PRIVACY POLICY

Melbourne Sports Physiotherapy Unit Trust Trading as Melbourne Sports Physiotherapy Pty Ltd, ABN 76 945 067 369

ABN 76 945 067 369

Last updated: 1st May 2026

1. About This Policy

Melbourne Sports Physiotherapy Unit Trust Trading as Melbourne Sports Physiotherapy Pty Ltd ("we", "us", or "our") recognises the importance of your privacy and is committed to protecting your personal and sensitive health information.

We are an APP Entity as defined in the Privacy Act 1988 (Cth). This Privacy Policy explains how we collect, hold, use, and disclose personal information in accordance with:

The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
The Health Records Act 2001 (Vic) and the Health Privacy Principles (HPPs)
The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth)
The My Health Records Act 2012 (Cth), where applicable

This policy applies to all services provided at our clinic, including sports physiotherapy, musculoskeletal physiotherapy, specialist physiotherapy, remedial massage, strength and conditioning, and all related services. It also applies to our website at www.melbournesportsphysiotherapy.com.au.

2. Definitions

Personal Information means any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether or not the information is true and whether or not recorded in material form. Examples include your name, address, email address, phone number, and date of birth.

Sensitive Information includes health information and is afforded a higher level of protection under Australian law. In the context of our clinic, sensitive information includes:

Medical history, diagnoses, medications, and treatment records
Injury history, imaging results, and referral letters
Performance and training data relevant to clinical care
Medicare, DVA, TAC, Workcover, Commcare or private health insurance details
Other categories of sensitive information as defined in the Privacy Act 1988 (Cth), such as racial or ethnic origin, where relevant to your care

3. Collection of Your Information

3.1 What We Collect

To provide our services, we may collect the following types of information:

Contact details: name, address, email address, phone number, date of birth
Health and medical information: medical history, medications, referrals, investigation results, treatment notes, and clinical records
Billing and payment information: Medicare number, DVA number, Workcover Claim number, TAC Claim number private health insurance details, and credit card or payment information
Emergency contact details
Correspondence records: notes of phone calls, emails, or other communications with our clinic

3.2 How We Collect It

We collect information directly from you where practicable, including through:

New patient registration forms (completed in clinic, online, or via our practice management system Cliniko, FingerInk & Cliniqapps, Gymmaster, Teambuildr, Phyisapp)
Telehealth consultations conducted via video or phone
Email, phone, or written correspondence with our clinic
Referrals received from other health providers (such as your GP or specialist)
Automatic collection via our website (see Section 10 on Cookies)

3.3 Why We Collect It

We collect personal and sensitive information only where it is reasonably necessary to provide you with our services. The primary purposes for collection include providing clinical care, processing Medicare or health fund claims, communicating with referring practitioners, fulfilling our professional and legal obligations, and improving the quality of care we provide.

4. Use and Disclosure of Your Information

4.1 Primary Use

Personal and sensitive information collected by us will generally only be used and disclosed for the purpose for which it was collected, or a directly related purpose that you would reasonably expect.

4.2 Disclosure to Other Health Providers

We may share your health information with other health service providers involved in your care. This includes:

Your referring GP or medical specialist
Other treating health professionals to whom you are referred (e.g. physiotherapists, specialists, or allied health providers)
Pathology or radiology providers
Hospitals or other health facilities if required for your treatment

We will only share health information with other providers with your consent, or where it is necessary to lessen or prevent a serious threat to life, health, or safety, or as otherwise permitted by law.

4.3 Disclosure for Billing and Administrative Purposes

We may disclose your information for billing and administrative purposes, including to Medicare Australia, the Department of Veterans' Affairs, Workcover, TAC, private health insurers, and our contracted billing and administration providers.

Our clinical services operate alongside related entities that share clinical infrastructure, including a shared practice management system (Cliniko, Tembuilr, Physiapp, Cliniqapps). Other related entities in our group include Essendon Sports Medicine (ESM) and Melbourne Podiatry Clinic (MPC). Staff of these entities may have access to records created at Melbourne Sports Physiotherapy where this is necessary for the coordination of your care.

If you are referred from Melbourne Sports Physiotherapy to one of these related entities for treatment (for example, from a physiotherapist to a sports medicine doctor ), the treating practitioners at that entity may access your existing clinical records to ensure continuity of care. Each entity will obtain its own consent from you for the collection and use of your information in their own right.

