This is the privacy policy of Made to Move Health, a sole trader business operated by James Pangalos. We are committed to protecting the privacy of every individual we work with, including business owners, employees, and members of the public who interact with our services. This policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over your own information. We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and, where relevant, the Health Records Act 2001 (Vic).
Types of personal information we collect
The information we collect depends on how you interact with us. We aim to collect only what we need to provide our services properly.
Contact information
- Name, email address, phone number, and business name when you submit an enquiry through our website or contact us directly
- Postal or business address where required for invoicing or onsite visits
Workplace assessment information
- Details about your business, team size, work environment, and existing concerns or pain points
- Photographs of workspaces taken during onsite assessments (only with documented consent)
- Workstation and ergonomic data collected during walkthroughs
Health information (sensitive information)
- Pain and discomfort survey responses provided voluntarily by employees
- Self-reported symptoms, injury history, or musculoskeletal concerns relevant to workplace risk assessment
- De-identified, aggregated health trend data used in management reports
Health information is sensitive information under the Privacy Act and receives a higher level of protection. We only collect health information with the express, informed consent of the individual it relates to, and only where it is reasonably necessary for delivering our workplace wellness services.
Website and technical information
- Basic analytics about how visitors use our website, such as pages viewed and approximate location (city level)
- Information submitted through forms hosted by our third-party form provider (Formspree)
How we collect your information
We collect personal information through a number of channels, all of which are designed to be transparent and consensual.
Directly from you
Most information we hold is provided directly by you, through enquiry forms, phone or email conversations, in-person meetings, or workplace assessments. When you provide us with information, we take it that you consent to our using it for the purposes described in this policy.
Through our website
When you visit madetomovehealth.com.au, basic technical information may be logged automatically by our hosting provider for security and performance reasons. Our contact form is processed by a secure form-handling service, which transmits submissions to our business email account.
From employees of client businesses
When we deliver workplace wellness services, we may collect information directly from your employees through pain surveys, ergonomic assessments, or education sessions. Participation in these activities is voluntary, and employees are informed of the purpose before any data is collected.
Cookies and analytics
Our website uses minimal cookies, only those required for the site to function correctly. We do not use third-party advertising trackers. If basic analytics are enabled (e.g. for understanding how the website is used), the data is aggregated and does not identify individual visitors.
How we use and disclose your information
We use the information we collect for the specific purposes for which it was provided, and we do not sell, rent, or trade personal information under any circumstances.
How we use your information
- Responding to enquiries and providing requested information
- Delivering workplace wellness consulting services, including assessments, reports, and ongoing support
- Producing management summaries, action plans, and outcome reports for client businesses (using aggregated, de-identified data where possible)
- Issuing invoices and managing payments
- Maintaining records required by Australian law, AHPRA registration obligations, and our professional indemnity insurer
- Improving our services based on feedback and observed patterns
When we may disclose your information
We will only share your personal information in the following limited circumstances:
- To service providers who help us run our business (such as our accountant, invoicing platform, email and cloud storage providers, website host, and form-handling service). These providers are bound by confidentiality and only handle data for the specific purpose we engage them for.
- To your employer or business owner in the form of management summaries. These contain only de-identified, aggregated information unless an individual has expressly consented to identifiable information being shared.
- Where legally required, such as in response to a subpoena, court order, or regulatory request from AHPRA, WorkSafe, or a similar authority.
- To protect safety, where we reasonably believe disclosure is necessary to prevent serious harm to life or health.
A note on aggregated reporting: Reports provided to client business owners or managers are designed to protect individual employee privacy. Where group sizes are small enough that individuals could be identified, we adjust how we report findings to maintain anonymity.
Overseas disclosure
Some of the digital tools we use to operate the business may store data on servers located outside Australia, including in the United States. We choose providers who maintain strong data protection and security standards, but you should be aware that data stored overseas may be subject to the laws of those countries.
How we protect your information
We take reasonable steps to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification, or disclosure.
Practical safeguards
- All client files and assessment data are stored in password-protected, encrypted cloud storage
- Access to client information is limited to the practitioner directly delivering the service
- Physical documents collected during onsite visits are scanned, stored digitally, and the originals securely destroyed
- Email accounts are protected with strong passwords and multi-factor authentication
- We retain personal information only for as long as it is needed for the purpose it was collected, or as required by law (including our seven-year clinical record-keeping obligations under AHPRA)
If something goes wrong
In the unlikely event of a data breach that is likely to result in serious harm to affected individuals, we will notify you and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme.
Accessing and correcting your information
You have the right to access the personal information we hold about you and to ask us to correct it if it is inaccurate, incomplete, or out of date.
How to make a request
To request access to your information or to have it corrected, please contact us using the details in the next section. We will respond to your request within 30 days. There is no fee for making a request, though we may charge a reasonable fee for retrieving and providing copies of large amounts of information.
Withdrawing consent
You may withdraw your consent for us to hold or use your personal information at any time. We will delete or de-identify your information unless we are required by law (for example, AHPRA record-keeping obligations) to retain it for a specified period.
Making a complaint
If you believe we have mishandled your personal information or breached the Australian Privacy Principles, please contact us first so we can try to resolve the issue. If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au.
Contact details
For any questions about this policy, requests relating to your personal information, or to make a privacy complaint, please contact our Privacy Officer.
We may update this policy from time to time. The most current version will always be available at madetomovehealth.com.au/privacy. Material changes will be communicated to existing clients via email.