Privacy Policy

Axis values and respects privacy. We handle information about our clients and team members in a way that protects privacy.

This Privacy Policy was last updated on 4 March 2024.

General
1.1 Axis Rehabilitation at Work Pty Ltd ACN 633 631 295 and its related entities (Axis, we, us, our) is committed to protecting your privacy and complying with its obligations under the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) and other privacy laws that may apply in respect of collecting Personal Information.

1.2 This Privacy Policy sets out:

(a) the types of Personal Information we collect from you;
(b) how we handle and manage your Personal Information and why we collect it;
(c) who we disclose it to and why; and
(d) what controls you have over your Personal Information in our possession.

1.3 This Privacy Policy is subject to change at our discretion and we will update it from time to time. The current version will always be available on our Website at https://helloaxis.com.au/privacy-policy/. If we change this Privacy Policy in any material way, we will post a notice on our Websites and Apps (as relevant) along with the updated Privacy Policy.

Reviewing this Privacy Policy
2.1 Please read this Privacy Policy carefully. By signing a Patient Consent Form at our practices or online, you acknowledge that any Personal Information, including Sensitive Information, you provide to Axis and its staff in connection with the provision of the Services and any future Services provided to you, may be collected, used, and disclosed in accordance with this Privacy Policy.

2.2 Further, your use of any part of our Website or Apps will constitute your consent to the collection, transfer, processing, storage, disclosure of your Personal Information in accordance with this Privacy Policy. If you do not agree with the terms and conditions of this Privacy Policy, please do not use our Apps, Website or Services. If you are disclosing Personal Information via the OREBRO Plus Application, you should review the terms of the OREBRO Plus Personal Information collection statement that applies to the use and collection of Personal Information under that application, located here. If you are disclosing Personal Information via phone consult, you should review the terms of the Axis Personal Information collection statement that applies to the use and collection of Personal Information under that method of collection, located here.

2.3 Where we deal with organisations, we may collect Personal Information about individuals who are employees, directors or principals of those organisations or their associates. If you are an organisation and you provide us with Personal Information, or are otherwise aware that we have collected Personal Information about such individuals, we ask you to assist us by referring the relevant individuals to this Privacy Policy.

Definitions

In this Privacy Policy:

(a) “App” means any online-based or downloadable application we may make available to you to deliver our Services including via our Website;
(b) “Insurance Company Representative” means the representative of your insurance company, as applicable;
(c) “OAIC” means the Office of the Australian Information Commissioner;
(d) “OREBRO Plus Application” means the OREBRO Plus Application available at https://www.orebroplus.com.au/;
(e) “Patient Intake Documentation” means any intake documentation for Axis that is made available to new patients when they first register as a patient, or to existing patients to update their details from time to time, as amended from time to time, including any medical history form, patient consent form, request for payment card information, and terms and conditions and internal policies governing the Services;
(f) “Personal Information” means information about you which personally identifies you or may reasonably be used to personally identify you, whether the information or opinion is true or not and regardless of whether the information or opinion is recorded in a material form or not;
(g) “Sensitive Information” is a subset of Personal Information and has the meaning given to that term in the Privacy Act. Sensitive information includes health information and other information or opinions about an individual, for example, racial or ethnic origin, membership of a political association, profession or trade association, or a trade union, religious or philosophical beliefs, sexual orientation or practices, or criminal record. It includes certain genetic and biometric information;
(h) “Services” means, but is not limited to, the physiotherapy, counselling, telehealth consultations, referrals, remedial massage and other healthcare services provided by Axis;
(i) “we”, “us” or Axis” means Axis Rehabilitation at Work Pty Ltd ACN 633 631 295, and its associated entities as appropriate;
(j) “Website” means https://helloaxis.com.au/, https://www.orebroplus.com.au/ or any other website from which the Services are promoted and/or provided; and
(k) “you” or “your” means you and anyone acting on your behalf or with your implied authority.

