Roar Physiotherapy are committed to protecting the privacy of your personal information. This Privacy Policy explains how Roar Physiotherapy manages the personal information that we collect, use and disclose and how to contact us if you have any questions regarding the management of your personal information.
Roar Physiotherapy is required by the Privacy Act 1988 (Cth) (Privacy Act) to comply with the Australian Privacy Principles (APP) (subject to the other provisions of the Privacy Act). The APP’s regulate the manner in which personal information is handled, from collection, to use and disclosure, storage, accessibility and disposal. Roar Physiotherapy is also required to comply with the Spam Act 2003 (Cth) (Spam Act) and the Do Not Call Register Act 2006 (Cth) (Do Not Call Register Act)
What is Personal Information?
‘Personal information’ is any information or an opinion, in any form and whether true or not, about an identified individual, or an individual who is reasonably identifiable from the information or opinion ascertained. Examples include an individual’s name, address, contact number and email address.
What is sensitive information?
Sensitive information is a subset of personal information. It means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or health information about an individual.
Given the types of health services we provide, we will collect information necessary to treat you which may include health or medical information. Otherwise, we attempt to limit the collection of sensitive information we collect from you. We do not collect sensitive information from you without your consent.
Collection of your personal information
Roar Physiotherapy will only collect personal information that is necessary for what we do. The type of information we may collect from you includes (but is not limited to) the following:
o if you contact us or make an enquiry through our website, our team may require any of the following information: your full name (first and last), your email address, your phone number, and any other information you offer in the body of your enquiry;
o for our patients (whether booking in person, over the phone, through our website or via our video consultations portal):
· your contact information such as first and last name and email address, preferred phone number, home address, gender, preferred clinic location, treatment request;
· your opinions via surveys and questionnaires concerning our staff or your experience with our Clinic, if applicable, including but not limited to your views on the products and services we offer (noting that we ordinarily do not collect your name, but your identity may be evident from the feedback provided);
· relevant medical information necessary to allow us to treat you (which may include, but are not limited to pre-treatment function or pain surveys);
· if necessary to treat you or contained in your referral to us, information about you from your insurer, employers, principal or doctors;
· any relevant payment or billing information, health fund, Medicare, pensioner or other Government related identifiers (including but not limited to bank account details, credit card details, billing address, payment information and invoice details);
· for video consultations, your IP address, profile and contact details on the selected online portal, and any other personal information that may be collected or incidentally supplied by you by virtue of the video consultation; and
· in certain limited circumstances, we may request you provide us with additional personal information which may indicate whether you have had exposure to an infectious disease;
o if you are an applicant for employment with us, or engaged by us as an employee:
· details relating to your employment and performance related information (if applicable);
· personality screening and profiling for new-starters that may reveal personal or sensitive information about you;
· contact information: such as your name, e-mail address, current postal and residential address, phone numbers, country of residence, next of kin contact details;
· CV, resume or application related information: such as the details provided in your resume or CV, your eligibility to work in Australia, your education, previous employment details, professional memberships or trade qualifications; and
· tax, superannuation and payroll information: such as your Tax File Number and ATO declaration, superannuation details and financial institution details.
o if you are engaged by us as a contractor or sole trader:
· the details listed above, except that references to “employment” are replaced by references to “contractor / sole trader engagement”, as applicable; and
· company name, ACN or ABN details (or both);
o where we interact with you via social media and other marketing activities: your activity including “likes”, comments posted, your opinions or feedback and any other information pertaining to your social media activities which concern, or relate, to us.
As much as possible or unless provided otherwise under this policy, we will collect your information directly from you.
When you engage in certain activities, such as filling out a survey or sending us feedback, we may ask you to provide certain information. It is completely optional for you to engage in these activities.
Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory data or any other information we require in order for us to provide our services to you, we may be unable to effectively provide our services to you.
Due to the nature of the products and services we provide to you, it is impractical (and in some cases, impossible) for us to deal with you on an anonymous basis or through use of a pseudonym (other than when you are providing us with anonymous feedback).
Cookies and IP addresses
We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
If you use our website, we may utilise “cookies” which enable us to monitor traffic patterns and to serve you more efficiently if you revisit the site. Cookies are small text files which are downloaded on to your computer or mobile device when you visit a web site or application.
A cookie does not identify you personally but it does identify your computer, and certain types of cookies can identify you when combined with other personal information we hold about you. Your browser should notify you when you receive a cookie or the first time you visit our website and this will provide you with an opportunity to either accept or reject it.
There are several types of cookies that our website uses, such as those:
o necessary to operate our website – administrative and operational purposes; and
o that collect statistics/analytics on how you use our website – where you visited our website from, what your interaction was with.
You may restrict, block or delete cookies from our website (www.roar.physio), by adjusting the settings of your browser. Each browser is different, so consult the ‘Help’ menu of your particular browser to learn how to change your cookie preferences.
Use and Disclosure of Personal and Health Information
The personal information you provide to Roar Physiotherapy will be collected for the primary purpose of providing high quality health care. If Roar Physiotherapy uses or discloses your personal and/or health information for a purpose (secondary purpose) other than the main reason for which it was originally collected (primary purpose), to the extent required by the Privacy Act, we will ensure that:
The secondary purpose is related to the primary purpose (and directly related in the case of sensitive information) and you would reasonably expect that Roar Physiotherapy would use or disclose your information in that way;
You have consented to the use and disclosure of your personal and/or health information for the secondary purpose.
Where required, personal and/or health information will be disclosed as required or authorised by or under law or as otherwise permitted by the Privacy Act.
Why do we collect Personal and Health Information?
Roar Physiotherapy collects personal and/or health information for a range of purposes including:
the provision of our health-related services to you (including via video consultations);
providing a medical report to your insurer, employer or treating practitioner as required;
the administration and management of our services, including payment processing, charging, billing, credit card authorisation and verification, health care rebates;
the improvement of our services (including to contact you about those improvements and asking you to anonymously participate in surveys about the products and services);
the maintenance and development of our products and services, business systems and infrastructure;
marketing and promotional activities by us and our related bodies corporate (including by electronic direct mail), such as patient newsletters; appointment reminders,
to provide patient service functions, including handling patient enquiries and complaints (including any complaints to regulatory bodies about the services provided);
processing refunds; and
to allow us to take any necessary or reasonable precautions to prevent the spread of an infectious disease;
For persons that apply for a role with us, are employed by us or are engaged by us as contractors or sole traders:
background checks and verification of your identity;
(upon carrying out your duties or providing services), payment of amounts due and owing to you, including making payments to financial institution for payroll purposes;
Relevant superannuation company, Government agencies (including but not limited to the Australian Taxation Office, Centrelink), worker’s compensation organisation; and
administration, performance monitoring and management;
if you participate in our social media platforms (including but not limited to Facebook, Twitter or LinkedIn) and you provide us with your personal information, we will use it to send marketing material to you, patient service related contact, respond to social media messages and we may also re-post your post on our page or in our stories;
o as required or authorised by law;
o the sale, and matters in connection with a potential sale, of our business or company to a third party; and
o any other matters reasonably necessary to continue to provide our products and services to you.
We may also use or disclose your personal information and in doing so we are not required to seek your additional consent:
o when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose;
o if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
o if we have reason to suspect that unlawful activity has been, or is being, engaged in; or
o if it is required or authorised by law (including but not limited to regulatory bodies such as the Australian Securities and Investment Commission).
In the event we propose to use or disclose such personal information other than for reasons above, we will first seek your consent prior to such disclosure or use.
If you have received communications from us and you no longer wish to receive those sorts of communications, you should contact us by e-mail at admin@roar.physio and we will ensure the relevant communication ceases. Any other use or disclosure we make of your personal information will only be as required by law or as permitted by the Privacy Act or by this policy or otherwise with your consent.
Spam
We will not send you any commercial electronic messages such as SMS’s or emails unless this is permitted by the Spam Act. Any commercial electronic message that we send will identify Roar Physiotherapy as the sender and will include our contact details. The message will also provide an unsubscribe facility. If you do not wish to receive commercial electronic messages from us, please let us know.
Do Not Call Register
We will not call you on a number listed on the Do Not Call Register unless this is permitted under the Do Not Call Register Act. If you do not wish us to call you on a particular number, please let us know.
When do we disclose Personal/Health Information to Third Parties?
In performing our functions and activities, we may need to disclose personal and/or health information to third parties. Third parties may include, where appropriate:
Other members of your treating team where necessary.
Other health care professionals, if in our judgement that is necessary in the context of your treatment.
Financial institutions for payment processing.
Government and other regulatory bodies such as Department of Veterans Affairs, Transport Accident bodies and Workers Compensation bodies.
Your employer, where required and permissible in relation to a work related injury.
Associated Third Party applications for Practice Management, Personalised Marketing, Reputation Management and Social Media purposes (including; Cliniko, Birdeye, Send in Blue and more)
The types of organisations to which we may disclose your personal information
We may disclose your personal information to organisations outside of Roar Physiotherapy. Examples of organisations and/or parties that your personal information may be provided to include:
o service providers based here and overseas, including without limitation our IT service providers, consultants, billing providers, Practice Management and Social Media Software Companies;
o related entities and subsidiaries of Roar Physiotherapy;
o our contractors, sole traders who work with us and agents;
o law enforcement agencies, as required by law or a court order;
o hospitals, general practitioners (GPs) and other health practitioners;
Your personal information is disclosed to these organisations and/or parties only in relation to the products or services we provide to you or for a purpose permitted by this policy.
