Privacy policy

PRIVACY POLICY

This privacy policy (Privacy Policy) sets out how The Therapy Station Pty Ltd trading as Kids Therapy Station and its related bodies corporate (as defined in the Corporations Act 2001 (Cth)) (we, our, us) collects, stores, uses, protects, shares and discloses your personal information.

We confirm that we have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the Australian Privacy Principles may be obtained from www.privacy.gov.au.

This Privacy Policy applies to the services we provide and our related websites, social media pages, tools and applications (together the Services[PS1] ). By participating in our Services you agree to the collection, storage, usage and disclosure of your personal information by us in the manner described in this Privacy Policy.

In this privacy policy the word ‘Services’ refers to the services which we provide in the ordinary course of conducting our business. This includes, but is not limited to, Occupational Therapy, Speech Therapy, Psychology or any other allied health service that we may offer from time to time.

1. Types of Personal Information we collect

As part of delivering our Services we may collect personal information about you as defined under the Privacy Act. We will only collect personal information where it is reasonably necessary for the performance of our services or functions. The personal information we collect may include the following:Account & appointment booking information: this includes information that we collect when you register for our Services or otherwise book an appointment with us. The information we collect includes your name, date of birth, email address, mailing address, personal or work telephone number, emergency contact details and your selected booking time and other details of the booking you directly give us during the booking process.

  • Participant information: this includes information that you have provided to us when you are participating in the Services. The information we collect includes details relevant to the Service you have requested and any other additional information you provide to us directly or indirectly through your use of the Services. We use such information to assist in providing our Services to you.

  • Financial information: this includes information such as Government funding, payment card details and bank account details. We use this information to send to our third party payment gateways when you make a payment for Services.

  • Services use information: any information you provide when you use our Services. For example, when you contact us we collect information that enables the Services to be able to run.

  • Marketing use information: this includes information provided to us using a marketing or newsletter sign up form.

  • Surveys: information in connection with surveys, questionnaires and promotions.

  • Other information we collect related to your use of the Services: your device identity and type, the time and date you visited our website, your I.P. address, operating system, we browser type and version, geo-location information, page view statistics, advertising data and standard web log information and any other information provided by you to us via our Services or our online presence, or otherwise required by us or provided by you.

Sensitive information

As part of delivering our Services, we may also collect sensitive information which may also include health information as defined in the Privacy Act. The sensitive information we collect may include your:

  • racial or ethnic origin, and whether you require the use of an interpreter;

  • religious beliefs or affiliations;

  • philosophical beliefs;

  • sexual orientation or practices;

  • criminal record; and

  • health information (as defined in the Privacy Act). 

Sensitive information is subject to a higher level of privacy protection than other personal information and is handled by us in the following ways:

  • sensitive information will only be collected with consent, except in specified circumstances under the Privacy Act or such collection is otherwise required by law;

  • sensitive information will not be used or disclosed for a secondary purpose unless the secondary purpose is directly related to the primary purpose of collection and within the reasonable expectations of the individual, or otherwise in specified circumstances under the Privacy Act or it is otherwise required by law;

  • sensitive information will not be used for the secondary purpose of direct marketing;

  • before we disclose sensitive information, we will take reasonable steps to ensure that recipient does not breach the Australian Privacy Principles in relation to that information; and

  • sensitive information will not be shared with our related bodies corporate in the same way that we may share other personal information.

2. How we collect Personal Information

We may collect personal information either directly from you, or from third parties, including where:

  • you register or sign up to the Services;

  • you provide information directly to us through the Services or on a hardcopy form (when requesting an appointment a record is created of your details). This may also include health information as set out above. Such information is generally collected directly from you in this regard, however, may also be gathered from other people such as a health service or a family member;

  • you enquire about or make an appointment for the Services;

  • you use our website generally;

  • you attend an appointment or receive a Service from us generally;

  • you subscribe to any of our newsletters;

  • you contact us through our website, in person, by phone or in writing;

  • you submit any of our online sign up forms;

  • you deal with us generally via email, letters, telephone, facsimile, online chatbots, expos, universities, website forms, SMS, social applications (such as LinkedIn, Instagram, Facebook or Twitter) or otherwise;

  • you interact with our Services, website, social applications, services, content, advertising and marketing campaigns; and/or

  • you invest in our business or enquire as to a potential purchase of our business.

We may also collect your personal information from third parties including:

  • other medical practitioners or health service providers;

  • referral agencies;

  • a family member providing personal information on your behalf;

  • legal documentation;

  • Government agencies and insurers;

  • third parties who produce any content, advertising, and marketing campaigns for us that you may interact with; and

  • our other service providers and publicly available sources.

