Privacy

Privacy Policy

Publication date: Version 1.0 February 2022

About this policy

The Privacy Act 1988 (Cth) (Privacy Act) requires entities bound by the Australian Privacy Principles (APPs) to have a privacy policy. This privacy policy outlines the personal information handling practices of Brisbane Physiotherapy and Rehabilitation (“Brisbane Physiotherapy and Rehabilitation”, “we”, “us” or “our”).

This policy is written in simple language. Our specific legal obligations when collecting and handling your personal information are outlined in the Privacy Act and in particular in the APPs found in that Act. We will update this privacy policy when our information handling practices change. Updates will be publicised on our website and through our email lists.

Collection of your personal information

We collect, hold, use and disclose personal information to carry out functions or activities in order to provide our services to you. This may include responding to email communication, managing your booking request/s, responding to inquiries, and communicating with other health professionals whose care you are under.

At all times we try to only collect the information we need for the particular function or activity we are carrying out.

The main way we collect personal information about you is when you give it to us. For example, we collect personal information such as contact details and medical/injury history when you book with us and when you attend our clinic for services.

When you visit our websites our web measurement tools and internet service providers record information including:

  • your server and IP address

  • the name of the top-level domain

  • the type of browser used

  • the date and time you accessed the website

  • how you interacted with our website

Collecting sensitive information

Sometimes we may need to collect sensitive information about you, for example, when collecting your health or injury history for the purpose of treating you and communicating with other health professional whose care you’re under.

Anonymity

We allow you to interact with us anonymously via our public website www.brisbanephysiotherapy.com.

However, for most of our functions and activities we usually need your name and contact information and enough information about the particular matter to enable us to provide our services to you e.g., handling your inquiry, actioning a booking request, providing health services to you.

Collecting through our websites

Our public website, www.brisbanephysiotherapy.com, is hosted outside of Australia. There are a number of ways in which we collect information though our website.

Web analytics

We use Squarespace to collect data about your interaction with our website. The main purpose of collecting your data in this way is to improve your experience when using our site. We also use this data to understand and report on which content pages are accessed by visitors.

The types of data we collect with these tools include:

  • your device’s IP address

  • pages visited on our website

  • date and time when pages were accessed

  • time spent on page, and bounce rate

  • referring domain and out link if applicable

  • search engine key words

  • device type, operating system and browser information

  • geographic location (city)

Cookies

Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes and to enhance functionality on the website. Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, do not accept cookies when accessing our website.

Email lists

We will collect information that you provide to us when signing up to mailing lists.

We use Mailchimp to manage our mailing lists. You can access Mailchimp’s privacy policy here. When subscribing to our mailing list/s, your email address will be disclosed to Mailchimp.

Bookings

We use Cliniko to manage bookings. You can access Cliniko's privacy policy here. When booking an appointment, you are required to give Cliniko personal information including your name, date of birth, email address, mobile phone, and address.  

Social networking services

We use social networking services such as Facebook and Instagram to communicate with the public about our services. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes.

Disclosure

Common situations in which we disclose information are detailed below.

Disclosure to referring practitioners or for the purpose of referral

We disclose personal information for the purposes for which you gave it to us, or for directly related purposes you would reasonably expect or agree to, to allow us to provide our services to you.  For example, we provide personal information to your referring general practitioner or specialist/s, and we provide information to medical or health providers for the purpose of referring you to them.

Disclosure to service providers

We use a number of service providers to whom we disclose personal information. These include providers that host our clinic administration software, manage our bookings and business communications.

Disclosure of sensitive information

We only disclose your sensitive information for the purposes for which you gave it to us or for directly related purposes you would reasonably expect or if you agree, for example, to provide information to another medical or health provider whose care you’re under, or to whom we are referring you.

Disclosure of personal information overseas

Generally, we only disclose personal information overseas if required in the course of providing services to you. For example, if:

  • you are based overseas;

  • your referring general practitioner or specialist is based oversees; or

  • we are obtaining your patient history from an overseas based medical provider.

Web traffic information is disclosed to Google Analytics when you visit our website. Google stores information across multiple countries.

When you communicate with us through a social network services such Instagram or Facebook, the social network provider and its partners may collect and hold your personal information overseas.

Quality of personal information

To ensure that the personal information we collect is accurate, up-to-date and complete we:

  • record information in a consistent format

  • where necessary, confirm the accuracy of information we collect from a third party (e.g., referring general practitioner or specialist)

  • promptly add updated or new personal information to existing records

  • regularly audit our contact lists to check their accuracy

We also review the quality of personal information before we use or disclose it.

Storage and security of personal information

All personal information collected for booking management purposes and that which is collected during consultations (e.g., clinical notes) is held in cloud storage, on servers located in Australia. Servers are compliant with the Australian Privacy Principles, GDPR, PIPEDA, and HIPAA.

Personal information disclosed within email communications with us is stored on Google servers globally.

We securely store health records until they are no longer practically or legally needed and have been destroyed or permanently de-identified in a manner that maintains patient confidentiality.

Accessing and correcting your personal information

Under the Privacy Act 1988, you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.

We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible.

How to make a complaint

If you wish to complain to us about how we have handled your personal information, you should first complain to us in writing.

If we receive a complaint from you about how we have handled your personal information we will determine what (if any) action we should take to resolve the complaint.

We will tell you promptly that we have received your complaint and then respond to the complaint within 45 days.

Contact us

You can contact us by: