Privacy Policy

Body Measure Privacy Policy
Effective Date 01 Sept 2025

1. Scope
This policy applies to the collection, use, storage, and disclosure of personal and health information by Body Measure, in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Health Records and Information Privacy Act 2002 (NSW). When we do collect data, we are regulated under Australian privacy laws. We may also be regulated by the General Data Protection Regulations (“GDPR”) which apply across the European Union (“EU”), including the United Kingdom (“UK”) and we may be responsible as “controller” of that personal information for the purposes of those laws.

2. Our Privacy Commitment
We are committed to safeguarding personal and health information and ensuring it is managed lawfully, fairly, and transparently.

3. What We Collect
We collect personal and health information including (but not limited to):

  • Name, contact details (telephone number, email address) , date of birth, gender
  • Emergency contact details
  • Records of interactions with us (appointments, reports, emails)
  • Relevant medical, health & exercise histories

4. How We Collect It
Information is collected:

  • Directly from you during appointments or online booking or other forms of communication
  • Through authorised third parties (e.g., healthcare professionals)
  • This information is only collected from individuals with their prior knowledge and consent and for the primary purpose for which it was collected.

5. Purpose of Collection

Your information is used for:

  • Providing health-related services
  • Preparing and sending reports to you or your nominated health professional
  • Meeting legal obligations
  • Maintain contact with clients and duly authorised persons such as doctors and personal trainers
  • Service improvement and research (using de-identified data)
  • To comply with duties imposed by legislation
  • This policy excludes information about staff contained in personnel records
  • Body Measure may use personal information to market and promote our services; however, you may opt out of receiving marketing communications at any time by emailing us on the contact details below
  • Body Measure may use de-identified information (which cannot reasonably identify you) for research, service improvement or statistical reporting. This data does not contain personal or health identifiers

6. Data Storage and Security
6.1 Your information is stored securely using trusted service providers. Our primary storage location is Australia.
Where data is stored or accessed outside Australia, we ensure compliance with APP 8 (Cross-Border Disclosure) and GDPR and require providers to meet Australian privacy standards.
We take reasonable steps to protect information from misuse, loss, unauthorised access, modification, or disclosure, whether it be in electronic or hard copy form.

6.2 Data Retention
We retain personal and health information for the minimum periods required by law. If a client returns after an extended period, we may no longer hold their previous records if the legal retention period has expired.
Where continuity of care is important, we may retain records beyond the minimum legal requirement, provided this is consistent with privacy law. Once information is no longer required for care, or the retention period has expired, we will securely destroy or permanently de-identify the record

6.3 By using our website, you agree to this Privacy Policy. While we take the security of your personal information very seriously and have safeguards in place to prevent loss, misuse, or unauthorised access, no internet transmission or electronic storage method is completely secure. Any information you share is at your own risk. Access to your information is restricted to authorised staff with a genuine business need, who are bound by confidentiality

6.4 We will also use technological and organisational measures to keep your information secure.

6.5 By communicating with us — whether via this website, email, phone, or other electronic or verbal means — you acknowledge that while we take reasonable steps to protect your personal information, no method of transmission or storage is completely secure. We cannot guarantee the absolute security or integrity of information shared, and it is transmitted at your own risk.
We implement appropriate safeguards to protect your information from loss, misuse, or unauthorised access, and limit access to authorised personnel who are bound by confidentiality. If you have concerns about how your information is handled, please contact us using the details below

7 Automated AI Scribing
7.1 How We Use AI

  • To streamline our clinical documentation process, we may use a combination of practitioner hand-recorded notes and voice transcriptions. Our AI tool transcribes these recordings into written notes.
  • The AI system helps format the information into formal clinical notes. These notes are always reviewed and finalised by your practitioner to ensure accuracy and completeness.
  • By using the AI transcribing tool this allows your practitioner to focus more on your care during consultations.

7.2 Data Privacy and Security

  • Your privacy is our top priority. We have implemented strict safeguards to keep your data secure:
  • Once your clinical notes are finalised, the audio recordings are permanently deleted.
  • Our AI system is hosted within Australia, and it does not store your data or use it for any external purposes, including training or development.

7.3 Your Consent
By receiving care & services at our practice, you are consenting to the use of Al to assist with creating your clinical notes. If you have any questions or concerns about this process, or if you prefer alternative documentation methods, please speak to your practitioner. They will be happy to accommodate your personal preferences by emailing us on the contact details below

8. Website, Cookies and Aggregate Data
When you visit our website, non-identifiable data such as IP address, browser type, and usage patterns may be collected for analytics. Cookies may be used to improve functionality and save your preferences; the information remains on your computer after the session has closed. You can disable cookies in your browser settings.
At no stage does Body Measure attempt to identify users or their browsing activities, except in the unlikely event of an investigation by a law enforcement agency exercising its legal authority within the laws of Australia.

9. Disclosure of Information
We do not disclose personal information to third parties unless:

  • You provide consent
  • Required by law
  • Necessary to protect health and safety
  • De-identified data may be used for research purposes (Any information used for the purposes of research shall be de-identified and limited to items such as age, gender, body composition results or bone density results, and other generic information. All de-identified information cannot reasonably identify you)

10. Access and Correction
You have the right to request access to your information or correction of inaccurate data. Requests must be in writing to info@bodymeasure.com.au
When making a request to access personal information we will require the individual to provide evidence of their right to access the information
We will respond within 30 days.

11. Data Breaches
We comply with the Notifiable Data Breaches (NDB) scheme. If a breach likely to cause serious harm occurs, we will notify affected individuals and the OAIC.

We manage all actual or suspected Data Breaches in line with the Notifiable Data Breach (NDB) Scheme under Part IIIC of the Privacy Act.
An NDB occurs if:

  1. Data Loss – accidental loss of Personal Information likely to result in unauthorised access or disclosure (e.g. stolen laptop). Data that is encrypted or can be remotely deleted is not an NDB.
  2. Unauthorised Disclosure – release of Personal or Sensitive Information in a way not permitted by the Privacy Act (e.g. email sent to the wrong person).
  3. Unauthorised Access – access by someone not entitled to it (e.g. database hack).

and where:

  • the breach is likely to cause serious harm, and
  • the risk of harm cannot be prevented.

We will assess suspected breaches within 30 days, considering:

  • sensitivity of the data (e.g. medical records),
  • type of information (e.g. credit cards),
  • whether security protections (e.g. encryption) apply,
  • the nature and impact of the potential harm.

If confirmed, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable.

Health Information
When we manage health information on behalf of other health service providers (as defined under the Health Records and Information Privacy Act (NSW 2002), we comply with the Privacy Act and all relevant state and territory privacy laws. Health information is only used or disclosed for the purpose for which it was collected, or for a purpose directly related to that.
If a data breach involves health information, we will notify the relevant health service provider within 14 days and provide any identifiable details, including:

  • the client’s identity and contact information,
  • a description of the breach,
  • the types of information affected,
  • recommendations for those impacted, and
  • steps taken to secure our systems.

We do not determine whether such breaches qualify as Notifiable Data Breaches, that responsibility rests with the health service provider

12. Complaints
If you have concerns about privacy practices, contact us at: info@bodymeasure.com.au
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au | 1300 363 992

13. Contact Us
If you have any concerns about this privacy policy please contact our Privacy Contact at :
Email: info@bodymeasure.com.au
Phone: (02) 9460 8502
Postal Address: Suite 4, 38 Albany Street, St Leonards, NSW, 2065