Where we collect your personal information from a third party, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party. By providing personal information about another person to us, you represent that you are legally permitted to do so, and we will not be responsible for verifying any such authorisation.

Cookies and data tracking technologies

We may also collect personal information from you when you use or access our Services or our social media pages. This may be done through use of web analytics tools, ‘cookies’ or other similar tracking technologies that allow us to track and analyse your Services usage. Cookies are small files that store information on your computer, mobile phone or other device and enable and allow the creator of the cookie to identify when you visit different websites. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience of the Service. Persistent cookies can be removed by following Internet browser help file directions. Cookies may enable automatic logins when you visit in the future and may enable content customisation.

We may also use third party vendor tracking cookies, including:

•      the Google Analytics and AdWords tracking cookie;

•      Facebook pixel;

•      LinkedIn pixel;

•      Instagram pixel;

•      Wildjar tracking integration;

•      HubSpot tracking integration;

•      Hotjar tracking integration; and

•      Clickcease tracking integration.

You can opt out of Google’s use of cookies or device identifiers by visiting Google’s Ads Settings. Alternatively, you may visit the Network Advertising Initiative opt-out page or control the use of device identifiers by using your device’s settings.

Third parties as set out above may use cookies, web beacons, and other storage technologies to collect or receive information from the Service and elsewhere on the internet and use that information to provide measurement services and target ads. You can opt out of the collection and use of information for ad targeting using aboutads.info/choices.

By using our website, you accept the use and installation of these cookies to provide you with these services.

3. Use of your Personal Information

We collect and use your personal information for the following purposes:

  • to provide our Services, products and information to you including to:

  • assist in streaming and personalising information for you;

    • enable us to process your personal data;

    • manage our relationship with you, including information about similar Services, products or terms and conditions;

    • enable you to communicate with us regarding your use of the Services;

    • confirm your identity;

    • provide information about you to our contractors, employees, consultants, agents or other third parties for the purpose of providing the services to you; and

    • communicate with you about your records, or any transaction;

  • to deal with your queries, enquiries or customer service requested;

  • to administer contracts including to negotiate, execute and or manage a contract with you;

  • to be de-identified for the purposes of generating statistical data and improving the Services;

  • for record keeping and administrative purposes, including accounting purposes;

  • to administer, operate, protect, improve and optimise the website and our service offerings and customer experience;

  • for advertising and marketing purposes (including for analytics);

  • to comply with our legal obligations, resolve disputes or enforce our agreements with third parties;

  • to enable you to take part in a competition;

  • to send you marketing and promotional messages and other information that may be of interest to you and for the purpose of direct marketing (in accordance with the Spam Act 2003 (Cth)). In this regard, we may use email, SMS, social media or mail to send you direct marketing communications. You can opt out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link);

  • for quality, training and coaching purposes;

  • to send you administrative messages, reminders, technical notices, updates, security alerts, and other information about our products and services requested by you; and

  • to facilitate employment enquiries.

You acknowledge and agree that we may also deal with your personal information in any other manner which is permitted by any agreement that we have in place with you (including without limitation in accordance with the privacy statement set out in the NDIS Service Agreement entered into between us and you (if applicable)), or otherwise in accordance with our other policies we have in place from time to time.

4. Disclosure of your Personal Information

We may disclose your personal information to third parties for the purposes contained in this Privacy Policy, including without limitation to:

Service Providers

We may share your personal information with service providers utilised by us in the provision of the Services to:

  • develop and improve our Services;

  • provide you with the Services;

  • conduct quality assurance testing;

  • provide support; and/or

  • provide other services to us.

The service providers (and if necessary data processors) include:

  • information technology service providers such as web host providers and analytical providers;

  • mailing houses and such other suppliers that assist in delivering products and services;

  • organisations who carry out credit, fraud and other security checks;

  • payment processors;

  • hosting services;

  • content delivery services;

  • IT support providers;

  • marketing businesses engaged by us to disseminate materials to which recipients have consented; and

  • specialist consultants.

We limit the information we provide to third parties to the information they need to help us provide or facilitate the provision of goods and services and associated purposes. We deal with third parties that are required to meet the privacy standards required by law in handling your personal information, and use your personal information only for the purposes that we give it to them.

Affiliates and Acquisitions

We may share some or all of your personal information with our parent company, subsidiaries, joint ventures, or other companies under a common control (Affiliates), in which case we will require our Affiliates to honour this Privacy Policy. In the event we are involved in a merger, acquisition or sale of assets we may disclose personal information collected by us to such entities that we propose to merge with or be acquired by, and will assume the rights and obligations regarding your personal information as described in this Privacy Policy.

