Privacy policy


Clinical Physio St Ives (“Clinical Physio”, “we”, “us”, “our”) is a physiotherapy clinic providing expertise in the assessment, diagnosis and treatment of conditions of both the muscular and skeletal systems.

Application of the policy

Clinical Physio is subject to the Privacy Act 1988 (Cth) (Privacy Act) and handles the personal information (including health information) that it collects and holds in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act. In addition to the federal Privacy Act, Clinical Physio must also comply with certain State and Territory legislation.


This privacy policy explains how we manage the personal information of patients and care recipients. It also describes the sorts of information we hold and why, as well as how that information is collected, held, used, disclosed and disposed of. We are committed to protecting the privacy rights of all patients and care recipients.

Personal or sensitive information

Personal information is information or an opinion about an individual who is identified or capable of identification from the information, whether that information or opinion is true or not.

De-identified information is not personal information and involves the removal or alteration of other information that could potentially be used to re-identify an individual.

Sensitive information is personal information that is given a higher level of protection by privacy laws. It includes information about an individual’s health and includes genetic and biometric information. It also includes information about race or ethnic origin, political opinions, membership of political, professional or trade associations or trade unions, religious beliefs, sexual orientation or practices and criminal record. In this Privacy Policy when we talk about personal information, we include sensitive information.

Dealing with anonymously

Where it is lawful and practicable to do so, individuals may deal with us anonymously or by using a pseudonym (e.g. when inquiring about services generally). However, if individuals wish to make a booking with our service, the service will require the provision of personal identifying information.


Our website

Visitors to our website do not disclose information unless they provide such information through the booking form. When individuals visit our website anonymously, non-personal information may be collected including but not limited to browser type, version and language, operating system, pages viewed while browsing the site, page access times and referring website address. This collected information is used solely internally for the purpose of gauging visitor traffic, trends and delivering personalised content to individuals while they are at this site.

What personal information do we collect and hold

The information collected may include an individual’s:

  • name, address (postal and email) and telephone numbers;

  • gender, date of birth, marital status, occupation, religion, country of birth, indigenous status, next of kin;

  • medical history and other health information we are provided with or collect in the course of providing our services;

  • payment information such as credit card details, health fund and health insurance cover details, workers compensation or other insurance claim details, Medicare details, concession card details;

  • other information needed to provide services

Why we collect, use and disclose personal information

If an individual is to receive or has received a service from Clinical Physio, we will collect, use or disclose their personal information to:

  • do what is necessary to provide the services where the individual would reasonably expect disclosure;

  • ensure continuity of care of individuals treated in our facilities and provide ongoing treatment options;

  • manage, fund, service-monitor, plan, evaluate and handle complaints;

  • comply with legal and regulatory requirements;

  • undertake accreditation, quality assurance or clinical audits;

  • undertake billing and debt recovery;

  • address liability indemnity arrangements including reporting to Clinical Physio;

  • prepare the defence for anticipated or existing legal proceedings;

  • contact individuals to respond to enquiries, to follow up, in an emergency, for authorisation in relation to any services;

  • communicate with individuals about our services or offers from our other integrated care providers;

  • assess job applications

  • verify an individual’s identity;

  • ensure the health and safety of our staff and individuals who use our services or attend our facilities; and

  • provide health insurance funding

We will disclose individual’s personal information to nominated authorised representatives only where written authority has been provided or where evidence is provided that they can act on an individual’s behalf as a Medical Treatment Decision Maker or Support Person Guardian appointed by NCAT. We cannot provide an authorised representative with access to an individual’s personal information unless they can demonstrate that they have the individual’s consent, or have legal authority to do so.

How we collect personal information

We will collect personal information from individuals directly where it is reasonably practical to do so. This often takes place in the ordinary course of delivery of a healthcare service such as when a person attends our facility for treatment, completes documents in order to receive that treatment, provides information over the telephone or applies for a job with us.
Other circumstances where we may collect information from third parties:

  • where the patient has a Medical Treatment Decision Maker or Support Person

  • from an individual’s health service provider including specialists

  • from a health professional who has treated the individual

  • from an individual’s health insurer or another insurer

  • from an individual’s family

  • other sources where necessary to provide our services

  • to assess job applicants (e.g. police checks)

Trans-boarder data flow

Our website may be hosted by servers outside Australia and we may also use technical support services that are based off shore. This means that technically speaking, individuals’ personal information may travel electronically from Australia to another country and back to Australia. When sending information offshore, we ensure all providers we engage can and will observe the requirements of the Australian Privacy Principles.

Storing personal information

We may store personal information in different ways, including in paper and electronic form. The security of personal and information is important to us and we take all reasonable steps to protect it from misuse or loss and from unauthorised access, modification or disclosure. We ensure compliance with the Notifiable Data Breaches Scheme established under the Privacy Act 1988 (Cth). Some of the ways we do this include:

  • requiring our staff and contractors to maintain confidentiality and observe privacy laws to ensure compliance with the APPs

  • implementing document storage security

  • imposing security measures for access to computer systems

  • only allowing access to personal information where the individual seeking access to their own information has satisfied identification requirements

Personal information is retained for the period of time determined by law and is disposed in a secure manner.

Keeping personal information accurate and up to date

We take all reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up to date. However, the accuracy of that information depends largely on the quality of the information provided to us. We, therefore, suggest that individuals:

  • let us know if there are any errors in personal information; and

  • keep us up to date with changes to personal information (e.g. their name and address) 

Individuals may do this by mail, email or directly on the website (see our Contact page).

Accessing personal information

Individuals have a right to access their personal information and can contact us to request access. We may charge a nominal fee for providing access to personal information. In the event that copies of records are requested and approved, we may elect to charge for our reasonable costs involved in providing access. We will endeavour to advise individuals in advance if a charge will be imposed, and the likely amount of the charge. Individuals will be invited to consider other forms of access to minimise cost.

We will disclose an individual’s personal information to an individual’s authorised representatives only where written authority has been provided or where evidence has been provided that nominated individuals can act on an individual’s behalf. We cannot provide an authorised representative with access to an individual’s personal information unless they can demonstrate that they have the individual’s consent, or have legal authority to do so.


Individuals who believe that we have breached their privacy rights in any way or wish to discuss any issues about our Privacy Policy, should contact or telephone us on (02) 8319 3642  so that we can try to satisfy any questions and correct any errors on our part.

Individuals also have the right to make a complaint to the Privacy Commissioner on telephone number 1300 363 992 or in writing to:

Office of the Australian Information Commissioner

GPO Box 5218
Sydney, NSW 2001

Contacting us

Individuals may ask any questions about privacy and the way we manage personal and health information, complain about the handling of information or obtain a form requesting access to personal information by contacting

Further information

If individuals would like more information about privacy in general, please refer to the Office of the Australian Information Commissioner’s website: Click here


The Company reserves the right to vary, replace or terminate this policy from time to time.

Contact Us

Email Us

Call Us

02 8319 3642


Shop 5, 351 Mona Vale Road, St Ives, NSW