Privacy Policy

SPOT Paediatrics Privacy Policy

Last updated: May 2026
Effective date: May 2026

1. About this Policy

SPOT Paediatrics (ABN 29621382054) is committed to protecting the privacy of the families, children, and individuals we work with. This Privacy Policy explains how we collect, use, store, and disclose personal information, including sensitive health information, in the course of providing our services.

This policy applies to SPOT Paediatrics as a whole, including all staff and contractors, and covers information collected through our website (www.spotpaediatrics.com.au), by phone, and in person at our clinic.

We are required by law to handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). As a health service provider, we are also subject to specific requirements relating to health information.

We also abide by the NDIS Code of Conduct, the OT Australia Code of Ethics, and the Speech Pathology Australia Code of Ethics, all of which include obligations to protect the privacy and dignity of clients.

By engaging with our services, visiting our website, contacting us, or otherwise providing information to us, you acknowledge that your personal information will be handled in accordance with this Privacy Policy.

2. Who We Are

SPOT Paediatrics is a paediatric allied health clinic based in Adelaide, South Australia, providing occupational therapy and speech pathology services to children aged 0–18 years and their families.

Our clinic is located at: Level 1, 360 Brighton Road Hove, Adelaide, South Australia 5048.

For any privacy-related questions or requests, please contact us:

3. What Personal Information We Collect

The types of personal information we may collect include:

General personal information

Health and sensitive information

Because we are a health service provider, we collect health information about the children in our care. This is a type of sensitive information and is given a higher level of protection under the Privacy Act. Health information we collect may include:

Website information

When you visit our website, we may collect non-identifying technical information such as your IP address, browser type, and pages visited, date and time of website visits, website activity and navigation behaviour, referring websites or advertising sources, cookie and tracking technology data. This information is used to maintain and improve our website and is not linked to any personal information.

If you submit an enquiry through our website, we collect the personal information you provide (such as your name, phone number, email address, and details about your child’s needs) for the purpose of responding to your enquiry and, if you proceed, managing your child’s care.

4. How We Collect Personal Information

We collect personal information in the following ways:

Where possible, we collect health information directly from you or from your child’s parent or legal guardian. We will always let you know when we are collecting information from a third party and obtain your consent where required.

5. Why We Collect and How We Use Personal Information

We collect personal information for the following primary purposes:

We may also use de-identified information (information from which your identity has been removed) for internal quality improvement and professional development purposes.

We will not use your personal information for any other purpose without your consent, unless we are required or permitted to do so by law.

We may also use approved software tools, including cloud-based systems and limited AI-assisted tools, for non-clinical administrative and business purposes such as drafting general business content, refining non-clinical communications, supporting workflow efficiency, or preparing marketing content. We do not intend for AI tools to replace clinician judgment, professional obligations, or direct clinical decision-making.

6. Who We Share Information With

Your personal information is treated as confidential. We do not share it with third parties except in the following circumstances:

With your consent

With your knowledge and permission, we may share information with:

Without your consent, where permitted by law

In limited circumstances, we may share information without your consent where this is permitted by law if:

Third-party service providers

We may disclose personal information to trusted third-party providers who support our practice operations, including providers of:

These providers may include systems such as Halaxy, Xero, Google Drive / Google Workspace, Dropbox, website hosts, analytics platforms, and external marketing providers.

Where enabled, information in our practice management system may sync with our accounting system for bookkeeping and financial administration purposes, including invoice and payment information relevant to reconciliation and reporting.

We take reasonable steps to only use service providers where appropriate for our practice and to limit the information disclosed to what is reasonably necessary for the relevant purpose.

7. How We Store and Protect Your Information

We store personal information in electronic systems and, in some cases, paper-based records.

We may use cloud-based storage and software systems to store and manage information as part of our business operations. These systems may include practice management software, accounting systems, secure document storage platforms, communication tools and website-related systems.

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification or disclosure. These steps may include:

While we take reasonable steps to protect information, no method of electronic storage or transmission is completely secure.

Health information held by SPOT Paediatrics is kept for a minimum of seven years from the date of last contact with an adult client, and until a child reaches 25 years of age, or for seven years from the date of last contact, whichever is longer. This is consistent with South Australian health records legislation.

When records are no longer required to be retained, they are securely destroyed.

8. Overseas Disclosure

SPOT Paediatrics does not intentionally disclose personal information to overseas recipients.

Some of the third-party systems and service providers we use may store, process, back up, or allow access to personal information outside Australia. This may occur, for example, where we use:

Where personal information is disclosed to an overseas recipient, we take reasonable steps to assess the provider and the circumstances of disclosure, in line with our privacy obligations.

Because some service providers may change their hosting or support arrangements from time to time, it may not always be practical to list every country where information may be stored or processed.

