Privacy Policy

1. Introduction

Motiotherapy is committed to protecting your privacy and the privacy of NDIS participants. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and the NDIS Code of Conduct.

2. Collection of Information

We collect personal and health information that is necessary to provide occupational therapy services. This includes:

• Participant name, date of birth, contact details, and address
• NDIS plan information and funding details
• Health information including diagnoses and medical history
• Referrer information (name, agency, contact details)
• Consent records and timestamps

We only collect information that is directly relevant to providing our services and that you have consented to provide.

3. Consent

Before we collect, use, or disclose your personal or health information, we will obtain your explicit consent. This consent will:

• Be clearly documented with a timestamp
• Specify what information is being collected and why
• Explain how the information will be used and shared
• Allow you to withdraw consent at any time

4. Use and Disclosure

We use your information to:

• Process referrals and provide occupational therapy services
• Communicate with you, your plan manager, and support coordinator
• Maintain clinical records as required by law
• Comply with legal and regulatory obligations

We may share information with:

• Your NDIS plan manager (if applicable)
• Your support coordinator
• Other healthcare providers involved in your care (with your consent)
• Regulatory bodies when required by law

5. Data Security

We implement appropriate technical and organizational measures to protect your information:

• All data is encrypted in transit using HTTPS/TLS
• Health information is encrypted at rest
• Access to personal information is restricted to authorized staff only
• All referral forms and documents are password-protected
• Regular security assessments and monitoring
• Secure backup procedures with encrypted backups

6. Data Storage

Your information is stored securely using cloud hosting services that comply with Australian Privacy Principles. We prefer Australian data residency where possible, and any offshore storage is subject to appropriate safeguards.

7. Access and Correction

You have the right to:

• Access your personal information we hold
• Request corrections to inaccurate or incomplete information
• Request a copy of your records

To exercise these rights, please contact us at adk@motiotherapy.com.au

8. Data Retention

We retain your information in accordance with:

• State and federal health record retention laws (typically 7 years for adults, until age 25 for children)
• NDIS requirements
• Our clinical and legal obligations

After the retention period, information is securely destroyed in accordance with our Data Destruction Policy.

9. Data Breach Notification

In the event of a data breach that may cause serious harm, we will:

• Contain the breach immediately
• Assess the risk and impact
• Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required
• Take steps to prevent future breaches

10. Third-Party Services

We use third-party services (Vercel for hosting, email services) that comply with Australian Privacy Principles. All third-party vendors are subject to data processing agreements and regular security assessments.

11. Your Rights

You have the right to:

• Access your personal information
• Correct inaccurate information
• Withdraw consent (subject to legal and clinical obligations)
• Lodge a complaint with the OAIC if you believe we have breached your privacy

12. Contact Us

For privacy inquiries, access requests, or complaints, please contact:

13. Updates to This Policy

We may update this Privacy Policy from time to time. The updated version will be published on this page with a new "Last Updated" date. We encourage you to review this policy periodically.