top of page

Privacy Policy

Our Privacy Policy is a clear guide on our commitment to safeguarding your personal data.

Privacy Policy


  1. Introduction

  2. Collection of Personal Information

  3. Use of Personal Information

  4. Disclosure of Personal Information

  5. Storage and Security of Personal Information

  6. Access and Correction of Personal Information

  7. Cookies & third-party services

  8. Links to Third-Party Websites

  9. Changes to this Privacy Policy

  10. Collection and Handling of Payment Information

  11. Complaints & Contact Information

1. Introduction, Scope & Application

"We're committed to protecting your privacy, and this section explains why we have a Privacy Policy and how it applies to you."

Bayside School Refusal Clinic (ABN 35 093 382 652) is committed to protecting the privacy of our clients, their families, and our staff. This Privacy Policy outlines how we collect, use, store, and disclose personal and sensitive information in accordance with the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic). By using our services, you agree to the terms of this Privacy Policy.

This Privacy Policy applies to the collection, use, disclosure, storage, and management of personal information, including sensitive information, of our clients and users. This policy covers data collected through our website, over the phone, in-person, or via any other means of communication between our clients and our mental health social worker's private clinic.

2. Collection of Personal Information

"Here, we outline the types of personal information we collect and why we need this information to provide our services."

We collect personal and sensitive information necessary to provide our mental health counseling services, including:

Contact information (name, address, phone number, email)

Date of birth


Health and medical information relevant to the provision of our services

Information about family members, caregivers, and other relevant individuals

Information related to the client's school and educational history

Medicare and private health insurance details

We may also collect information about the date, time, and duration of visits to our clinic or interactions with our online services. This information is generally not linked to the identity of clients, except where the interactions are made via links in an email we have sent or are otherwise required for the provision of our services.

3. Use of Personal Information

"Here we describe the various ways we use your personal information to offer you a great experience with our services."

We use personal information to:


Provide mental health counseling services
Communicate with clients, their families, and other healthcare professionals
Conduct assessments and develop treatment plans
Comply with legal and regulatory requirements
Conduct internal administrative tasks and maintain accurate records
Conduct research and quality improvement activities, with clients' consent
Provide clients with information about our services and products, with their consent

4. Disclosure of Personal Information

"This part explains under which circumstances we might share your personal information with others and how we keep it secure."

We may disclose personal information to:

Other healthcare professionals, with clients' consent
Government agencies, as required by law (e.g., mandatory reporting of child abuse)
Third-party service providers, such as IT and data storage providers, under strict confidentiality agreements


5. Storage and Security of Personal Information

"Learn about the measures we take to securely store your personal information and how long we keep it."


We take reasonable steps to protect personal information from unauthorised access, use, and disclosure. We store electronic records on secure servers and physical records in locked cabinets. Access to personal information is restricted to authorised personnel only.

6. Access and Correction of Personal Information


"Find out how you can access and update your personal information, ensuring it remains accurate and up-to-date."

Clients have the right to access their personal information held by Bayside School Refusal Clinic, subject to certain legal exceptions. Clients can request access to their information or request corrections to be made by contacting our Privacy Officer in writing. To access or correct your personal information, please contact our clinic using the contact details provided in the Complaints section of this Privacy Policy. We will respond to your request within a reasonable time frame and may require verification of your identity before granting access or making corrections.

7. Cookies and Third-Party Services

"Discover how we use cookies to improve your experience on our website and how you can manage them if needed."

We may use cookies and similar technologies on our online services to enhance user experience, facilitate ongoing access to and use of our online services, and for analytics and marketing purposes. Additionally, we use various third-party tools and services that may also collect cookies or use similar technologies. These third-party services may include, but are not limited to, providers of analytics, customer relationship management, and content management services. These services may use cookies and similar technologies for various purposes, such as authentication, security, preference tracking, analytics, and marketing. For more information on how these third-party services use cookies, please refer to their respective privacy policies and cookie policies. If you do not want information collected through the use of cookies, you can disable the cookie feature in your browser settings. However, please note that disabling cookies may impact the functionality and user experience of our online services and the services provided by third-party tools.


8. Links to Third-Party Websites

"We sometimes provide links to other websites. This section highlights that their privacy policies might be different from ours."

We may provide links to third-party websites that may be of interest to our clients. These linked websites are not under our control, and we cannot accept responsibility for the conduct of entities linked to or from our online services. Before disclosing your personal information on any other website, we advise you to examine the terms and conditions and privacy policy of that website.


9. Changes to this Privacy Policy

"Sometimes we need to make updates to our Privacy Policy, this section explains when and why changes might happen."


We may update this Privacy Policy from time to time to reflect changes in legislation or our practices. Any changes will be published on our website and will take effect from the date of publication.

10. Collection and Handling of Payment Information

"Learn about how we collect and protect your payment information, ensuring your financial data stays secure during transactions."

We may collect payment information, such as credit card details, when clients make payments for our services. This information is used solely for the purpose of processing payments and is not used for any other purpose. We retain payment information only as long as necessary to complete the transaction and comply with relevant financial record-keeping requirements.

To protect the security of your payment information, we adhere to the Payment Card Industry Data Security Standard (PCI DSS) and implement industry-standard security measures, such as encryption and secure storage. Only authorised personnel have access to payment information, and they are required to handle such data in accordance with PCI DSS requirements.

We utilise Halaxy's payment gateway powered by Braintree in Australia and Hyperwallet globally, both owned by PayPal, to process payments on our behalf. Halaxy's infrastructure is hosted on Amazon Web Services (AWS) and complies with various security accreditations and certifications, including PCI DSS Level 1, ISO 27001, and FIPS 140-2. Card details are tokenised and securely stored by Halaxy's payment gateway, ensuring that payment data is not stored with patient records and is not visible to anybody within our practice, at Halaxy, or to unauthorised third parties.

In the event that we need to share your data with third-party service providers, such as Xero for accounting or SMS providers, we will do so only with your permission and ensure that these providers meet the same stringent privacy standards as we do.

Please note that our Privacy Policy only covers our data handling practices. For more information about Halaxy's data protection practices, please refer to their Privacy Policy and Terms and Conditions.

11. Complaints & Contact Information 

"If you have any concerns about our Privacy Policy or the way we handle your information, this part explains how to get in touch with us."

If you have any concerns about our handling of your personal information, please contact our Privacy Officer John Chellew at or to our Administration team at We will investigate your complaint and respond in writing within a reasonable timeframe. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or the Health Complaints Commissioner (HCC) in Victoria.

If you have any questions or comments about our Privacy Policy, this section above provides our contact details so you can reach out to us.

Privacy Policy Last updated: 10/05/2023) 

bottom of page