4.5 Other Disclosures

We may also use or disclose your information in the following circumstances:

Where required or authorised by law (for example, mandatory reporting obligations, court orders, or subpoenas)
To our professional advisors including legal, accounting, and insurance providers, where necessary
For the purposes of professional accreditation, audit, or quality assurance activities
With your consent, for research or educational purposes, in which case identifying information will be de-identified where practicable

We will not sell, rent, or trade your personal or sensitive information to third parties for marketing or commercial purposes.

5. My Health Record

We may upload clinical documents (such as shared health summaries, event summaries, or referral letters) to your My Health Record, operated by the Australian Digital Health Agency under the My Health Records Act 2012 (Cth).

You have the right to:

Choose whether to have a My Health Record
Control which healthcare providers can access your record
Restrict or remove documents from your My Health Record
Cancel your My Health Record at any time

If you have questions about your My Health Record, visit www.myhealthrecord.gov.au or contact the My Health Record System Operator on 1800 723 471.

6. Telehealth

We offer consultations via telehealth (video or telephone). Where you participate in a telehealth consultation:

The clinical information discussed and recorded during the consultation is treated as part of your health record and handled in accordance with this Privacy Policy
Telehealth sessions are not routinely recorded. If a session is to be recorded for any purpose, you will be informed and your consent will be obtained in advance
We use third-party telehealth platforms that comply with Australian privacy law. Your information shared via these platforms is subject to those providers' security measures
You are responsible for ensuring the privacy and security of your own environment during a telehealth consultation

7. Storage and Security

We take reasonable steps to protect your personal and sensitive information from misuse, interference, loss, unauthorised access, modification, or disclosure.

7.1 Electronic Records

Clinical records are stored electronically in Cliniko, a practice management platform operated by Red Guava Pty Ltd (an Australian company). Cliniko uses cloud infrastructure hosted on servers in Australia, Canada, United Kingdom, Ireland and the United States (via Amazon Web Services). Data for Australian clients is stored in Australia. Data is encrypted in transit and at rest, and access is restricted to authorised clinical and administrative staff. Cliniko meets or exceeds all regulations of the Australian Privacy Principles, GDPR, PIPEDA, and HIPAA. We may also store records in other programs such as Teambuildr, PhysiApp or Gymmaster.

7.2 Physical Records

Any paper-based records are stored securely at our clinic premises and disposed of confidentially when no longer required.

7.3 Retention and Destruction

Health records are retained in accordance with our professional and legal obligations. Under the Health Records Act 2001 (Vic), health records for adult patients are generally retained for a minimum of 7 years from the last service date, and for patients who were minors, until the patient turns 25 years of age. When records are no longer required to be retained, we will destroy or permanently de-identify them using secure methods.

7.4 Overseas Transfers

As noted above, some electronic data may be stored on overseas servers (including those of Cliniko and other software service providers). Before transferring personal information overseas, we take reasonable steps to ensure the recipient is subject to privacy protections substantially similar to the APPs. Where applicable, we seek your consent or rely on a permitted exception under APP 8.

8. Access and Correction

You have the right to request access to the personal and health information we hold about you, and to request corrections where that information is inaccurate, incomplete, or out of date.

To make an access or correction request, please contact us using the details in Section 17. We will respond within a reasonable time (generally 30 days) and will not charge a fee for making a request, although an administration fee may apply where records are held in off-site storage or the request requires significant resources to fulfil.

In limited circumstances we may decline a request for access, for example where providing access would pose a serious threat to another person's safety, or where access is restricted by law. We will provide written reasons for any refusal.

Where we rely on your consent to collect, use, or disclose your personal or sensitive information, you may withdraw that consent at any time by contacting us using the details in Section 17.

Please note that withdrawing consent may affect our ability to provide some or all of our services to you. We will advise you of any implications before acting on a withdrawal of consent.

Withdrawing consent for marketing communications does not affect your consent to the use of your information for clinical care purposes.

10. Cookies, Web Beacons and Analytics

When you visit our website, we and our third-party service providers may use cookies, web beacons, and similar technologies to collect non-personally identifiable information about your visit. This may include your IP address, browser type, pages visited, and the website you came from.

