Privacy Policy

1. Scope of This Policy

This Privacy Policy applies to all personal and health information collected by Elev8d Therapy through:

• Our website (elev8dtherapy.com.au)
• Online booking system
• In-person consultations and treatments
• Phone and email communications
• Paper-based forms and records

As a health service provider, we are bound by additional obligations under the Health Records and Information Privacy Act 2002 (NSW) regarding health information.

2. Information We Collect

Personal Information

We collect the following personal information:

• Identity information: Name, date of birth
• Contact information: Email address, phone number, residential address
• Appointment information: Booking dates, times, and service preferences
• Payment information: Payment method details (processed securely by third-party payment providers)

Health Information (Sensitive Information)

As a massage therapy practice, we collect health information which is classified as "sensitive information" under Australian privacy law. This includes:

• Medical history: Current and past injuries, conditions, surgeries, and treatments
• Health conditions: Chronic pain, allergies, pregnancy status, contraindications
• Treatment notes: Clinical observations, treatment plans, progress notes
• Referral information: Information from or to other healthcare providers (with your consent)
• Lifestyle factors: Occupation, activity levels, and factors relevant to treatment

Technical Information

When you visit our website, we automatically collect:

• IP address and browser type
• Pages visited and time spent on site
• Referring website
• Device type and operating system

3. How We Use Your Information

Primary Purposes

We use your information to:

• Provide massage therapy and rehabilitation services
• Create and maintain your client health record
• Process and manage your appointments
• Communicate with you about your treatment
• Send appointment reminders and confirmations
• Process payments and issue receipts

Secondary Purposes

With your consent, we may also use your information to:

• Send you health and wellness information
• Inform you about our services and promotions
• Request feedback to improve our services

Legal and Administrative Purposes

• Comply with legal and regulatory requirements
• Respond to legal requests or court orders
• Protect our rights and safety

4. Legal Basis for Processing

We process your information based on:

• Consent: You provide explicit consent for collection of health information when completing intake forms
• Contractual necessity: Processing is necessary to provide the services you have requested
• Legal obligation: We are required by law to maintain health records
• Legitimate interests: For administrative purposes and improving our services

Health Information Consent

Collection of health information requires your explicit consent. By completing our health intake form and agreeing to treatment, you consent to the collection, use, and storage of your health information for the purposes outlined in this policy.

5. Storage and Protection

Data Security

We protect your information through:

• Secure, encrypted electronic storage systems
• Password-protected access to client records
• Physical security measures for paper records
• Staff training on privacy and confidentiality
• SSL encryption on our website
• Secure payment processing through third-party providers

Record Retention

In accordance with NSW Health Records regulations, we retain health records for:

• Adult clients: 7 years from the date of last treatment
• Clients under 18: Until the client turns 25, or 7 years from last treatment, whichever is longer

After the retention period, records are securely destroyed.

Data Location

Your personal and health information is stored in Australia. We do not transfer health information overseas without your explicit consent.

6. Who We Share Information With

We May Share Your Information With:

• Other healthcare providers: With your consent, for continuity of care (e.g., referring doctor, physiotherapist)
• Health funds: To process your health insurance claims
• Service providers: Who assist with appointment booking, payment processing, and IT services (bound by confidentiality agreements)
• Legal authorities: When required by law or court order

We Will NOT:

• Sell your personal or health information
• Share your information for marketing purposes without consent
• Disclose your health information without your consent (except where legally required)

7. Your Privacy Rights

Under Australian privacy law, you have the right to:

Access Your Information

You can request access to the personal and health information we hold about you. We will respond within 30 days and provide access in the format you request where reasonably possible.

Correct Your Information

If you believe information we hold is inaccurate, incomplete, or out of date, you can request correction. If we disagree with the correction, you may request we attach a statement to the record.

Withdraw Consent

You may withdraw consent for:

• Marketing communications (at any time)
• Certain uses of your information (subject to our legal obligations to retain health records)

Request Deletion

You may request deletion of your personal information where we no longer need it. Note that we are legally required to retain health records for the periods specified above.

Data Portability

You can request a copy of your health records in a commonly used format to transfer to another healthcare provider.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: info@elev8dtherapy.com.au
• Phone: +614 21486867
• Address: Unit 5, 72 Canterbury Rd Bankstown 2200

We may need to verify your identity before processing your request.

8. Cookies and Tracking Technologies

Our website uses cookies to improve your experience and enable certain functionality.

Essential Cookies

Required for the website to function properly:

• Session cookies: Maintain your session while browsing
• Security cookies: Protect against cross-site request forgery
• Consent cookies: Remember your cookie preferences

Analytics Cookies

Help us understand how visitors use our website (used only with your consent).

Managing Cookies

You can manage cookie preferences through:

• Our cookie consent banner
• Your browser settings

For detailed information, see our Cookie Policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

For significant changes affecting how we handle health information, we will notify you directly via email or at your next appointment.

10. Contact Us

For questions about this Privacy Policy or how we handle your information:

11. Complaints

If you believe we have breached your privacy, please contact us first so we can attempt to resolve the issue.

External Complaints

If you are not satisfied with our response, you may lodge a complaint with: