1. Types of Personal Information we collect
As part of delivering our Services we may collect personal information about you as defined under the Privacy Act 1998 (Privacy Act). We will only collect personal information where it is reasonably necessary for the performance of our services or functions. The personal information we collect may include the following:
- Account & appointment booking information: this includes information that we collect when you register for our Services or otherwise book an appointment with us. The information we collect includes your name, date of birth, email address, mailing address, personal or work telephone number, emergency contact details and your selected booking time and other details of the booking you directly give us during the booking process.
- Participant information: this includes information that you have provided to us when you are participating in the Services. The information we collect includes details relevant to the Service you have requested and any other additional information you provide to us directly or indirectly through your use of the Services. We use such information to assist in providing our Services to you.
- Financial information: this includes information such as Government funding, payment card details and bank account details. We use this information to send to our third party payment gateways when you make a payment for Services.
- Services use information: any information you provide when you use our Services. For example, when you contact us we collect information that enables the Services to be able to run.
- Marketing use information: this includes information provided to us using a marketing or newsletter sign up form.
- Surveys: information in connection with surveys, questionnaires and promotions.
- Other information we collect related to your use of the Services: your device identity and type, I.P. address, geo-location information, page view statistics, advertising data and standard web log information and any other information provided by you to us via our Services or our online presence, or otherwise required by us or provided by you.
As part of delivering our Services, we may also collect sensitive information which may also include health information as defined in the Privacy Act. The sensitive information we collect may include your:
- racial or ethnic origin, and whether you require the use of an interpreter;
- political opinions;
- membership of a political association;
- religious beliefs or affiliations;
- philosophical beliefs;
- membership of a professional or trade association;
- membership of a trade union;
- sexual orientation or practices;
- criminal record;
- biometric data; and
- medical and health history.
Sensitive information is subject to a higher level of privacy protection than other personal information and is handled by us in the following ways:
- sensitive information will only be collected with consent, except in specified circumstances under the Privacy Act or such collection is otherwise required by law;
- sensitive information will not be used or disclosed for a secondary purpose unless the secondary purpose is directly related to the primary purpose of collection and within the reasonable expectations of the individual, or otherwise in specified circumstances under the Privacy Act or it is otherwise required by law;
- sensitive information will not be used for the secondary purpose of direct marketing;
- before we disclose sensitive information overseas, we will take reasonable steps to ensure that recipient does not breach the Australian Privacy Principles in relation to that information; and
- sensitive information will not be shared with our related bodies corporate in the same way that we may share other personal information.
2. How we collect Personal Information
We may collect personal information either directly from you, or from third parties, including where:
- you register or sign up to the Services;
- you provide information directly to us through the Services or on a hardcopy form (when request an appointment a record is created of your details). This may also include health information as set out above. Such information is generally collected directly from you in this regard, however, may also be gathered from other people such as a health service or a family member;
- you enquire about or make an appointment for the Services;
- you use our website generally;
- you attend an appointment or receive a Service from us generally;
- you subscribe to any of our newsletters;
- you contact us through our website, in person, by phone or in writing;
- you submit any of our online sign up forms;
- you deal with us generally via email, letters, telephone, facsimile, online chatbots, expos, universities, website forms, SMS, social applications (such as LinkedIn, Facebook or Twitter) or otherwise;
- you interact with our Services, website, social applications, services, content, advertising and marketing campaigns; and/or
- you invest in our business or enquire as to a potential purchase of our business.
We may also collect your personal information from third parties including:
- other medical practitioners or health service providers;
- referral agencies;
- a family member providing personal information on your behalf;
- legal documentation;
- Government agencies and insurers;
- third parties who produce any content, advertising, and marketing campaigns for us that you may interact with; and
- our other service providers and publicly available sources.
Where we collect your personal information from a third party, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party. By providing personal information about another person to us, you represent that you are legally permitted to do so, and we will not be responsible for verifying any such authorisation.
Cookies and data tracking technologies
We may also collect personal information from you when you use or access our Services or our social media pages. This may be done through use of web analytics tools, ‘cookies’ or other similar tracking technologies that allow us to track and analyse your Services usage. Cookies are small files that store information on your computer, mobile phone or other device and enable and allow the creator of the cookie to identify when you visit different websites. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience of the Service. Persistent cookies can be removed by following Internet browser help file directions. Cookies may enable automatic logins when you visit in the future and may enable content customisation.
We may also use third party vendor tracking cookies, including:
- the Google Analytics and AdWords tracking cookie;
- Facebook pixel;
- LinkedIn pixel;
- Wildjar tracking integration;
- HubSpot tracking integration;
- Hotjar tracking integration; and
- Clickcease tracking integration.
