Spectrum Therapy Australia PRIVACY POLICY


Effective Date: 01/07/2024


Your Privacy and [SPECTRUM THERAPY AUSTRALIA] (ABN 45616215573) (collectively and individually referred to as “[SPECTRUM THERAPY AUSTRALIA]”, “we”, “us” or “our”).
WHO WE ARE AND HOW YOU CAN CONTACT US
We are [SPECTRUM THERAPY AUSTRALIA] and we are based in NSW, Australia. We are committed to protecting your privacy and respecting and upholding your rights when you use this Site. This Privacy Policy applies to the products and/or services we provide on our Site www.spectrumtherapy.com.au and our social media channels and explains how we collect, hold, use and disclose data and comply with the requirements of the Privacy Act 1988 (Cth) and constitutes part of our Website Terms & Conditions. This Privacy Policy does not cover information that you submit on other websites, even if we communicate with you on those sites. For example, if you post something on Instagram, Facebook, Pinterest, Twitter, or YouTube, that information is governed by the privacy policies on those websites, and is not governed by this Privacy Policy. 

You can contact us for privacy related questions by [emailing us at enquiries@spectrumtherapy.com.au

We will only use your personal information (including if applicable, sensitive information) (personal data/data) in compliance with Australian Privacy Laws (Privacy Act (1988 (Cth)), Australian Privacy Principles and to the extent applicable, with the EU General Data Protection Regulation (GDPR) and any replacement legislation or regulation or guidelines and standards governing the use, storage or transmission of data.
OUR ROLE IN YOUR PRIVACY
If you are a customer, subscriber or just a visitor on our Site, this Privacy Policy will apply to you. 
OUR RESPONSIBILITIES
As we are the providers of the products and services on this Site, we determine how and why your data is processed. We do not sell or rent your details to any third parties. We are committed to protecting your privacy and we want you to know exactly what information is collected and how we use it.
YOUR RESPONSIBILITIES
Please read this Privacy Policy and our Website Terms & Conditions. If you provide us with any data relating to a third party, you confirm that you have the right to authorise us to process that data on your behalf in accordance with this Privacy Policy.
WHEN AND HOW WE COLLECT DATA
From the moment you visit our Site, we are collecting data, sometimes you might provide this data by completing a form or setting up an account, otherwise we might collect the data automatically. We may also collect data when:
Register as a patient with our clinic
Provide us with your medical history, current health issues and concerns
We may also collect personal and sensitive information from third-party medical providers, such as radiologists, pathologists, hospitals, mental health services, community health services, dental services, and other healthcare providers. This information may be used to provide you with healthcare services and treatment.
You purchase an online course, webinar, program or service
You interact with us on social media
You complete any sign-up forms, landing pages or send us a direct message via social media or an email to any of our nominated emails
You participate in events, promotions and giveaways or any request for additional data such as customer surveys
You accept our cookies and other tracking technologies on any device you use to interact with us
You voluntarily submit your data to us for any reason
TYPES OF DATA WE MAY COLLECT
Contact details (name, address, email)
Financial Information (bank details when you are making a purchase)
Medical information from your third party medical providers 
Your date of birth
Information relevant to your health (current and historical) including medications
Family medical and educational history
Your ethnic background (if relevant to your care)
Any other information you provide or we receive from third parties that is relevant to your care within our service
Data about the products or services you purchase 
Data about your experience with our Site and our products and services
Data relating to your circumstances and such other information that is relevant to the products or services we provide to you
Data relating to your attendance at seminars or other events held by us (including webinars and podcasts)
Data that identifies you (your IP address, login, browser type, time zone, browser plugins, geolocation, what operating system and version) - we do not link this with any personal data
Data on how you use our Site (URL clicks, products and services views, how long you are on our pages and other actions)
USE AND DISCLOSURE OF YOUR DATA
Under data laws, we are only allowed to use your data for specific reasons and where we have the legal basis to do so. 

