BUSY Group Policies

Policy Statement Overview

This policy sets out BUSY Health’s responsibilities on the collection, utilisation and disclosure of personal information.

As an organisation that is committed to the Child Safety Organisation National Principles, The BUSY Group is dedicated to creating a child safe culture – refer to our Child Safety and Wellbeing policy to see how The BUSY Group Ltd adopts broader strategies that promote and protect the safety and wellbeing of children and young people.

Our Privacy Policy complies with the Australian Privacy Principles set out in the Privacy Amendment (Enhancing Privacy Protection) Act 2012, and explains how the User’s personal information will be managed when dealing with BUSY Health.

BUSY Health discloses personal information:

  1. Collection of personal information

    BUSY Health will collect personal information as follows:

    • your name, address and contact details
    • your credit or debit account details
    • user ID’s and passwords
    • any goods or services provided to you
    • records of your communications with BUSY Health
    • website usage information

    The primary purpose of collecting your personal information is for BUSY Health’s business and marketing operations, which includes providing the user with advice on BUSY Health’s services, communication interface, and business innovations.

    Personal information is only collected:

    • if necessary for BUSY Health’s operations
    • by lawful and fair means
    • where practicable, only from the individual concerned

    BUSY Health takes all reasonable steps to ensure that you are aware of the following provisions:

    • the likely use of the information
    • the right of access to the information
    • the identity and contact details of the organisations
    • any law requiring collection of the information; and
    • the main consequences of failure to provide the information
  2. Utilisation and Disclosure of your personal information

    BUSY Health discloses personal information:

    • for the primary purpose for which it was collected or
    • where the individual would reasonably expect this or
    • where the individual has consented or
    • for direct marketing by BUSY Health, but giving individuals the opportunity to opt out of such direct marketing; BUSY Health includes its contact details in any direct marketing
    • BUSY Health does not disclose your personal information for any secondary purposes unless your consent has been given or as required by law.
    • BUSY Health will not sell or license any personal information that it collects from you.
  3. Collection of information other than personal information

    Website Site visit information

    Within the BUSY Health website, there will be general information about access visits which may include server address, the date and time of access visit, the pages that are accessed, the information that has been downloaded and the type of Internet browser utilised. BUSY Health may use this information in anonymous, aggregated form, for statistical purposes only, to assist us in improving the quality and usability of our website.


    A cookie is a small string of information that a website transfers to the browser for identification purposes. The cookies that BUSY Health utilise may identify individual users.

    Cookies can either be ‘persistent’ or ‘session’ based. Persistent cookies are stored on the user’s computer, contain an expiration date, and are mainly for the user’s convenience. Session cookies are short-lived and are held on your browser’s memory only for the duration of your session; they are used only during a browsing session, and expire when you quit your browser.

    BUSY Health may use both session and persistent cookies. This information may be used to personalise the user’s current visit to our websites. Upon closing your browser, the session cookie is destroyed.

    Most Internet browsers can be set to accept or reject cookies. If the user does not want to accept cookies, they can adjust their Internet browser to reject cookies or to be notified when they are being used. However, rejecting cookies may limit the functionality of our website.

    Google Analytics cookies

    BUSY Health uses Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store and use this information. Google’s privacy policy is available at: http://www.google.com/privacypolicy.html.

    Google AdWords’ Remarketing

    BUSY At Work publishes Google AdWords’ Remarketing interest-based advertisements on other websites. This website may use a remarketing tag to advertise online. This means that Google and other third-party vendors may show our ads to you on sites across the Internet. These third-party vendors, including Google and Studio, may use cookies to serve ads to you based upon your past visits to our website.

    If you would like to opt out of Google’s use of cookies, you can visit the company’s Ad Preferences Manager at https://www.google.com/ads/preferences/.

  4. Accurate and up-to-date information

    BUSY Health takes reasonable steps to ensure information is accurate and up-to-date by updating its records whenever changes to the data come to its attention. BUSY Health disregards information which seems likely to be inaccurate or out-of-date by reason of the time which has elapsed since it was collected or by reason of any other information in its possession.

  5. Security of your personal information

    BUSY Health protects personal information from misuse or loss by restricting access to the information in electronic format, and by appropriate physical and communications security. Any data destroyed is disposed of in a manner that protects the privacy of information in an appropriate manner.

    The BUSY Group have adopted industry best practice Audited and have achieved accreditation for the international standard  ISO27001 for Information Security Management Systems through BSI Certified Auditor.

