Privacy Policy

This policy explains how PHYSIOCHOICE PTY LTD handles your personal information when you visit our websites or use our services. In plain terms:

• We collect only the information we need to respond to your enquiries and provide physiotherapy services.
• We do not sell your personal information to anyone.
• Health and Medicare information is treated as sensitive and handled with extra care.
• You have the right to access or correct information we hold about you.
• If you have a concern about your privacy, you can contact us directly or escalate to the Office of the Australian Information Commissioner (OAIC).

The full details are set out in the sections below.

1. Introduction

PHYSIOCHOICE PTY LTD (“PHYSIOCHOICE PTY LTD”, “we”, “our”, or “us”) is the legal entity responsible for this Privacy Policy. We operate under several trading names, including but not limited to:

• PhysioChoice
• PilatesChoice
• CorporateChoice
• Gippsland Physiotherapy Group

We operate the websites physiochoice.com.au, gpg.com.au, gippslandphysiotherapy.com.au, corpchoice.com.au, pilateschoice.com.au, and cchc.info, among others.

This Privacy Policy explains how we collect, use, disclose, and protect personal information when individuals interact with our websites.

We are committed to protecting personal information and handling it in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NDB) scheme.

2. Information We Collect

We collect limited personal information and only where necessary to operate our services or respond to enquiries.

Information collected through our websites may include the following.

2.1 Contact form submissions

• Name
• Email address
• Phone number
• Location

2.2 Online booking and clinical information

When you book an appointment or receive clinical services through our external practice management systems, information collected may include:

• Name
• Date of birth
• Email address
• Phone number
• Postal address
• Residential address
• Medicare card number and Individual Reference Number (IRN)
• Private health insurance fund name and membership details
• Next of kin name and contact details (required in some circumstances, such as where a patient is a minor or where clinical risk is identified; otherwise optional)
• Nature of your injury or presenting condition, collected at the time of booking and/or during and following your clinical appointment
• Details relating to your episode of care, including referral information, treatment history, clinical notes, and outcome measures

This information is collected and held within our external practice management systems. Please refer to the privacy policies of those systems (listed in Section 7.2) for details on how they store and protect this data.

2.3 Medicare and health fund information

Where relevant to billing or health fund claiming, we may collect:

• Medicare card number and Individual Reference Number (IRN)
• Private health fund membership details
• Information required to process claims through Medicare or private health insurers

This information is collected for the purpose of processing payments and health fund claims on your behalf. It may be shared with Medicare Australia, private health insurers, and payment processing services such as HICAPS. It is handled in accordance with the same sensitive information obligations that apply to health information (see Section 3).

2.4 Technical and analytical information

When visiting our websites we may automatically collect:

• IP address
• Browser and device information
• Pages visited
• Approximate geographic location
• Referring websites

Analytical information is generally collected in aggregate and is not ordinarily used to personally identify individual users. Where data is de-identified before use in analytics or reporting, it is no longer treated as personal information.

3. Health Information

As a provider of physiotherapy and allied health services, we may collect health information, which is classified as sensitive information under the Privacy Act 1988.

Health information is generally collected through our external practice management systems when you book appointments or receive clinical services.

Sensitive health information — including Medicare details, health fund information, clinical notes, and treatment records — is handled in accordance with applicable privacy laws and healthcare record-keeping obligations.

4. Children's Privacy

Our websites may be accessed by individuals of any age, including minors under the age of 18.

Where a child is booking an appointment or submitting an enquiry, we expect that a parent or legal guardian is involved in, or has provided consent to, that interaction. If you are a parent or guardian submitting information on behalf of a child, you consent to the handling of that information in accordance with this policy.

We do not knowingly collect personal information directly from children without parental or guardian involvement. If we become aware that we have inadvertently collected personal information from a child without appropriate consent, we will take reasonable steps to delete that information promptly.

Parents or guardians may contact us at any time to request access to, correction of, or deletion of information relating to a child in their care.

5. How Information Is Collected

Personal information may be collected when you:

• Submit a contact form on our websites
• Book an appointment through external booking systems
• Visit our websites where analytics technologies operate

Analytics and tracking tools used on our websites include Google Analytics and the Meta Pixel (see Section 6 for more detail on the Meta Pixel).

6. Cookies and Tracking Technologies

Our websites use cookies and similar technologies to support website functionality and collect analytics information about how visitors use the site.

Google Analytics places cookies that help us understand how visitors interact with our websites. This data is aggregated and used to improve website performance and usability.

Meta Pixel is a tracking technology provided by Meta Platforms (Facebook). When you visit our website, the Meta Pixel may:

• Track which pages you visit and actions you take on our websites
• Share that behavioural data with Meta for the purpose of analytics and, potentially, advertising
• Associate your website activity with your Facebook or Instagram profile if you are logged into those platforms

We encourage you to review Meta's Data Policy at https://www.facebook.com/privacy/policy/ if you have concerns about how Meta handles this data.

