← Back to Stride Sports Physio
Privacy Policy
Last updated: April 2026
1. About This Policy
This Privacy Policy explains how Stride Sports Physio & Performance (ABN 99 632 016 016, referred to as "Stride", "we", "us", or "our") collects, uses, stores, discloses, and protects your personal information, including health information.
We are bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable state and territory health records legislation, including the Health Records Act 2001 (Vic).
We are committed to protecting the privacy and confidentiality of all individuals who interact with our clinic, website, and digital platforms.
2. Information We Collect
Personal Information
- Full name, date of birth, gender
- Contact details (phone number, email address, postal address)
- Emergency contact details
- Payment and billing information (credit/debit card details, Medicare number, private health insurance details, DVA details)
- Occupation, employer details, and workplace injury information
- Sporting club affiliation and competition level
- Communication preferences
Health Information
- Medical history, injury history, and surgical history
- Assessment findings, clinical notes, diagnosis, and treatment plans
- Imaging results (X-ray, MRI, CT, ultrasound)
- Referral letters and correspondence from other health practitioners
- Exercise programs and rehabilitation progress
- Functional movement assessments and performance data
- Insurance claim information (including AFL NRPP, WorkSafe, TAC, Medicare, DVA, and private health insurance claims)
Website and Digital Information
- IP address, browser type, device type, and operating system
- Pages viewed, time spent on site, referring URLs
- Cookie data and analytics identifiers
- Information submitted through online forms (name, email, phone, injury details, preferred appointment times)
3. How We Collect Information
We collect personal and health information:
- Directly from you — when you book an appointment (online, phone, or in person), complete intake forms, attend consultations, submit enquiries via our website, or communicate with us by email, phone, or SMS
- From third parties — including referring doctors, specialists, other health practitioners, hospitals, sporting clubs, insurers (including AFL NRPP administrators, WorkSafe, TAC), Medicare, and DVA
- From our digital platforms — including our website (www.stridephysiohealth.com.au), online booking system, practice management software, exercise prescription platforms, and analytics tools
- From publicly available sources — where relevant and lawful
We will only collect health information with your consent, or where required or authorised by law.
4. Why We Collect and Use Your Information
We collect and use your information for the following purposes:
- Providing physiotherapy assessment, treatment, and rehabilitation services
- Managing your clinical care, including appointment scheduling, treatment planning, and progress tracking
- Prescribing and delivering exercise and strength & conditioning programs
- Processing payments, issuing invoices, and managing accounts
- Submitting and managing insurance claims (including AFL NRPP, WorkSafe, TAC, Medicare, DVA, and private health fund claims)
- Communicating with you about appointments, treatment, and clinic updates
- Communicating with other health practitioners involved in your care (with your consent)
- Providing reports to sporting clubs, coaches, or team staff (with your consent)
- Meeting our legal and regulatory obligations, including AHPRA registration requirements, mandatory reporting, and health records legislation
- Complying with Therapeutic Goods Administration (TGA), TPAR, and ATO reporting obligations
- Improving our services, website, and patient experience
- Internal business operations, quality assurance, and clinical audit
- Marketing communications (only with your explicit consent — see Section 9)
5. Third-Party Platforms and Service Providers
We use trusted third-party platforms to support our clinical and business operations. These platforms may store or process your personal and health information on our behalf:
| Platform | Purpose |
|---|
| Cliniko | Practice management — appointments, clinical records, invoicing, patient communications |
| Xero | Accounting and financial record-keeping |
| Halaxy / Online Booking | Online appointment scheduling |
| TeamBuildr | Exercise program prescription and compliance tracking |
| Google Workspace | Email communications and internal documents |
| Stripe / GoCardless | Secure payment processing |
| Mailchimp / Email Marketing | Marketing communications (consent-based only) |
| Google Analytics | Website traffic analysis (anonymised/aggregated) |
| Meta (Facebook/Instagram) | Advertising and social media (no health data shared) |
| Google Ads | Search advertising (no health data shared) |
| Netlify | Website hosting |
| Telehealth Platforms | Video consultations where applicable |
We take reasonable steps to ensure these providers comply with the APPs or equivalent privacy standards. Where data is stored overseas (e.g. cloud servers in the US, EU, or other jurisdictions), we ensure appropriate safeguards are in place.
6. Telehealth and Remote Consultations
Where we provide telehealth or video consultations, the following applies:
- Sessions are conducted via secure, encrypted platforms
- We do not record telehealth sessions unless we obtain your explicit consent
- The same confidentiality obligations apply to telehealth as to in-person consultations
- You are responsible for ensuring your environment is private during telehealth sessions
7. Cookies and Website Analytics
Our website uses cookies and similar technologies to:
- Improve website functionality and user experience
- Analyse website traffic and usage patterns (via Google Analytics)
- Support advertising campaigns (via Google Ads and Meta Pixel)
Types of cookies we use:
- Essential cookies — required for website functionality (e.g. form submissions)
- Analytics cookies — help us understand how visitors use our site (Google Analytics). Data is aggregated and anonymised where possible
- Advertising cookies — used to deliver relevant ads and measure campaign performance (Google Ads remarketing, Meta Pixel)
You can manage or disable cookies through your browser settings. Disabling cookies may affect your experience on our website.
