Privacy Policy

Your Health Information and Personal Information is required to be protected by us pursuant to the New South Wales Health Records and Information Privacy Act 2002 and the Commonwealth Privacy Act.

The Australian Privacy Principles contained in the Commonwealth Privacy Act 1988 and the Health Privacy Principles in the New South Wales Health Records and Information Privacy Act 2002:

  • regulate the handling of personal and health information;
  • give access rights to people in respect of their health information and personal information that has been collected by, and is held about them, by organisations;
  • give people access to their personal information and health information for the purposes of correction; and
  • provide a framework for resolving any disputes which may arise regarding the handling of your personal information or health information.

Collection – how we collect your personal information and health information

Fit and Flow Physiotherapy will only collect health information necessary for the performance of its health services and with consent. Individuals who provide health information will be notified about what happens to their information and that they can gain access to it.

Use and disclosure – how we use and disclosure your personal information & health information

Fit and Flow Physiotherapy will only use or disclose health information for the primary purpose for which it was collected or a directly related secondary purpose which the person would reasonably expect. If there is any doubt about this expectation then Fit and Flow Physiotherapy will gain consent from the person for the use of their health information.

We never sell your information to other organisations and we comply with the requirements of the Privacy law in our marketing communications to you.

Data quality

Fit and Flow Physiotherapy will take all reasonable steps to ensure health information it holds is accurate, complete, up to date and relevant to the functions and services it provides.

Data security and retention

Fit and Flow Physiotherapy will safeguard the health information it holds against interference, misuse, loss, unauthorized access and modification. We ensure that any providers of IT services to us (including overseas providers of IT services including Cloud services) are also privacy compliant.

Health information will be destroyed or deleted in accordance with Health Privacy Principle 4.

Under our destruction and de-identification policies, your personal information that is no longer required will be de-identified or destroyed. In many circumstances, however it will be kept for marketing purposes as you will have consented to that in writing with us.

Where the Fit and Flow Physiotherapy receive unsolicited job applications these will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.

In accordance with the Health Records Act, all Health information collected by the Fit and Flow Physiotherapy will not be deleted. Amendments or alterations to the health information will be recorded on a separate form and attached to the original file.

Access and correction

We will be entitled in some circumstances to refuse access and if we do so, we will consider whether a mutually agreed intermediary will allow sufficient access to meet your needs and ours.

Fit and Flow Physiotherapy recognises that individuals have a right to seek access to health information about them, and that this right extends to correction of the information if it is inaccurate, incomplete, misleading or not up to date.

Although no fee will be charged for accessing your personal information or making a correction, Fit and Flow Physiotherapy may charge a fee to retrieve and copy any material.


Fit and Flow Physiotherapy will only assign a number or code number to identify a person if it is reasonably necessary to carry out the function or service efficiently.


You do have the right to seek to deal with us anonymously or using a pseudonym, but in almost every circumstance it will not be practicable for us to deal with you or provide any services to you except for the most general responses to general enquiries, unless you identify yourself.

Transferred data flows

Fit and Flow Physiotherapy does not transfer any personal information overseas without the consent of the individual.

We do use an overseas provider of cloud based services (Cliniko), however all data gained in Australia is stored in Australia by Cliniko. All data shared between Fit and Flow Physiotherapy and Cliniko is transmitted and stored securely. Cliniko meets or exceeds all regulations of the Australian Privacy Principles, GDPR, PIPEDA, and HIPAA.

Fit and Flow Physiotherapy website

Fit and Flow Physiotherapy collects personal or sensitive information through websites, e-commerce systems, etc. Fit and Flow Physiotherapy protects it’s website through the use of encryption technology.

When you use our website, having your cookies enabled will allow us to maintain the continuity of your browsing session and remember your details when you return. We may also use web beacons, Flash local stored objects and JavaScript. If you adjust your browser settings to block, reject or delete these functions, the webpage may not function in an optimal manner. We may also collect information about your IP address, although this may not identify you.

Transborder data flows

Fit and Flow Physiotherapy will only transfer health information outside New South Wales if the receiving organisation is subject to laws substantially similar to the Health Privacy Principles, or confidentiality and disclosure agreements are in place between the individual and the external organisation (i.e. in the case of overseas patients).

Making information available to another health service provider

Fit and Flow Physiotherapy will make information relating to an individual available to another health service provider if requested by the individual and it is appropriate.


If you have any concerns, complaints or you think there has been a breach of privacy, then also please contact Fit and Flow Physiotherapy who will first speak with you (usually over the phone). If we then have not dealt satisfactorily with your concerns, we will meet with you to discuss further. If you are not satisfied with our response to your complaint within 30 days from this meeting then you can refer your complaint to the Office of the Australian Information Commissioner via:

The New South Wales Office of the Health Services Commissioner website is

About Fit and Flow

Extensive experience in musculoskeletal and sports injuries, adolescent injuries, pre and post-natal physiotherapy, women's health and surgical rehabilitation provided from expert Physiotherapists in Caringbah.

Tell us more about your injury

Tell our Carngbah Physiotherapists more about your injury. Not sure whether our physiotherapy clinic in the Sutherland Shire can help with your current injury or limitation? Fill out the questionnaire with some background information and we can contact you about your specific injury!