We may combine this technical data with personal information we hold about you. Any use or disclosure of combined data is governed by this Privacy Policy. You may disable cookies through your browser settings, although this may affect some functionality of our website.

10.1 Online Advertising and Conversion Tracking

We may use third-party advertising services, including Google Ads, to measure the effectiveness of our marketing. This may involve the collection of first-party data (such as hashed email addresses) that is shared securely with Google for conversion tracking and analytics purposes.

We do not use sensitive patient health information for personalised advertising or retargeting. Our advertising practices comply with Google's healthcare advertising policies and all applicable Australian privacy obligations.

You may opt out of personalised advertising by visiting Google's Ad Settings at adssettings.google.com, or by adjusting your browser's cookie settings.

11. Marketing Communications

We may send you direct marketing communications about our services and health information we believe may be of interest to you, by email, where you have consented to receiving such communications.

All marketing emails will comply with the Spam Act 2003 (Cth) and will include a clear opt-out mechanism. You can unsubscribe at any time by clicking the unsubscribe link in any marketing email or by contacting us directly. We will process opt-out requests within 5 business days.

Opting out of marketing communications will not affect your receipt of clinical or appointment-related communications.

We do not provide your information to other organisations for the purposes of direct marketing.

12. Data Breach Notification

If we have reasonable grounds to suspect that a data breach has occurred that is likely to result in serious harm to any affected individual, we will conduct an assessment within 30 days in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).

If we determine that an eligible data breach has occurred, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as reasonably practicable.

Where the breach relates to information held on the My Health Record system, we may also be required to notify the My Health Record System Operator under the My Health Records Act 2012 (Cth).

13. AI-Assisted Clinical Documentation

We may use AI-powered voice-to-text and clinical documentation tools to assist our practitioners with note-taking during consultations. These tools transcribe spoken conversation in real time and use that transcription to generate structured clinical notes, referral letters, and care plans. You may opt out of this being used at any time by speaking to your treating practitioner. The current provider is Heidi AI though this may change from time to time.

13.1 What Is Collected and Stored

These tools store transcripts and generated clinical documentation only. No audio recordings are retained after transcription — there is no stored voice data and no ability to replay recorded conversations.

13.2 How Your Information Is Used

Transcripts and generated notes are used solely to support accurate clinical documentation and are treated as part of your health record, subject to the same protections described in this Privacy Policy. Your information is not used to train AI models, and is not shared with third parties beyond what is necessary to operate the documentation service.

13.3 Data Storage

Where AI documentation tools are used, we select providers that store Australian data within Australia and apply automatic de-identification processes to transcripts and notes wherever practicable. We take reasonable steps to ensure these providers are subject to privacy protections consistent with Australian law.

13.4 Your Rights

If you do not wish for an AI-assisted documentation tool to be used during your consultation, you are entitled to request that your practitioner take notes manually instead. Please advise reception or your practitioner before your appointment if you have this preference.

14. Identifiers

We will not adopt as our own identifier any government-issued identifier (such as a Medicare number or Tax File Number), nor use or disclose such identifiers except as permitted under the Privacy Act 1988 (Cth) — for example, for the purposes of processing Medicare claims.

15. Career Applications

Employment applications and resumes submitted to us are held securely and used only for the purpose of assessing your application for employment. If your application is unsuccessful, we will retain your information for a reasonable period in case a suitable role arises, unless you request that we destroy it.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. The current version will always be available on our website at www.melbournesportsphysiotherapy.com.au/privacy-policy.

Where we make material changes that affect how we handle your information, we will notify you by email or by a prominent notice on our website prior to the change taking effect. Your continued use of our services following notification constitutes your acceptance of the updated policy.

17. Complaints and Enquiries

If you have any questions, concerns, or complaints about how we have handled your personal or health information, please contact us in the first instance:

Name: Practice Manager

Phone: 03 9498 0205

Email: practicemanager@melbournesportsphysiotherapy.com.au

1065-1069 Mt Alexander Rd, Essendon VIC 3040

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If we are unable to resolve your complaint to your satisfaction, or if you wish to escalate your complaint, you may contact:

Office of the Australian Information Commissioner (OAIC)

Phone: 1300 363 992

Website: www.oaic.gov.au

Post: GPO Box 5218, Sydney NSW 2001

Health Complaints Commissioner (Victoria)

Phone: 1300 582 113

Website: www.hcc.vic.gov.au

Post: Level 26, 570 Bourke Street, Melbourne VIC 3000

DISCLAIMER

Please read the following carefully: You acknowledge your understanding of our disclaimer when you use the Melbourne Sports Physiotherapy website or any of our associated websites or webpages.