We will use your data for the purposes it was collected and related purposes which include:

Operating our Site 
Providing you with healthcare services and treatment
Providing you with products, information and services
Customer support
Tracking your purchase history
Detecting and preventing fraud
Improving our Site
Making your experience on our Site more efficient and enjoyable
Market research e.g. we may contact you for feedback about our products and services
Provide you with information about events, other products or services or opportunities that may be of interest
Marketing (with your consent)
Monitoring your compliance with our Website Terms and Conditions
We will share your information with your child’s carer or representative if you have authorised us to do so or they have provided us with your authority (for example under a Power of Attorney for health decisions).
If you are under the age of 18, we may share your information with your legal guardian where appropriate.We will share your health information with authorised health practitioners within our business to ensure collaborative care.
We will share your health information when we are required to do so by law. For example, if we receive a valid court subpoena to disclose information. Additionally, we will supply your personal information to child protective services if we suspect abuse, neglect or harm to a child in your care.
If we refer you to a third party for additional therapy, we may share your information with the third party with your consent.
We will use your information for recalls or follow up sessions.
We will also disclose your health information if there is an emergency which we feel warrants disclosing your health or other information. For example, if you were suddenly unwell during a session and we call the paramedics, we will tell the paramedics all health information we hold about you as well as your name, date of birth etc.

We may also use and disclose your personal data for secondary purposes, such as: 


quality assurance, 
research and education, 
data processing
payment disputes
As required by law subject to our obligations
With your consent
Within our business
To send you marketing material (with your consent)
To process your participation in any promotions and giveaways (including contacting you if you win, displaying your name online and on our social media platforms)
Share with third parties to enable us to provide our products and/or services 
If you have received Medicare or health insurance rebates and we receive a request for information from that provider, we will share information with them to validate your claim.
Professional advisers including accountants, lawyers, bankers, auditors and insurers for the compliant operation of our business.
Government bodies that require us to report processing activities.

SENSTIVE INFORMATION


Collection of Sensitive Information
We may collect sensitive information about our patients with their consent and only for the purposes directly related to their healthcare.
The types of sensitive information we may collect include personal details, medical history, current health conditions, test results, and any other information required for provision of care.
We collect sensitive information through face-to-face consultations, phone calls, online forms, and other secure electronic means.
Use of Sensitive Information:
We use sensitive information solely for the purpose of providing healthcare services to our patients. This includes but is not limited to diagnosis, treatment planning, monitoring, and managing ongoing care.
Sensitive information may also be used for administrative purposes such as appointment scheduling, billing, and quality improvement activities.
We may use de-identified information for research and statistical purposes, ensuring that patients' identities are protected.
Disclosure of Sensitive Information:
We only disclose sensitive information to other healthcare professionals and organisations involved in the provision of healthcare to our patients. Such disclosures are made on a need-to-know basis and with the patient's consent, except in cases where the law requires or permits the disclosure without consent.
We may disclose sensitive information to government agencies, regulatory bodies, and insurers when required by law or for insurance claims and compliance purposes.
We do not disclose sensitive information to third parties for marketing or commercial purposes.
Confidentiality
All personal information gathered by your clinician during the provision of the health service will remain confidential and secure except where:
It is subpoenaed by a court; or
Failure to disclose the information would place you or another person at serious or imminent risk
You would reasonably expect your personal information to be disclosed to another professional or agency (e.g. your GP) and disclosure of your personal information to that third party is for a purpose which is directly related to the primary purpose for which your personal information was collected;
Your prior approval has been obtained to:
a) provide a written report to another professional or agency. e.g. a GP or a lawyer; or b) discuss the material with another person, e.g. a parent or employer;
You are attending under a Mental Health Care Plan, Eating Disorder Management Plan, Chronic Disease Management Plan or other Medicare funded service and a report needs to be provided to the referring practitioner for compliance purposes; or
If disclosure is otherwise required or authorised by law.
To support the seamless delivery of your healthcare services, our administrative staff may require access to your information. Your personal information may also be reviewed for clinical governance purposes or during clinical supervision for quality assurance purposes and to ensure you receive evidence-based and effective service provision. All staff members are required to maintain the confidentiality of your healthcare information.
We sometimes communicate with you by email or text message. Where possible this communication should be limited to administrative matters, however you should be aware that these forms of communication are limited in their confidentiality. Provision of such information to us indicates your consent for these forms of communication to be used.
Data Security and Storage:
We take all reasonable steps to ensure that sensitive information is stored securely and protected from unauthorised access, loss, misuse, or disclosure.
Electronic records are stored in a secure and encrypted manner, and physical records are stored in locked cabinets or secure storage areas.
We regularly review and update our security measures to maintain the integrity and confidentiality of sensitive information.


