Privacy Policy

Book Consult

PRIVACY POLICY FOR WEBSITE www.duncraigchiropractic.com.au

 Effective Date: 22nd February 2025


WHO WE ARE

Duncraig Chiropractic is operated by HARTMING PTY LTD (ACN 682 996 710), a privately-owned healthcare provider based in Western Australia. In this document, “we”, “us” and “our” refer to HARTMING PTY LTD. We provide chiropractic and related allied-health services to patients. 

This Privacy Policy explains how we manage your personal and health information when you interact with us — whether in-person at our clinic, via our website, by phone or by email. 

WHAT LAWS APPLY TO US

We are bound by the Privacy Act 1988 and the associated Australian Privacy Principles (APPs), including special rules relating to the collection, handling, use and disclosure of health information. 

WHAT KIND OF PERSONAL INFORMATION WE COLLECT AND HOLD

We collect and hold the following types of information (as relevant): 

Identification & contact information: full name; date of birth; address; telephone number; email address. 

Health and treatment-related information (“health information” / sensitive information): medical history; current health status; previous injuries or conditions; medications; treatment notes; consent forms; health-related questionnaires; referrals; health service identifiers (if applicable).  

Billing and payment information: for payment of services, including (if relevant) third-party payment references (e.g. invoice number, payment confirmation); in most cases we do not store full credit card details — payments should be handled by a secure external payment provider (see below). 

Administrative records: appointment history, correspondence, referral letters, insurance information, consent and release forms. 

Usage data (if you use our website): cookies and aggregated analytics data about your use of the website (see Section 8 below). 

We collect personal information only where it is reasonably necessary for the delivery of our chiropractic and allied-health services, or for related administrative, billing, or communication purposes.  

HOW WECOLLECT PERSONALINFORMATION 

We collect personal information: 

  • directly from you (e.g. via intake forms, consent forms, health questionnaires, booking/registration, telephone calls, emails, in-person)  
  • when you interact with our website (e.g. making an online booking, contacting us, filling out online forms) where required,  
  • from third-party referrers or other health providers (with your consent), for continuity of care in aggregated or anonymised form 
  • via website analytics and cookie mechanisms (see below) 

We will not collect unsolicited information about you unless required to provide care or by law.  

WHY WE COLLECT, HOLD, USE AND DISCLOSE YOUR PERSONAL INFORTMATION

We use the information we collect for the following purposes: 

  • to provide chiropractic and allied-health services to you (treatment, assessment, referral), including management of clinical records 
  • to communicate with you about appointments, reminders, follow-ups, referrals, or notifications relevant to your care 
  • to manage billing, invoicing, insurance or payment processing for services provided 
  • to comply with our legal and professional obligations (e.g. record-keeping, regulatory, audit, medico-legal) 
  • to maintain and improve our services and practice administration 
  • to respond to your enquiries or requests (e.g. access to records, corrections, transfer of records) 
  • in aggregated or de-identified form, to analyse and improve our website (analytics), and to monitor website use 

We will not use your personal information for any purpose other than those described (unless we obtain your consent or are required by law). 

DISCLOSURE OF YOURPERSONAL INFORMATION

We may disclose your personal and health information to: 

  • other health professionals (with your consent), for the purpose of referral or continued care 
  • third-party service providers we engage — e.g. for practice management software, appointment booking, secure data storage, billing/payment processing, cloud backup — subject to those providers agreeing to comply with privacy and confidentiality standards 
  • regulatory bodies or courts, where required by law or to comply with legal obligations as needed for practice administration, billing, appointment reminders, or professional collaboration 

We do not sell or rent your personal information to third parties for marketing or other purposes. 

If we engage third-party service providers (e.g. cloud storage, payment gateways), we will take reasonable steps to ensure they maintain confidentiality and security of your information. 

We may disclose aggregated or de-identified information (that does not identify you) for analysis or statistical purposes. 

If we foresee disclosure or storage of your information overseas (e.g. via cloud servers), we will inform you and only proceed if adequate protections are in place — and if required under law. 

STORAGE, SECURITY AND RECORD KEEPING

We take reasonable steps to protect the personal and health information we hold from misuse, interference, loss, unauthorised access, disclosure, modification or destruction. Security measures may include: 

  • secure electronic systems and access controls (passwords, access-logs, restricted access) 
  • encryption and secure backups 
  • physical security for hard-copy records (if any) 
  • confidentiality obligations for staff and third-party providers 
  • procedures for responding to suspected data breaches (notification, mitigation) 

We retain health records for a minimum of 7 years from the date of last contact for adult patients, and for children until they reach 25 years of age — in line with widely recognised best practice for health providers in Australia. 

If there is an unresolved complaint, adverse outcome or potential medico-legal claim, records may be retained longer (or indefinitely) — following advice from our indemnity insurer or legal advisor.  

When records are no longer required and no longer subject to pending matters, we will securely destroy or permanently de-identify them. 

WEBSITE USE, COOKIES AND ANALYTICS 

If you visit our website, we may use cookies or similar technologies to collect anonymous or aggregated data about how the site is used (e.g. pages visited, session duration). This helps us monitor and improve our website, manage appointments and provide a better user experience. 

We do not use cookies to collect sensitive personal or health information. Cookies are optional; you may disable them via your browser, though this may limit certain website features (e.g. booking forms). 

If you provide personal data via the website (e.g. contact form, booking request), we treat that data in accordance with this Privacy Policy. 

ACCESS TO AND CORRECTION OF YOUR CORRECTION

You may request access to any personal information or health records we hold about you, and you may ask us to correct them if you believe they are inaccurate, out-of-date, incomplete or irrelevant. We will respond within a reasonable timeframe, and if we refuse, we will provide reasons. 

Requests should be made in writing (email or letter) to our Privacy Officer (contact details below). 

CONSENT AND DIRECTMARKETING 

We will only send you marketing or promotional communications (e.g. health-tips, newsletters, offers) if you have explicitly opted in. You can opt out at any time by replying to the email, using an unsubscribe link, or contacting us. 

We will not send marketing without your consent. 

DISCLOSURE TO OVERSEAS RECIPIENTS

If we transfer, store or process your information outside Australia (e.g. via cloud hosting), we will only do so where we are satisfied that the overseas recipient provides adequate privacy protections. 

We will advise you if this is likely, and inform you of the approximate location of overseas servers (if known), and ensure appropriate safeguards are in place. 

COMPLAINTS OR CONCERNS ABOUT PRIVACY

If you have any questions, concerns or wish to complain about how we handle your personal information, please contact our Privacy Officer: 

Privacy Officer 
Email: admin@duncraigchiropractic.com.au 
Name: Dr Rhys Hartmann 

We will acknowledge receipt of your complaint within 7 days and endeavour to resolve within 30 calendar days (or notify you if more time is needed). If you remain unsatisfied, you can lodge a complaint with the OAIC. 

CHANGES TO THISPOLICY

 We may update this Privacy Policy from time to time — for example to reflect changes in our practices, new laws, or new technologies. We will post the revised policy on our website, and, where appropriate, notify patients (e.g. via email). 

CONTACT DETAILS

If you have any questions about this policy or your personal information, please contact us: 

Privacy Officer 
Email: admin@duncraigchiropractic.com.au 
Name: Dr Rhys Hartmann 

 

 

Need to make an appointment?

book now