Privacy Policy
SPOT Paediatrics Privacy Policy
Last updated: May 2026
Effective date: May 2026
1. About this Policy
SPOT Paediatrics (ABN 29621382054) is committed to protecting the privacy of the families, children, and individuals we work with. This Privacy Policy explains how we collect, use, store, and disclose personal information, including sensitive health information, in the course of providing our services.
This policy applies to SPOT Paediatrics as a whole, including all staff and contractors, and covers information collected through our website (www.spotpaediatrics.com.au), by phone, and in person at our clinic.
We are required by law to handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). As a health service provider, we are also subject to specific requirements relating to health information.
We also abide by the NDIS Code of Conduct, the OT Australia Code of Ethics, and the Speech Pathology Australia Code of Ethics, all of which include obligations to protect the privacy and dignity of clients.
By engaging with our services, visiting our website, contacting us, or otherwise providing information to us, you acknowledge that your personal information will be handled in accordance with this Privacy Policy.
2. Who We Are
SPOT Paediatrics is a paediatric allied health clinic based in Adelaide, South Australia, providing occupational therapy and speech pathology services to children aged 0–18 years and their families.
Our clinic is located at: Level 1, 360 Brighton Road Hove, Adelaide, South Australia 5048.
For any privacy-related questions or requests, please contact us:
- Email: admin@spotpaediatrics.com.au
- Phone: (08) 7228 6825
- Post: Level 1, 360 Brighton Road Hove, SA 5048
3. What Personal Information We Collect
The types of personal information we may collect include:
General personal information
- Full name of the child and parent/carer
- Date of birth
- Contact details (address, phone number, email address)
- Emergency contact details
- NDIS participant number and plan details (where applicable)
- Medicare details (where applicable)
- Billing, payment and invoice information
- GP or referring practitioner details
- Communication records and correspondence with us
Health and sensitive information
Because we are a health service provider, we collect health information about the children in our care. This is a type of sensitive information and is given a higher level of protection under the Privacy Act. Health information we collect may include:
- Current and past medical history, including diagnoses and conditions
- Developmental history and assessments
- Information about communication, motor, sensory, or behavioural challenges
- Reports and documentation from other health professionals, educators, support workers, carers or family members where authorised or otherwise permitted by law
- Information relevant to service planning and delivery
- Therapy goals, session notes, and progress reports
- Information about the family environment, where relevant to therapy planning
Website information
When you visit our website, we may collect non-identifying technical information such as your IP address, browser type, and pages visited, date and time of website visits, website activity and navigation behaviour, referring websites or advertising sources, cookie and tracking technology data. This information is used to maintain and improve our website and is not linked to any personal information.
If you submit an enquiry through our website, we collect the personal information you provide (such as your name, phone number, email address, and details about your child’s needs) for the purpose of responding to your enquiry and, if you proceed, managing your child’s care.
4. How We Collect Personal Information
We collect personal information in the following ways:
- Directly from you, when you contact us by phone, email, or through our website enquiry form
- Through our client intake forms, which we send to you once an appointment is booked
- From a parent, guardian, carer or authorised representative
- During pre-assessment phone calls, initial consultation and therapy sessions
- From third parties with your knowledge and consent, such as your GP, paediatrician, childcare centre, school, or other allied health professionals involved in your child’s care
- From NDIS support coordinators or local area coordinators (where applicable)
- Through our practice management, invoicing, accounting, cloud storage and other business systems
Where possible, we collect health information directly from you or from your child’s parent or legal guardian. We will always let you know when we are collecting information from a third party and obtain your consent where required.
5. Why We Collect and How We Use Personal Information
We collect personal information for the following primary purposes:
- Provide allied health and related services
- To assess your child’s needs, set therapy goals, and track progress
- Communicate with you about appointments, services and enquiries
- Manage referrals, intake and service delivery
- Prepare reports, recommendations and documentation
- Manage billing, payments and accounting (including NDIS and Medicare claims)
- Liaise with referrers, educators, medical practitioners and other providers involved in care, where appropriate
- Comply with legal, funding, professional and regulatory obligations
- Manage risk, quality improvement and business operations
- Maintain secure and accurate records
- Improve our website, online presence and communications
- Support administrative, operational and non-clinical business functions
- To meet our legal and professional obligations under the NDIS Code of Conduct, the Health Practitioner Regulation National Law, and other applicable legislation
- To respond to your enquiries and manage our waitlist
We may also use de-identified information (information from which your identity has been removed) for internal quality improvement and professional development purposes.
