Privacy Policy

Updated 2026

1. Purpose

This policy explains how Free2Move Physiotherapy collects, uses, stores, and protects your personal information, including sensitive health information. It also outlines your rights and how you can access or correct your information.

We are committed to maintaining the privacy and confidentiality of all client information. This includes information seen, heard, or recorded in any form.

2. What Information We Collect

We collect personal and health information necessary to provide physiotherapy and related services. This may include:

  • Name, date of birth, address, contact details
  • Medical history, medications, allergies, injuries, risk factors
  • Social and family history relevant to your care
  • Contact details of your GP or other health providers
  • Medicare number (if applicable), healthcare identifiers, health fund details
  • Information provided during appointments, phone calls, emails, or online bookings

We may also collect information from third parties when it is not practical to obtain it directly from you, such as:

  • Your GP or other treating practitioners
  • Hospitals, diagnostic imaging, pathology services
  • Guardians or responsible persons
  • Medicare, DVA, or your health fund

3. Why We Collect and Use Your Information

We collect and use your information to:

  • Provide physiotherapy and related healthcare services
  • Communicate with you about your care
  • Coordinate care with other health professionals (with your consent)
  • Process payments, claims, and administrative tasks
  • Conduct practice audits, accreditation, and quality improvement activities
  • Meet legal and regulatory obligations

Quality improvement activities are considered a directly related secondary purpose and do not require additional consent.

4. How We Store and Protect Your Information

We use secure digital systems to manage client information, including:

  • Zanda – Australian‑hosted practice and calendar management software
  • Google Workspace (Gsuite) – for business email and document storage
  • Xero – for bookkeeping and financial records

Your information may be stored in electronic form, paper form (limited), or visual form (e.g., photos or videos used for clinical purposes).

Security Measures

We take reasonable steps to protect your information, including:

  • Multi‑factor authentication (2FA)
  • Strong password policies and regular password resets
  • Role‑based access controls
  • Secure devices with encryption and auto‑lock
  • Locked filing cabinets for any paper records
  • Confidentiality agreements for all staff and contractors
  • Staff training in privacy and data security
  • Secure destruction of paper and electronic media

Overseas Data Storage

Some providers (e.g., Google Workspace, Xero) may store or process information on servers located outside Australia. We take reasonable steps to ensure these providers comply with the Australian Privacy Principles, including reviewing their published security standards and using strong access controls.

5. Staff Access and Internal Procedures

  • Only staff who require access to your information for clinical or administrative purposes may access it.
  • Staff must not share passwords or access credentials.
  • Treatment room doors are closed during consultations to protect privacy.
  • Staff avoid discussing confidential information in areas where conversations may be overheard.
  • Screens displaying client information are positioned to prevent public viewing.

6. Correspondence and Communications

Electronic Communication

  • Secure messaging is used where available.
  • Email is only used for client information when encrypted or when the client has consented to email communication.
  • SMS reminders and notifications are sent through secure systems.

Mail

  • Mail is handled by designated staff and kept out of public view.
  • Printed documents are stored securely and shredded when no longer required.

7. Website, Cookies, and Analytics

Our website and client portal may use cookies and analytics tools to improve functionality and understand how visitors use our site. These tools may collect information such as:

  • IP address
  • Browser type
  • Pages visited
  • Time spent on the site

You can disable cookies in your browser settings, although some features may not function correctly.

8. Sharing Your Information

We may share your information:

  • With other healthcare providers involved in your care
  • With third‑party providers who support our business operations (e.g., IT, bookkeeping)
  • When required or authorised by law (e.g., court orders, Medicare reporting)
  • When necessary to prevent a serious threat to life, health, or safety
  • As part of a confidential dispute resolution process

We do not share your information with third parties for marketing purposes.

We will not share your information outside Australia without your consent, except where permitted by law.

9. Marketing and Newsletters

We will not use your personal information for direct marketing without your express consent. You may unsubscribe at any time.

10. Accessing and Correcting Your Information

You may request access to your records or ask us to correct inaccurate information. Requests must be made in writing to the Practice Principal, Jodie Krantz. We will respond within 14 days. A reasonable fee may apply to cover administrative costs.

11. Data Retention and Destruction

We retain physiotherapy records for the minimum periods required under Australian law:

  • Adults: 7 years from the last consultation
  • Clients under 18: until age 25

When records are no longer required, they are securely destroyed or permanently de‑identified.

12. Data Breaches

If a data breach occurs that is likely to cause serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

13. Complaints

If you have concerns about how your information is handled, please contact:

Practice Principal: Jodie KrantzEmail: admin@free2move.com.au

We will respond within 14 days. If you are not satisfied, you may contact the OAIC at www.oaic.gov.au or 1300 363 992.

14. Changes to This Policy

This policy may be updated periodically. The most current version will always be available on our website and upon request.