Google Analytics: We use Google Analytics to collect anonymised data about website usage. Google may transfer and store this data on servers outside Australia. For more information, see Google's Privacy Policy.
Meta Pixel: Our website may use the Meta (Facebook) Pixel for advertising measurement. No health information is shared with Meta. You can manage your ad preferences at Facebook Ad Settings.
8. Disclosure of Your Information
We may disclose your personal and health information to:
- Other health practitioners involved in your care (with your consent) — including doctors, specialists, surgeons, radiologists, exercise physiologists, and other allied health professionals
- Sporting clubs, coaches, and team medical staff (with your consent)
- Insurance providers and claims administrators — including AFL NRPP administrators (Echelon/Marsh), WorkSafe Victoria, TAC, Medicare, DVA, and private health insurers — for the purpose of processing claims
- Payment processors for billing and payment purposes
- Our professional advisers (accountants, lawyers) where necessary
- Government and regulatory bodies where required by law (e.g. AHPRA, ATO, Coroner)
- Our contracted service providers (as listed in Section 5) who assist us in operating our business
We will never sell your personal or health information to third parties.
We will never share your health information for advertising or marketing purposes.
9. Marketing Communications
We may send you marketing communications (email, SMS) about:
- Clinic updates and services
- Injury prevention tips and educational content
- Promotions and events
We will only send marketing communications with your explicit opt-in consent. You can unsubscribe at any time by:
- Clicking the "unsubscribe" link in any marketing email
- Replying STOP to any marketing SMS
- Contacting us directly
Unsubscribing from marketing will not affect clinical communications about your care.
10. Data Storage and Security
We take reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure.
Our security measures include:
- Encrypted data transmission (SSL/TLS) on our website and digital platforms
- Access controls and authentication on clinical and business systems
- Secure cloud-based storage through reputable providers (see Section 5)
- Regular review of security practices
- Staff training on privacy and confidentiality obligations
Clinical records are stored electronically in Cliniko, which uses encryption at rest and in transit and is hosted on secure cloud infrastructure.
Paper records (where applicable) are stored in locked facilities at our clinic premises.
No data transmission or storage system is 100% secure. If you have reason to believe your information has been compromised, please contact us immediately.
11. Data Retention
We retain personal and health information in accordance with our legal and professional obligations:
- Health records (Victoria): Minimum 7 years from the date of last entry for adults, or until the patient turns 25 (whichever is later), in accordance with the Health Records Act 2001 (Vic)
- Health records (minors): Until the patient turns 25, or 7 years from the last entry, whichever is later
- Financial records: Minimum 7 years as required by the ATO
- Insurance claim records: Retained as long as necessary for claim resolution and any applicable limitation periods
- Marketing data: Retained until you withdraw consent or request deletion
- Website analytics data: Retained in anonymised/aggregated form
When information is no longer required, it is securely destroyed or de-identified.
12. Notifiable Data Breaches
In the event of a data breach that is likely to result in serious harm, we will:
- Take immediate steps to contain the breach and mitigate harm
- Assess the breach in accordance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988
- Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required
- Document the breach and our response
13. Your Rights
Under the Australian Privacy Principles, you have the right to:
- Access your personal and health information held by us
- Request correction of inaccurate, incomplete, or out-of-date information
- Withdraw consent for optional uses of your information (e.g. marketing)
- Request information about how your data has been used or disclosed
- Complain if you believe your privacy has been breached
To exercise any of these rights, contact us using the details in Section 15.
Access requests: We will respond to access requests within 30 days. In some cases, we may charge a reasonable fee for retrieving and providing information. We may refuse access where permitted by law (e.g. if access would pose a serious threat to health or safety).
Health records: Under the Health Records Act 2001 (Vic), you have additional rights regarding access to and correction of your health information.
14. Complaints
If you believe your privacy has been breached, you may:
- Contact us using the details below — we will investigate and respond within 30 days
- Lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
- Lodge a complaint with the Health Complaints Commissioner (Victoria) for health information matters:
15. Contact Us
If you have any questions about this Privacy Policy or wish to make an access, correction, or complaint request, please contact us:
Stride Sports Physio & Performance
16. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. The updated policy will be published on our website with a revised "Last updated" date.
We encourage you to review this policy periodically. Continued use of our services or website after changes are published constitutes acceptance of the updated policy.