Types of Personal Information we collect

4.1 Axis collects, uses, holds, and discloses various types of Personal Information including:

(a) personal details, including your name and any other personal details that you provide to us as part of the Services;
(b) contact details, including your email address, mailing address, telephone number and any other contact details that you provide to us as part of the Services;
(c) profile details, including username and password for our Services (as applicable), Website preferences, feedback, and survey responses;
(d) health fund details;
(e) government identifiers, including your Medicare number, NDIS number and DVA number;
(f) employment information including occupation, employee number (if applicable), work area and employer contact details;
(g) financial information, including banking details, billing and payment details and any other financial information that you provide to us as part of the Services;
(h) sensitive health information, including other health and information about you such as a record of your symptoms, your relevant medical and treatment history, the diagnosis made and the treatment decisions made, specialist reports, test results and other health information provided in conjunction with the Services;
(i) usage data, including information about how you use our Apps, Website and Services, including information retrieved from cookies;
(j) technical data, including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Apps and the Website; and
(k) marketing and communications data, including your preferences in receiving marketing from us and your communication preferences, including our third parties;
(l) applicant data where you apply for a position with us, including (depending on the position) Personal Information contained within an application and CV/resume, employment history, Personal Information derived from a reference, Personal Information derived from an interview, Personal Information derived through testing (including psychometric or aptitude testing), licences and other certificates and qualifications, and information included in a passport, birth certificate, visa or other documentation demonstrating your right to work in Australia; and
(m) any other Personal Information that may be required in order to facilitate your dealings with us.

4.2 The kinds of Personal Information we collect about you depends on our relationship with you, and we limit the information we collect to what is reasonably necessary for one or more of our functions or activities.

4.3 We support your ability to make decisions about the Personal Information you provide to us, however if you choose not to provide us with the information requested, or it’s incomplete or inaccurate, we may not be able to provide you with the information, goods and services you are seeking. If you are an applicant, refusal to provide Personal Information may mean we are unable to process your application.

How do we collect your Personal Information?
5.1 The Personal Information that we collect and hold about you depends on your interaction with us. We will generally collect Personal Information about you:

(a) directly from you when you register as a patient at our practices and complete our Patient Intake Documentation, to assess and manage your healthcare needs;
(b) directly from you when you communicate with healthcare practitioners consulting at our clinics or over the phone, or our staff or representatives during the course of providing our Services;
(c) directly and indirectly from you when you interact with our Apps and/or Website;
(d) when we request it from, or it is provided to us by, any person acting on your behalf, or any third party, including your employer, injury management stakeholders, treating doctor or specialist, or allied-health therapists, connected with our provision of the Services to you;
(e) directly from you when you make an enquiry or complaint, either face-to-face, over the phone, via email or via an online form;
(f) from a third party when we are permitted by law to do so, including third party government agencies (Department of Veteran Affairs and Medicare), private health insurers, lawyers, and worker’s compensation companies and other medical professionals and allied health professionals; and
(g) if you are an applicant: from referees when they provide references, academic institutions or training and certification providers, providers of licence and background-checking services, recruiters and other service providers who assist in the engagement process, and other publicly available sources such as social media platforms.

5.2 Where we seek Personal Information from you or someone on your behalf, we only collect:

(a) non-Sensitive Information, if it is reasonably necessary for the Services we provide; and
(b) Sensitive Information, if it is reasonably necessary for or directly related to Services we provide and you have consented to its collection, or its collection is permitted or authorised by law.

5.3 If we seek Personal Information, we will collect it directly from you, unless it is unreasonable or impracticable for us to do so. Where we collect Personal Information about you from a third party without your prior consent, we will take reasonable steps to inform you that we have collected Personal Information. Consent may be implied by the circumstances existing at the time of collection. There may also be circumstances under which we may collect Sensitive Information without your consent, as required or authorised by law.

5.4 When we collect information from you, we will take reasonable steps to inform you about the purposes for collection, the main consequences if you don’t provide the requested information, the other entities to which we usually disclose the information, and whether we are likely to disclose your information to overseas recipients.

