Privacy Policy

Lume Chiropractic  |  ABN: 47688520265  |  Version 1.0  |  Effective: 15 June 2026

1. About Us

Lume Chiropractic ('we', 'us', 'our') is a neurologically focused chiropractic practice located on the South Coast of New South Wales, Australia. We are committed to protecting the privacy of our patients, their families, and all individuals whose personal information we handle.

This Privacy Policy explains how we collect, use, store, disclose, and manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) as published by the Office of the Australian Information Commissioner (OAIC).

Our Contact Details

For all privacy-related enquiries, please contact us at:

Lume Chiropractic PTY LTD

5 Old Princes Highway, Batemans Bay, NSW 2536

Phone: 02 4472 811

Email: hello@lumechiropractic.com.au

Website: www.lumechiropractic.com.au

Privacy Officer: Elizabeth Botha

2. What Personal Information We Collect and Store

We collect and hold a range of personal information necessary to provide safe and effective chiropractic care. This includes, but is not limited to:

Patient Identification Information

• Full name and date of birth

• Address, phone number, and email address

• Medicare number and DVA claim information where applicable

Health and Clinical Information

• Medical history, current medications, and relevant family health history

• Chief complaint, symptoms, and clinical examination findings

• INSiGHT neurological scan results (heart rate variability, surface electromyography, and neurospinal thermal assessments)

• Radiographic images and reports

• Chiropractic care plans, progress notes, and treatment records

• Referral correspondence from or to other healthcare providers

Financial and Administrative Information

• Billing history and payment records

• Appointment scheduling information

Paediatric Patients

Where we provide care to children under 18 years of age, we also collect the personal information of a parent or legal guardian, including their relationship to the patient and authority to consent to care on the child's behalf.

3. How We Collect Personal Information and Where It Is Stored

Collection Methods

We collect personal information:

• Directly from you through our new patient intake forms (electronic and paper-based)

• During clinical consultations and examinations.

• Through our practice management system (PracticeHub)

• Via phone, email, or in-person communication with you or your authorised representative

• From other healthcare providers (e.g., referring GPs, specialists, or allied health professionals) with your knowledge and, where required, consent.

Where Information Is Stored

Your information is stored in the following systems:

• PracticeHub — our cloud-based, Australian-hosted practice management and clinical records platform.

• Third-party imaging and radiology providers' systems (where radiographic investigations are ordered)

All digital storage systems used by Lume Chiropractic are password-protected, encrypted, and comply with applicable Australian data security standards.

4. Why We Need to Collect Personal Information

We collect personal information for the following primary purposes:

• To provide safe, appropriate, and high-quality chiropractic care

• To assess, diagnose, and manage your health concerns

• To communicate with you regarding your care, appointments, and health outcomes

• To comply with our professional, legal, and regulatory obligations under the Health Practitioner Regulation National Law and the Chiropractic Board of Australia's standards

• To refer you to or liaise with other healthcare providers where clinically appropriate

• To conduct quality assurance and continuing professional development activities within the practice

We only collect the information that is reasonably necessary for these purposes. You are not required by law to provide your personal information to us; however, if you choose not to, we may be limited in our ability to provide you with appropriate care or services.

5. How We Use and Disclose Personal Information

Use of Your Information

We use your personal information primarily for the purposes for which it was collected (as outlined in Section 4). We do not use your information for purposes unrelated to your care without your consent.

Disclosure of Your Information

We may disclose your personal information to:

• Other treating healthcare providers involved in your care (e.g., GPs, specialists, physiotherapists) where clinically necessary and appropriate

• Health funds, Medicare, DVA, and WorkCover in connection with billing and claims

• Our third-party technology and software providers (e.g., PracticeHub), strictly for the purposes of operating our practice management and clinical record systems

• Legal and regulatory authorities, including the Chiropractic Board of Australia or AHPRA, where required by law

• Persons you have authorised to act on your behalf or receive information about your care

We will not sell, rent, or trade your personal information to third parties. We will not disclose your information for marketing or commercial purposes without your explicit consent.

