1. About this Policy

Mindful Moves QLD ("we", "us", "our") is committed to protecting the privacy of the personal information we collect, hold, use and disclose. This Privacy Policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This policy applies to information collected:

through our website https://www.mindfulmovesqld.com.au/; through enquiry, booking and lead forms, including Meta (Facebook and Instagram) Lead Ads and Instant Forms; in person, by phone, or by email when you contact us or attend an appointment; through referrals from NDIS plan managers, support coordinators, or other health professionals; and as part of providing exercise physiology services to NDIS participants and private clients.

By providing your personal information to us, you consent to its collection, use, holding and disclosure as set out in this policy.

  1. Who We Are

Mindful Moves QLD is an Exercise Physiology practice based in Queensland, Australia, providing NDIS and privately funded exercise physiology services.

Business name: Mindful Moves QLD ABN: 41 940 443 144 Address: [Insert business address] Email: [Insert contact email] Phone: [Insert contact phone number]

  1. What Personal Information We Collect

The personal information we collect depends on how you interact with us, and may include:

Contact and enquiry information

Name, email address, phone number, and suburb/location Responses to qualifying questions on our lead forms (e.g. whether you are an NDIS participant or applying for a plan)

Client and service information (if you become a client)

Date of birth and emergency contact details NDIS participant number, plan details, plan manager or support coordinator contact details, and funding category Health, medical and disability-related information relevant to your exercise physiology care, including referrals, assessments, goals, progress notes, and outcomes Billing and payment information

Website and advertising data

Information submitted through Meta Lead Ads / Instant Forms on Facebook and Instagram General website usage data (e.g. pages visited), if our website uses analytics or tracking tools

We do not knowingly collect personal information from children without the consent of a parent or guardian.

  1. Sensitive Information

NDIS participant status, disability status, and health information are treated as sensitive information under the Australian Privacy Principles. We only collect sensitive information:

with your consent (including the act of submitting it through our enquiry or lead forms); where reasonably necessary to assess your eligibility for our services and provide appropriate exercise physiology care; or where otherwise permitted or required by law.

We do not use sensitive information for any purpose other than the purpose for which it was collected, unless you have consented or an exception under the Privacy Act applies.

  1. How We Collect Personal Information

Wherever practical, we collect personal information directly from you, including via:

our website enquiry forms; Meta (Facebook/Instagram) Lead Ads and Instant Forms; phone, email, or in-person conversations; intake and assessment paperwork at your first appointment.

We may also collect personal information from third parties, such as:

NDIS plan managers or support coordinators making a referral on your behalf; other treating health professionals, with your consent; or the National Disability Insurance Agency (NDIA), where relevant to your plan and service delivery.

  1. Why We Collect, Hold, Use and Disclose Personal Information

We collect and use personal information to:

respond to your enquiry and arrange your free initial appointment; assess your needs and provide exercise physiology services tailored to your goals; manage NDIS plan billing, claims, and reporting obligations; communicate with you about appointments, your care, and account matters; comply with our obligations under the NDIS Code of Conduct and NDIS Practice Standards; and with your consent, send you information about offers, services, or updates relevant to your care.

We will not use your information for direct marketing without your consent, and you can opt out of marketing communications at any time (see Section 9).

  1. Who We Disclose Your Information To

We may disclose personal information to:

your NDIS plan manager or support coordinator, where relevant to service delivery and billing; the NDIA or NDIS Quality and Safeguards Commission, where required by law or our regulatory obligations; other treating health professionals involved in your care, with your consent; third-party service providers who support our business operations, such as practice management software, booking systems, and IT providers, under confidentiality obligations; Meta Platforms, Inc., to the extent information is submitted through Facebook or Instagram Lead Ads (Meta's own privacy policy applies to their handling of this data prior to it reaching us); and relevant authorities where required or authorised by law.

We do not sell your personal information to third parties.

  1. Storage and Security

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. This includes secure storage of client records, restricted access to client files, and secure handling of information collected via digital forms.

Information submitted via Meta Lead Ads is initially stored by Meta before being retrieved by us; we recommend reviewing Meta's own data retention practices for further detail.

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law (including applicable health records retention requirements).

  1. Access, Correction, and Opting Out

You have the right to:

request access to the personal information we hold about you; request correction of any information that is inaccurate, out of date, or incomplete; and withdraw consent to marketing communications at any time by contacting us using the details in Section 2, or via the unsubscribe option in any marketing message.

We will respond to access and correction requests within a reasonable timeframe, in accordance with the Privacy Act.

  1. Cookies and Website Data

[If applicable] Our website may use cookies or similar tracking technologies, including the Meta Pixel, to understand how visitors use our site and to measure the effectiveness of our advertising. You can control or disable cookies through your browser settings.

  1. Complaints

If you have a concern about how we have handled your personal information, please contact us using the details in Section 2 so we can investigate and respond.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au Phone: 1300 363 992

You may also raise concerns relating to NDIS service delivery with the NDIS Quality and Safeguards Commission:

Website: www.ndiscommission.gov.au Phone: 1800 035 544

  1. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The most current version will always be available at https://www.mindfulmovesqld.com.au/], with the "last updated" date shown above.

  1. Contact Us

For any questions about this Privacy Policy or how we handle your personal information, please contact:

Mindful Moves QLD Email: Admin@mindfulmovesqld.com Phone: 0460289884 Address: Gold Coast