Lusio Rehab Privacy Notice

PRIVACY NOTICE Last Updated: 10 April 2025

BACKGROUND:

Lusio Technology Pty Ltd ("Lusio Rehab", "we", "us", "our") understands that your privacy matters. We’re committed to protecting your personal data and handling it responsibly. This notice explains how we collect, use, store, and share your data, and how we comply with applicable data protection laws, including the Australian Privacy Act 1988 (as amended), the Australian Privacy Principles (APPs), the UK General Data Protection Regulation (UK GDPR), and the EU General Data Protection Regulation (EU GDPR).

1. Information About Us

Company Name: Lusio Technology Pty Ltd Legal Status: Limited company registered in Australia

ABN: 27622092479 

Registered & Main Trading Address: Unit 205, 15 Belvoir Street, Surry Hills, NSW, Australia

Data Protection Officer: Hossein Forooghi

Email: hossein@lusiorehab.com

2. What Does This Notice Cover?

This notice explains how we collect and handle your personal data through our websites, apps (including LusioMATE and LusioPOSE), products, and services. It also outlines your rights and how to exercise them.

3. What Is Personal Data?

Personal data means any information that can identify you directly or indirectly. This includes your name, contact details, medical history (where applicable), IP address, and other identifiers.

4. What Are My Rights?

You have the following rights under data protection laws:

  • To be informed – via this Privacy Notice and upon request.

  • To access your data – see Part 10.

  • To correct inaccurate or incomplete data.

  • To delete your data (the "right to be forgotten").

  • To restrict processing.

  • To object to certain uses.

  • To withdraw consent (where we rely on it).

  • To data portability.

To avoid automated decision-making – we don’t currently use this.

You may contact us anytime (see Part 11) to exercise these rights.

If you're in Australia, you can complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. If you’re in the UK, you can contact the Information Commissioner’s Office (ICO) at www.ico.org.uk. We encourage you to contact us first so we can address your concerns.

5. What Personal Data Do We Collect and How?

We collect personal and non-personal data, including:

  • Identity Data: Name, DOB, profession, address, IP, images/videos (with consent)

  • Contact Data: Email, phone number, postal address

  • Business Data: Job title, business name, professional role

  • Payment Data: Card or bank details (if used for payment)

  • Profile Data: Usage data, medical data related to product use, preferences

  • Third-Party Data: Provided by clinicians or technical providers

Data is collected via:

  • Direct entry by you or your representative (e.g. clinician)

  • Device/app use

  • Analytics tools or third-party integrations

Sensitive health data is processed only with your explicit consent, in compliance with both Australian and international data privacy laws.

6. How Do We Use Your Personal Data?

We use your data for:

  • Business administration – to operate effectively (legitimate interests)

  • Providing services – to fulfil our contract with you

  • Payment processing – to manage transactions (contractual necessity)

  • Support and communication – to respond to queries and updates (legitimate interests/contract)

  • Service improvement – to enhance our offerings (legitimate interests)

  • Marketing (with consent) – to inform you of offers and updates (consent/legitimate interests)

  • We don’t use personal data for automated decision-making or profiling.

7. How Long Do We Keep Your Data?

We retain personal data only as long as necessary. Retention periods:

Identity/Contact/Business Data: Retained while you are a user; reviewed every 3 years

Payment Data: Retained while processing is active; purchase history retained for audit and compliance

Profile/Medical Data: Retained indefinitely only where necessary (e.g. product use history for medical/legal purposes); otherwise reviewed every 3 years

Third-Party Data: As above, aligned with the type of data supplied

We regularly review our retention schedule to ensure it aligns with the principles of purpose limitation and data minimization.

8. Where Do We Store or Transfer Your Data?

We may transfer your data internationally (e.g., to the UK, EU, or US). When doing so, we:

  • Use countries with adequacy decisions, or

  • Rely on Standard Contractual Clauses (SCCs), or

  • Apply other safeguards required under the GDPR and Privacy Act

Security measures include:

  • Access controls and two-factor authentication

  • Encryption of stored and transmitted data

  • Incident response plans for data breaches

9. Do We Share Your Data?

We may share your data with:

  • Lusio Rehabilitation UK Ltd – for delivery of services (UK-based)

  • CRM/Accounting/Payment Providers – globally, under strict agreements

  • Google/Amazon (Cloud Hosting) – secure infrastructure

  • Academic Institutions – for research and product development (anonymised)

We may also disclose data if legally required (e.g., court orders).

If we sell or restructure our business, data may transfer to the new entity under the same protections.

10. Accessing Your Data (Subject Access Requests)

To request your data:

Email us at hossein@lusiorehab.com

Include "Subject Access Request" in the subject line

We aim to respond within 1 month. No charge unless your request is excessive or repetitive.

11. Contacting Us

For any privacy-related questions or to exercise your rights:

Contact: Hossein Forooghi, Data Protection OfficerEmail: hossein@lusiorehab.comPostal Address: Unit 205, 15 Belvoir Street, Surry Hills, NSW, Australia

12. Updates to This Privacy Notice

This Privacy Notice may be updated periodically. Changes will be posted on our website and in our app(s). Please check occasionally to stay informed.

Back to the top