We will not use your personal information for any other purpose without your consent, unless we are required or permitted to do so by law.
We may also use approved software tools, including cloud-based systems and limited AI-assisted tools, for non-clinical administrative and business purposes such as drafting general business content, refining non-clinical communications, supporting workflow efficiency, or preparing marketing content. We do not intend for AI tools to replace clinician judgment, professional obligations, or direct clinical decision-making.
6. Who We Share Information With
Your personal information is treated as confidential. We do not share it with third parties except in the following circumstances:
With your consent
With your knowledge and permission, we may share information with:
- Other health professionals involved in your child’s care (e.g. GPs, paediatricians, psychologists, physiotherapists)
- Educators, including teachers, childcare workers, and school support officers, to support your child in their learning environment
- NDIS support coordinators or plan managers, where relevant to your child’s NDIS plan
- Parents, guardians, carers or authorised representatives
- Referrers
- Other service providers involved in your care or support
Without your consent, where permitted by law
In limited circumstances, we may share information without your consent where this is permitted by law if:
- The disclosure is required or authorised by law
- It is necessary to lessen or prevent a serious threat to life, health or safety
- It is relevant to law enforcement activities
- It is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct
- It is otherwise permitted under the Privacy Act or other applicable laws
Third-party service providers
We may disclose personal information to trusted third-party providers who support our practice operations, including providers of:
- Practice management software
- Invoicing and accounting software
- Cloud-based document storage
- IT support and cyber security services
- Email and communication systems
- Website hosting and website support
- Digital marketing, SEO and analytics services
- Approved non-clinical business support tools, including certain AI-enabled tools used for administrative purposes only
These providers may include systems such as Halaxy, Xero, Google Drive / Google Workspace, Dropbox, website hosts, analytics platforms, and external marketing providers.
Where enabled, information in our practice management system may sync with our accounting system for bookkeeping and financial administration purposes, including invoice and payment information relevant to reconciliation and reporting.
We take reasonable steps to only use service providers where appropriate for our practice and to limit the information disclosed to what is reasonably necessary for the relevant purpose.
7. How We Store and Protect Your Information
We store personal information in electronic systems and, in some cases, paper-based records.
We may use cloud-based storage and software systems to store and manage information as part of our business operations. These systems may include practice management software, accounting systems, secure document storage platforms, communication tools and website-related systems.
We take reasonable steps to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification or disclosure. These steps may include:
- Password protection
- Multi-factor authentication where available
- Staff access controls
- Confidentiality obligations
- Secure practice management systems
- Restricted file sharing and permissions
- Staff training and internal procedures
- Review of third-party providers and system settings
While we take reasonable steps to protect information, no method of electronic storage or transmission is completely secure.
Health information held by SPOT Paediatrics is kept for a minimum of seven years from the date of last contact with an adult client, and until a child reaches 25 years of age, or for seven years from the date of last contact, whichever is longer. This is consistent with South Australian health records legislation.
When records are no longer required to be retained, they are securely destroyed.
8. Overseas Disclosure
SPOT Paediatrics does not intentionally disclose personal information to overseas recipients.
Some of the third-party systems and service providers we use may store, process, back up, or allow access to personal information outside Australia. This may occur, for example, where we use:
- Cloud-based storage providers
- Website and analytics platforms
- Digital advertising providers
- Software vendors with overseas hosting or support arrangements
- Approved non-clinical AI providers
Where personal information is disclosed to an overseas recipient, we take reasonable steps to assess the provider and the circumstances of disclosure, in line with our privacy obligations.
Because some service providers may change their hosting or support arrangements from time to time, it may not always be practical to list every country where information may be stored or processed.
9. Use of AI Disclosure
Our practice uses Halaxy, a secure practice management and clinical records platform. We may use Halaxy’s artificial intelligence features to assist with clinical administration, including transcribing consultations, preparing draft clinical notes, summarising uploaded files, and improving the efficiency and accuracy of documentation.
This disclosure explains how these AI features may be used, what information may be processed, and your rights.
With your consent, we may use Halaxy AI features to:
- transcribe parts of your consultation in real time;
- generate a draft summary or clinical note from the consultation;
- summarise documents or images you provide to us;
- assist your practitioner with record keeping, correspondence, or administrative documentation.
AI-generated content is used as a support tool only. It does not replace your practitioner’s professional judgment, clinical reasoning, diagnosis, treatment planning, or decision-making.
