Who we are: McKinnon Sport & Spinal Clinic (“we”, “us”) provides physiotherapy and allied health services.

Our commitments: We handle personal and health information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and in Victoria the Health Records Act 2001 (Vic) and its Health Privacy Principles (HPPs). If we use the My Health Record system, the My Health Records Act 2012 (Cth) also applies.

1. Information we collect

   • Personal details (name, DOB, contact details, emergency contacts).

   • Health information (medical history, referrals, treatment notes, images/scans, test results, outcome measures).

   • Payment and claiming information (Medicare, DVA, TAC, WorkSafe, private health, third‑party payers).

   • Appointment and communications data; website usage analytics.

2. How we collect it

   • Directly from you or your authorised representative; from treating practitioners; diagnostic providers; insurers or compensable schemes; and via digital forms and portals.

3. Why we collect it

   • To provide and coordinate healthcare; manage bookings and billing; conduct recalls and follow‑ups; quality assurance; training; risk management; and to meet legal/reporting obligations.

4. Use & disclosure

   • We may disclose to your GP/specialist and other providers involved in your care; to Medicare/insurers/compensable schemes; to our IT, billing and communications vendors; and as required/authorised by law.

   • We will not use or disclose your health information for marketing without your consent. You may opt out anytime.

5. My Health Record (if used)

   • If you choose to participate and we are registered, we may access/upload to your My Health Record in accordance with law and your access controls. You can withdraw consent at any time. We keep audit logs of access.

6. Overseas disclosure

   • If any service providers are located overseas, we take reasonable steps to ensure comparable protections..

7. Data quality, security & retention

   • We maintain records accurately and securely (role‑based access, encryption in transit where practicable, secure premises). Health records are retained in line with legal and professional requirements (minimum retention periods apply).

8. Access & correction

   • You may request access to your records and request corrections. We will respond within a reasonable time and may charge a reasonable fee for providing copies.

9. Communications

   • Appointment reminders and clinical communications may be sent by SMS/email unless you opt out. Commercial electronic messages require consent and will include an unsubscribe.

10. Website cookies & tracking

• We use cookies/analytics. You can change your browser settings to manage cookies.

11. Complaints

• Contact: Privacy Officer, [Insert contact]. If not resolved, you may contact the Office of the Australian Information Commissioner or the Health Complaints Commissioner (Vic).

12. Changes

• We may update this policy; we will post the new effective date.