PRIVACY POLICY

Allied Health To You (trading as Comfort Allied Health)
Last Updated: 3 December 2025

1. INTRODUCTION

Allied Health To You trading as Comfort Allied Health (“we”, “us”, “our”) is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Health information is classified as sensitive information and is subject to a higher standard of protection.

We are committed to maintaining confidentiality standards consistent with professional healthcare obligations.

2. WHO WE ARE

Allied Health To You (trading as Comfort Allied Health)
PO Box 433
Moffat Beach, Queensland 4551
Australia

📧 admin@comfortalliedhealth.com.au
📞 0420 271 030
🌐 https://www.comfortalliedhealth.com.au/

Privacy Officer: admin@comfortalliedhealth.com.au

3. COLLECTION NOTICE (APP 5)

We take reasonable steps to provide you with notice of the matters set out in this Privacy Policy at or before the time we collect your personal information, including through intake forms, booking systems, and direct communications.

This includes information about:

  • our identity and contact details

  • the purpose of collection

  • likely disclosures

  • overseas disclosures

  • consequences of not providing information

  • your rights and complaint mechanisms

4. ANONYMITY AND PSEUDONYMS (APP 2)

Due to the nature of healthcare services, it is generally not practicable for you to remain anonymous or use a pseudonym when receiving treatment.

However, where lawful and practicable (for example, general enquiries), you may choose not to identify yourself.

5. WHAT PERSONAL INFORMATION WE COLLECT

We collect only personal information that is reasonably necessary for our functions and activities.

5.1 Identity and Contact Information

  • Full name

  • Date of birth

  • Phone number

  • Email address

  • Postal address

5.2 Health Information (Sensitive Information)

  • Medical history

  • Symptoms and injuries

  • Clinical assessments and findings

  • Diagnoses and treatment plans

  • Session and progress notes

  • Medications and contraindications

  • Referral reports and correspondence

5.3 Financial Information

  • Payment details

  • Billing records

  • Insurance information

5.4 Communications Data

  • Emails, phone calls, SMS

  • Appointment records

  • Correspondence

5.5 Technical Data

  • IP address

  • Device and browser information

  • Website usage

6. HOW WE COLLECT YOUR INFORMATION (APP 3)

We collect personal information:

Directly from you

  • Consultations

  • Forms (digital or physical)

  • Communications

From third parties

  • Referral providers

  • Insurers

  • Payment providers

  • Clinical software and systems

Where we collect your information from a third party, we will take reasonable steps to:

  • notify you of the collection; and

  • explain the circumstances where required by law

7. CONSENT

We collect sensitive health information with your consent or as otherwise permitted by law.

We take reasonable steps to ensure your consent is:

  • informed

  • voluntary

  • specific

  • current

Consent may be obtained through:

  • written or digital intake forms

  • booking systems

  • verbal confirmation during consultations

Consent is recorded in your clinical record.

You may withdraw your consent at any time by contacting us. Withdrawal may affect our ability to provide services.

8. PURPOSE OF COLLECTION AND USE (APP 3, 5 & 6)

Primary purposes

  • Providing physiotherapy care

  • Diagnosis and treatment

  • Administration and bookings

  • Billing and insurance processing

  • Communication about your care

  • Legal and regulatory compliance

We will only use or disclose your personal information:

  • for the primary purpose for which it was collected; or

  • for a secondary purpose you would reasonably expect; or

  • where you have provided consent; or

  • where required or permitted by law

Sensitive information (health data) will only be used or disclosed for secondary purposes:

  • with your consent; or

  • where otherwise permitted under law

Marketing (APP 7)

We may send marketing communications where:

  • you have provided consent; or

  • permitted by law

You may opt out at any time.

9. CONSEQUENCES OF NOT PROVIDING INFORMATION

If you do not provide required personal or health information, we may be unable to:

  • provide safe or effective healthcare

  • deliver services

  • meet legal obligations

10. DISCLOSURE OF PERSONAL INFORMATION (APP 6 & 8)

We do not sell or trade your personal information.

