Lusio Rehab Privacy Notice
PRIVACY NOTICE Last Updated: 10 April 2025
BACKGROUND:
Lusio Technology Pty Ltd ("Lusio Rehab", "we", "us", "our") understands that your privacy matters. We’re committed to protecting your personal data and handling it responsibly. This notice explains how we collect, use, store, and share your data, and how we comply with applicable data protection laws, including the Australian Privacy Act 1988 (as amended), the Australian Privacy Principles (APPs), the UK General Data Protection Regulation (UK GDPR), and the EU General Data Protection Regulation (EU GDPR).
1. Information About Us
Company Name: Lusio Technology Pty Ltd Legal Status: Limited company registered in Australia
ABN: 27622092479
Registered & Main Trading Address: Unit 205, 15 Belvoir Street, Surry Hills, NSW, Australia
Data Protection Officer: Hossein Forooghi
Email: hossein@lusiorehab.com
2. What Does This Notice Cover?
This notice explains how we collect and handle your personal data through our websites, apps (including LusioMATE and LusioPOSE), products, and services. It also outlines your rights and how to exercise them.
3. What Is Personal Data?
Personal data means any information that can identify you directly or indirectly. This includes your name, contact details, medical history (where applicable), IP address, and other identifiers.
4. What Are My Rights?
You have the following rights under data protection laws:
-
To be informed – via this Privacy Notice and upon request.
-
To access your data – see Part 10.
-
To correct inaccurate or incomplete data.
-
To delete your data (the "right to be forgotten").
-
To restrict processing.
-
To object to certain uses.
-
To withdraw consent (where we rely on it).
-
To data portability.
To avoid automated decision-making – we don’t currently use this.
You may contact us anytime (see Part 11) to exercise these rights.
If you're in Australia, you can complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au. If you’re in the UK, you can contact the Information Commissioner’s Office (ICO) at www.ico.org.uk. We encourage you to contact us first so we can address your concerns.
5. What Personal Data Do We Collect and How?
We collect personal and non-personal data, including:
-
Identity Data: Name, DOB, profession, address, IP, images/videos (with consent)
-
Contact Data: Email, phone number, postal address
-
Business Data: Job title, business name, professional role
-
Payment Data: Card or bank details (if used for payment)
-
Profile Data: Usage data, medical data related to product use, preferences
-
Third-Party Data: Provided by clinicians or technical providers
Data is collected via:
-
Direct entry by you or your representative (e.g. clinician)
-
Device/app use
-
Analytics tools or third-party integrations
Sensitive health data is processed only with your explicit consent, in compliance with both Australian and international data privacy laws.
6. How Do We Use Your Personal Data?
We use your data for:
-
Business administration – to operate effectively (legitimate interests)
-
Providing services – to fulfil our contract with you
-
Payment processing – to manage transactions (contractual necessity)
-
Support and communication – to respond to queries and updates (legitimate interests/contract)
-
Service improvement – to enhance our offerings (legitimate interests)
-
Marketing (with consent) – to inform you of offers and updates (consent/legitimate interests)
-
We don’t use personal data for automated decision-making or profiling.
7. How Long Do We Keep Your Data?
We retain personal data only as long as necessary. Retention periods:
Identity/Contact/Business Data: Retained while you are a user; reviewed every 3 years
Payment Data: Retained while processing is active; purchase history retained for audit and compliance
Profile/Medical Data: Retained indefinitely only where necessary (e.g. product use history for medical/legal purposes); otherwise reviewed every 3 years
Third-Party Data: As above, aligned with the type of data supplied
We regularly review our retention schedule to ensure it aligns with the principles of purpose limitation and data minimization.
8. Where Do We Store or Transfer Your Data?
We may transfer your data internationally (e.g., to the UK, EU, or US). When doing so, we:
-
Use countries with adequacy decisions, or
-
Rely on Standard Contractual Clauses (SCCs), or
-
Apply other safeguards required under the GDPR and Privacy Act
Security measures include:
-
Access controls and two-factor authentication
-
Encryption of stored and transmitted data
-
Incident response plans for data breaches
9. Do We Share Your Data?
We may share your data with:
-
Lusio Rehabilitation UK Ltd – for delivery of services (UK-based)
-
CRM/Accounting/Payment Providers – globally, under strict agreements
-
Google/Amazon (Cloud Hosting) – secure infrastructure
-
Academic Institutions – for research and product development (anonymised)
We may also disclose data if legally required (e.g., court orders).
If we sell or restructure our business, data may transfer to the new entity under the same protections.
10. Accessing Your Data (Subject Access Requests)
To request your data:
Email us at hossein@lusiorehab.com
Include "Subject Access Request" in the subject line
We aim to respond within 1 month. No charge unless your request is excessive or repetitive.
11. Contacting Us
For any privacy-related questions or to exercise your rights:
Contact: Hossein Forooghi, Data Protection OfficerEmail: hossein@lusiorehab.comPostal Address: Unit 205, 15 Belvoir Street, Surry Hills, NSW, Australia
12. Updates to This Privacy Notice
This Privacy Notice may be updated periodically. Changes will be posted on our website and in our app(s). Please check occasionally to stay informed.