Collection of Personal Information
Use of Personal Information
Disclosure of Personal Information
Storage and Security of Personal Information
Access and Correction of Personal Information
Cookies & third-party services
Links to Third-Party Websites
Collection and Handling of Payment Information
Complaints & Contact Information
1. Introduction, Scope & Application
2. Collection of Personal Information
"Here, we outline the types of personal information we collect and why we need this information to provide our services."
We collect personal and sensitive information necessary to provide our mental health counseling services, including:
Contact information (name, address, phone number, email)
Date of birth
Health and medical information relevant to the provision of our services
Information about family members, caregivers, and other relevant individuals
Information related to the client's school and educational history
Medicare and private health insurance details
We may also collect information about the date, time, and duration of visits to our clinic or interactions with our online services. This information is generally not linked to the identity of clients, except where the interactions are made via links in an email we have sent or are otherwise required for the provision of our services.
3. Use of Personal Information
"Here we describe the various ways we use your personal information to offer you a great experience with our services."
We use personal information to:
Provide mental health counseling services
Communicate with clients, their families, and other healthcare professionals
Conduct assessments and develop treatment plans
Comply with legal and regulatory requirements
Conduct internal administrative tasks and maintain accurate records
Conduct research and quality improvement activities, with clients' consent
Provide clients with information about our services and products, with their consent
4. Disclosure of Personal Information
"This part explains under which circumstances we might share your personal information with others and how we keep it secure."
We may disclose personal information to:
Other healthcare professionals, with clients' consent
Government agencies, as required by law (e.g., mandatory reporting of child abuse)
Third-party service providers, such as IT and data storage providers, under strict confidentiality agreements
5. Storage and Security of Personal Information
"Learn about the measures we take to securely store your personal information and how long we keep it."
We take reasonable steps to protect personal information from unauthorised access, use, and disclosure. We store electronic records on secure servers and physical records in locked cabinets. Access to personal information is restricted to authorised personnel only.
6. Access and Correction of Personal Information
"Find out how you can access and update your personal information, ensuring it remains accurate and up-to-date."
7. Cookies and Third-Party Services
8. Links to Third-Party Websites
"We sometimes provide links to other websites. This section highlights that their privacy policies might be different from ours."
10. Collection and Handling of Payment Information
"Learn about how we collect and protect your payment information, ensuring your financial data stays secure during transactions."
We may collect payment information, such as credit card details, when clients make payments for our services. This information is used solely for the purpose of processing payments and is not used for any other purpose. We retain payment information only as long as necessary to complete the transaction and comply with relevant financial record-keeping requirements.
To protect the security of your payment information, we adhere to the Payment Card Industry Data Security Standard (PCI DSS) and implement industry-standard security measures, such as encryption and secure storage. Only authorised personnel have access to payment information, and they are required to handle such data in accordance with PCI DSS requirements.
We utilise Halaxy's payment gateway powered by Braintree in Australia and Hyperwallet globally, both owned by PayPal, to process payments on our behalf. Halaxy's infrastructure is hosted on Amazon Web Services (AWS) and complies with various security accreditations and certifications, including PCI DSS Level 1, ISO 27001, and FIPS 140-2. Card details are tokenised and securely stored by Halaxy's payment gateway, ensuring that payment data is not stored with patient records and is not visible to anybody within our practice, at Halaxy, or to unauthorised third parties.
In the event that we need to share your data with third-party service providers, such as Xero for accounting or SMS providers, we will do so only with your permission and ensure that these providers meet the same stringent privacy standards as we do.
11. Complaints & Contact Information
If you have any concerns about our handling of your personal information, please contact our Privacy Officer John Chellew at firstname.lastname@example.org or to our Administration team at email@example.com. We will investigate your complaint and respond in writing within a reasonable timeframe. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or the Health Complaints Commissioner (HCC) in Victoria.