  6. Dealing with unsolicited information

    BUSY Health takes all reasonable steps to ensure that all unsolicited information is destroyed immediately.

  7. Access to your personal information

    BUSY Health acknowledges that individuals have a general right of access to information concerning them, and to have inaccurate information corrected.

  8. Anonymity when dealing with BUSY Health

    BUSY Health allows individuals the option not to identify themselves when dealing with it, where practicable.

  9. Collecting sensitive information

    BUSY Health does not collect sensitive information, unless it is specifically relevant and necessary for the purpose of BUSY Health’s business operation. All sensitive information that is collected is used in accordance with this privacy policy. BUSY At Work does not use government identifiers (e.g. tax file numbers) to identify individuals.

  10. Privacy contact details

    All information about privacy issues can be forwarded to:

    Privacy Contact Officers

    BUSY At Work

    Email: privacy@thebusygroup.com.au

Policy review

This policy will be reviewed annually or when legislated updates are enforced by the BUSY At Work Executive Management Team.

The BUSY Group is committed to ensuring an accessible and inclusive workplace and promoting accessibility and inclusiveness in the communities we operate in. View or download our Accessibility Action Plan for 2020-2023

The BUSY Group Ltd appreciate any feedback to assist us in continually improving our service delivery to ensure our client needs are being met.

If you would like to provide feedback you can call The BUSY Group on 13 28 79 or email busy@busyatwork.com.au

You can also download a copy of our Customer Feedback Process (PDF)

As an organisation that is committed to the Child Safety Organisation National Principles, The BUSY Group is dedicated to creating a child safe culture – refer to our Child Safety and Wellbeing Policy to see how The BUSY Group adopts broader strategies that promote and protect the safety and wellbeing of children and young people.

Download a copy of our Child Safety and Wellbeing Policy (PDF).

If you have any feedback in relation to the Child Safety Policy, please email us at – childsafety@thebusygroup.com.au


The BUSY Group is committed to the confidentiality, security, and availability of its information assets.

This policy; and the supporting Information Security Management System (ISMS) policies, provide management direction and support for information security in accordance with operational requirements, relevant laws and regulations.

This policy is based on the principles and standards as defined in:

  • ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
  • ISO/IEC 27002:2013: Information technology — Security techniques — Code of practice for information security management
  • ISO/IEC 27005:2018 Information technology — Security techniques — Information security risk management


Through the adherence of this and supporting policies the Information Security Objectives of TBG are:

  • Reduce risk and minimise potential threats that may cause damage to TBG’s information assets.
  • Ensure TBG’s information assets are available to staff and third parties as and when they are required.
  • Ensure TBG staff, and other interested parties are aware of their roles and responsibilities in relation to the security of TBG’s information assets.​​


This policy applies to all The BUSY Group (TBG) staff, associated third parties; including but not limited to Directors, contractors, clients and visitors,  information assets and physical sites. Specifically, this policy applies to all persons in roles as system owners and all persons in roles who are custodians of systems and data. This policy also applies to any new project work that has any information technology, processing or other infrastructure requirement or equipment.


Information is an asset that, like other important operational assets, is essential to The BUSY Group operations and consequently needs to be suitably protected.

Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or by using electronic means, shown on films, or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, it must be adequately protected.

Information security is the protection of information (including systems) from a wide range of threats in order to ensure business continuity, minimise operational risk, and maximize return on investments and operational opportunities.

Information security is achieved by implementing a suitable set of controls (based on risk profile), including policies, processes, procedures, organisational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and objectives of the organisation as met.

For each of the risks identified following the risk assessment, a risk treatment decision is made. Options for risk treatment include:

  • Applying appropriate controls to reduce the risks;
  • Knowingly and objectively accepting risks, providing they clearly satisfy the organisation’s policy and criteria for risk acceptance;
  • Avoiding risks by not allowing actions that would cause the risks to occur;
  • Transferring the associated risks to other parties, e.g. insurers or suppliers;
  • Or a combination of the above options to treat residual risk


TBG Information Security Policy provides information relating to measures and controls surrounding the following key attributes.

  • Risk Assessment and Treatment
  • Physical and Environmental Security
  • ​​​​​​​Communications and Operations Management
  • Access Management and User Responsibility
  • Information Systems Acquisition, Development, Security and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

For further information relating to how TBG handles information security, please contact the IT Security Team: infosec@thebusygroup.com.au


This policy will be reviewed annually or when legislated updates are enforced by The BUSY Group, whichever is sooner.