Effective Date: June 2026

​

1. Introduction

Winston Hills Physiotherapy Centre ("we", "our", "us") is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable health records legislation.

This Privacy Policy explains how we collect, use, store, disclose and protect your personal information, including health information, when you access our services, website, online booking systems, or communicate with us.

​

2. Contact Details

Winston Hills Physiotherapy Centre

Address: 43 Langdon Rd, Winston Hills NSW 2153

Phone: (02) 9838 8449

Email: admin@winstonhillsphysio.com.au

Website: www.winstonhillsphysio.com.au

If you have any questions regarding this Privacy Policy or the handling of your personal information, please contact us using the details above.

​

3. What Personal Information We Collect

We may collect and hold the following types of personal information:

​

Identification Information

• Name

• Date of birth

• Gender

• Residential address

• Postal address

• Email address

• Telephone number

​

Health Information

• Medical history

• Current and past injuries or conditions

• Treatment records

• Referral information

• Diagnostic imaging and reports

• Medication information

• Exercise and rehabilitation records

• Clinical notes

• WorkCover, CTP or insurance claim information

​

Financial and Administrative Information

• Payment information

• Medicare details

• Private health insurance details

• DVA details

• Workers Compensation information

• Employer details where relevant

​

Website and Online Information

• Website usage information

• Online booking information

• IP address

• Device information

• Cookies and analytics data

​

Health information is considered sensitive information under Australian privacy law and receives additional protections.

​

4. How We Collect Personal Information

We collect personal information in a number of ways, including:

​

Directly from You

• New patient forms

• Medical history forms

• Online booking forms

• Website enquiries

• Email correspondence

• Telephone conversations

• In-person consultations

​

From Third Parties

• Referring medical practitioners

• Specialists

• Allied health practitioners

• Employers (where authorised)

• Insurance companies

• Workers Compensation insurers

• Medicare

• Private health insurers

• Family members or carers (where appropriate)

• Government agencies where permitted by law

​

Through Technology

• Website analytics

• Online booking systems

• Cookies and similar technologies

• Electronic communications

​

5. Why We Collect Personal Information

​

We collect personal information so that we can:

• Provide physiotherapy and remedial massage services

• Assess, diagnose and treat health conditions

• Develop treatment plans

• Communicate with patients regarding appointments and care

• Process payments and health fund claims

• Meet legal and professional obligations

• Maintain accurate patient records

• Respond to enquiries

• Improve our services

• Conduct quality assurance activities

• Manage complaints and feedback

• Comply with insurance and regulatory requirements

​

If we are unable to collect certain information, we may not be able to provide appropriate healthcare services.

​

6. How We Use and Disclose Personal Information

We use personal information only for purposes related to the provision of healthcare services and the operation of our practice.

​

We may disclose information to:

• Medical practitioners involved in your care

• Specialists and other allied health providers

• Pathology and imaging providers

• Medicare

• Private health insurers

• Workers Compensation insurers

• CTP insurers

• DVA

• Legal representatives where authorised

• Government and regulatory bodies where required by law

• Professional advisers and auditors

• Information technology service providers assisting us to operate our systems

​

We only disclose information when:

• You have consented;

• It is required for your treatment;

• It is required by law; or

• It is otherwise permitted under the Privacy Act.

​

We do not sell personal information to third parties.

​

7. Overseas Disclosure of Personal Information

​

Some of our technology service providers, cloud storage providers, website hosting providers, practice management software providers, or email service providers may store or process information outside Australia.

​

Where overseas disclosure occurs, we take reasonable steps to ensure that the overseas recipient complies with Australian privacy requirements.

​

Countries where information may potentially be stored or processed include:

• Australia

• United States

• New Zealand

• Singapore

• Ireland

• Other countries in which our software and cloud service providers maintain data centres

​

As service provider arrangements may change over time, we cannot always identify every country in advance.

​

8. Storage and Security of Personal Information

We take reasonable steps to protect personal information from:

• Misuse

• Interference

• Loss

• Unauthorised access

• Modification

• Disclosure

​

Security measures may include:

• Secure practice management software

• Password-protected systems

• Access controls

• Secure cloud storage

• Staff confidentiality obligations

• Secure document disposal procedures

• Anti-virus and cybersecurity protections

• Regular software updates and security monitoring

​

While we take reasonable precautions, no electronic transmission or storage system can be guaranteed completely secure.

​

9. Accessing and Correcting Personal Information

You may request access to personal information we hold about you.

​

You may also request correction of information that is inaccurate, incomplete, out-of-date, irrelevant or misleading.

​

Requests should be made in writing to:

Privacy Officer
Winston Hills Physiotherapy Centre
admin@winstonhillsphysio.com.au

​

We will respond within a reasonable period and may require proof of identity before providing access.

​

Access may be refused in certain circumstances permitted by law, including where providing access would pose a serious threat to life, health or safety, or would unreasonably impact another person's privacy.

​

10. Complaints About Privacy

If you believe we have mishandled your personal information, you may lodge a complaint by contacting our Privacy Officer.

​

Please provide:

• Your name and contact details

• Details of your complaint

• Any supporting information

​

Complaints can be submitted to:

Privacy Officer
Winston Hills Physiotherapy Centre

Phone: (02) 9838 8449

Email: admin@winstonhillsphysio.com.au

​

We will:

1. Acknowledge your complaint within a reasonable timeframe.

2. Investigate the complaint.

3. Respond in writing with the outcome.

4. Take appropriate corrective action where necessary.

​​

If you are not satisfied with our response, you may contact:

​

Office of the Australian Information Commissioner (OAIC)

Website: www.oaic.gov.au

Phone: 1300 363 992

​

11. Retention, Destruction and De-identification of Information

We retain health records for the periods required by applicable legislation and professional standards.

​

When personal information is no longer required and we are legally permitted to dispose of it, we will take reasonable steps to securely destroy or permanently de-identify the information.

​

Methods may include:

• Secure shredding of paper records

• Permanent deletion of electronic records

• De-identification of data used for statistical or quality improvement purposes

​

Health records will not be destroyed where retention is required by law.

​

12. Website, Cookies and Analytics

Our website may use cookies and analytics tools to help improve user experience and understand website usage.

​

Information collected may include:

• Browser type

• Device information

• Pages visited

• Time spent on pages

• Referring websites

​

You may disable cookies through your browser settings, although some website functionality may be affected.

​

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legislation, technology, or business practices.

​

The current version will always be available on our website.

​

14. Privacy Officer

​

The Practice Director acts as the Privacy Officer for Winston Hills Physiotherapy Centre.

​

Privacy enquiries should be directed to:

Email: admin@winstonhillsphysio.com.au

Phone: (02) 9838 8449

Address: 43 Langdon Rd, Winston Hills NSW 2153

​

Last Updated: June 2026