Privacy policy

We respect your privacy

(a) All Bodies Dietetic Services (“All Bodies”, “we”, “us”, “our”) respects your right to privacy and is committed to safeguarding the privacy of our clients, customers and website visitors. We adhere to the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). This policy sets out how we collect, hold, use and disclose your personal information, including health information.

(b) “Personal information” is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

(c) “Health information” is a category of “sensitive information” under the Privacy Act. It includes information about your physical or mental health, disability, treatment, or health services provided to you. Sensitive information, including health information, is subject to a higher standard of protection under the Privacy Act than other personal information, and we generally will not collect it without your consent.

2. Collection of personal information

(a) As a dietetic and nutrition practice, we collect personal and health information reasonably necessary to provide clinical, sports nutrition and dietetic services, including but not limited to: name, contact details, date of birth, Medicare and health fund details, referral and medical history, dietary intake and eating patterns, weight and body composition data, pathology results, and information about your mental health where relevant to your care.

(b) We may also collect basic information such as your name, phone number, address and email address for administrative purposes, including sending appointment reminders, invoices and updates.

(c) We will only collect sensitive information, including health information, where it is reasonably necessary for one or more of our functions or activities, and with your consent (which may be implied by you attending a consultation and engaging our services), or otherwise as permitted by law.

(d) Additionally, we may collect any other information you provide while interacting with us, including through our website, telehealth platforms, email or in person.

3. How we collect your personal information

(a) We collect personal information directly from you when you interact with us electronically or in person, when you access our website, and when we provide our services to you, including during consultations and through client intake forms.

(b) We use third-party cloud-based software and practice management platforms to store and manage client records and communications, including practice management and clinical notation software, secure note-taking tools, and AI-assisted transcription or documentation tools. Some of these providers may store, process or transmit information on servers located outside Australia. Where this occurs, we take reasonable steps to ensure the overseas recipient handles your information consistently with the Australian Privacy Principles, in accordance with APP 8.

(c) We may receive personal information from third parties, such as referring general practitioners, other treating practitioners, or family members supporting your care. If we do, we will protect it as set out in this Privacy Policy.

4. Use of your personal information

(a) We use your personal information to provide clinical dietetic and nutrition services, including assessment, treatment planning, clinical documentation, and communication with you and, where relevant and authorised, your treating team.

(b) We may use your information for practice administration, including billing, appointment management, and quality assurance.

(c) We may use de-identified or aggregated information to improve our services, develop client education resources, and for internal review purposes. De-identified information is not personal information and is not subject to this Policy.

(d) We will not use your health information for direct marketing without your consent.

(e) We may contact you by telephone, email, SMS or mail for clinical or administrative purposes.

5. Disclosure of your personal information

(a) We may disclose your personal information to contractor dietitians and staff operating under All Bodies, insofar as reasonably necessary for the delivery of your care. Access to client records by contractor dietitians is limited to what is necessary for the purposes of providing services to you.

(b) We may disclose your personal information to other treating practitioners (such as your GP, psychologist, or specialist) where you have consented to this, or where it is otherwise necessary for your care, such as GP correspondence or referral letters.

(c) We may disclose personal information to our professional advisers, insurers, agents, suppliers and software providers (including practice management, clinical documentation and AI-assisted tools) insofar as reasonably necessary to deliver our services.

(d) We may disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, mandatory notification obligation, in the course of a legal proceeding, or in response to a law enforcement agency request.

(e) Information that we collect may from time to time be stored, processed in, or transferred to recipients located outside Australia, including via the software providers referred to in clause 3(b). We will take reasonable steps, as required by APP 8, to ensure such overseas recipients do not breach the Australian Privacy Principles in relation to your information.

(f) If there is a change of control in our business, or a sale or transfer of business assets, we reserve the right to transfer, to the extent permissible at law, client records and related personal and health information. We would seek to disclose this information only in good faith, under an agreement to maintain confidentiality, and where required by the above circumstances.

(g) We will not otherwise sell, trade, or disclose your personal or health information to third parties for their own marketing purposes.