3. Use of your Personal Information
We collect and use your personal information for the following purposes:
- to provide our Services, products and information to you including to:
- assist in streaming and personalising information for you;
- enable us to process your personal data;
- manage our relationship with you, including information about similar Services, products or terms and conditions;
- enable you to communicate with us regarding your use of the Services;
- confirm your identity;
- provide information about you to our contractors, employees, consultants, agents or other third parties for the purpose of providing the services to you; and
- communicate with you about your records, or any transaction;
- to administer contracts including to negotiate, execute and or manage a contract with you;
- to be de-identified for the purposes of generating statistical data and improving the Services;
- for record keeping and administrative purposes, including accounting purposes;
- to administer, operate, protect, improve and optimise the website and our service offerings and customer experience;
- for advertising and marketing purposes (including for analytics);
- to comply with our legal obligations, resolve disputes or enforce our agreements with third parties;
- to enable you to take part in a competition;
- to send you marketing and promotional messages and other information that may be of interest to you and for the purpose of direct marketing (in accordance with the Spam Act 2003 (Cth)). In this regard, we may use email, SMS, social media or mail to send you direct marketing communications. You can opt out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link);
- for quality, training and coaching purposes;
- to send you administrative messages, reminders, technical notices, updates, security alerts, and other information about our products and services requested by you; and
- to facilitate employment enquiries.
You acknowledge and agree that we may also deal with your personal information in any other manner which is permitted by any agreement that we have in place with you (including without limitation in accordance with the privacy statement set out in the NDIS Service Agreement entered into between us and you (if applicable)), or otherwise in accordance with our other policies we have in place from time to time.
4. Disclosure of your Personal Information
We may share your personal information with service providers utilised by us in the provision of the Services to:
- develop and improve our Services;
- provide you with the Services;
- conduct quality assurance testing;
- provide support; and/or
- provide other services to us.
The service providers (and if necessary data processors) include:
- information technology service providers such as web host providers and analytical providers;
- mailing houses and such other suppliers that assist in delivering products and services;
- organisations who carry out credit, fraud and other security checks;
- payment processors;
- hosting services;
- content delivery services;
- IT support providers;
- marketing businesses engaged by us to disseminate materials to which recipients have consented; and
- specialist consultants.
We limit the information we provide to third parties to the information they need to help us provide or facilitate the provision of goods and services and associated purposes. We deal with third parties that are required to meet the privacy standards required by law in handling your personal information, and use your personal information only for the purposes that we give it to them.
Affiliates and Acquisitions
Third parties with your consent and in other circumstances
We may also disclose your personal information to third parties to whom you expressly ask us to send the personal information to, or to third parties where permitted under the Privacy Act or where required in order to provide our Services to you. This also includes:
- your authorised representatives;
- your personnel or person responsible for you (including your parents, children or siblings);
- other medical practitioners or health service providers;
- government and regulatory authorities and other similar organisations, as required or authorised by law or as required as part of the Services; and
- such entities that we propose to merge with or be acquired by.
We may need to disclose your information to third parties outside of Australia and service providers located internationally in order to enable us to provide the Services, this includes service providers and contractors who are located overseas (telephone answering service, data analytics, IT services) and data processing services. The countries to which we may disclose your information include without limitation the United States of America, the European Union and Australia.
Where we use a supplier outside of Australia, we will take reasonable steps in the circumstances to ensure that such overseas recipient does not breach the Australian Privacy Principles (except where such steps are not required under the Privacy Act).
We may also aggregate and/or make anonymous your personal information including sensitive information to make it available for the purposes of generating statistical data for the conducting of research and improving the Services.
5. Emails & Marketing
In order to provide the Services to you, you agree to receiving notifications from us for the following purposes:
- notifications about activity for our Services including appointment updates (such as booking time reminders) and general updates;
- communication from us or our representatives in connection with the Services; and
- marketing and promotional messages and other information that may be of interest to you and for the purpose of direct marketing. This includes where you have signed up to our marketing or promotional newsletters.
By default you will receive these notifications to your nominated phone number and/or email address.
6. Storage & security
- computer software systems (HubSpot, Zendesk, Nookal, Aircall, IntelliHR, World Manager, Asana, Airtable, Slack, Quickbooks);
- cloud-based file storage systems (Google drive and Microsoft One Drive);
- hard copy files;
- external IT solutions; and
- on our electronic devices.
We take reasonable steps to ensure your personal information is secure and protected from misuse or unauthorised access. Our information technology systems are password protected (two factor authentication where applicable), and we use a range of administrative and technical measure to protect these systems (including anti-malware software). However, we cannot guarantee the security of your personal information.
Our Services may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites and we suggest you review the privacy policies of those websites before using them.