9. Use of AI Disclosure

Our practice uses Halaxy, a secure practice management and clinical records platform. We may use Halaxy’s artificial intelligence features to assist with clinical administration, including transcribing consultations, preparing draft clinical notes, summarising uploaded files, and improving the efficiency and accuracy of documentation.

This disclosure explains how these AI features may be used, what information may be processed, and your rights.

With your consent, we may use Halaxy AI features to:

AI-generated content is used as a support tool only. It does not replace your practitioner’s professional judgment, clinical reasoning, diagnosis, treatment planning, or decision-making.

The information processed may include personal and sensitive health information discussed during your consultation or contained in documents you provide. This may include symptoms, history, treatment goals, medications, referrals, diagnoses, progress, and other information relevant to your care.

Any AI-generated note, transcription, or summary must be reviewed by your practitioner before it is relied on as part of your health record. Your practitioner remains responsible for checking, editing, approving, and maintaining your clinical records.

Where AI transcription is used, audio may be streamed in real time to create a transcription. The purpose is to assist with clinical documentation. The audio recording itself is not intended to be stored by our practice through Halaxy AI Scribe; only the resulting transcript, summary, or clinical note may be stored in your clinical record.

Your personal and health information will be handled in accordance with our privacy policy, Halaxy’s privacy and security arrangements, and applicable privacy laws.

AI-generated notes and summaries are treated as part of your clinical information. Access is limited to your practitioner and authorised members of the practice who need access for the purpose of providing care or managing your records.

Your information is not to be used by our practice for public AI tools or unrelated AI training. We do not intentionally enter your identifiable health information into publicly available AI systems such as general-purpose chatbots.

You may choose whether or not to consent to the use of AI features. You may also withdraw your consent at any time by telling your practitioner or contacting the practice.

If you do not consent, or if you later withdraw consent, your care will continue. Your practitioner will use ordinary clinical documentation methods instead.

AI tools can assist with documentation, but they are not perfect. Possible risks include transcription errors, incomplete summaries, misinterpretation of words, or incorrect formatting of information. For this reason, your practitioner will review AI-generated material before it is finalised.

You are encouraged to tell your practitioner if you believe your clinical record contains an error or if you have concerns about the use of AI in your care.

10. Accessing and Correcting Your Information

You have the right to access the personal information we hold about you or your child, and to request that we correct any inaccuracies. To make a request:

We may ask you to verify your identity before providing access.

We will respond to access requests within a reasonable time (generally within 30 days). We will not charge a fee for making a request, though we may charge a reasonable fee to cover the cost of providing access (for example, photocopying costs).

In some circumstances, we may be unable to provide access to certain information (for example, where doing so would pose a serious threat to health or safety, or where it would unreasonably impact the privacy of another person). Where we decline a request, we will explain why in writing.

11. Notifiable Data Breaches

SPOT Paediatrics is subject to the Notifiable Data Breaches (NDB) scheme under the Privacy Act.

If we become aware of a data breach involving personal information, we will assess the incident and respond in accordance with our legal obligations. Where required, this may include notifying affected individuals and the Office of the Australian Information Commissioner under the Notifiable Data Breaches scheme.

We maintain an internal data breach response plan to support prompt and appropriate action in the event of a breach.

12. Children’s Privacy

Because our services are for children, almost all health information we hold relates to minors. Where a child is not of an age or maturity to provide their own consent, we obtain consent from a parent or legal guardian. We are mindful of our obligations to protect the privacy and dignity of children and handle their information with particular care.

We handle children’s personal information with particular care, taking into account the child’s age, best interests, developmental stage, and the role of parents, guardians and authorised decision-makers.

Where appropriate, we will seek consent from a parent, guardian or authorised representative for the collection, use and disclosure of a child’s personal information.

13. Website and Cookies

Our website may use cookies and similar technologies to support website operation, improve user experience, understand website traffic and support marketing and SEO activities.

We may engage an external third-party marketing or website provider to assist with:

These tools may collect information such as:

Where tracking technologies such as cookies, analytics tags or similar tools are used, information may be collected directly by the relevant third-party provider in accordance with their own privacy practices.

You may be able to manage cookies through your browser settings, although disabling cookies may affect the functionality of some parts of the website.

We aim to use website and marketing tools in a way that is appropriate for a health service provider and consistent with our privacy obligations.

14. How to Make a Privacy Complaint

If you have concerns about how we have handled your personal information, we encourage you to contact us first so we can try to resolve the matter:

We will acknowledge your complaint promptly and respond in writing within a reasonable time frame. If you are not satisfied with our response, you have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC):

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. The current version will always be available on our website or on request. We encourage you to review this policy periodically.

School Holiday Groups at SPOT: Coming July School Holidays!

Learn more