Privacy Policy

1. Our commitment to privacy

Only About Kids Occupational Therapy (OAK OT)  (who is referred to in this policy as “we”, “us”, “our” and similar grammatical forms) is committed to protecting the privacy of everyone who interacts with us — including clients, families, enquirers, and anyone else who provides us with personal information. OAK OT manages personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and in accordance with other applicable privacy laws. 

This policy explains how OAK OT collects, uses, stores, shares, and protects personal information. It also tells you how you can access or correct your information, and what to do if you have a concern.

2. Who this policy applies to

References in this policy to “you” or “your” refer to any individual about whom we collect personal information. This policy applies to all individuals whose personal information OAK OT collects, holds, uses, or discloses. This includes:

  • Current clients and their families or carers
  • Potential clients who have made an enquiry or expressed interest in our services
  • Former clients
  • Individuals who participate in our surveys, events, or programs
  • Anyone who contacts us, visits our website, or engages with our communications
  • Third parties who interact with us in a professional capacity, including teachers, paediatricians, allied health professionals, support coordinators, plan managers, and representatives of external agencies such as the NDIS or Medicare

3. What information we collect

3.1 Personal information

Personal information is any information that identifies you, or could reasonably identify you. The type of personal information we collect will vary depending on the kind of service you request from us and how you interact with us. It may include:

  • Full name, date of birth, and gender
  • Contact details including address, phone number, and email address
  • Emergency contact information
  • NDIS participant number and plan details
  • Medicare or private health insurance details (where applicable)
  • School name and contact details
  • Referral source and referral documentation
  • Enquiry details and communication history
  • Any additional personal information you provide to us, or authorise us to collect, as part of your interaction with us

We may also collect personal information about you from other sources, for example as a result of interacting with our employees or other people who assist us to operate our business. 

3.2 Health information

We may collect health information about individuals who enquire about or receive services from OAK OT. This information is collected where it is reasonably necessary for us to understand needs, assess suitability, or deliver safe and effective services. Health information we may collect includes:

  • Medical history, diagnoses, and current health conditions
  • Developmental history and functional assessments
  • Therapy goals, intervention plans, and progress notes
  • Reports and correspondence from other health professionals
  • Behavioural observations and clinical findings
  • Information about supports currently in place

3.3 Financial information

We collect financial information necessary to process payments for our services. This may include bank account details, payment card details, or transaction records. Where payments are processed through a third-party payment platform, that platform handles and stores card details directly in accordance with its own security standards — OAK OT may or may not have direct access to those details depending on the platform used at the time.

3.4 Marketing and communications data

We collect information about your preferences for receiving communications from us, including:

  • Email address and communication preferences
  • Survey responses from current, previous, or potential clients
  • Engagement data from email campaigns
  • Event registrations or program enquiries
  • Social media interactions, including follows, direct messages, comments, and engagement with our content across platforms

3.5 Technical and website information

When you visit our website, we may automatically collect certain technical information, including your IP address, browser type, device information, pages accessed, and session data. This information is used to maintain and improve our website and is not used to identify you personally.

4. How we collect your information

We collect personal information in a variety of ways depending on how you interact with us. This includes:

  • When you provide it directly to us, including in person, over the phone, by email, or online
  • When you complete a form, such as an intake form, referral, event registration, survey, or online enquiry such as via our website
  • When you interact with our website, social media platforms, or digital communications
  • Event or program registrations, where individuals provide information to participate in a group, workshop, or program
  • Through our practice management platform, from which client records, session notes, and documents are accessed and managed
  • From third parties, such as referrers, treating practitioners, educators, or funding bodies who provide information about you in the course of engaging our services
  • From publicly available sources, where relevant and permitted

Where possible, we collect information directly from you. Where we collect information from a third party, we will take reasonable steps to inform you of this collection unless doing so would be unreasonable or impractical in the circumstances.

If you are providing personal information about another individual (for example, a child in your care), you confirm that you have that person’s authority, or are legally entitled, to provide that information to us.