5.5 If you provide us with Personal Information about someone else, you must ensure that you are authorised to disclose that information to us and that, without us taking any further steps required by applicable privacy laws, we may collect, store, use and disclose such information for the purposes described in this Policy. Where we request you to do so, you must assist us with any requests by the individual to access or update the Personal Information you have collected from them and provided to us.

Quality and integrity of Personal Information
6.1 You are responsible for the quality, accuracy, and integrity of any information provided in connection with the use of our Services. If the Personal Information you provide to us is incomplete or inaccurate, we may be unable to provide you with the services you are seeking.

Why do we collect, hold, use and disclose your Personal Information?

7.1 We will generally collect, hold, use, and disclose your Personal Information if it is reasonably necessary for or directly related to the performance of our functions and activities and:

(a) to maintain and manage our relationship with you, and to supply the Services and treatment to you for the purpose of facilitating a successful rehabilitation outcome;
(b) to share Personal Information with third party service providers including your employer, supervisor, manager, rehabilitation co-ordinator; OH&S officer, treating Doctor or Specialist, therapist or Insurance Company Representative to assist us with providing the Services;
(c) to respond to your enquiries and provide you with relevant information;
(d) to send email notices, invoices and process authorised payments;
(e) to improve the quality of our Services through the performance of quality reviews and similar activities;
(f) to notify you when there are changes to this Privacy Policy, and other relevant matters;
(g) to provide you with information about other goods and services that we or our related entities and other affiliated organisations offer that may be of interest to you. You may unsubscribe from our mailing/marketing lists at any time by using the unsubscribe feature on any emails we send, or otherwise by contacting us in writing. We do not use your Sensitive Information for direct marketing purposes;
(h) to facilitate a transaction relating to all or part of the Axis business, to the parties discussed below;
(i) to authorised regulatory bodies or otherwise if permitted or required to do so by law, a Court or tribunal; and
(j) if you are an applicant, considering your application with us.

7.2 We may use and disclosure anonymous, de-identified Personal Information about you and your use of our Services to improve the quality of our Services, and for research purposes. After we delete Personal Information, we may retain de-identified and anonymised information (that can no longer be associated with you) and may continue to use this de-identified data indefinitely without further notice to you.

7.3 We may use or disclose Personal Information for secondary purposes where it would be reasonable to expect us to do so, and that secondary purpose is related (or directly related in the case of Sensitive Information) to the primary purpose.

7.4 We use third party payment service providers for the processing of secured credit card payments for the payment of Services, including for the payment of cancelled Services in accordance with our cancellation policy (as amended from time to time). At the time of this Privacy Policy, our third party payment service provider is Square AU PTY Ltd ACN 167 106 176 (Square), though we may work with other third party payment service providers in the future. For more information on how Square uses your Personal Information, please visit their website

Who we disclose Personal Information to
8.1 We generally disclose your Personal Information for the purposes for which it was collected (set out above). We may disclose Personal Information about you to:

(a) our related entities;
(b) our employees, contractors, consultants, and volunteers who require the information to assist us with the purposes for which it was collected;
(c) government departments and agencies where required by law;
(d) third party service providers who assist us in operating our business and providing information, resources, goods and services to you or someone else on your behalf (including marketing campaign providers, market research providers, mail processing providers, IT and technology service providers, payment service providers, recruitment providers, and professional advisers such as lawyers, accountants, and auditors);
(e) your employer (where applicable), injury management stakeholders, treating doctor or specialist, or allied-health therapists in connection with providing Services, quality assessments, diagnoses, treatment, and facilitation of a successful rehabilitation outcome;
(f) third parties to whom you have agreed we may disclose your information and where the information was collected from you (or from a third party on your behalf) for the purposes of passing it on to the third party; and
(g) any other entity as otherwise required or authorised by law, including regulatory bodies.

8.2 Where we disclose Personal Information to a third party service provider, we take reasonable steps to ensure these service providers have appropriate security for your Personal Information and use it only for the purposes for which it was collected.

