Big Wave Health — Privacy Policy (Leads & Marketing)
Effective date: 25 October 2025
Who we are: Big Wave Health provides exercise physiology (including NDIS services) and hydrotherapy in Western Australia. This policy explains how we collect, use, disclose and protect personal information when you submit a lead via our website or through Meta (Facebook/Instagram) lead forms.
1) The laws that apply to us
We handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and we handle health information in Western Australia under the Health Services (Information) Act 2023 (WA) and the Health Privacy Principles (HPPs). If you are an NDIS participant, we also follow requirements under the NDIS Quality and Safeguards framework. NDIS Quality and Safeguards Commission+5OAIC+5OAIC+5
2) What we collect
Depending on what you submit, we may collect:
● Identification & contact details (name, email, phone, suburb/postcode). ● Service interests (e.g., NDIS exercise physiology, hydrotherapy).
● Health information you choose to provide in a message (e.g., goals, mobility concerns, referral status).
● NDIS-related details you supply (e.g., participant status, plan status). ● Technical data from our website (e.g., cookie/Pixel events, device and referrer data).
We only collect sensitive information (including health information) with your consent or as otherwise permitted by law. OAIC+1
3) How we collect your information
● Website forms: When you submit a contact/enquiry/booking form.
● Meta Lead Ads: When you submit a lead form on Facebook or Instagram (you’ll see a link to this policy on the form, as required by Meta).
● Analytics & advertising tools: We may use cookies and tracking technologies (including the Meta Pixel) to measure campaign performance and improve our site. Best practice in Australia is to obtain opt-in consent for non-essential cookies and provide an easy way to change preferences. OAIC+1
4) Why we collect and use it
We use your information to:
● Respond to your enquiry, provide quotes, and book appointments.
● Assess suitability for services (including NDIS supports) you ask about. ● Manage our relationship with you (reminders, updates, customer support).
● Run and improve our marketing (measuring ad performance, audience insights) in compliance with privacy obligations.
● Meet legal, regulatory and insurance requirements.
We do not use your health information for marketing without your consent, and you can opt out of marketing at any time. OAIC
5) Legal basis/consent
We rely on your consent and/or our legitimate business functions permitted under the APPs and HPPs (e.g., responding to your request). Where information is health information, we only collect, use and disclose it as allowed under the Health Services (Information) Act 2023 (WA) and with your consent unless an exception applies. You may withdraw consent at any time.
6) Disclosing your information
We may disclose personal information to:
● Staff and contractors who help deliver our services.
● Technology providers (e.g., website host, CRM, email/SMS tools), and Meta when you submit a Meta lead form.
● Other health service providers with your consent (e.g., when coordinating care). ● Regulators, insurers, or advisers as required or authorised by law.
Some providers (including Meta) may store data outside Australia. Where reasonably practicable, we take steps to ensure overseas recipients handle personal information in a way consistent with Australian privacy laws. OAIC
7) Cookies, pixels and preference controls
We use cookies/pixels to operate the site, understand how it’s used, and improve advertising effectiveness. You can manage preferences via our cookie banner and your browser settings. For non-essential cookies, we aim to provide opt-in controls and an easy way to withdraw consent. Dean Usher
8) Storage, security and retention
We take reasonable steps to protect personal and health information from misuse, interference, loss, and unauthorised access, modification or disclosure. We keep information only as long as needed for the purposes above or as required by law, then securely delete or de-identify it. OAIC
9) Access and correction
You can request access to, or correction of, your personal and health information by contacting us (details below). We will respond within a reasonable time and may need to verify your identity. Under Western Australian law, individuals have a right to access health information held by private providers. OAIC+1
10) Marketing communications
If you opt in, we may send you service updates or promotions. You can opt out at any time by using the unsubscribe link or contacting us. We won’t send marketing that uses your health information without your consent. OAIC
11) NDIS participants
For NDIS enquiries, we collect only what’s necessary to respond and coordinate supports. We handle your information consistently with the NDIS Practice Standards and Code of Conduct and other privacy obligations. NDIS+1
12) Children and young people
If you are under 18, we prefer to obtain consent from a parent/guardian where practicable, especially for health information.
13) Complaints
If you have a privacy concern, please contact us first. We’ll investigate and respond. If you’re not satisfied, you can contact:
● Health and Disability Services Complaints Office (HaDSCO) – for health information or health service privacy issues under Western Australian law: hadsco.wa.gov.au | (08) 6551 7600 | Freecall: 1800 813 583
● Office of the Australian Information Commissioner (OAIC) – for APP matters under the Privacy Act: oaic.gov.au | 1300 363 992. OAIC
● NDIS Quality and Safeguards Commission – for NDIS-related privacy concerns: ndiscommission.gov.au. NDIS Quality and Safeguards Commission
14) Changes to this policy
We may update this policy from time to time. The latest version will always be posted on our website. OAIC
15) Contact us
Big Wave Health
Email: Admin@bigwavehealth.com.au
Phone: 0420463033