Privacy Statement

What is VisitScreen?

VisitScreen is a simple and effective way to screen employees, visitors and contractors before they attend any site to minimise the risk of COVID-19. COVID VS (COVID VisitScreen) is available online or by downloading the COVID VS App from Apple or Android stores.

Risk Screen Pty Ltd trading as VisitScreen (we, us, our) is making this VisitScreen available to screen a user’s risk of exposure to COVID-19. This is not intended to provide a medical diagnosis. A COVID VisitScreen assesses a user’s risk of exposure to COVID-19, based on a user’s responses to travel and health related questions.

The intuitive screening tool is based on questions suggested by the World Health Organisation and Government Health Authorities. Questions are regularly reviewed in-line with the latest advice; therefore the questions may change.

Upon answering all required questions, a user will immediately view their Certificate and COVID VisitScreen results on the final screen. Users can email or SMS their Certificate and results for use in a range of visitation settings. If you are a business user, you can view the Certificate of a user you have requested to complete a COVID visit screen and results in real time.

This Privacy Statement sets out how personal information that is collected via VisitScreen and COVID VS App will be handled in accordance with the Privacy Act (Cth) 1988 or Privacy Act (NZ) 1993 as applicable, dependent on your location.

What personal information will be collected, and why is it being collected?

The business user will collect the following personal information from a user so that the user can complete a COVID visit screen:

  • mobile phone number - so that the user can be contacted if needed and to authenticate personal details, as required
  • name - so that we can personalise the user’s Certificate
  • email address - so that the user can be contacted if needed to authenticate personal details, as required
  • health information - by answering a series of questions we can assess a user’s risk of exposure to COVID-19.

We will also ask if a user is 18 years of age or older. If a user is under 18 years of age, we will ask the user if they have a parent or guardian (parent) present who can consent to the user sharing their Certificate and results. We will collect the first name and surname of the user’s parent. If a user does not have a parent present at the time of the screen to consent for the user to share their answers, the COVID visit screen cannot be completed.

VisitScreen will ask the user to consent to:

  • the collection of the user’s personal information to screen the user’s risk of exposure to COVID-19 at the time when the user completes a COVID visit screen, and
  • the business user accessing and retaining the user’s COVID visit screen Certificate and results; accessible via the business user VisitScreen portal.

When you use VisitScreen

VisitScreen will record the user’s personal contact information, the date and time the user completed the COVID visit screen and the user’s Certificate and results.

If the user chooses to prove their identity through authentication, we will send the user a unique code via email or SMS.

Based on the user’s responses, VisitScreen will assess the user’s risk of exposure to COVID- 19 and issue a Certificate with the outcome of the COVID visit screen. The user’s Certificate is accessible immediately after completing the COVID visit screen. The user can share the Certificate (and results) via email or SMS.

A user can elect to complete a COVID visit screen via web-browser or by downloading the COVID VS App. In both instances, the business user will have access to the user’s personal information, Certificate and results by logging into the VisitScreen portal.

No other personal information will be collected or shared at any time.

If a user’s COVID visit screen returns ‘potential concerns’

If a user’s COVID visit screen identifies ‘potential concerns’, the user will be provided a Certificate and results. The user can share their Certificate and results immediately via email or SMS.

If a user completes a COVID visit screen via the COVID VS App, when the user exits the COVID VS App, the user’s Certificate and results are no longer accessible. A user can log-in to the COVID VS App at a later date to access a Certificate and results as required.

If a user completes a COVID visit screen via web-browser, when the user exits the web- browser the user’s Certificate and results are no longer accessible.

The business user will have access to the user’s personal information, Certificate and results for future reference by logging into the VisitScreen portal.

If a user’s COVID visit screen returns ‘no concerns’

If a user’s COVID visit screen returns a ‘no concerns’ result, the user can share their Certificate and results immediately via email or SMS.

Where a user completes a COVID visit screen via the COVID VS App and exits the App, the user’s Certificate and results are no longer accessible. A user can log-in to the COVID VS App at a later date to access a Certificate and results as required.

If a user completes a COVID visit screen via web-browser, when the user exits the web- browser the user’s Certificate and results are no longer accessible.

The business user will have access to the user’s personal information, Certificate and results for future reference by logging into the VisitScreen portal.

How will personal information be collected?

As part of a COVID visit screen, the business user and VisitScreen will collect a user’s:

  • first name and surname
  • mobile number
  • email address
  • If a user elects to authenticate their personal details (and display an ‘authenticated’ statement on their Certificate), we will send a unique code to the user’s email address or mobile number.

How will personal information be stored?

VisitScreen will retain a user’s personal information, Certificate and results. The information is not de-identified and is shared with the business user, however for reporting or analytics, all data is completely de-identified.

For both web-browser and COVID VS App users, we will store a user’s encrypted access token (which is used for authentication) in the web-browser/COVID VS App locally. A user can delete the encrypted access token by logging out of COVID VS App, cleaning out their web-browser cache or un-installing the COVID VS App. A users encrypted access token is not stored in our secure server.

Once a user logs out of the COVID VS App or web-browser a user will no longer have access to their Certificate and results. If a user downloaded the COVID VS App to complete their COVID visit screen, a user can log-in to the COVID VS App at a later date to access Certificate and results as required.

Business users can continue to access a user’s Certificate and results by logging into the VisitScreen portal.

The de-identified information can be shared by the user, and is stored on our secure server. For reporting or analytics, all data is completely de-identified.

The server hosts the website. The server is a cloud-based facility, using infrastructure (cloud-based server) located in Australia.

How will personal information be used and disclosed?

We will use a user’s responses to the COVID visit screen to assess a user’s risk of exposure and produce a Certificate stating, ‘potential concerns identified for COVID-19’ or ‘no concerns have been identified’ against exposure to COVID-19 as at the date and time the user undertakes the visit screen.

We will receive de-identified analytical data from iTunes and Google Play about COVID VS App including the number of downloads, average use time and deletions.

The business user will be able to access a user’s personal information, Certificate and results via the VisitScreen portal.

De-identified data may be shared for statistical purposes with Workforce Health Assessors Pty Ltd (our parent company) including number of users, sex and age range. We will not use or share or disclose a user’s personal information for any other purpose.

Can personal information be deleted?

The COVID VS App retains a user’s personal details so that a user can simply and efficiently complete new COVID visit screens. A user can un-install the App at any time to delete their personal details from the App.

A user can request us to delete their information held in the secure cloud based server after a user completes a COVID visit screen, via the ‘Contact Us’ request form on the VisitScreen website or via the COVID VS App. This means a business user will no longer have access to the user’s information via the VisitScreen portal.

Can a user correct or access personal information?

A user can re-set and re-start a COVID visit screen before sharing their personalised Certificate and results.

Once a user shares their Certificate and results and re-sets the COVID visit screen, a user will need to complete a new visit screen (recommended every 2 days).

A user can request a copy of their Certificate and results via the ‘Contact Us’ page, by contacting the business user who requested it, or by logging into the COVID VS App (if the user originally used the COVID VS App to complete a screen). If the user chose to share their Certificate and results via email or SMS, the user may have a personal record.

To ensure maximum security of a user’s COVID visit screen data, a user will not be able to access their data held in the secure server.

Further information about privacy

In addition to this Privacy Statement, we have a Privacy Policy.

A user and business user can obtain a copy of the privacy policy by contacting us using the contact details set out at the end of this statement. The privacy policy contains information about:

  • how a user or business user may complain about a breach of:
    • the Australian Privacy Principles (APP)
    • the New Zealand Privacy Act Principles
    • how we will deal with such a complaint.