Privacy Policy

1. Application

We handle personal and health information in accordance with the Privacy Act 1988 (Cth) and Australian Privacy Principles. In Victoria we also comply with the Health Records Act 2001 (Vic) and Health Privacy Principles (HPPs).
This policy covers information handled across all channels: in-person, phone, telehealth, email/fax/SMS/post, referrals, billing, practice systems, devices and storage, and our website (including cookies and analytics).

2. Your choices (anonymity & consent)
You may use a pseudonym for general enquiries, but we must identify you to provide care or claim Medicare/NDIS rebates. You can withdraw consent for future use/disclosure at any time, subject to legal and clinical limits.

3. What we collect

• Identity and contact: name, date of birth, address, phone, email, emergency contact.
• Health information: presenting issues, history, assessments, diagnoses, treatment plans, progress notes, outcome measures, and correspondence with referrers or other providers.
• Administrative and billing: Medicare/insurer/NDIS details, invoices, payments, appointment history, cancellations.
• Referrers and authorised representatives: GP/specialist details and, where applicable, details of guardians or attorneys.
• Communications (content and metadata): the content of emails, SMS, faxes, letters, and web-form submissions exchanged with us (including attachments), plus related metadata (timestamps, sender/recipient, delivery status, IPs). For audio/video sessions, see clause 8 ‘Telehealth’.

If we receive unsolicited personal information we did not request, we delete or de-identify it unless we could lawfully have collected it.

4. Identifiers

We will not adopt government-related identifiers (e.g., Medicare numbers) as our own except as permitted or required by law.

5. How we collect information

• Directly from you: in person; by email, SMS, fax, or post; by phone or telehealth; and via web forms.
• From referrers and other providers with your consent or as required/permitted by law.
• From your authorised representative where applicable.
• From funders/payers when administering rebates or claims.
• From our systems and website as you use them (bookings, payments, security/access logs).
• We also generate information during care (e.g., case notes and letters).

6. Why we collect and use information (purpose)

• Provide psychological services and care coordination.
• Manage bookings, reminders, and communications.
• Process billing, rebates, and accounts.
• Maintain records and meet legal/professional obligations.
• Operate and improve our website and IT systems.
• Produce de-identified statistics or quality-assurance reports as permitted by law.

7. Disclosures we make

We disclose personal information only as needed for the purposes above or as required/permitted by law. We do not sell personal information. Wherever possible, we engage service providers under confidentiality obligations and limited access appropriate to their tasks.

8. Telehealth
Telehealth sessions are provided by phone or video.

9. Audio recordings and Artificial Intelligence (AI)
Unless you opt out, the audio of all sessions (including telehealth sessions) is recorded, processed using AI software, converted to text, and used to generate summaries, reports, treatment plans, clinical notes, and other related documents.

10. Our systems and service providers
We use service providers for practice management, email and collaboration, website hosting and security, telecommunications (fax/SMS/voice), device backup/sync, clinical documentation support, and related IT support. Providers act under contractual terms. We take reasonable steps to select and oversee them.

11. Security
We take reasonable steps to protect personal and health information, including administrative, technical, and physical safeguards appropriate to the sensitivity of the information.

12. Notifiable Data Breaches
If a data breach is likely to cause serious harm, we will assess and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by law.

13. Cookies & website analytics
Our website may use anti-spam tools and analytics to measure traffic (for example, page views, device/browser, IP address). If a cookie banner is enabled, you can set preferences there; you can also control cookies via your browser. Links on our site lead to third-party sites with their own privacy practices.

14. Overseas disclosures
Some service providers store or process information outside Australia. This currently includes the United States and South Africa. Some providers select storage regions dynamically; where it is not practicable to specify additional countries, we will make them available on request. Typical overseas providers are our cloud hosting, email, backup, telehealth, and IT support providers. We take reasonable steps to ensure overseas recipients do not breach the Australian Privacy Principles.

15. Retention and destruction
We retain health records for at least the statutory minimums. In Victoria, for adults, at least 7 years; for persons under 18, until age 25. Administrative records may have different periods. After the applicable period we securely destroy or de-identify records unless longer retention is required by law.

16. Access and correction
You may request access to, or correction of, your personal information by contacting us (see ‘How to contact us and complaints’ below). We respond within a reasonable time. If we refuse access or correction as permitted by law, we will provide reasons and how to complain.

17. Children and capacity
Where a client is under 18, we consider capacity and obtain consent from the young person and/or a parent/guardian as appropriate.

18. Marketing
We send electronic marketing only with your consent or as permitted by law. You can opt out at any time.

19. How to contact us and complaints

a. For privacy matters and complaints, please contact our Privacy Contact:
Name: Damian Guastella
Email: [email protected]
Phone: (03) 9123 4292
b. We will consider and respond to privacy concerns within a reasonable time. However, if you are not satisfied, you may also contact:

• Office of the Australian Information Commissioner — www.oaic.gov.au | 1300 363 992 | GPO Box 5218 Sydney NSW 2001.
• Health Complaints Commissioner (Victoria) — www.hcc.vic.gov.au | 1300 582 113

20. Changes to this policy
We may update this policy to reflect changes to laws, providers, or our practice. The effective date above shows the latest version.