Mobile Spine Clinic logoMSC

Legal

Privacy Policy

Last updated: 11 June 2026

Mobile Spine Clinic · Mobile Spine Health Pty Ltd · ABN 11 656 670 978

1. Introduction

Mobile Spine Clinic (“we”, “us”, “our”) is a mobile chiropractic service operating across the Sydney metropolitan area, operated by Mobile Spine Health Pty Ltd (ABN 11 656 670 978). We are committed to protecting your privacy. This policy explains how we collect, use, store, disclose and protect your personal information.

We handle your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and — because we provide health services — the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act) and its Health Privacy Principles. As a health service provider, we are covered by the Privacy Act regardless of our size.

Our chiropractor is registered with the Chiropractic Board of Australia (AHPRA) and is also bound by professional obligations of confidentiality and clinical record keeping.

2. What information we collect

Personal information, including:

  • Name, date of birth, gender
  • Contact details (phone, email, visit address)
  • Emergency contact details

Sensitive (health) information, including:

  • Medical history, symptoms, and presenting conditions
  • Examination findings, diagnoses and treatment notes
  • Medications, allergies and relevant lifestyle information
  • Referrals and correspondence from other health providers

Payment and insurance information, including:

  • Private health fund details, where you provide them so we can issue an itemised invoice for you to claim
  • Payments are processed in person via a Tyro EFTPOS terminal. Your card details are handled by Tyro and are not stored by us.
  • If you provide card details or a deposit when booking, they are collected and stored securely by our booking system’s payment provider (Stripe, via Cliniko) — we do not see or store your full card number. With the authorisation you give at booking, these details may be used to charge cancellation or missed-appointment fees under our Cancellation Policy.

Technical information when you use our website, collected automatically by our hosting provider:

  • IP address, browser type and device information
  • Standard server access logs (pages requested, date and time)

3. How we collect your information

  • Directly from you — by phone, email, our website contact form, or in person during a consultation
  • Through our online booking system (Cliniko) when you make an appointment
  • From third parties you authorise, such as other treating practitioners
  • Automatically through our website host (see Section 11)

We collect sensitive health information only with your consent and where reasonably necessary to provide your care.

Where the patient is a child, or is otherwise unable to consent, we collect information from and communicate with a parent, guardian or authorised representative, who provides consent on the patient’s behalf.

4. Anonymity and pseudonymity

You may contact us anonymously, or using a pseudonym, for general enquiries — for example, to ask about our services or fees. However, because of the clinical and legal requirements of providing chiropractic care, we cannot treat you anonymously: we need to identify you correctly to care for you safely, to maintain accurate clinical records, and to issue invoices you can claim against your health fund.

5. Why we collect and use your information

  • To provide chiropractic assessment, treatment and ongoing care
  • To schedule, confirm and manage your appointments
  • To process payments and to issue itemised invoices and receipts so you can claim a rebate from your private health fund
  • To administer our Cancellation Policy, including processing any cancellation or missed-appointment fees you have authorised at booking
  • To communicate with you about your care, appointments and results
  • To maintain accurate clinical records as required by law and professional standards
  • To respond to your enquiries
  • To meet our legal, regulatory and insurance obligations

6. Health fund claiming

We do not currently process private health fund claims on your behalf at the point of care. After your appointment we will provide an itemised invoice/receipt, which you submit to your health fund to claim any rebate you are entitled to. On-the-spot claiming (HICAPS) may be introduced in the future, and this policy will be updated if and when that occurs.

7. Disclosure of your information

We may disclose your information to:

  • Other health providers involved in your care (e.g. your GP or specialist), with your consent
  • Our service providers, who help us operate, including:
    • Cliniko — practice management and online booking (clinical data hosted in Australia)
    • Vercel — website hosting (collects standard server access logs)
    • Resend — processes messages sent via our website contact form
    • Tyro — processes in-person card payments
    • Stripe — if you provide card details when booking, Stripe stores them securely and processes deposits and cancellation fees on our behalf (Cliniko’s integrated payment provider)
  • Regulatory or legal authorities, where required or authorised by law

We do not sell your personal information, and we do not use it for marketing without your consent.

8. Overseas disclosure

Some of our service providers store or process data on servers located outside Australia. Our website host (Vercel Inc.) and email provider (Resend) are based in the United States and operate global infrastructure; website requests may be served from edge locations including within Australia. Our online payment provider (Stripe) is also US-based; any card details you provide at booking are stored on Stripe’s secure, PCI-DSS-compliant infrastructure and are never held by us. Our clinical records system (Cliniko) stores health data on servers located in Australia. Where information is handled overseas, we take reasonable steps to ensure those providers protect it consistently with the APPs.

9. Storage, security and retention

  • Clinical records are stored securely in our practice management system, with access restricted to authorised personnel.
  • We take reasonable technical and organisational steps to protect your information from misuse, loss, and unauthorised access, modification or disclosure.
  • We retain health records for the minimum periods required by law — generally 7 years from the date of last entry for adults, and for minors until the patient turns 25.
  • When records are no longer required, we destroy or de-identify them securely.

10. Data breaches

We take all reasonable precautions to prevent data breaches. If a data breach occurs that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme in the Privacy Act, and we will take prompt steps to contain and remediate the breach.

11. Cookies and website analytics

Our website does not use third-party advertising or analytics tracking. It stores a small preference (such as your display theme) locally in your browser; this stays on your device and is not collected by us. Our hosting provider records standard server access logs for security and operational purposes. You can clear local browser storage at any time through your browser settings.

12. Access and correction

You have the right to:

  • Request access to the personal information we hold about you
  • Ask us to correct information that is inaccurate, out of date or incomplete

To make a request, contact us using the details in Section 14. We may need to verify your identity and will respond within a reasonable period. In limited circumstances we may decline access as permitted by law, and we will explain why.

13. Complaints

If you believe we have breached your privacy, please contact us first (Section 14) so we can investigate and respond. If you are not satisfied with our response, you may contact:

  • Office of the Australian Information Commissioner (OAIC) — oaic.gov.au — 1300 363 992
  • NSW Information and Privacy Commission — ipc.nsw.gov.au — 1800 472 679

14. Contact us

Mobile Spine Clinic (Mobile Spine Health Pty Ltd, ABN 11 656 670 978)
Phone: 0449 689 527
Email: info@mobilespinehealth.com.au
Website: www.mobilespineclinic.com.au

15. Changes to this policy

We may update this policy from time to time. The current version will always be available on our website, with the “Last updated” date shown at the top.