PRIVACY STATEMENT

At Actual Rehab, we are committed to protecting your privacy and ensuring that your personal information, including health-related information, is handled in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth), as well as the Health Privacy Principles (HPPs) under relevant state or territory laws, such as the Health Records and Information Privacy Act 2002 (NSW).

This Privacy Statement explains how we collect, use, disclose, and protect your personal information, including any health-related information. By engaging with our services, you consent to the collection and use of your personal information in accordance with this statement.

 

1. Collection of Personal Information

We collect personal information when you:

  • Access or use our website or mobile application
  • Make inquiries, provide feedback, or request specific products or services
  • Participate in promotions, surveys, or other activities
  • Engage with our customer support team
  • Provide us with health-related information, such as medical history, conditions, treatments, or medications, when relevant to the services we provide.
  • The personal information we collect may include:
    Your name, contact details (such as email address, phone number, and postal address)
  • Demographic information (e.g., age, gender)
  • Health-related information, such as your medical history, current health conditions, treatments, and medications (where applicable)
  • Interaction history with us (e.g., communications, service usage)
  • Other information you provide to us or we collect during your interaction with our services.

We collect health-related information only when necessary for the services we provide, and we will obtain your consent before collecting or using such sensitive information, where required by law.

 

2. Use of Personal Information

We use your personal information, including health-related information, for the following purposes:

  • To provide and improve our products and services, including healthcare or health-related services
  • To communicate with you about your treatment, or services
  • To provide customer support
  • To send you relevant communications or marketing materials, where you have opted in
  • To comply with legal obligations, including health-related reporting and safety requirements
  • To maintain and improve our health-related services in line with regulatory requirements and industry standards.
 

Where we collect health-related information, we will only use it for purposes directly related to providing you with health services, and we will seek your consent to use it for any other purpose.

 

3. Disclosure of Personal Information

We may disclose your personal information, including health-related information, to third parties in the following situations:

  • To our service providers, contractors, or agents who assist us in delivering our products and services (including health professionals or healthcare providers)
  • To comply with legal obligations, including health reporting requirements, or to respond to a subpoena, court order, or other legal process
  • In connection with a merger, acquisition, or sale of business assets
  • To other health professionals, with your consent, where necessary for your care and treatment
  • We will take reasonable steps to ensure that any third party to whom we disclose personal information, including health-related information, complies with privacy and confidentiality obligations.

 

4. Health Records and Sensitive Information

Health-related information is considered sensitive personal information under the Privacy Act 1988 (Cth) and Health Privacy Principles (HPPs) under the Health Records and Information Privacy Act 2002 (NSW) (or similar state or territory laws). This information will be treated with additional care.

We will only collect, use, or disclose sensitive health information:

  • With your explicit consent, or
    Where required or authorised by law (for example, in medical emergencies, or under public health legislation).

If you provide us with health-related information, we will ensure that it is stored securely and protected from misuse, loss, or unauthorised access.

We take steps to help ensure that all personal information we collect, use or disclose is accurate, complete and up to date.

Please contact our Privacy Officer (details below) if you are aware that personal information that we hold about you does not meet this objective.

 

5. Data Security

We take reasonable steps to ensure that your personal and health-related information is stored securely and protected from misuse, loss, unauthorised access, modification, or disclosure. These measures include both physical and electronic security measures and can include:

  • Requiring employees and contractors to enter into confidentiality agreements;
  • Securing hard copy document storage (i.e., storing hard copy documents in locked filing cabinets);
  • Implementing security measures for access to computer systems to protect information from unauthorised access, modification or disclosure and loss, misuse and interference;
  • Ensuring data storage devices such as laptops, tablets and smart phones are password protected;
  • Providing discreet environments for confidential discussions;
  • Implementing security measures for our website(s).

However, please note that no data transmission over the internet or storage system can be guaranteed to be 100% secure, and we cannot ensure the absolute security of your information.

 

6. Accessing and Correcting Your Personal and Health Information

You have the right to access the personal information we hold about you, including your health-related information, subject to certain exceptions under the Privacy Act 1988 (Cth) and the Health Records and Information Privacy Act 2002 (NSW) or other relevant laws.

If you believe that any personal information, including health-related information, we hold is inaccurate, incomplete, or out of date, you can request that we correct it.

To request access or make corrections, please follow the below procedure:

  • All requests for access to personal information to be made in writing and addressed to our Privacy Officer (see contact details below). All requests should specify how the information is proposed to be accessed (photocopies, electronic copy, or visual sighting).
  • Please provide as much detail as possible regarding the Actual Rehab business, department and / or person to whom you believe your personal information has been provided and when. This will allow us to process your request more efficiently.
  • We will endeavour to acknowledge your request within 14 days of the request being made.
  • Access will usually be granted within 30 days of our acknowledgment. If the request cannot be processed within that time for whatever reason, we will let you know the anticipated timeframe for a response to be provided.
  • You will need to verify your identity and authority before access to personal information is granted.
  • We may charge a reasonable fee for access to personal information, which will be notified and required to be paid prior to the release of any information. Once the request has been processed by us, you will be notified of our response and proposal for suitable access (provision of photocopies, digital copies, or visual sighting, where appropriate).
  • We may refuse to grant access to personal information if there is an exception to such disclosure which applies under relevant privacy legislation.
  • If, as a result of access being granted, you are aware that we hold personal information that you regard as being no longer accurate or correct, you may request the deletion or correction of such information.
  • Upon receipt of a request to correct or delete personal information, we will either make such corrections or deletions or provide written reasons as to why we declined to make such alterations.

 

We have a designated Privacy Officer who is responsible for the management of:

  • Requests for access to personal information.
  • Complaints regarding our management of personal information below.

 

7. Retention of Personal Information

We will retain your personal information, including health-related information, for as long as necessary to fulfill the purposes for which it was collected or as required by law. Once it is no longer needed, we will securely delete or anonymise your information in compliance with applicable laws and industry best practices.

 

8. Your Privacy Rights

  • You have several rights in relation to your personal information, including:
  • The right to access and correct your personal information, including health-related information
  • The right to request that we delete or stop processing your personal information
  • The right to withdraw your consent at any time (where applicable)
  • The right to lodge a complaint with the relevant privacy authorities if you believe your privacy rights have been violated.

 

If you have any concerns about how we handle your personal information, including health-related information, or wish to exercise any of your rights, please contact us at:

  • Contact Information
    Actual Rehab Privacy Officer
    PO Box 3223
    Umina Beach NSW 2257

 

How do we handle complaints?

If you consider that there has been a breach of the Australian Privacy Principles, you are entitled to complain to Actual Rehab.

All complaints are to be in writing and directed to the Privacy Officer using the contact details above. In most cases, a Privacy Complaint Form will need to be completed. The Privacy Officer will endeavour to acknowledge receipt of a written complaint within 2 business days.

The Privacy Officer will investigate the complaint and attempt to resolve it within 20 business days after the written complaint was received. Where it is anticipated that this timeframe is not achievable, we will contact the person making the complaint to provide an estimate of how long it will take to investigate and respond to it.

If you are unsatisfied with the outcome of Actual Rehab’s investigation and decision, you are entitled to raise your complaint with the Office of the Australian Information Commissioner (OAIC) by phoning 1300 363 992 or by email at enquiries@oaic.gov.au.

 

9. Your Privacy Rights

We may update this Privacy Statement from time to time. We will notify you of any significant changes by posting the updated Privacy Statement on our website, and where appropriate, by direct communication.