8. Requesting access or correcting your Personal Information
Subject to the Privacy Act, you have a right to access and correct any personal information about you that we may hold. If you wish to request access to the personal information, we hold about you, please contact us using the contact details set out below including your name and contact details. We may need to verify your identity before providing you with your personal information. In some cases, we may be unable to provide you with access to all your personal information and where this occurs, we will explain why. We will deal with all requests for access to personal information within a reasonable timeframe.
If you think that any personal information we hold about you is inaccurate, please contact us using the contact details set out below and we will take reasonable steps to ensure that it is corrected.
If we receive a request from you to access or correct personal information we will respond to you within a reasonable time after receiving your request and in the manner requested by you, if it is reasonable and practicable for us to do so. We may charge a reasonable fee for giving access to the information.
9. If we can’t collect your Personal Information
If you do not provide us with the personal information described above, some or all of the following may happen:
- we may not be able to provide our Services to you, either to the same standard or at all;
- we may not be able to fulfil our obligations to you under any contract;
- we may not be able to provide you with information about the Services that you may want; or
- we may be unable to tailor the content of our Services to your preferences and your experience of our Services may not be as enjoyable or useful.
10. Notifiable data breach
In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act or any other subsequent sections or legislation which supersede this Part IIIC, we will follow our relevant notifiable data breach procedures in compliance with the Privacy Act and relevant laws.
12. Enquiries, requests & complaints
If you think your personal information, held by us, may have been compromised in any way or you have any other privacy related complaints or issues, you should also raise the matter with the Privacy Officer.
We will ensure your claims are investigated and a formal response will be provided to you, within a reasonable time, considering the circumstances of your claims. If any corrective action is determined to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you of such, again within a reasonable time considering the circumstances.
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commission, whose contact details are below.
Office of the Australian Information Commission
Telephone: 1300 363 992
Email: [email protected]
Office Address: Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address: GPO Box 5218, Sydney NSW 2001
Entity: Generation Physiotherapy Pty Ltd trading as Gen Physio
Contact: You can contact our Privacy Officer by emailing [email protected]
Definition of privacy
We also use various technologies to collect information, and this may include sending cookies to your computer. We may also collect information using web beacons (also known as ‘tracking pixels’). Web beacons are electronic images that may be used in our services or emails and to track count visits or understand usage and campaign effectiveness.
Cookies are small data files stored on your hard drive or in your device memory that helps us to improve our services and your experience, see which areas and features of our services are popular and count visits.
We collect anonymous data from every visitor of the Website to monitor traffic and fix bugs. For example, we collect information like web requests, the data sent in response to such requests, the Internet Protocol address, the browser type, the browser language, and a timestamp for the request.
By using our website, you accept the use and installation of these cookies to provide you with these services.
Storage and security of your personal information
Gen Physio may collect personal information where this is required for the work we undertake. We will only collect personal information by lawful and fair means and primarily directly from you (for example, through our interaction with you or your use of our website).
Gen Physio may occasionally use the information you provide to inform of any new services or upcoming special offers that are available. You have the right of access to any personal information held about you and to ask us to correct it if it is inaccurate, out of date or request for it to be removed from our database.
Any information entered into our Gen Physio referral forms is used to create a client profile within our database. We keep all client records locked by password encryption. Only staff of Gen Physio will have access to these files.
Sharing of data
Gen Physio has policy and procedures to ensure that we manage information about people in accordance with privacy laws, and ensure our workers understand these policies and procedures. Gen Physio may need to disclose information about a client without consent from the person involved. However, any information you provide to Gen Physio is treated with the utmost respect for privacy. Gen Physio does not participate in spamming, and will not distribute non-public customer information to any third parties.
We may allow third parties to provide analytical services that may collect information regarding web browsers, IP addresses, pages viewed, time spent on pages, links clicked and conversion tracking.
The only personal information we collect about you is what you tell us about yourself when you fill in a form, send us an e-mail or speak to one of our client support team members. For example, this may include but is not limited to your name, e-mail and mailing addresses, contact numbers and date of birth.
We collect the information you provide directly to us. For example, we collect information when you participate in any interactive features of our services, fill out a form, request customer support or otherwise communicate with us. The types of information we may collect include your name, email, address, postal address and other contact or identifying information you choose to provide.
When you make an appointment with Gen Physio you give us permission to send you electronic and SMS communications at any time.
You can opt out of or change your communication preferences at any time here.
Correction of your personal information
Gen Physio is committed to maintaining your personal information within our software systems. If you would like to update any of this, please contact us here.
Accessing your personal information
As a Gen Physio client, you have the right to access your personal information that Gen Physio holds about you. If you wish to receive a copy of this information, please contact us. Gen Physio can reserve the right to refuse you access to your personal information as permitted under the Privacy Act.
If you require further information about privacy within Australia and protecting your privacy, you can visit the Office of the Australian Information Commissioner at www.oaic.gov.au