Privacy Policy

PHYSIO PAL

PRIVACY POLICY

We provide mobile physiotherapy services to our clients, and we understand that protecting your personal information is important. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us. In providing our services to you, personal information about you may be provided to us, or otherwise collected by us, including when you access our website, call us, email us, when we provide physiotherapy services to you, or when you otherwise interact with us (Services). 

In this Privacy Policy we, us or our means PHYSIO PAL (ABN 46 165 335 066). 

Types of information

We may collect personal information about you for the purpose of providing our Services to you. We may collect this information directly from you or from a third party such as your referring doctor, or from a family member or representative but only with your consent or if required or authorised by law. This may include personal information, and sensitive information including health information.

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

Sensitive information: is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information. Unless otherwise permitted by law, we will not collect sensitive information about you without first obtaining your consent. 

Health information: is a type of sensitive information and includes any personal information that is collected while providing a health service to you. For example, any details you share with us in a consultation about your medical history or physical or mental health will be health information. 

The types of personal information we may collect about you include:

When you contact us: 

  • your name;
  • your contact details, including email address and/or telephone number; and
  • any other personal information requested by us and/or provided by you or a third party.

When you register with us as a client: 

  • your contact details, including email address, mailing address, street address and/or telephone number;
  • your date of birth;
  • your Medicare number;
  • your National Disability Insurance Scheme (NDIS) plan information, NDIS number, and funding information; 
  • details of your referring doctor;
  • medications you take or may have taken;
  • your medical history;
  • any conditions, injuries or health concerns;
  • imaging reports (which may include computed tomography (CT) and magnetic resonance imaging (MRI));
  • our correspondence with you or with other health professionals about you; 
  • the name and number of your emergency contact; and
  • any other personal information requested by us and/or provided by you or a third party.

When you have a consultation with us:

  • sensitive information (including health information) which is necessary and relevant to the assessment and/or treatment of your presenting health concern and which you choose to share with us. The types of sensitive information you choose to share with us may include:
    • detailed information about your current medications, your physical health and detailed information about your conditions, injuries or health concerns; and
    • any other sensitive details you choose to share with us;
  • any other required personal information requested by us and/or provided by you or a third party.

When you visit our website:

We may also collect personal information about you, directly from you or from a third party, for the purpose of delivering our website to you. The types of personal information which we may collect when delivering our website to you include:

  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider; and
  • additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media platforms and/or accounts from which you permit us to collect information.

Why do we collect and use your personal information?

Personal information: We may collect, hold, use and disclose personal information for the following purposes:

  • to book an appointment for you (using only enough personal information to effectively respond to your request) and to send appointment reminders;
  • to contact and communicate with you about your appointment (using only enough personal information to effectively respond to your request);
  • to enable your referring doctor to refer you to us;
  • to register you as a client;
  • to provide our physiotherapy services;
  • to email you any exercise and treatment plans;
  • to deal with any customer service queries you raise with us;
  • for internal record keeping;
  • for administrative purposes including invoicing and billing purposes;
  • where you use our website, to send you promotional information about our services and information that we consider may be of interest to you;
  • to comply with our legal obligations and resolve any disputes that we may have; 
  • if you have applied for employment with us; to consider your employment application; and
  • if otherwise required or authorised by law.

Sensitive information: We only collect, hold, use and disclose sensitive information for the following purposes:

  • any purposes you consent to, such as:
    • to provide a written report to another agency or professional, e.g. a general practitioner or a lawyer;
    • to discuss the material with another person, e.g. an employer, health provider, or third party funder (including the NDIS);
  • the primary purpose for which it is collected, including to provide you with our Services;
  • secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to the below listed third parties as reasonably necessary to provide our Services to you; 
  • to contact emergency services, or to speak with your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person and it is impracticable for us to obtain your consent; and
  • if otherwise required or authorised by law.

Disclosure of personal information to third parties

We may disclose personal information to:

  • third party service providers as required for the purpose of enabling them to assist us in providing our Services to you, including (without limitation):
    • our practice management cloud based software to manage your appointments, our clinical records and our correspondence with or related to you;
    • software to send and receive emails and for internal business purposes, including for accounting purposes and for business document storage;
    • IT services for IT support, advice and management;
    • payment service providers; and
    • telecommunication service providers. 
  • the NDIS when we need to provide information related to your funding;
  • our employees, contractors and/or related entities;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • courts, tribunals and regulatory authorities, in the event you fail to pay for services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; 
  • third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time), Facebook Pixel or other relevant analytics businesses; and
  • any other third parties as required or permitted by law, such as where we receive a subpoena.

Overseas disclosure: Where we disclose your personal information to third parties listed above, these third parties may store, transfer or access personal information outside of Australia.

We will only disclose your personal information to countries with laws which protect your personal information in a way which is substantially similar to the Australian Privacy Principles or we will take such steps as are reasonable in the circumstances to protect your personal information in accordance with the Australian Privacy Principles.

Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us. 

Anonymity: Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us. For example, if you make a general enquiry, you may choose to use a pseudonym but where we provide our physiotherapy Services to you we will require that you provide some identifying information.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you.  An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information.

Complaints: If you wish to make a complaint about how we have handled your personal information, please contact us using our contact details at the end of this Privacy Policy and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. If your complaint is not satisfactorily handled by us, you may choose to lodge a formal complaint with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a-privacy-complaint or by post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. These procedures include:

  • securing any personal information we hold in an electronic format behind password log ins (typically with multi factor authentication);
  • encrypting data, using virus protection software, implementing firewalls; and
  • limiting internal access to the personal information we hold about you based on a need to know basis.

Although we take measures to safeguard against unauthorised disclosures of information, due to the inherent risks associated with the Internet, we cannot assure you that the personal information we collect and send over the Internet, will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Personal information retention

Your personal information is only kept while it is required for the purpose for which it was collected or as required by law. It will then be securely destroyed or de-identified.

Health records are kept for a minimum of 7 years since the last time we provided you a health service.

Cookies

We may use cookies on our online Services from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. If and when you choose to provide our online Services with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our online Services.

Links to other websites

Our Services may contain links to other websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

For any questions or notices, please contact our Privacy Officer at:

Alexander Edwards t/as PHYSIO PAL ABN 46 165 335 066

Email: admin@physiopal.com.au

Last update: 23 April 2021