Your information, handled with care.

1. Who we are

Health Society Co. ("we", "us", "our") is an allied health clinic based at 1/47-49 Flood Street, Leichhardt NSW 2040. We provide physiotherapy, occupational therapy, speech pathology, and related wellness services. We are bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the health records legislation that applies in New South Wales.

2. What we collect

We only collect information that's reasonably necessary to provide safe, effective care. That typically includes:

• Identifying details: name, date of birth, address, phone, email, emergency contact, Medicare or NDIS number, private health fund details.
• Health information: reason for visit, relevant medical history, assessments, clinical notes, treatment plans, progress reports, referrals, and correspondence with other practitioners.
• Billing information: payment details processed via HICAPS, Medicare, Tyro, or our third-party payment processor. We do not store raw card numbers on our systems.
• Booking and communications: appointment times, messages you send us, call recordings where you have been notified, and preferences you've shared.
• Website data: pages visited, referring URL, IP address, device and browser information, collected via cookies and analytics tools described below.

3. How we collect it

We collect information directly from you wherever possible, at booking, on intake forms, during your appointments, and through our website. In some cases we receive information from third parties with your consent: your GP or specialist (via referral), your NDIS plan manager or support coordinator, your parent or guardian (if you are under 18), or another clinician involved in your care.

4. Why we collect it

We use your information to:

• Provide assessments, treatment, and follow-up care.
• Communicate with you about appointments, results, and care plans.
• Process payments, claim rebates, and invoice third-party funders (Medicare, NDIS, private health insurers, worker's compensation).
• Coordinate your care with other clinicians involved in your treatment, where you have consented.
• Meet our professional, legal, and regulatory obligations, including record-keeping requirements under AHPRA and state health records legislation.
• Improve our services, in de-identified and aggregated form.

5. Who we share it with

We do not sell your information. We only share it where necessary and, wherever possible, with your consent:

• Other treating practitioners: your GP, specialists, or other allied health professionals involved in your care.
• Funders: Medicare, the NDIA / your plan manager, private health insurers, or worker's compensation insurers, for the purpose of claiming.
• Service providers: our practice management system (Cliniko), secure hosting providers, payment processors, email and SMS providers, and accountants. Each is bound by confidentiality and privacy obligations.
• Where required by law: for example in response to a subpoena, a mandatory reporting obligation, or a serious risk to life or safety.

Some of our service providers (including Cliniko and our analytics tools) store data on servers located in Australia or overseas. We take reasonable steps to ensure any overseas recipient handles your information consistently with the Australian Privacy Principles.

6. How we keep it secure

Clinical records are stored in Cliniko, an encrypted, Australian-hosted practice management system. Paper records, where they exist, are kept in locked cabinets on-site. Access is limited to staff who need it for their role. Staff, contractors, and students sign confidentiality agreements and are trained on privacy before they handle patient information. We review our security practices regularly.

7. How long we keep it

We retain adult health records for at least seven years from the date of your last appointment, and children's records until the age of 25, consistent with NSW health records legislation. After this period we securely destroy or de-identify records unless we're legally required to keep them longer.

8. Your rights

Under the Privacy Act and the APPs you have the right to:

• Access the personal and health information we hold about you.
• Request correction of information that is inaccurate, out of date, incomplete, or misleading.
• Withdraw your consent to certain uses (e.g. marketing communications) at any time.
• Make a complaint if you believe we've mishandled your information.

To exercise any of these rights, email us or call (02) 7227 9893. We'll respond within 30 days. There is no fee to make a request, though a reasonable administrative charge may apply if a lengthy record retrieval is required; we'll let you know first.

9. Website, cookies, and online booking

Our website uses cookies and similar technologies to remember your preferences, understand how visitors use the site, and keep it working well. You can block or delete cookies in your browser settings; some parts of the site may not function as intended if you do.

Online bookings are powered by Cliniko. When you book through our site, the booking widget is served by Cliniko under its own privacy policy (cliniko.com/policies/privacy). Information you enter there is transmitted directly to Cliniko's Australian servers and linked to your clinical record.

10. Marketing

We may occasionally send you emails about clinic news, events, or services we think you'll find useful. You can unsubscribe at any time using the link in the email or by contacting us directly. We will never use your clinical information for marketing.

11. Complaints

If you're concerned about how we've handled your information, please get in touch. We'd rather hear from you first and make it right. Email us or call and we'll acknowledge your complaint within five business days and respond in full within 30 days.

If you're not satisfied with our response you can contact the Office of the Australian Information Commissioner at oaic.gov.au or on 1300 363 992.

12. Changes to this policy

We may update this policy from time to time. The current version is always available on this page, with the last-updated date at the top. Material changes will be communicated to active clients by email.