Privacy policy

Privacy Policy

Last updated: 8 January 2026

1. Introduction

NPEP PTY LTD trading as NP Exercise Physiology ("we", "us", "our") is committed to protecting the privacy and confidentiality of personal information, including sensitive health information. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information in accordance with:

  • The Privacy Act 1988 (Cth)
  • The Australian Privacy Principles (APPs)
  • Relevant South Australian health and professional standards

This policy applies to all users of our website and all clients who engage with our exercise physiology services.

2. What Information We Collect

2.1 Personal Information

We may collect personal information including but not limited to:

  • Name
  • Date of birth
  • Contact details (address, email, phone number)
  • Emergency contact details
  • Medicare, DVA, NDIS, private health fund details
  • Referral information

2.2 Sensitive Information (Health Information)

As an exercise physiology practice, we may collect sensitive health information including:

  • Medical history and diagnoses
  • Injury history
  • Exercise and functional assessments
  • Clinical notes and treatment plans
  • Progress notes and outcomes
  • Correspondence with referring practitioners

Sensitive information is only collected where necessary to provide health services and with your consent, unless otherwise required or authorised by law.

3. How We Collect Information

We collect personal and health information through:

  • Website enquiry and contact forms
  • Online booking systems
  • Intake and consent forms
  • In-person, telephone, or telehealth consultations
  • Referrals from medical and allied health professionals
  • Clinical documentation tools, including AI-assisted scribing where consented

4. Purpose of Collection

We collect and use information to:

  • Provide exercise physiology and related health services
  • Assess, plan, and deliver treatment
  • Maintain accurate clinical records
  • Communicate with clients and referrers
  • Manage billing, rebates, and funding arrangements
  • Meet legal, regulatory, and professional obligations
  • Improve service quality and clinical outcomes

5. Use of AI Scribe and AI-Assisted Technology

5.1 Purpose of AI Scribe Use

We may use AI-assisted clinical documentation tools ("AI Scribe") to support the creation of clinical notes and administrative records. These tools are used to:

  • Improve accuracy and completeness of clinical documentation
  • Reduce administrative workload for clinicians
  • Allow clinicians to focus more fully on client care during consultations

5.2 How AI Scribe Works

Where used, AI Scribe technology may:

  • Process audio or text from consultations
  • Generate draft clinical notes for clinician review
  • Operate only under direct clinician supervision

All AI-generated content is reviewed, edited, and approved by a qualified exercise physiologist before being stored in the client record.

5.3 Privacy and Security Safeguards

We take reasonable steps to ensure:

  • AI Scribe providers comply with Australian privacy and security standards
  • Data is encrypted in transit and at rest where supported
  • Information is not used for marketing or advertising purposes
  • Information is not used to train public or open AI models without explicit consent
  • AI tools do not replace clinical judgement or decision-making

5.4 Consent and Opt-Out

AI-assisted documentation is used only with client consent. Consent may be withdrawn at any time without affecting the provision or quality of care. Clients may request that their consultations are documented without AI assistance.

6. Disclosure of Information

We may disclose personal or health information to:

  • Treating or referring medical and allied health professionals
  • Medicare, DVA, NDIS, insurers, or funding bodies
  • Practice management, IT, and secure technology service providers (including AI providers)
  • Regulatory or legal authorities where required or authorised by law

We do not sell, rent, or trade personal information.

7. Overseas Disclosure

Some service providers, including secure cloud or AI technology providers, may store or process data outside Australia.

Where overseas disclosure occurs, we take reasonable steps to ensure compliance with APP 8, including contractual and security safeguards to ensure information is handled consistently with Australian privacy requirements.

8. Website Data and Cookies

Our website may collect limited information such as:

  • IP address
  • Browser type
  • Pages visited
  • Date and time of access

This information is used for website functionality, analytics, and security purposes only. Cookies may be used to improve user experience and can be disabled through browser settings.

9. Data Security and Storage

We take reasonable steps to protect personal information from:

  • Misuse
  • Loss
  • Unauthorised access
  • Modification or disclosure

Safeguards include secure electronic systems, access controls, encryption where appropriate, and staff confidentiality obligations. Information is retained in accordance with legal, regulatory, and professional record-keeping requirements.

10. Access and Correction

You may request access to, or correction of, your personal or health information by contacting us. Requests will be managed in accordance with the Privacy Act 1988 (Cth).

11. Complaints

If you believe your privacy has been breached, please contact us using the details below. We will investigate and respond within a reasonable timeframe.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

12. Changes to This Policy

This Privacy Policy may be updated from time to time. The most current version will always be available on our website.

13. Contact Us

NPEP PTY LTD trading as NP Exercise Physiology
Address: 690 South Road, Wingfield SA 5013
Phone: 0408 242 026
Email: admin@npep.com.au