GOOGLE ANALYTICS
We use Google Analytics functions. You can find out how your data is collected here and there are instructions here on how to opt-out of Google Analytics data tracking.

Our use of Google Analytics may include but is not limited to display advertising and remarketing. You may see our adverts across the internet, this is due to the use of tracking technologies (cookies) to optimise and serve our adverts based on past visits to our Site. When you log onto our Site, we, with the help of Google Analytics, use your browsing behaviour to connect this with other data that you previously provided to us in accordance with this privacy policy.

TELEHEALTH
The privacy of any form of communication via the internet is potentially vulnerable and limited by the security of the technology used. To support the security of your personal information this practice uses Powerdiary/Zoom, which are compliant with the Australian standards for online security and encryption.
RECORDING OF SESSIONS
All health professionals, regardless of their experience, are required to participate in peer review of treatment sessions to ensure that patients continue to receive appropriate care. We are dedicated to the provision of the best possible treatment and we therefore occasionally record sessions, with client consent, for review in peer supervision. All those viewing the tapes are bound by the same level of confidentiality that applies to your clinician.
The benefit to you is that review of sessions ensures that you are receiving the highest quality of treatment as well as acting as a second opinion, if needed, from other health professionals within the practice. If you do not consent to the recording of sessions your treatment will not be affected in any way.
The recording of sessions is not permitted without prior consent by all parties present.
META INSIGHTS (Facebook and Instagram) 
We use Meta Insights to track your interaction with our Facebook page, Spectrum Therapy this will allow us to track usage and improve the performance of our page. We will use Meta Analytics to better measure, track and understand customer user experience to enable us to improve our products and services that we offer. You can check out Meta's privacy policy here, and if you want to opt out of seeing ads on Meta based on information we have received, you can control this in your ad preferences here.
CHOOSING NOT TO PROVIDE PERSONAL DATA
You can choose not to provide us with any personal data. However, if you do this, we will not be able to provide you with any products or services, however, you can continue to use our Site and browse the pages of our Site.
MARKETING
We will always let you know before we collect any data from you what the intended use is and if we intend to use it for marketing and if third parties are involved we will obtain your consent (which you can withdraw at any time). You can change your mind about marketing material by opting out by:


unsubscribing within the email if you have previously subscribed to our newsletter.

Opting out of marketing will have your details removed from our marketing list but will not change the way we use other personal information we hold about you. For example, you may still receive reminders about upcoming appointments.
YOUR RIGHTS
You can exercise your rights at any time by contacting us at enquiries@spectrumtherapy.com.au
ACCESSING INFORMATION WE HOLD ABOUT YOU
We will provide you with the information within 30 days of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). We will tell you if we can't comply with your request and why. There may be a fee associated with release of clinical information requests and a review of all personal information to ensure accessing your personal information is safe for your ongoing health.
INACCURATE INFORMATION
You can contact us to ask us to correct any information we hold about you that you believe is inaccurate.
OBJECTIONS TO USING DATA FOR PROFILING OR AUTOMATED DECISIONS
We may use your data to determine what products and services are relevant to you (e.g. tailoring our emails based on your behaviour). Otherwise, the only circumstances in which we will use this data is to provide our products and services to you.
THE RIGHT TO BE FORGOTTEN
You have the right to request for your data to be erased. This means we have to delete all information that we hold about you, except to the extent of any information we are required to hold due to our legal obligations.
MAKING A COMPLAINT
If you have any complaints regarding how your data is handled, please contact us at enquiries@spectrumtherapy.com.au If you are not satisfied with our response to your complaint you may seek a review by contacting the Office of the Australian Information Commissioner.
SECURITY OF THE DATA WE COLLECT
We realise that our customers trust us to protect their data and whilst we cannot guarantee the security of any information you transmit to us, or receive from us, we take that task seriously and maintain reasonable and appropriate physical, electronic and procedural safeguards to help protect your data. This includes the following:


Firewalls
Password access to accounts
Storing electronic data with reputable third party storage providers who have appropriate security protections
Limit access to personal information to individuals who need to know. 
Using payment providers who are PCI DSS compliant
We do not store your payment details
WHERE WE STORE DATA
We use service providers based in Australia. If we transfer personal data outside of Australia, we will ensure that your privacy rights are adequately protected by ensuring these service providers have the same or similar measures in place to protect data shared. All hard copy files are stored in Australia. 