4.1 Dealing with us anonymously

We will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable to do so — for example, when making a general enquiry. Generally, it is not practicable for us to deal with individuals anonymously or pseudonymously on an ongoing basis. If we are unable to collect personal information about you, we may be unable to provide services or allow you to participate in programs or services we offer.

5. How we use your information

5.1 Business and service delivery purposes

Personal information collected by OAK OT is used to deliver our services, operate our business effectively, and fulfil the administrative responsibilities that come with both. The specific ways we use your information will depend on how you interact with us. This may include:

  • Assessment, intervention and management of the needs of clients and potential clients
  • Delivering and documenting clinical services
  • Responding to enquiries and other communications
  • Entering into and managing service agreements
  • Coordinating with referrers, treating practitioners, schools, funding bodies or support networks
  • Managing bookings, billing, invoicing, and debt recovery
  • Meeting our obligations under the NDIS and other applicable frameworks
  • Complying with legal, regulatory, and professional requirements
  • Responding to complaints or concerns
  • Researching, developing, and improving our services
  • Quality improvement activities within OAK OT, where information is de-identified where practicable

5.2 Marketing purposes

We may use personal information to send you information about our services, programs, and events that may be of interest to you. This includes email campaigns, newsletters, social media communications, and invitations to participate in surveys. You may opt out of marketing communications at any time — see below for details. If you opt-out of receiving marketing material from us, we may still contact you in relation to our ongoing relationship with you. 

5.3 Disclosure to contractors and service providers

We may disclose personal information to third parties we engage to support our business operations. This includes contractors, professional advisors, and service providers engaged to assist with:

  • Information technology services and software support
  • Website maintenance and development
  • Data storage and processing
  • Email, marketing, and communications platforms
  • Customer satisfaction surveys and market research
  • Data analysis and reporting
  • Printing, archiving, and mail-outs
  • Payment processing
  • Legal, financial, and compliance matters

These parties are engaged to assist us in delivering services or managing administrative functions, and are expected to handle your information in accordance with applicable privacy law.

We do not sell, rent, or trade your personal information to any third party for commercial purposes.

5.4 Employee and recruitment information

We collect and use personal information about current employees, contractors, and individuals applying for roles with OAK OT. This information is collected and used to:

  • Assess applications and determine suitability for a position
  • Conduct background checks, referee checks, and verification of qualifications, where applicable
  • Manage the employment or engagement relationship, including onboarding, payroll, superannuation, and leave
  • Administer performance, development, and conduct processes
  • Meet our obligations under applicable employment law, workplace health and safety legislation, and industrial instruments
  • Maintain emergency contact and next-of-kin information

We usually collect this information directly from the individual. We may also collect information from third parties such as recruitment agencies, referees, professional registration bodies, or background check providers, in ways that would reasonably be expected.

Personal information collected about employees and applicants is handled in accordance with this policy and applicable privacy law. Where sensitive information is collected in an employment context — such as health information relevant to workplace adjustments — this will only be collected and used where necessary and with appropriate consent.

6. Sharing your information

6.1 When we share information

OAK OT may share personal or health information with third parties in the following circumstances:

  • With your consent — where you have given express permission to share information with a nominated person or organisation
  • As required by law — including mandatory reporting obligations under child protection legislation
  • As required by the NDIS — including service claims, plan management coordination, or audit and compliance activities
  • To coordinate care — where it is necessary and in your best interests for us to liaise with other treating professionals

6.2 Third parties we may share information with

Third party

Purpose

NDIS / NDIA

Service claims, plan verification, compliance reporting

Plan managers and support coordinators

Service bookings, invoicing, coordination of supports

Schools and educators

Progress updates, collaborative goal-setting, school-based intervention

Other allied health providers

Coordinated care, referrals, shared treatment planning

Medicare or private health insurers

Billing and claims where applicable

IT and software service providers

Data storage, platform management, and system support

Email and marketing platforms

Sending campaigns, newsletters, and surveys

Professional advisors

Legal, financial, and compliance support

6.3 Disclosure without consent

In limited circumstances, we may disclose information without your consent, including:

  • Where we are legally required to do so (e.g. court order or mandatory reporting)
  • Where we reasonably believe disclosure is necessary to prevent a serious and imminent threat to the life or health of any person
  • Where required by a regulatory body with appropriate authority
  • In the event OAK OT is subject to a merger, acquisition, or sale of assets, your information may be disclosed to relevant advisors or prospective parties as part of that process

7. Use of technology and artificial intelligence

7.1 Technology and software platforms

We use a range of software platforms and digital tools to manage our operations, store records, communicate with clients and referrers, deliver and document services, and administer billing and reporting. The specific platforms we use may change over time as we adopt new tools or transition between providers.

Regardless of the platforms in use at any given time, we take reasonable steps to ensure that any software or technology we use to store or process personal information maintains appropriate security standards, operates in accordance with applicable privacy law, and is subject to contractual obligations where required.

Some platforms we use may store data on servers located outside of Australia. Where this occurs, we take reasonable steps to ensure your information is handled consistently with the Australian Privacy Principles. See Section 8 for further detail.

7.2 Artificial intelligence

We may use artificial intelligence (AI) tools and automated technologies to support our business operations and service delivery. We will only use AI technologies where legally permitted and where necessary for our business operations. 

How we use AI technologies

We may use AI technologies for the following purposes:

  • To record, transcribe, and summarise sessions
  • To automate certain processes and communications, such as routine tasks
  • For quality assurance purposes
  • To assist with customer support and queries
  • For clinical documentation support
  • To assist with communication drafting
  • For data analysis, reporting and workflow automation
  • For internal quality review processes

Data protection and security

Where we use service providers who supply AI technologies, we will take reasonable steps to ensure those providers handle your personal information in accordance with privacy law, including through contractual obligations requiring the protection of personal information. We will not submit your personal information to any AI platform that uses it to train its underlying model.

Your rights and our commitments

We will treat information generated or inferred by AI technologies about individuals as personal information. You maintain all rights over your personal information as outlined in this policy, regardless of whether AI technologies are used in its processing. When using AI technologies with your personal information, we commit to the following:

  • Transparency and control: We will inform you when AI technologies are being used to make decisions that may significantly affect you. We will implement processes to verify the accuracy of AI-generated outputs and take reasonable steps to maintain human oversight and review of significant AI-generated decisions. Our team members are trained to understand the limitations of AI systems and to verify outputs before they are relied upon.
  • Security: We implement appropriate technical and organisational measures to ensure that our use of AI technologies maintains the security and integrity of your personal information. This includes regular testing and monitoring of AI outputs for accuracy and reliability.
  • Risk mitigation: We regularly assess and document the risks associated with our use of AI technologies in processing personal information and implement appropriate mitigation measures. This includes ongoing monitoring of AI technologies and regular reviews of their performance and impact.

8. Overseas disclosure

Some of the platforms and service providers we use may store, transfer, or access your personal information on servers or systems located outside of Australia. We may also disclose your personal information to overseas recipients where necessary to carry out our business operations.

Where we disclose personal information to overseas recipients, we will take reasonable steps to ensure that those recipients do not breach the Australian Privacy Principles in relation to your information. In circumstances where your information is disclosed overseas, those recipients are likely to be located in countries in which our software providers and related service providers operate.

Unless we have your consent, or an exception under the Australian Privacy Principles applies, we will only disclose your personal information to overseas recipients where we have taken the reasonable steps described above.

9. How we store and protect your information

OAK OT takes reasonable steps to protect personal and health information from misuse, interference, loss, unauthorised access, modification, or disclosure.

We store personal information primarily in secure electronic record-keeping systems, including cloud-based platforms. We do not generally maintain paper-based files containing client information. Electronic records are maintained in secure systems that use appropriate controls such as encrypted data storage, user authentication, and role-based access permissions.

Where any physical documents are held, these are stored securely at our clinic premises with access limited to authorised team members and are either archived, de-identified, or securely destroyed when no longer required.