Marketing and Communications

If we wish to use your contact information to send health and wellness updates, newsletters, or practice news, we will seek your consent and provide you with a straightforward means to opt out at any time.

6. Accessing and Correcting Your Personal Information

You have the right to request access to the personal information we hold about you, and to request that any inaccurate, incomplete, or out-of-date information be corrected.

How to Make a Request

To request access to or correction of your personal information, please contact our Privacy Officer using the contact details provided in Section 1. We ask that requests be made in writing (by email or letter) and include:

• Your full name and date of birth

• A description of the information you wish to access or correct

• Your preferred method of contact for our response

Our Response

We will acknowledge your request within five (5) business days and aim to provide a substantive response within thirty (30) days. If we are unable to provide access or make a correction, we will provide written reasons for that decision.

In some circumstances, access may be limited — for example, where providing access would pose a serious threat to the life or health of any person, or where an exemption applies under the Privacy Act 1988 (Cth). We will advise you if this is the case.

Access to health records may be subject to a reasonable administrative fee to cover costs. We will advise you of any applicable fee before proceeding.

7. Lodging and Managing a Privacy Complaint

How to Lodge a Complaint

If you believe that we have mishandled your personal information, or that we have interfered with your privacy, we encourage you to contact us in the first instance so that we can work to resolve the matter directly.

Please submit your complaint in writing to our Privacy Officer using the contact details provided in Section 1. Please include:

• Your name and contact details

• A description of your concern and the outcome you are seeking

• Any relevant dates or circumstances

How We Will Manage Your Complaint

We will:

• Acknowledge receipt of your complaint within five (5) business days

• Investigate your complaint in a fair, timely, and confidential manner

• Provide you with a written response within thirty (30) days of receipt, including the outcome of our investigation and any action taken or proposed

If you are not satisfied with our response, or if we have not responded within 30 days, you have the right to escalate your complaint to the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner (OAIC)

Website: www.oaic.gov.au

Phone: 1300 363 992

GPO Box 5218, Sydney NSW 2001

8. Disclosure of Information Outside Australia

Lume Chiropractic does not routinely disclose personal information to overseas recipients. Our primary systems and data storage are Australian-based.

In limited circumstances, some software or cloud infrastructure providers may process or store data on servers located outside Australia (for example, as part of routine cloud operations). Where this occurs, we take reasonable steps to ensure that any overseas recipients handle your information in a manner consistent with the Australian Privacy Principles.

If we are required to disclose your personal information to an overseas recipient, we will do so only:

• With your consent

• Where required or authorised by Australian law

• Where we are satisfied that the recipient's country has privacy protections substantially similar to those in Australia

At the time of this policy, we are not aware of specific overseas countries to which personal information is routinely disclosed. If this changes, this policy will be updated accordingly.

9. Secure Destruction and De-identification of Personal Information

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Under the Health Records and Information Privacy Act 2002 (NSW) and applicable chiropractic records retention standards, clinical records must be retained for a minimum period (generally seven years for adults, or until the patient turns 25 years of age for paediatric records).

Once personal information is no longer required and retention obligations are fulfilled, we will take reasonable steps to destroy or permanently de-identify it in a secure manner, including:

• Permanent deletion or secure erasure of electronic records in accordance with industry best practice

• De-identification of information used for quality improvement or statistical purposes, such that individuals can no longer be identified

We do not retain personal information beyond the period required for the original purpose of collection, unless we have obtained your consent or are otherwise required to do so by law.

10. Updates to This Policy

We review and update this Privacy Policy periodically to reflect changes in our practices, legal obligations, or regulatory guidance. The current version will always be available at our practice and on our website. We encourage you to review this policy from time to time.

If we make significant changes that affect how we handle your personal information, we will notify you by email or through a notice on our website.