The information processed may include personal and sensitive health information discussed during your consultation or contained in documents you provide. This may include symptoms, history, treatment goals, medications, referrals, diagnoses, progress, and other information relevant to your care.
Any AI-generated note, transcription, or summary must be reviewed by your practitioner before it is relied on as part of your health record. Your practitioner remains responsible for checking, editing, approving, and maintaining your clinical records.
Where AI transcription is used, audio may be streamed in real time to create a transcription. The purpose is to assist with clinical documentation. The audio recording itself is not intended to be stored by our practice through Halaxy AI Scribe; only the resulting transcript, summary, or clinical note may be stored in your clinical record.
Your personal and health information will be handled in accordance with our privacy policy, Halaxy’s privacy and security arrangements, and applicable privacy laws.
AI-generated notes and summaries are treated as part of your clinical information. Access is limited to your practitioner and authorised members of the practice who need access for the purpose of providing care or managing your records.
Your information is not to be used by our practice for public AI tools or unrelated AI training. We do not intentionally enter your identifiable health information into publicly available AI systems such as general-purpose chatbots.
You may choose whether or not to consent to the use of AI features. You may also withdraw your consent at any time by telling your practitioner or contacting the practice.
If you do not consent, or if you later withdraw consent, your care will continue. Your practitioner will use ordinary clinical documentation methods instead.
AI tools can assist with documentation, but they are not perfect. Possible risks include transcription errors, incomplete summaries, misinterpretation of words, or incorrect formatting of information. For this reason, your practitioner will review AI-generated material before it is finalised.
You are encouraged to tell your practitioner if you believe your clinical record contains an error or if you have concerns about the use of AI in your care.
10. Accessing and Correcting Your Information
You have the right to access the personal information we hold about you or your child, and to request that we correct any inaccuracies. To make a request:
- Contact us using the details in Section 2
- Tell us what information you would like to access or correct
We may ask you to verify your identity before providing access.
We will respond to access requests within a reasonable time (generally within 30 days). We will not charge a fee for making a request, though we may charge a reasonable fee to cover the cost of providing access (for example, photocopying costs).
In some circumstances, we may be unable to provide access to certain information (for example, where doing so would pose a serious threat to health or safety, or where it would unreasonably impact the privacy of another person). Where we decline a request, we will explain why in writing.
11. Notifiable Data Breaches
SPOT Paediatrics is subject to the Notifiable Data Breaches (NDB) scheme under the Privacy Act.
If we become aware of a data breach involving personal information, we will assess the incident and respond in accordance with our legal obligations. Where required, this may include notifying affected individuals and the Office of the Australian Information Commissioner under the Notifiable Data Breaches scheme.
We maintain an internal data breach response plan to support prompt and appropriate action in the event of a breach.
12. Children’s Privacy
Because our services are for children, almost all health information we hold relates to minors. Where a child is not of an age or maturity to provide their own consent, we obtain consent from a parent or legal guardian. We are mindful of our obligations to protect the privacy and dignity of children and handle their information with particular care.
We handle children’s personal information with particular care, taking into account the child’s age, best interests, developmental stage, and the role of parents, guardians and authorised decision-makers.
Where appropriate, we will seek consent from a parent, guardian or authorised representative for the collection, use and disclosure of a child’s personal information.
13. Website and Cookies
Our website may use cookies and similar technologies to support website operation, improve user experience, understand website traffic and support marketing and SEO activities.
We may engage an external third-party marketing or website provider to assist with:
- website hosting and support
- website analytics
- SEO
- Google Ads campaign management
- conversion tracking
- website traffic analysis
These tools may collect information such as:
- browser and device information
- pages visited
- traffic sources
- time spent on the website
- interactions with online advertising
Where tracking technologies such as cookies, analytics tags or similar tools are used, information may be collected directly by the relevant third-party provider in accordance with their own privacy practices.
You may be able to manage cookies through your browser settings, although disabling cookies may affect the functionality of some parts of the website.
We aim to use website and marketing tools in a way that is appropriate for a health service provider and consistent with our privacy obligations.
14. How to Make a Privacy Complaint
If you have concerns about how we have handled your personal information, we encourage you to contact us first so we can try to resolve the matter:
- Email: admin@spotpaediatrics.com.au
- Phone: (08) 7228 6825
We will acknowledge your complaint promptly and respond in writing within a reasonable time frame. If you are not satisfied with our response, you have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The current version will always be available on our website or on request. We encourage you to review this policy periodically.