Most web browsers allow cookies to be disabled or managed through browser settings. You may also opt out of interest-based advertising by Meta at https://www.facebook.com/adpreferences/.

7. Third-Party Service Providers

We rely on several third-party providers to operate our websites and support our services.

7.1 Infrastructure and communication services

• Directus — website content management system
• DigitalOcean — website hosting
• Cloudflare — DNS and content delivery
• SendGrid — email delivery services
• Twilio — SMS delivery services
• wsrv.nl — image caching and resizing service used to serve image content from our CMS; request logs are retained for up to 7 days and are not shared with third parties; servers are located in Finland and Germany

7.2 Appointment booking systems

Appointment bookings are handled through external healthcare practice management systems including:

• Cliniko — Privacy Policy: https://www.cliniko.com/policies/privacy/
• Nookal — Privacy Policy: https://www.nookal.com/privacy-policy/
• PracSuite — Privacy Policy: https://www.pracsuite.com/privacy-policy/
• PPMP — Privacy Policy: https://www.ppmp.com.au/privacy-policy

When you book an appointment using these systems, your information is collected and processed according to the privacy policies of those providers.

Service providers are given access only to the information necessary to perform their services and are expected to handle information in accordance with applicable privacy obligations.

8. How We Use Personal Information

We may use personal information to:

• Respond to enquiries submitted through our websites
• Facilitate appointment bookings through external systems
• Provide physiotherapy and allied health services
• Process Medicare and health fund billing and claims
• Improve website functionality and usability
• Analyse website traffic and visitor behaviour
• Maintain system security and reliability

We do not sell personal information to third parties.

9. Disclosure of Personal Information

Personal information may be disclosed to service providers that assist us in operating our website or delivering services.

These providers may include hosting providers, analytics providers, appointment booking platforms, Medicare Australia, and private health insurers.

Service providers are given access only to the information necessary to perform their services and are expected to handle information in accordance with applicable privacy obligations.

10. Overseas Disclosure

Some service providers we use operate global infrastructure and may process information outside Australia.

Services such as Google Analytics, Meta Platforms, Cloudflare, DigitalOcean, and SendGrid may process data using servers located in the United States or other jurisdictions. wsrv.nl processes image requests using servers located in Finland and Germany.

Where personal information is transferred overseas, we take reasonable steps to ensure service providers handle that information in accordance with Australian privacy laws.

11. Data Retention

Clinical records created through our practice management systems are retained for a minimum of seven years, in accordance with healthcare record-keeping obligations in Australia.

Information submitted directly through our websites, such as contact form enquiries, is generally retained for up to two years, after which it is deleted unless retention is required for a legitimate business or legal purpose.

Medicare and health fund billing records may be retained for longer periods where required by law or by the terms of applicable claiming arrangements.

12. Data Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Security measures include secure hosting infrastructure, restricted system access, and encrypted communication using HTTPS.

13. Notifiable Data Breaches

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988.

In the event of an eligible data breach — that is, a breach involving personal information that is likely to result in serious harm to one or more individuals — we will:

• Take immediate steps to contain the breach and assess its likely impact
• Notify affected individuals as soon as practicable
• Lodge a notification with the Office of the Australian Information Commissioner (OAIC)

Where it is not practicable to notify individuals directly, we will publish a statement on our websites and take reasonable steps to bring it to the attention of affected persons.

14. International Access

Our services are primarily intended for individuals located in Australia.

Certain pages of our websites, including careers or employment pages, may be accessed internationally by individuals seeking employment opportunities.

15. Marketing Communications

We do not currently send marketing communications from our websites.

If newsletters or promotional communications are introduced in the future, recipients will have the ability to opt out or unsubscribe at any time.

16. Access and Correction

Under the Australian Privacy Principles, individuals have the right to request access to personal information we hold about them, and to request correction of information that is inaccurate, incomplete, or outdated.

We will respond to access and correction requests within 30 days of receipt.

We do not charge a fee for making an access request. A reasonable fee may apply where retrieval of information requires significant time or resources, in which case we will advise you of any applicable fee before proceeding.

Before providing access to personal information, we may need to verify your identity to protect against unauthorised disclosure. We will ask for reasonable identifying information for this purpose.

Requests can be made using the contact details provided in Section 18.

17. Privacy Complaints

If you believe we have breached the Australian Privacy Principles or mishandled your personal information, you may submit a complaint to us using the contact details in Section 18.

We will acknowledge your complaint promptly and aim to investigate and respond within 30 days. Where a matter is complex, we will keep you informed of progress.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

• Website: https://www.oaic.gov.au/privacy/privacy-complaints
• Phone: 1300 363 992
• Mail: GPO Box 5218, Sydney NSW 2001

18. Contact

Privacy enquiries, access requests, correction requests, or complaints can be directed to:

PHYSIOCHOICE PTY LTD
[email protected]
1/121 Hotham Street, Traralgon VIC 3844

19. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, practices, or legal obligations.

The latest version will always be published on our websites with the updated revision date shown at the top of this document.