SPYRIA THERAPY
Privacy Policy

Spyria Therapy is a business name of Spyria Pty Ltd (ABN: 36 697 135 381).

Last updated: May 13, 2026.

SPYRIA THERAPY ("we", "us", "our") is committed to protecting the privacy of all clients, families, and website visitors. We adhere to the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and relevant NDIS guidelines.

1. What Information We Collect

We may collect the following personal and sensitive information:

  • Name, date of birth, and gender

  • Contact details (email, phone number)

  • NDIS number, plan start and end dates, plan manager

  • Relevant medical or therapy-related history

  • Consent for use of images, audio, or video recordings

  • Photographs or recordings taken during professional development workshops (subject to explicit consent from participants).

2. Why We Collect Your Information

We collect information on:

  • Provide multidisciplinary therapy services (Speech Pathology, Occupational Therapy, and Music Therapy)

  • Arrange appointments and manage communications

  • Document progress and write reports for NDIS or iCare

  • Claim payments and manage billing

  • Communicating with carers support teams

  • Share educational or promotional content (with consent)

3. Disclosure of Information

We may share your information with:

  • NDIS plan managers support coordinators

  • iCare and other funding bodies

  • Our contracted therapists and clinical team

  • Our practice management software (e.g., Splose)

  • Social media (only with media consent)

  • While we use secure third-party platforms (such as Splose), we are not responsible for the privacy practices of these third-party providers. We recommend users review the privacy policies of these platforms directly.

We do not disclose information overseas unless required by law. We ensure that any overseas data storage complies with the Australian Privacy Principles.

4. Cookies & Website Analytics

We use cookies and tools such as Google Analytics to enhance your online experience. These tools collect non-identifiable data such as:

  • IP address

  • Device and browser type

  • Website usage patterns

You can disable cookies in your browser settings.

5. Data Storage and Security

Your data is stored securely using:

  • Splose (practice management)

  • Google Drive / Microsoft

  • Password-protected devices

  • Staff confidentiality policies

We regularly review our data protection practices. Records are retained for a minimum of 7 years, or longer if required by law (e.g. if the participant is under 18, records are kept until the participant turns 25).

 

6. Accessing and Updating Your Information

  • Participants have the right to access their personal information and request corrections if they believe the information is inaccurate, incomplete, or out-of-date. We respond to such requests within 30 calendar days.

7. Privacy Breach Procedure

In the event of a privacy breach, SPYRIA Therapy will:

  • Contain and assess the breach

  • Notify affected individuals where required

  • Report serious breaches to the NDIS Commission and Office of the Australian Information Commissioner (OAIC) if necessary

  • Record the incident in our Incident Register

  • Take corrective action to prevent recurrence

8. Staff Responsibilities

  • All staff are required to sign confidentiality agreements and receive training in privacy and data protection during induction and annually.

9. Policy Review

  • This policy is reviewed annually or earlier if required due to legislative changes.

10. Privacy for Children and Vulnerable Persons

  • We serve clients aged 0-99. For minors or individuals requiring support, we obtain consent from parents or legal guardians.

11. Contact Us

If you have any concerns, please contact:

 

This document complies with NDIS Practice Standards and is intended to protect the rights, dignity, and privacy of all participants supported by SPYRIA THERAPY.