8.3 We may expand or reduce our business, and this may involve the sale and/or transfer of control of all or part of our business. Personal Information, where it is relevant to any part of the business for sale and/or transfer, may be disclosed to a proposed new owner or newly controlling entity for their due diligence purposes, and upon completion of a sale or transfer, will be transferred to the new owner or newly controlling party to be used for the purposes for which it was provided.

Disclosure of Sensitive Information
9.1 We understand that health information, including information disclosed via online questionnaires, is highly sensitive in nature and it is critical that we can ensure patients who use our Services are comfortable with entrusting their information to us. We will not disclose Sensitive Information about you to third parties unless it is strictly necessary for the purposes of meeting your health care needs and for the purposes set out in this privacy policy, unless you consent to its disclosure to third parties or we are authorised or required by law to do so.

9.2 We will never disclose your Sensitive Information to your employer for the purpose of facilitating litigation, court proceedings or similar, unless we have your express consent.

Storing and Security of your Personal Information

10.1 Axis is committed to protecting the security of your Personal Information. We may hold Personal Information in various forms, including but not limited to physical documents, electronic records, and visual records (e.g scans). Physical files are kept securely inside our access controlled premises, and confidentiality provisions form part of the employment contracts for all our staff members and contractors.

10.2 We use a variety of security technologies and procedures to help protect your Personal Information from unauthorised access, use, or disclosure. We store the Personal Information you provide on computer systems with limited access that are located inside our controlled facilities.

10.3 We take reasonable steps to:

(a) ensure that Personal Information we collect is accurate, up-to-date, complete and relevant, other than where it is only collected to provide advice in respect of a particular point in time, in which case we will seek to ensure it is accurate, complete and relevant as at that particular point in time;
(b) ensure that Personal Information we use or disclose is accurate, up-to-date, complete and relevant, having regard to the purposes for which Personal Information is used or disclosed;
(c) protect Personal Information from misuse, interference, and loss, and from unauthorised access, modification or disclosure; and
(d) destroy or de-identify Personal Information which we no longer need for the purposes for which it was collected, except where it is necessary to retain it in order to maintain ongoing records for our clients and otherwise comply with relevant law.

10.4 Whilst we adopt all protections over your Personal Information within our control, we cannot guarantee the security of information transmitted via the internet. As such, transmission of Personal Information via the internet is at your own risk and we cannot be held responsible for the security of such information.

10.5 Your use of, or the supply of your information to, third parties who supply us with information, or who we are required to supply information to, in connection with the Services is entirely at your own risk and we make no representations or warranties regarding third parties’ privacy practices.

Direct marketing
11.1 We will only send you direct marketing communications and information via mail, phone, or email about our Services with your consent.

11.2 If you do not provide your consent to receive direct marketing communications, you may opt-out of receiving marketing communications from us by contacting us at the details below or by using opt-out facilities provided in our communications.

11.3 We do not provide your Personal Information to other organisations for the purposes of their direct marketing and will not sell, rent, or lease our customer lists to third parties. Our practices in regard to our emails are designed to be compliant with anti-spam laws, including Australia’s Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

11.4 If you believe you have received mail in violation of these laws or any other anti-spam law, please contact us using the contact information in this Privacy Policy.

Unsolicited information
12.1 If you provide Personal Information that we have not requested, we will only retain it in limited circumstances. We will only retain the unsolicited information if it is reasonably necessary for us to provide you with the Services, and you have consented to the information being collected, or it was not practical or reasonable for us to obtain your consent under the circumstances.

12.2 If these conditions are not met, we will destroy the unsolicited information.

Overseas disclosure
13.1 We are assisted by a variety of external service providers to operate our business and your Personal Information may be collected, held, used, and disclosed using those service providers. The third party service providers may have access to your Personal Information as a result of our use of their services. Some of these service providers may be located overseas, and while there are too many to name, they include Microsoft located in the USA, Atlas Technology Solutions located in USA, and Veeam Software headquartered in the USA (with offices worldwide).