10.1 Internal Access

Access is restricted:

  • based on role

  • by clinical and administrative necessity

Health information is generally accessible only to clinical personnel unless required for authorised administrative purposes.

10.2 Third-Party Providers

We engage third parties including:

  • Clinical software: Splose (Australia-based)

  • Marketing systems: GoHighLevel (may involve US infrastructure)

  • Payment providers: banks and EFTPOS providers

  • Insurers and referral partners

We take reasonable steps to ensure third-party providers:

  • comply with privacy obligations

  • are subject to contractual confidentiality requirements

  • do not use your personal information for their own purposes

10.3 Legal and Safety Disclosures

We may disclose information where:

  • required by law

  • necessary to prevent or lessen a serious threat to life, health or safety

  • required under public health or mandatory reporting laws

11. OVERSEAS DATA TRANSFERS (APP 8)

Some providers (e.g. GoHighLevel) may process or store personal information overseas, including the United States.

We take reasonable steps to ensure:

  • overseas recipients handle information consistently with APPs

  • appropriate safeguards and contractual protections are in place

Where required under the Privacy Act, we remain accountable for overseas handling of your personal information.

12. DATA SECURITY AND QUALITY (APP 10 & 11)

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access.

Measures include:

  • secure clinical systems

  • access controls and segregation of duties

  • confidentiality obligations

  • secure handling of documents

  • supplier due diligence and security assessment

We also take reasonable steps to ensure information is:

  • accurate

  • up to date

  • complete

We do not use personal information for automated decision-making that significantly affects individuals.

13. DATA RETENTION AND DESTRUCTION (APP 11)

We retain records in accordance with healthcare obligations:

  • Adults: minimum 7 years

  • Children: until age 25 or minimum retention period

When no longer required, information is:

  • securely destroyed; or

  • permanently de-identified

14. NOTIFIABLE DATA BREACHES (NDB)

If a data breach is likely to result in serious harm, we will:

  • investigate promptly

  • contain and mitigate

  • notify affected individuals

  • notify the OAIC

15. YOUR RIGHTS (APP 12 & 13)

Access

You may request access to your personal information.

We may require identity verification before processing your request.

If access is refused, we will:

  • provide written reasons

  • inform you of complaint options

Correction

You may request correction of inaccurate or incomplete information.

If correction is refused, we will:

  • provide reasons

  • note your requested correction in the record where appropriate

Withdrawal of Consent

You may withdraw consent where applicable.

16. COMPLAINTS PROCESS

Step 1 — Contact Us

We aim to:

  • acknowledge complaints within 7 days

  • resolve within 30 days where possible

Step 2 — External Complaint

Office of the Australian Information Commissioner (OAIC)
🌐 https://www.oaic.gov.au
📞 1300 363 992

17. CHILDREN’S PRIVACY

We provide services to minors:

  • consent is obtained from a parent or guardian

  • additional safeguards apply

  • extended retention periods apply

18. COOKIES AND WEBSITE TRACKING

We use cookies and third-party technologies for:

  • functionality

  • analytics

  • advertising and remarketing

This may include:

  • IP address

  • browsing behaviour

  • device information

This information may constitute personal information.

By continuing to use our website, you consent to the use of cookies.

You can control cookies via your browser.

19. CHANGES TO THIS POLICY

We may update this policy from time to time.

Changes take effect once published.

We retain previous versions for compliance and record-keeping purposes.

20. CONTACT US

Allied Health To You (trading as Comfort Allied Health)
PO Box 433
Moffat Beach, Queensland 4551

📧 admin@comfortalliedhealth.com.au
📞 0420 271 030
🌐 https://www.comfortalliedhealth.com.au

21. GOVERNING LAW

This Privacy Policy is governed by the laws of Queensland, Australia.