We take such steps as are reasonable to ensure that these organisations and/or parties are aware of the provisions of this policy in relation to your personal information.
Personalised Marketing
You expressly consent to us using your personal information (other than sensitive information), including any email address you give to us, to provide you with information and to tell you about our products, services or events when you are a patient of ours (or otherwise request to receive such information) (Personalised Marketing Communications) which we consider may be of interest to you.
Without limitation of the above, if it is within your reasonable expectations that we send you Personalised Marketing Communications given the transaction or communication you have had with us, then we may also use your personal information for the purpose of sending you Personalised Marketing Communications which we consider may be of interest to you.
If at any time you do not wish to receive any further Direct Marketing Communications from us, you may ask us not to send you any further information about products and services and not to disclose your information to other organisations for that purpose. You may do this at any time by using the “unsubscribe” facility included in the email or by contacting us at admin@roar.physio or by mail using the details provided below:
23 Port Kembla Drive, Bibra Lake WA 6163, Australia.
Remote Storage/Disclosures (including overseas)
Roar Physiotherapy holds some of your personal information on servers located on site at each Clinic, and its service provider’s cloud platforms. As such any personal information provided to Roar Physiotherapy may also be transferred to, and stored at, a destination outside Australia, including but not limited to Ireland, the United Kingdom and the United States where we may use third party service providers or contractors to assist our Clinics with providing our products and services to you. Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies (in locations such as Malaysia and New Zealand).
By submitting your personal information to Roar Physiotherapy, you expressly agree and consent to the disclosure, transfer, storing or processing of your personal information outside of Australia. In providing this consent, you understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia in relation to personal information.
The Privacy Act requires us to take such steps as are reasonable in the circumstances to ensure that any recipients of your personal information outside of Australia do not breach the privacy principles contained within the Privacy Act. By providing your consent, under the Privacy Act, we are not required to take such steps as may be reasonable in the circumstances.
If you do not agree to the transfer of your personal information outside Australia, please do not supply us with your personal information, or contact us by email at admin@roar.physio or by mail using the details provided below:
23 Port Kembla Drive, Bibra Lake WA 6163, Australia.
Data Quality and Security
We will hold your personal information for the purposes listed above, and we have taken steps to help ensure your personal information we hold is safe. You will appreciate, however, that we cannot guarantee the security of all transmissions or personal information, especially where the Internet is involved.
Notwithstanding the above, we will take reasonable steps to:
· make sure that the personal information we collect, use or disclose is accurate, complete and up to date;
· protect your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
· destroy or permanently de-identify personal information if it is no longer needed for its purpose of collection.
However, the accuracy of personal information depends largely on the information you provide to us, so we recommend that you:
· let us know if there are any errors in your personal information; and
· keep us up-to-date with changes to your personal information (such as your name or address).
We are required to comply with the notifiable data breaches scheme that commenced on 22 February 2018, should an eligible data breach occur in respect of the personal information we hold about you.
Access to and correction of your personal information
You are entitled to have access to any personal information relating to you which we possess, except in some exceptional circumstances provided by law. You are entitled to edit or delete such information unless we are required by law to retain it or permitted to retain it in accordance with this policy. However, we may keep track of past transactions for our accounting and audit requirements. Furthermore, it may be impossible to completely delete your information because some information may remain as backups.
If you would like access, delete, or correct any records of personal information we have about you, you are able to access, update and delete that information (subject to the above) online in your own account, or by contacting us at admin@roar.physio. We reserve the right to charge a fee for searching for and providing access to your information.
Complaints and Consent
If you wish to raise a complaint with us in regard to the way that we have handled your personal information or otherwise have any concerns, please write to us at admin@roar.physio or by mail using the details provided below:
23 Port Kembla Drive, Bibra Lake WA 6163, Australia.
We will take steps to handle and resolve your complaint, including escalating your complaint to an appropriate person to handle it.
This is a compliance document prescribed by law, rather than a legal contract. However certain contracts may incorporate all of part of this policy. By using our website or accepting our terms and conditions, you are agreeing to the terms of this policy.
If you are taken to a third party website from our website, this policy no longer applies to your personal information. Rather, you will need to review the privacy documentation of the third party website.
We reserve the right to modify our policy as our business needs require. We will notify you of such changes (whether by direct communication or by posting a notice on our website), after which, your continued use of our products, services or website or your continued dealings with us shall be deemed to be your agreement to the modified terms.
CONTACT US
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at admin@roar.physio or by mail using the details provided below:
23 Port Kembla Drive, Bibra Lake WA 6163, Australia