Privacy Policy

Overview

Physical Rehab is committed to protecting the privacy, dignity, and rights of all individuals engaging with our services, in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). The Privacy Act contains 13 Australian Privacy Principles (APPs) which provide the rules for how we must handle your personal information, including how you can request access to, and correction of, that information. Detailed information on the Privacy Act and the APPs can be found on the website of the Office of the Australian Information Commissioner (OAIC).

 This policy outlines how we collect, use, store, and disclose personal information provided through our website, digital services and direct service provision. We will only use or disclose personal information we hold about you in accordance with this Privacy Policy or as otherwise notified to you.

Information We Collect

We may collect the following types of information when you visit our website or contact us:

  • Personal information

  • Enquiry-related details or service needs

  • Technical data: browser type, IP address, device information (via cookies or analytics tools)

  • Sensitive health or disability information

What is personal information?

Personal Information is information that identifies an individual. Examples of Personal Information we collect include; names, addresses, email addresses, phone numbers, date of birth.

This Personal Information is obtained in many ways including interviews, correspondence, by telephone, by email, and via our website referral and enquiry forms (www.physicalrehabqld.com.au).

 

What is sensitive information?

Sensitive information is defined in the Privacy Act to include information about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:

  • For the primary purpose for which it was obtained

  • For a secondary purpose that is directly related to the primary purpose

  • With your consent; or where required or authorised by law.

*Please note that sensitive and health information can be obtained via the participant intake form (cultural and linguistic background, health information). Disability information is not marked as mandatory and can be completed as per participant’s prerogative.

Third parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. In some situations, third parties such as other referrers, government agencies or care team may provide information. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

 

Why We Collect Your Information

We collect your information to:

  • Respond to service or referral enquiries

  • Coordinate appropriate allied health services

  • Improve our website functionality and user experience

  • Meet our legal and professional obligations

We only collect information that is relevant and necessary for these purposes. Where appropriate and where possible, we will explain to you why we are collecting information and the intended use.

 

Consent and Participant Rights

By submitting personal or sensitive information through our website, you provide consent for Physical Rehab to collect, store, and use that information in accordance with this policy.

All participants of Physical Rehab have the right to:

  • Be treated with dignity and respect

  • Access, correct, or request deletion of their information

  • Withdraw consent at any time

  • Make a complaint without fear of consequence

  • Engage an advocate or representative

 

Information Sharing and Disclosure

Physical Rehab will only share personal or sensitive information:

  • With consent to third parties (e.g. to your care team, NDIS) to progress your care

  • Where required by law (e.g. mandatory reporting, court orders)

  • For internal clinical or administrative functions (e.g. scheduling)

We do not use or disclose personal information for direct marketing, and we do not sell personal data to third parties.

 

Use of Cookies and Analytics

Our website may use cookies and analytics tools to track:

  • Site performance

  • User behaviour and navigation

  • Technical performance issues

Cookies do not identify you personally. You may disable cookies in your browser settings.

 

Data Security and Storage

Your personal and sensitive information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, misuse or interference. We protect this information through:

  • Role-based access to medical record systems

  • Device encryption and password protection

  • Encrypted web forms and secure hosting

  • Secure cloud storage

When your personal information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of information collected is or will be stored in client files which will be kept by us for a minimum of 7 years. Unsolicited personal information received through our website is deleted or de-identified in accordance with APP 4.

 

AI and Data Handling

Physical Rehab may use secure, in-platform AI tools for administrative functions such as generating clinical summaries or notes. AI tools are:

  • Only used with written participant consent

  • Integrated within secure clinical systems (not public AI platforms)

  • Used to support, not replace, clinician judgment

 

Accessing and Correcting Your Information

You have the right to access and/or request correction of your personal information in accordance with APPs 12 and 13. To request access or correction, please contact in writing:

enquiries@physicalrehabqld.com.au

We will respond within a reasonable timeframe and provide your information free of charge in a timely, accessible format. To protect your personal information, we may require identification from you before releasing the requested information and require a consent to release information form completed.

 

Data Breach Management

If a data breach occurs, Physical Rehab will assess and manage the incident in line with APP 11 and the Notifiable Data Breaches Scheme. If the breach meets the threshold for notification, we will inform affected individuals and the OAIC within 30 days.

How to make a complaint or provide feedback

If you believe your privacy has been breached, please contact us directly. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

 

Policy Updates

We may update this policy as needed to reflect legislative or operational changes. The most recent version will always be available on this page.

 

Effective Date: June 2025
Last Reviewed: June 2025