PRIVACY POLICY

 1. Introduction 

This Privacy Policy explains how Elite Performance Physio Sydney (“we”, “our”, “us”) collects, uses, discloses and protects your personal and health information when you visit our website, use our online booking system, or receive physiotherapy and related health services from us in Australia. We are a health service provider and comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles, as well as the Health Records and Information Privacy Act 2002 (NSW) and its Health Privacy Principles. 


2. What information we collect 

We collect personal and health information that is reasonably necessary to provide you with safe and effective physiotherapy and to run our business, including: 

● Identification and contact details (name, date of birth, address, phone, email, emergency contact). 

● Health information (medical history, presenting problem, diagnoses, treatment notes, imaging and reports, medications, allergies, risk factors, and other information relevant to your care). 

● Payment and insurance details (Medicare number, DVA number, private health fund details, claim numbers, and limited billing information). 

● Information collected via our website and online booking system (appointment details, forms you complete, communication preferences, limited technical data such as IP address and browser type where necessary for security and functionality). 

Where practicable and lawful, you may choose to interact with us anonymously or by using a pseudonym, but this may limit the services we can provide. 


3. How we collect your information 

We collect information in several ways, including: 

● Directly from you (in person, by phone, via email, online forms and our online booking system). 

● From other health professionals or third parties involved in your care (e.g. your GP, specialist, insurer, or other allied health providers), with your consent or as permitted by law. 

● From your authorised representative (such as a parent, guardian, or attorney) where you cannot provide information yourself. 

When collecting your information, we will take reasonable steps to let you know why it is being collected, how it will be used, and how you can access it, usually by referring you to this Privacy Policy and any relevant collection notices on our forms or website. 


4. Why we collect, use and disclose information 

We primarily collect, use and disclose your information to: 

● Provide physiotherapy and related health services, including assessment, diagnosis, treatment, and follow‑up care. 

● Communicate with you about your appointments, treatment plans, test results and follow‑up. 

● Administer our practice, process payments and claims, and manage recalls and reminders. 

We may also use or disclose your information for: 

● Quality improvement, clinical audit, training and accreditation, where practicable using de‑identified information. 

● Compliance with legal and regulatory obligations, including responding to subpoenas, court orders, regulatory requests, notifiable data breach obligations and insurance reporting requirements. 

● Managing risk, handling complaints, and protecting the safety and security of our patients, staff and systems. 

We will only use or disclose your health information for a secondary purpose with your consent, where required or authorised by law, or where permitted under the Privacy Act or HRIP Act (for example, to lessen or prevent a serious threat to life, health or safety). 


5. Online booking and website data 

Our website and online booking system collect and store information you enter when making or managing appointments, completing forms, or contacting us. Third‑party providers (such as booking platforms, payment gateways or secure messaging services) may host or process this information on our behalf under contractual arrangements that require them to protect your privacy and comply with Australian privacy laws. 

We may use cookies or similar technologies for basic website functionality, security and performance analytics. You can usually disable cookies in your browser settings, but this may affect the operation of our website or online booking. 


6. Storage and security of your information 

We take reasonable steps to protect your personal and health information from misuse, interference, loss, unauthorised access, modification or disclosure. Measures may include secure electronic medical record systems, password protection, access controls, staff confidentiality obligations, and secure disposal or de‑identification of information when it is no longer required. 

Under NSW law, health information must generally be kept for at least 7 years from the date of the last health service for adults, or until a person turns 25 if health information was collected when they were under 18.When we delete or transfer health information, we keep a record of what was deleted or transferred, and when and where it was transferred, as required by the HRIP Act. 


7. Overseas disclosure 

We aim to store health information in Australia where practicable. If we use a cloud service, booking platform, or other third party that may store information overseas, we will take reasonable steps to ensure that the recipient is subject to privacy obligations that protect your information in a way that is substantially similar to the Australian Privacy Principles and relevant NSW health privacy requirements. 


8. Access to and correction of your information 

You have the right to request access to the health information we hold about you and to request corrections if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading. Requests should be made in writing to the contact details below and should describe the information you seek and the changes you request; we may ask for identification to confirm your identity. 

In some limited circumstances permitted by law, we may refuse access (for example, where access would pose a serious threat to life or health, or would unreasonably impact the privacy of others). If we refuse access or correction, we will provide you with written reasons and information about how you can complain or request a review. 


9. Data breaches 

We have procedures in place to manage actual or suspected data breaches involving personal or health information. Where a data breach is likely to result in serious harm, we will take reasonable steps to contain the breach, assess the impact, notify affected individuals and the Office of the Australian Information Commissioner (and, where applicable, the NSW Privacy Commissioner) in accordance with the Notifiable Data Breaches scheme and relevant NSW requirements. 


10. Complaints and contact details 

If you have a question, concern, or complaint about how we handle your personal or health information, please contact: 

Liam Rodgers Elite Performance Physio Sydney City Gym, 107 Crown St, Darlinghurst , NSW, 2010 liam@eliteperformancephysios.com 0424 777 430 

We will acknowledge your complaint and aim to respond within a reasonable time. If you are not satisfied with our response, you may lodge a complaint with: 

● Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au 

● NSW Information and Privacy Commission: www.ipc.nsw.gov.au 

11. Changes to this policy 

We may update this Privacy Policy from time to time to reflect changes in law, technology or our practice operations. The current version will always be available on our website, and the updated policy will apply from the date it is published.