13.2 We take reasonable steps to ensure these service providers have appropriate security for your Personal Information and use it only for the purposes for which it was collected.

13.3 Please note you have the right to refuse to have your Personal Information transferred overseas and you must contact our Privacy Officer to make this request. However, you acknowledge that making this request may prevent you from being able to use part or all of our Apps, Website and/or Services (as applicable).

Using our Apps and Website and cookies
14.1 To improve your experience on our Website and our Apps, we may use ‘cookies’: small data files that are served by our Website or Apps and stored on your device. These are used by us or third parties for a variety of purposes including to operate and personalise the Website and our Apps.

14.2 Cookies may be used for recording preferences, conducting internal analytics, conducting research to improve our offering, assisting with marketing, and delivering certain website and application functionality. You may refuse to accept cookies by selecting the appropriate setting on your internet browser. However, please note that if you do this, you may not be able to use the full functionality of our Website or our Apps.

Third party sites
15.1 For your convenience and to improve the usage of the Apps, Website and Services, we may insert links to or utilise the services of third-party websites and Apps, for which this Privacy Policy does not apply. Axis is not responsible for those third party websites, Apps or resources. If you access such websites, Apps or resources, you do so at your own risk and we make no representations or warranties regarding third parties’ privacy practices.

15.2 We encourage you to read the privacy collection statements and privacy policies of every website, application or resource you use. When we do link to a third party website, application or resource, this does not automatically imply that Axis endorses that website, application, resource and their contents. Our Privacy Policy does not cover the use of cookies by any third parties.

Data retention
16.1 We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

16.2 To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

16.3 Where we anonymise your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, we may use this information indefinitely without further notice to you.

Accessing or correcting your Personal Information
17.1 We are committed to maintaining accurate, timely, relevant, and appropriate information.

17.2 Where requested, we will provide you with a copy of the Personal Information that we hold which relates to you, provided that the request is made in accordance with the APPs. We will also update any inaccurate information about you if you inform us that the information is inaccurate, out of date, incomplete, irrelevant, or misleading.

17.3 There are no charges for requesting access to or the correction of your Personal Information, however if the volume of information we hold is excessively large, we reserve our rights to charge you any reasonable administration fees (including fees for photocopying) associated with your request.

17.4 You can contact our Privacy Officer regarding access to or correction of your information by any of the following methods:

Email: info@helloaxis.com.au
Post: PO Box 10193, Adelaide Street, Brisbane QLD 4000
Phone: 1300 196 393

17.5 We will respond to those requests within 30 days in accordance with our obligations under the Privacy Act. If we refuse a request to access or correct Personal Information, where reasonable, we will provide you our reasons for doing so and information about your ability to complain about such refusal.

17.6 In order to protect the confidentiality of your Personal Information, details of your information will only ever be passed on to you where we are satisfied that the information relates to you.  Accordingly, we may request documentation from you which confirms your identity before passing on any Personal Information which relates to you.

Making a complaint
18.1 Complaints about our Privacy Policy or our collection, use, disposal, or destruction of your Personal Information should first be directed to us at the details set out above.

18.2 We will investigate and attempt to resolve your complaint in accordance with the Privacy Act. If you are not satisfied with the outcome of this process, then you may contact the OAIC.

Changes to this Privacy Policy
19.1 Axis will occasionally update this Privacy Policy to reflect company and customer feedback. If we do so, the latest version of our Privacy Policy will be available on our Website and will apply to all your Personal Information held by us at that time. Axis encourages you to periodically review this Privacy Policy to be informed of how Axis is using, collecting, protecting, and disclosing your Personal Information. As noted above, if Axis materially changes this Privacy Policy, Axis will take reasonable steps to notify you of this change.

Further information
20.1 If you require any further information or have any queries regarding our Privacy Policy, please contact our Privacy Officer at the details set out above.

20.2 Should you wish to read more information on the Privacy Act, we recommend that you visit the website of the OAIC at www.oaic.gov.au.

Contact us

Join our family of partners building a healthier, happier and more productive future together.