Privacy Policy

Effective date: 14 October 2025

Who we are: Wellness Centre Wollongong ABN 54529216403 (“we”, “us”, “our”).

Contact: info@wellnesscentre.net.au | 02 42263777 | Level 1 / 81 Keira Street Wollonong NSW Australia

Scope and Who this Applies to

This policy explains how we collect, use, disclose, store and protect personal information and health information of our clients, members, website visitors and other individuals. We are a health service provider, so the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) apply to us regardless of annual turnover. We also comply with the NSW Health Records and Information Privacy Act 2002 (HRIP Act) and the Health Privacy Principles (HPPs) for health information handled in NSW.

Types of Information We Collect

Personal information: name, date of birth, contact details, emergency contact, membership details, communications preferences, billing and transaction details (processed via secure third-party payment gateways; we do not store your full card numbers).
Health information: relevant medical history, injuries, conditions, referrals, practitioner notes, assessments, goals and progress relevant to delivering safe services.
Digital information: website analytics, IP address, device/browser data, cookies, session data, and interactions with emails/SMS (opt-in marketing only).
CCTV (if used on premises): for safety and security in common areas (not in treatment rooms or bathrooms).

Why We Collect it (Primary Purposes)

We collect and use information to:

Provide safe, appropriate health and wellness services and classes; manage bookings, memberships and attendance;
Tailor programs and modifications to your needs;
Communicate about schedules, changes, invoices, and service updates;
Run our operations (quality assurance, training, risk and incident management, insurance and regulatory compliance);
With your consent, send marketing about classes, events and offers (you can opt out anytime).

How We Collect Information

Directly from you (online forms, health intake, in-studio forms, email/phone, during sessions);
From your authorised representative (e.g., parent/guardian, carer) or referrer with consent or as permitted by law;
Automatically via our website/app (cookies and analytics) and via our booking/payment providers where needed to deliver services.

Direct Marketing and Your Choices

We only send electronic marketing if we have your consent or another basis permitted by the Spam Act 2003 (Cth). All marketing messages include a working unsubscribe link. If you opt out, we’ll stop marketing but may still send essential service/transactional notices.

Cookies and Analytics

We use cookies and similar tools to operate the site, remember preferences, and understand usage (e.g., to improve class pages). You can control cookies in your browser. Analytics data may be de-identified and aggregated wherever possible, consistent with APPs.

Disclosing Your Information

We may disclose information to:

Practitioners/instructors engaged by us (under confidentiality obligations) for safe service delivery;
Booking, practice management and payment providers we use to run our services;
IT, cloud and support providers (data hosting, email/SMS, analytics);
Insurers, professional advisors and regulators where reasonably necessary;
Emergency contacts or health providers if needed to reduce or prevent a serious threat to life, health or safety, or as otherwise permitted by law.

If we disclose information overseas, we take reasonable steps under APP 8 to ensure recipients protect it to APP standards.

Storage, Security and Retention

We take reasonable steps to protect personal and health information against loss, unauthorised access, use, modification or disclosure. Measures include role-based access, encryption in transit where feasible, secure premises, and staff confidentiality and training. We retain health records for at least 7 years from last service, or until age 25 if collected while under 18, and then securely destroy or de-identify them in line with NSW requirements.

Access and Correction

You can request access to personal or health information we hold about you, and ask us to correct it if it’s inaccurate, out-of-date, incomplete, or misleading. We will respond within a reasonable time. We may need to verify your identity and may refuse access in limited circumstances permitted by law; we will tell you why if we do.

Children and Young People

For clients under 18, we may need consent from a parent/guardian (or act in the child’s best interests as permitted by law). Health records created while a person is under 18 are retained until the individual turns 25.

Data Breach Response

If a data breach is likely to result in serious harm, we will promptly assess and, where required, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches (NDB) scheme. We also maintain an internal data breach response plan.

Third-Party Links and Services

Our website may link to third-party sites or integrate third-party services (e.g., booking systems, payment processors, video platforms). These providers have their own privacy practices. We encourage you to read their policies. Mindbody’s Booking System Payment processors Privacy Policy can be found here https://co.mindbodyonline.com/legal/privacy-policy

Complaints and How We’ll Help

If you have a privacy concern or complaint, please contact us first at info@wellnesscentre.net.au. We’ll acknowledge and investigate your complaint. If you’re not satisfied, you may contact the OAIC (www.oaic.gov.au) regarding the APPs or the Information and Privacy Commission NSW (www.ipc.nsw.gov.au) regarding NSW health privacy.

Changes to this Policy

We may update this policy to reflect changes to our practices or legal requirements. We’ll post the updated version with a new effective date on this page.