6. Automated tools and artificial intelligence

(a) We use software tools, including AI-assisted transcription, note-taking and documentation tools, to support clinical documentation and administrative efficiency.

(b) As a matter of practice procedure, our practitioners do not enter client-identifying information (such as your name or other identifying details) into general-purpose AI tools. Where AI tools are used to assist with drafting, summarising, or working through clinical content, this is done using de-identified information.

(c) These tools are used to assist practitioners in preparing clinical records and communications. They are not used to make decisions about your eligibility for services, diagnosis, or treatment without practitioner review. All clinical decisions are made, or reviewed and approved, by your treating dietitian.

(d) We do not currently use automated decision-making of the kind that significantly affects your rights or interests without human review. If this changes, we will update this Policy to reflect the information required under the Privacy Act, including in advance of transparency requirements for automated decision-making commencing under the Privacy and Other Legislation Amendment Act 2024 (Cth) on 10 December 2026.

7. My Health Record

(a) We do not routinely access or upload information to the My Health Record system. On the rare occasion that we do, such as viewing a shared health summary relevant to your care or uploading a dietetic report with your consent, we will handle that information in accordance with the My Health Records Act 2012 (Cth) and its associated rules, in addition to the Australian Privacy Principles.

(b) Where we access or upload information via My Health Record, we will only do so with your consent (or as otherwise authorised by law), and only to the extent reasonably necessary for your care.

8. Security of your personal information

(a) We are committed to ensuring the information you provide to us is secure. We have put in place physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss, and unauthorised access, modification and disclosure.

(b) Access to client records is restricted to practitioners and staff involved in your care or the administration of our practice.

(c) The transmission and exchange of information, including via email or telehealth platforms, is carried out at your own risk. We cannot guarantee the security of information transmitted to or from us, although we take reasonable steps to safeguard against unauthorised disclosure.
9. Data breaches

(a) As a health service provider, All Bodies is subject to the Notifiable Data Breaches (NDB) scheme under the Privacy Act regardless of business size or turnover. The small business exemption that applies to many other businesses does not apply to us.

(b) If we experience a data breach likely to result in serious harm to an individual whose personal information is involved, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with our obligations under the Privacy Act.

10. Retention of your information

(a) We retain client health records for the period required by our professional obligations and indemnity insurance requirements, generally for a minimum of 7 years from the date of your last consultation, or, for clients who were minors at the time of treatment, until they turn 25 years of age.

(b) Where information is no longer required to be retained, we will take reasonable steps to destroy or de-identify it.

11. Access to your personal information

(a) You may request access to, or correction of, personal information we hold about you, in accordance with the Privacy Act. A small administrative fee may be payable for the provision of information. To request a copy of your information, or if you believe information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at hannah@allbodiesservices.com.au.

(b) We reserve the right to refuse to provide you with information we hold about you in certain circumstances set out in the Privacy Act, including where release may pose a serious threat to your health or safety.

12. Complaints about privacy

(a) If you have a complaint about how we have handled your personal information, please contact us at hannah@allbodiesservices.com.au or in writing to 2/1032 Stanley Street East, East Brisbane, Queensland, 4169. We take complaints seriously and will respond within a reasonable time.

(b) If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

13. Your right to take action

(a) Under the Privacy Act, individuals have a statutory right of action for serious invasions of privacy, including intrusions into personal seclusion and misuse of personal information, in addition to any complaint made to the OAIC.

14. Changes to this Privacy Policy

(a) We may change this Privacy Policy from time to time, in our sole discretion. Changes will be effective immediately upon posting on our website. Please check back periodically to review this Policy.

15. Website

(a) When you visit our website (www.allbodiesservices.com.au), we may collect certain information such as browser type, operating system, and pages visited, used in an aggregated manner to analyse site usage and improve our service.

(b) Our website may use cookies to identify you when you return to the site and to analyse traffic. Cookies are not malicious and most browsers accept them automatically; you can choose to reject cookies via your browser settings, though this may limit some website functionality.

(c) Our site may contain links to third-party websites not owned or controlled by us. These links are for your convenience only and do not constitute endorsement. We are not responsible for the privacy practices of other websites.