Third parties with your consent and in other circumstances

We may also disclose your personal information to third parties to whom you expressly ask us to send the personal information to, or to third parties, where we are permitted to do so under the Privacy Act or where required in order to provide our Services to you. This may include disclosing your personal information to:

  • your authorised representatives;

  • your personnel or person responsible for you (including your parents, children or siblings);

  • other medical practitioners or health service providers;

  • your NDIS Plan Manager and Support Coordinator

  • government and regulatory authorities and other similar organisations, as required or authorised by law or as required as part of the Services; and

  • such entities that we propose to merge with or be acquired by.

We may need to disclose your information to third parties outside of Australia and service providers located internationally to enable us to provide the Services, this includes service providers and contractors who are located overseas (telephone answering service, data analytics, IT services) and data processing services. The countries to which we may disclose your information include without limitation the United States of America, and member states of the European Union. 

Where we use a supplier outside of Australia, we will take reasonable steps in the circumstances to ensure that such overseas recipient does not breach the Australian Privacy Principles (except where such steps are not required under the Privacy Act).

We may also aggregate and/or make anonymous your personal information including sensitive information to make it available for the purposes of generating statistical data for the conducting of research and improving the Services.

5. Emails & Marketing

In order to provide the Services to you, you agree to receiving notifications from us for the following purposes:

  • notifications about activity for our Services including appointment updates (such as booking time reminders) and general updates;

  • communication from us or our representatives in connection with the Services; and

  • marketing and promotional messages and other information that may be of interest to you and for the purpose of direct marketing. This includes where you have signed up to our marketing or promotional newsletters.

By default you will receive these notifications to your nominated phone number and/or email address. When those notifications are sent to you, we will include the ability for you to opt of further communications of that kind.

6. Storage & security

We use third-party cloud providers that provide hosting, data storage and other services. As at the date of this Privacy Policy, we currently store personal information in the following manner (with the following service providers):

  • computer software systems, including management systems;

  • cloud-based file storage systems (Google drive and Microsoft One Drive);

  • hard copy files;

  • external IT solutions; and

  • on our electronic devices.

We take reasonable steps to ensure your personal information is secure and protected from misuse or unauthorised access. Our information technology systems are password protected, and we use a range of administrative and technical measures to protect these systems (including anti-malware software). However, we cannot guarantee the security of your personal information.

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.

7. Links

Our Services may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites and we suggest you review the privacy policies of those websites before using them.

8. Requesting access or correcting your Personal Information

Subject to the Privacy Act, you have a right to access and correct any personal information that we may hold about you. If you wish to request access to the personal information we hold about you, please contact us using the contact details set out below. We may need to verify your identity before providing you with your personal information which may involve you providing us with your name and contact details. In some cases, we may be unable to provide you with access to all your personal information and where this occurs, we will explain why. We will deal with all requests for access to personal information within a reasonable timeframe.

If you think that any personal information we hold about you is inaccurate, please contact our Privacy Officer using the contact details set out below and we will take reasonable steps to ensure that it is corrected.

If we receive a request from you to access or correct personal information we will respond to you within a reasonable time after receiving your request and in the manner requested by you, if it is reasonable and practicable for us to do so. We may charge a reasonable fee for giving access to the information.

9. If we can’t collect your Personal Information

If you do not provide us with the personal information described above, some or all of the following may happen:

  • we may not be able to provide our Services to you, either to the same standard or at all;

  • we may not be able to fulfil our obligations to you under any contract;

  • we may not be able to provide you with information about the Services that you may want; or

  • we may be unable to tailor the content of our Services to your preferences and your experience of our Services may not be as enjoyable or useful.

10. Notifiable data breach

In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act or any other subsequent sections or legislation which supersede this Part IIIC, we will follow our relevant notifiable data breach procedures in compliance with the Privacy Act and relevant laws.

11. Updates

This Privacy Policy may be updated by us from time to time. The updated Privacy Policy will apply from when it is published on our website or otherwise communicated to you, whichever occurs first.  Each time you use our website you should revisit this Privacy Policy and familiarise yourself with any changes.  Continued use of our Services (including our website) shall indicate your acceptance of any changes. 

12. Enquiries, requests & complaints

Enquiries regarding this Privacy Policy or the personal information we may hold on you, should be addressed with our Privacy Officer who you can reach by email on admin@therapystation.com.au or by post to PO Box 5538 GCMC, Bundall Qld 4217.

If you think your personal information, held by us, may have been compromised in any way or you have any other privacy related complaints or issues, you should also raise the matter with our Privacy Officer.

We will ensure your claims are investigated and a formal response will be provided to you, within a reasonable time, considering the circumstances of your claims. If any corrective action is determined to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you of such, again within a reasonable time considering the circumstances.