Access to records is limited to OAK OT team members, contractors, and other businesses engaged to support our operations who require that information to perform their role. All such individuals are expected to handle personal information in accordance with applicable privacy law and are bound by confidentiality obligations.

While we are committed to maintaining strong data security, we cannot guarantee the security of information transmitted over the internet. The transmission and exchange of information is carried out at your own risk.

10. Retention and disposal of records

OAK OT retains records in accordance with our legal obligations under the Health Records Act 2001 (Vic) and applicable Australian privacy law.

For adult clients, health records are retained for a minimum of seven years from the date of the last entry in the record. Where a client was under 18 years of age at the date of the last entry in their record, that record must be retained until the client turns, or would have turned, 25 years of age. These timeframes are minimums. Where there is a risk of legal proceedings, records will be retained until that risk has passed.

When records are no longer required, we take reasonable steps to destroy or permanently de-identify information securely so that it cannot be retrieved or reconstructed and paper-based records are destroyed securely.

11. Cookies and website use

Our website may use cookies — small text files stored on your browser — to manage settings and improve your experience. Cookies do not identify you personally, but may be used to recognise your browser when you return to our site, or to support analytics and retargeting functions.

You may disable cookies via your browser settings, though doing so may limit your ability to access certain features of our website. Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and recommend you review their policies independently.

12. Marketing communications and surveys

We may contact you from time to time with information about our services, programs, or events that may be of interest to you. We may also invite you to participate in surveys to help us improve our services.

You may opt out of marketing communications at any time by:

  • Contacting us using the details in Section 15
  • Using the unsubscribe function in any electronic communication we send you

Opting out of marketing communications will not affect our ability to contact you in relation to an existing service relationship. Survey participation is always voluntary.

13. Accessing and correcting your information

13.1 Access requests

You are entitled to request access to personal information we hold about you. To make a request, please contact us using the details in section 15. 

We will not charge you for making an access request, but an administrative fee may apply to cover the reasonable time and expense incurred in compiling the information in response to your request. We will advise you of any applicable fee before proceeding.

We will take reasonable steps to provide access in a manner that meets your needs. In some circumstances, we may be legally permitted to decline your request — for example, where providing access would pose a serious threat to the health or safety of any person, or where otherwise permitted under the Australian Privacy Principles. If we cannot provide access to your information, we will advise you as soon as reasonably practicable, provide written reasons for our refusal, and advise you of any mechanism available to complain about the refusal. Where we can provide access in an alternative form that still meets your needs, we will take reasonable steps to do so.

13.2 Correction requests

If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details in Section 15. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant, or misleading.

In some circumstances, we may be legally permitted to decline a correction request. If we cannot correct your information, we will advise you as soon as reasonably practicable, provide written reasons for our refusal, and include a statement of the requested correction with the relevant record. We will also advise you of any mechanism available to complain about the refusal.

14. Complaints

If you believe OAK OT has not handled your personal information appropriately or if you have any questions or concerns about this policy, please contact us using the details below, providing us with the full details of the complaint. 

On receiving your complaint, we will promptly investigate your complaint and respond to you in writing. We will first consider whether there are simple or immediate steps that can be taken to resolve the matter. We will generally respond to your complaint within a week. 

If your complaint requires more detailed consideration or investigation, we may ask you to provide further information about your complaint and the outcome you are seeking. We will typically gather relevant information, locate and review relevant records, and speak with individuals involved where necessary. In most cases, we will investigate and respond to your complaint in writing within 30 days of receipt. If the matter is more complex or our investigation requires more time, we will let you know.

If you are not satisfied with our response, or you consider that we may have breached the Australian Privacy Principles or the Privacy Act 1988 (Cth), you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

15. Contact us

For any questions or notices, please contact us at:

Only About Kids Occupational Therapy Pty Ltd (ABN 55 649 659 816)

Email: admin@onlyaboutkidsot.com.au

Phone: (03) 7023 8755

16. Updates to this policy

We may amend this policy from time to time. We will notify individuals of material changes where practicable. We encourage you to visit our website regularly to keep up to date with any changes.

This policy was last updated in April 2026.

 

 

 

 

 

Skip to content