Privacy policy

This policy applies to personal information collected through this website, including when you:

It does not cover third-party websites you reach through links on this site, such as the THRISK parent company website or external booking pages opened in a new tab. Those sites have their own privacy policies.

• complete a self assessment (injury management or premium reduction)
• email yourself a self assessment result
• submit the contact form
• book a call through the embedded calendar
• browse pages on this site

The personal information we collect depends on how you use the site. We collect what we need to answer enquiries, send results, manage bookings, and improve the website.

• Contact details: name, work email address, company name, Australian mobile number (if you provide it), and your message
• Self assessment details: your name, work email address, your answers to assessment questions, your score, result label and headline, and whether you chose to book a call or email results only
• Booking details: name and email address you enter when booking a call, plus any details you provide in the booking flow (such as preferred time and notes)
• Marketing attribution: UTM parameters (source, medium, campaign) when they are present in the URL and included with a form submission
• Technical information: IP address, browser type, device type, referring URL, and standard server logs generated when you load pages or submit forms

Do not submit sensitive information through this website unless we ask for it through an approved secure channel.

Self assessments ask about your organisation's processes and experience. They are not designed to collect health records, worker names, claim numbers, medical reports, or other sensitive health information about specific workers.

For premium reviews, documents such as WorkCover invoices, wage declarations, and claims files should be shared only through the secure channel we confirm during your call.

We collect personal information directly from you when you fill in a form, complete a self assessment, or book a call.

We also collect limited technical information automatically when you visit the site. Our hosting provider records standard request logs for security, performance, and troubleshooting.

If you arrive through a campaign link, UTM parameters in the URL may be stored with your submission so we can understand which campaign led you to the site.

We use personal information for the following purposes:

• respond to contact form enquiries and follow up by email or phone
• send self assessment results when you request them by email
• prepare for and conduct booked calls about injury management, Care Network, or premium reduction
• record your self assessment responses in our customer relationship system so our team has context for follow-up
• schedule reminders and confirmations for booked calls
• understand how visitors use the self assessments, contact form, and booking flow
• diagnose technical issues, protect the site, and improve website content
• meet legal, regulatory, and insurance licensing obligations
• send relevant follow-up information about THRISK services, where permitted by law and where you have not opted out

We use service providers to operate this website and manage enquiries. They handle personal information on our instructions and only for the purposes described in this policy.

GoHighLevel (HighLevel Inc.) powers our customer relationship system, inbound webhooks for form and self assessment submissions, and calendar booking. When you submit a form or book a call, your details are sent to or processed by GoHighLevel.

Our website is hosted on Vercel. Vercel processes technical request data (such as IP addresses and access logs) to deliver the site.

We may add other service providers over time, such as an email delivery provider. If a new provider materially changes how we handle personal information, we will update this policy.

We do not sell your personal information.

We may disclose personal information to service providers listed above, to our staff and contractors who need it to do their work, to professional advisers where required, and to regulators or law enforcement when the law requires it.

If THRISK is involved in a merger, acquisition, restructure, or asset sale, personal information may be transferred as part of that transaction. We will take reasonable steps to ensure the recipient continues to protect your information.

Some of our service providers may store or process data outside Australia, including in the United States. Where we disclose personal information overseas, we take reasonable steps to ensure the recipient handles it in a way that is consistent with the APPs.

Those steps may include using providers with recognised security and privacy controls, reviewing provider terms, and limiting the information we send to what is needed for the relevant service.

This website uses Google Analytics to understand how visitors use the site. Google may set cookies or use similar technologies for measurement. We do not run third-party advertising cookies on pages we control.

The embedded GoHighLevel calendar loads in an iframe. GoHighLevel may set its own cookies or use similar technologies to run the booking experience, remember your details, and send reminders. Those cookies are governed by GoHighLevel's privacy policy, not this one.

You can control cookies through your browser settings. Blocking cookies may affect calendar booking or other embedded features.

We record events such as when you open a self assessment, complete it, or start booking a call. Those events are sent to Google Analytics when measurement is enabled on the site.

You can limit analytics collection through your browser settings, ad-blocking tools, or Google's opt-out add-on for Analytics.

We may use your contact details to send follow-up information about injury management, Care Network, premium reduction, or related THRISK services if you have submitted an enquiry, completed a self assessment, or booked a call.

You can opt out of marketing emails at any time by using the unsubscribe link in an email or by contacting us at the details below. If you opt out of marketing, we may still contact you about an active enquiry or booking.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure. Measures include access controls, secure hosting, and limiting staff access to what they need.

No online system can guarantee absolute security. We protect the information you submit in line with the sensitivity of the information and the services we provide.

We keep personal information only for as long as needed for the purposes in this policy, to meet legal and regulatory requirements, or to resolve disputes. When information is no longer needed, we delete or de-identify it where reasonable.

You may request access to the personal information we hold about you, or ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant, or misleading.

We will respond within a reasonable time and may need to verify your identity before releasing information. In some cases the law allows us to refuse access or correction; if we do, we will explain why.

You may also ask us to delete or de-identify information we no longer need. We will do this where reasonable and where we are not required to keep the information for legal, regulatory, or operational reasons.

To make a request, email us at the address below. There is no fee for a standard access request, though we may charge a reasonable cost for complex or repeated requests.

If you have a concern about how we handle your personal information, contact us at hello@thriskinsure.com. We will acknowledge your complaint and work to resolve it within a reasonable time.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992.

If a data breach is likely to result in serious harm to affected people, we will comply with the Notifiable Data Breaches scheme under the Privacy Act. That includes assessing the breach, notifying affected people where required, and notifying the OAIC.

This website is intended for business owners, managers, and workplace decision-makers. We do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, contact us and we will take steps to delete it.

We may update this policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last updated" date at the top of this page shows when it was last revised.

Material changes will be posted on this page. We encourage you to review this policy from time to time.

For privacy questions, access requests, or complaints, contact:

Thrisk Pty Ltd · ABN 71 125 269 883 · AFSL 341 546

Email: hello@thriskinsure.com

Parent company: https://thriskinsure.com/