) without the employee’s prior written consent, unless such disclosure is required by law or to comply with the Privacy Act.

Disclosure of Information


CBI will not provide a program participant’s personal information to any other individual or organisation, unless such disclosure is required by law or to comply with the Privacy Act. Personal information will always be treated with the strictest confidence by contractors who provide services on our behalf. In these cases, we ensure that our contractors are bound by and comply with CBI’s Privacy and Consent Policy.

CBI attempts to collect all personal information directly from the program participant, but may be required to obtain this information from additional sources such as other healthcare providers with their written consent. If they choose not to provide particular information CBI requires to provide our services effectively, we may not be able to deliver the services as intended.

Information Accuracy and Quality 

CBI takes due care to ensure personal information that is collected, used and disclosed is accurate, up-to-date and complete.

Information Storage and Security

CBI maintains physical, electronic and procedural safeguards to protect a program participant’s personal information from disclosure to unauthorised parties and against loss and misuse. All personal information collected and stored in hardcopy form is stored in secure lockable filing cabinets, in a lockable storeroom/office with limited access via keys and/or security cards. Electronically stored information is protected via security passwords, firewalls and virus protection. CBI’s quality system procedures ensure any personal information stored is only accessible by authorised personnel as specified in this Privacy and Consent Policy.

The Privacy Act requires CBI to destroy or permanently de-identify personal and health information, once it is no longer required for the intended service or by law. CBI retains hard and/or soft copy of personal and health information for a minimum of 7 years from the date of last contact (3).

All CBI staff are made aware of the company’s Privacy and Consent Policy. Training is provided to ensure that all staff understand the importance of privacy and how personal information is to be handled in accordance with the National Privacy Principles. Intentional breach of CBI’s Privacy and Consent Policy will result in disciplinary action, including dismissal. CBI may also consider lodging a complaint with the Health Professionals professional association or registration agency, if a breach of their Code of Professional Conduct has occurre

Openness and Access to Information

CBI can make an individual’s personal information available to them upon request. This includes the nature of the personal information we hold about them and for what purpose, as well as how we use, collect, hold and disclose that information.

If a program participant would like to access the information we hold about them, they can contact Corporate Bodies International by calling 1300 21 31 41. In order to maintain the confidentiality of an individual’s personal information, we will ask a person to come into a CBI office nearest to them and to bring with them a photo (e.g. passport or drivers license) identification before we give them access. If it is not practical for them to visit our office, we will arrange to check their identification before we mail the information out to them.

In the unlikely event that we are unable to provide someone with access to their personal information for reasons specified in the Privacy Act – Section 6 (see Appendix 1) we will provide reasons for denying them access. This may also include circumstances where we only record data without names attached and we are unable to identify their actual data amongst a large group of anonymous data.

Sensitive Information

In the course of obtaining personal and health Information, it may be necessary for a Health Professional to ask about sensitive information. Only information which is released by consent or that which is necessary to provide the health service to an individual will be collected.

Privacy Policy Changes

As we plan to keep our privacy statement current, that information can be subject to change. When appropriate, a revised Privacy and Consent Policy will be posted on the CBI website which will incorporate any such changes. Please return periodically to review the latest policy.

Complaints

If you have a complaint based on a breach of CBI’s Privacy and Consent Policy and/or the National Privacy Principles you may contact CBI’s head office on Ph: 1300 21 31 41 to register your complaint. All complaints will be investigated and you will be contacted in due course with the outcome.

Charter of Health Care Rights

Download the CBI Charter of Health Care Rights