Last updated: 3/3/26

1) Who we are

This Privacy Policy explains how Health for Work (“we”, “us”, “our”) collects, uses, stores and discloses personal information when you use our website healthforwork.com.au and our related services.

Legal entity: Dr Sicknote (ABN: 58 607 470 440) trading as Health for Work
Address: Suite 1, Level 8, 99 Queen Street, Melbourne VIC 3000, Australia
Privacy contact: [info@healthforwork.com.au]

We are committed to handling personal information in accordance with applicable Australian privacy laws, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) where they apply.

2) What personal information we collect

The type of personal information we collect depends on how you interact with us.

a) Website enquiries and general contact

●     Name

●     Work email address and/or phone number

●     Organisation name and role (if provided)

●     Any information you choose to include in your message

b) Employer onboarding and administration (where an organisation engages us)

●     Contact details for employer representatives (e.g., HR, People & Culture, WHS)

●     Limited employee details required to enable access to the service (for example: name, work email, worksite/location, employee ID), where provided by the employer and/or the employee

c) Service use (employees and eligible users)

●     Account information (name, email, phone)

●     Appointment and service administration details (e.g., booking details, attendance, communications)

●     Information you provide during use of our services

Health information: If you access clinical services, we may collect health information, which is treated as sensitive information and handled with additional care.

d) Technical and usage data

When you visit our website, we may collect:

●     IP address and general location (approximate)

●     Device and browser type

●     Log information and usage data (e.g., pages visited, time on page, referral source)

●     Cookie and analytics data (see Section 9)

3) How we collect personal information

We collect personal information when you:

●     submit a form on our website or contact us by email or phone

●     register for an account and use our services

●     communicate with us (including support requests)

●     interact with our website (cookies and similar technologies)

●     are invited to use the service via your employer (where your employer provides limited details to enable access)

Where reasonable and practicable, we collect personal information directly from you.

4) Why we collect, use and disclose personal information

We collect, use and disclose personal information to:

●     respond to enquiries and provide customer support

●     onboard employer customers and administer accounts

●     provide, operate and administer our services (including bookings, reminders and communications)

●     provide clinical care and support continuity of care (where applicable)

●     manage quality assurance, training and clinical governance (where applicable)

●     improve our website, services, security and user experience

●     comply with legal and regulatory obligations

●     prevent fraud, misuse and security incidents

●     send service-related communications (and marketing where you have opted in or where permitted by law)

5) Health information, confidentiality and employer reporting

If you use our clinical services, we may collect health information. We only use and disclose health information:

●     with your consent,

●     to provide and administer care and related services, and/or

●     where required or authorised by law (for example, to lessen or prevent a serious threat to life, health or safety, or for mandatory reporting obligations where applicable).

Employer reporting

Where an employer is our customer, we may provide the employer with de-identified and/or aggregated reporting (for example, overall utilisation trends or common themes at a group level). We do not provide an employer with an individual’s clinical details unless:

●     the individual provides informed consent, or

●     disclosure is required or authorised by law.

6) Who we share personal information with

We may share personal information with trusted third parties where necessary to operate and deliver our services, including:

●     IT hosting and infrastructure providers

●     communications providers (e.g., email/SMS delivery)

●     security, fraud prevention and monitoring providers

●     analytics providers

●     professional advisers (legal, accounting, insurance)

●     clinicians and clinical service providers/contractors engaged to deliver services

●     payment providers (if applicable)

We take reasonable steps to ensure third parties only handle personal information for authorised purposes and protect it appropriately.

7) Overseas disclosure

Some of our service providers may store or process information outside Australia (for example, cloud hosting or support services). Where this occurs, we take reasonable steps to ensure appropriate safeguards are in place.

8) Storage and security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Security measures may include access controls, authentication, encryption in transit where available, monitoring, and secure hosting practices.

No method of transmission or storage is completely secure. If you believe your interaction with us is no longer secure, please contact us promptly using the details above.

9) Cookies and analytics

We use cookies and similar technologies to:

●     operate the website and enable core functionality

●     remember preferences

●     understand website usage and improve performance

●     help maintain security

You can manage cookies through your browser settings. If you disable cookies, some features of the website may not function as intended.

10) Accessing and correcting your information

You may request access to personal information we hold about you and request corrections if you believe it is inaccurate, out of date, incomplete or misleading.

To make a request, contact us using the details in Section 1. We may need to verify your identity before processing your request.

11) Complaints

If you have a concern or complaint about how we handle personal information:

1. Contact our Privacy Officer using the details in Section 1 with the details of your concern.
2. We will acknowledge and respond within a reasonable timeframe.

If you are not satisfied with our response, you may be able to lodge a complaint with the Office of the Australian Information Commissioner (OAIC). If relevant health records laws apply, you may also have rights to complain via applicable state-based mechanisms.

12) Marketing preferences

If you opt in to receive updates or marketing communications, you can unsubscribe at any time using the link in the message or by contacting us.

We may still send essential service communications (for example, important service updates or account notices).

13) Changes to this policy

We may update this Privacy Policy from time to time by publishing an updated version on our website.