Phone calls and Emails to the clinic:

Please be advised that any phone calls, SMS or emails to the clinic may be recorded for training and verification purposes, and to ensure you receive the full service you deserve. Never will this information be shared with a third party. Please be advised if you do not with your emails, SMS or phone calls recorded.

Provision Of Education Information Only: Always Seek Professional Advice

Please remember that the information for users of the Melbourne Sports Physiotherapy website and all associated sites including; melbournesportsphysiotherapy.com.au and melbournesports.physio, our Facebook, YouTube, Google+, Twitter, Linkedin, and Pinterest pages as well as our Blogs is presented by Melbourne Sports Physiotherapy free of charge for the benefit of all users.

It is provided in the absence of a visit with a health care professional, must be considered as an educational service only. The information should not be relied upon as a medical consultation and is not designed to replace independent professional advice.

While at Melbourne Sports Physiotherapy we exercise all care to ensure the accuracy of the material contained on this website and associated sites, the information on the site is made available on the basis that Melbourne Sports Physiotherapy is not providing professional advice on any particular health issue or other matter which should be considered a substitute for independent professional advice.

None of the content on this site or associated sites is intended to be used as medical advice. The information is not intended to be used to diagnose, treat, cure or prevent any disease, nor should it be used for therapeutic purposes or as a substitute for receiving your own health professional’s advice.
As such Melbourne Sports Physiotherapy does not accept any liability for any loss, damage, or injury incurred by use of or reliance on the information provided on this website or any of the other associated websites or webpages.

Quality Of Information: Always Check The Information

At Melbourne Sports Physiotherapy we make every effort to ensure the quality of the information available on this website and make the necessary updates to any information regularly when we become aware of the need for such an update.

However we ask before relying on the information on this or any of our associated sites all users should carefully evaluate the accuracy, currency, completeness and relevance for their purposes of any information given and we further suggest individuals should obtain any appropriate professional advice relevant to their particular circumstances.

The material contained on this and associated websites may include the views or recommendations of third parties and as such does not necessarily reflect the views of Melbourne Sports Physiotherapy or indicate a commitment to a particular course of action.
Melbourne Sports Physiotherapy neither guarantees or assumes legal liability or responsibility for the accuracy, currency, completeness or interpretation of the information contained on this or any of our associated sites.

Links To External Websites

This website contains links to other websites external to Melbourne Sports Physiotherapy and Melbourne Sports Physiotherapy’s associated sites. Although Melbourne Sports Physiotherapy takes reasonable care in selecting any linking websites we accept no responsibility for material contained in a website that is linked to this or other sites associated with Melbourne Sports Physiotherapy. These external sites are created and maintained by other public and private organisations. We do not control or guarantee the accuracy, relevance, timeliness, or completeness of this outside information. It is the responsibility of the user of any of our sites or any of the externally linked websites to make their own decisions about the accuracy, currency, reliability, completeness, relevance and correctness of information contained in such linked external websites.

Melbourne Sports Physiotherapy provides links to external websites for the user’s convenience and these links do not constitute an endorsement or a recommendation of any third party products or services offered by virtue of any information, material or content linked from or to this site. We note users of links provided by this site are responsible for being aware of which organisation is hosting the site they visit.
Views or recommendations provided in linked websites may include the views or recommendations of third parties that do not necessarily reflect those of Melbourne Sports Physiotherapy.

Security Of The Melbourne Sports Physiotherapy Website

Every endeavour is made to ensure that this and any associated websites and webpages are secure. However, users should be aware that the World Wide Web is an insecure public network. Giving rise to a potential risk that a user’s transactions are being viewed, intercepted or modified by third parties or that files which the user downloads may contain computer viruses or other defects.

Melbourne Sports Physiotherapy and associated parties accept no liability for any interference with or damage to a user’s computer system, software or data occurring in connection with this website or associated websites or webpages. Users are encouraged to take appropriate and adequate precautions to ensure that whatever is selected from this website is free of viruses or other contamination that may interfere with or damage the user’s computer system, software or data.