HOW LONG WE STORE DATA FOR
We will keep your data for as long as we need it, and this period will also depend on your interactions with us. If you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing and tax purposes. When we no longer need to keep your information, we will delete it permanently or anonymise data that is no longer necessary.
THIRD PARTIES WHO ACCESS YOUR DATA
We share data with third parties in the following circumstances:


Other companies in our group of companies, as necessary to operate our Site
Our suppliers and service providers working for us e.g. payment processors such as Stripe and Medipass
Our professional and legal advisors
Third party medical providers for the purposes of providing healthcare services and treatment
Your personal and sensitive information (to the extent applicable) may also be disclosed to government bodies, such as Medicare and Centrelink, for the purposes of claiming and verifying healthcare benefits and entitlements
Third parties engaged in fraud prevention and detection
Law enforcement or other government authorities
Share with third parties who enable us to provide our products and services which may include:
payment processors such as Stripe, PayPal, Xero, Shopify who may process your payment for any products and services bought from us;
Social media and analytics such as Facebook, Instagram and Google Adwords for purpose of custom audience generation and the development of targeting criteria;
Other third parties such as Mailchimp, Thrivecart, Vimeo, Timely, Active Campaign, for processing and holding data that enables us to ensure you are kept informed of all course information, logins and marketing material, offers, promotions, newsletters, blogs and video training.
Where we have your consent to do so or otherwise where we are legally permitted to do so.
PAYMENT SECURITY 
All of our real-time credit card authorisations are handled by secure third party gateway providers and these are secured by the highest level of security. The following measures are taken to protect your data:


Payments are fully automated with an immediate response.
Your complete credit card number cannot be viewed by us or any outside party.
All transaction data is encrypted for storage within our third party gateway suppliers bank-grade data centre, further protecting your credit card data.
Our third party gateway provider is an authorised third party processor for all the major Australian banks.
Our third party gateway provider will at no time touch your funds, all monies are directly transferred from your credit card to the merchant account held by us.

We use third-party gateway providers that are widely respected for providing secure and reliable online payment solutions. We have chosen to deal with the best so you can feel safe that your personal information is kept safe and secure at all times. While we attempt to protect the information in our possession, no security system is perfect, and we cannot promise that information about you will remain secure in all circumstances.

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for all organisations that handle branded credit cards from major card schemes. PCI DSS is a standard mandated by the card brands like Visa, Mastercard, American Express and Discover and is managed by the PCI Security Standards Council.

PCI-DSS requirements help ensure the secure handling of credit card information through our Site and the service providers.
AGE OF CONSENT
By using this site, you warrant that you are at least the age of majority in your State or Territory of residence. Our Site should not be used by anyone under the age of majority, and we do not knowingly collect data from anyone under the age of majority.
COOKIES AND HOW TO BLOCK THEM
Our Site uses cookies and similar technologies to provide certain functionality to our Site. “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies can also be used to analyse traffic and for advertising and marketing purposes. They do not harm your systems and the HELP function in your browser will tell you how to restrict or block the cookies. 

You can turn off cookies by activating the setting in your browser that allows you to do this. You can also delete cookies through your browser settings. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org. If you use browser settings to block all cookies, you may not be able to access all or parts of our Site.

WEB BEACONS
We may use web beacons (or clear gifs) on our website and in our emails. So basically when we send emails, we can track behaviour such as who opened the emails, who clicked the links and collect information such as your IP address, your browser or email type, we then put this information together to improve the performance of our email campaigns and provide you with better and/or services specific to your needs. You will always have the ability to opt out of any emails we send just click the link in the email that says “unsubscribe”.
GOVERNING LAW
This Privacy Policy and your use of this Site is governed in all respects by the laws of Australia.
UPDATES TO OUR PRIVACY POLICY
Please make sure to check in on our Privacy Policy periodically, as we may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. We will always ensure that the current date of the Privacy Policy also known as the “Effective Date” is prominently displayed at the very top of this Privacy Policy, so you know it's the latest version.