Privacy Policy

Who we are

In this policy, “we”, “us” and “our” refer to Sarah Grapentin, trading as a sole trader under the business name Massages By Sarah in Port Pirie, South Australia.

Because we provide massage therapy, we are considered a “health service provider” under the Privacy Act 1988 (Cth). This means the Australian Privacy Principles (APPs) apply to how we collect, use, store and disclose personal information — including health information.

What information we collect

We may collect the following types of information:

• •Contact details: your name, phone number, email address and (where you provide it) postal address.
• •Booking information: the date, time and type of appointment you book, and any notes you include with your booking.
• •Health information: details you share about your reasons for booking — including injuries, conditions, symptoms, medications, pregnancy status and treatment preferences. This is sensitive information under the Privacy Act.
• •Payment details: handled at the time of service. We do not store credit card or bank details on this website.
• •Website technical data: standard server logs collected by our hosting provider (such as IP address, browser type and pages visited). This data is used to keep the site secure and to understand how it is used.

How we collect it

We collect personal information directly from you when you:

• •Submit the booking form on our website
• •Submit the enquiry form on our website
• •Call or send a message to 0439 594 999
• •Email us at massagesbysarah@outlook.com
• •Attend a massage appointment in person

If we receive personal information about you from someone else without you having directly provided it (for example, a referring practitioner), we will only retain and use that information if it is reasonably necessary for one of our activities and if doing so is permitted by the APPs.

Why we collect it

We collect and use your information to:

• •Respond to your enquiries
• •Arrange, confirm and remind you about appointments
• •Plan, deliver and document your massage treatments safely
• •Issue receipts and (where applicable) provide information that supports a private health insurance rebate claim
• •Meet our legal, regulatory and professional record-keeping obligations
• •Keep the website secure and improve how it works

We do not sell your personal information, and we do not use your information for unrelated marketing without your consent.

Who we share information with

We only share personal information where it is necessary for one of the purposes above:

• •Form and booking provider: the booking and enquiry forms on this site are powered by GoHighLevel (via leadflux.com.au). Information you enter is transmitted to and stored within that system so we can manage bookings and enquiries.
• •Website hosting: the site is hosted by Vercel Inc. Their systems handle web traffic to and from this site.
• •Health practitioners and your insurer: where you ask us to (for example, to support a private health insurance rebate claim or to share information with your treating practitioner).
• •Where required by law: such as a court order, regulator request or to protect health and safety.

Some of these service providers may store data outside of Australia. Where they do, we expect them to apply protections at least equivalent to the APPs.

Health information and consent

The health information you share with us is sensitive information under the Privacy Act. We collect it with your consent — usually as part of a pre-treatment conversation or via your booking — and only use it for the purposes of planning, providing and recording your massage treatment safely.

Treatment notes are kept in line with our professional and legal record-keeping obligations as a massage therapist.

How we store and protect your information

We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification and disclosure. These steps include:

• •Storing electronic records in password-protected, access-controlled systems
• •Limiting access to information to Sarah only
• •Using reputable third-party providers for forms and hosting
• •Destroying or de-identifying information that is no longer required, subject to our record-keeping obligations

How long we keep your information

We retain personal information for as long as it is needed for the purposes described in this policy or as required by law. Health and treatment records for adults are generally kept for at least seven (7) years from the date of the most recent treatment, and longer for clients who were under 18 at the time of their treatment.

Cookies and website analytics

Our website uses a small number of essential cookies — for example, those used by the embedded booking and enquiry forms — to make the site work correctly. We also use the following analytics tools to understand how the website is being used in aggregate:

• •Google Analytics 4 (provided by Google LLC) — measures page views, traffic sources and general site usage. IP addresses are anonymised and the data is reported to us in aggregate. Some of this data is processed outside Australia, including in the United States.
• •Microsoft Clarity (provided by Microsoft Corporation) — captures aggregated, de-identified behavioural data such as clicks, scrolling and session paths, to help us improve the website. Some of this data is processed outside Australia.

These tools do not identify you personally and we do not use them to build advertising profiles. You can opt out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on. You can disable cookies generally in your browser settings, but some features of the site may not work correctly if you do.

Your rights

Under the Australian Privacy Principles, you have the right to:

• •Ask for a copy of the personal information we hold about you
• •Ask us to correct information that is inaccurate, out of date or incomplete
• •Ask us to delete information we no longer need to keep
• •Make a complaint about how we have handled your information

To exercise any of these rights, please contact us using the details below. We will respond within a reasonable time (usually within 30 days). There is no charge for a routine request.

If you are not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Children

We do not direct our website to children, and we do not knowingly collect personal information from children under 16 without parental or guardian consent.

Changes to this policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. The latest version will always be available on this page, with the “Last updated” date at the top.

Contact us

For any questions, requests or complaints relating to your privacy, please contact: