Privacy Policy

Our disclosures of personal information to third parties

We may disclose personal information to:

• third party service providers, where disclosure is necessary to allow us to provide the Services to you (as listed below);

• IT service providers, data storage, web-hosting and server providers;

• professional advisors, bankers, auditors, our insurers and insurance brokers;

• our existing or potential agents or business partners;

• anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;

• courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;

• courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;

• any other third parties as required or permitted by law, such as where we receive a subpoena.

Where we disclose your personal information to third parties, it is important to us that the third party handles your personal information in accordance with the applicable Australian privacy laws.

Third Party Service Providers that we currently use:

• Cliniko - Practice management software

• Q-Interactive, Q-Global, PARiConnect, MHS Assessment Center+ - Assessment administration and data collection software

• Snap Forms, Form Publisher (Google Forms) - Form/Survey distribution and collection software

• Google Workspace - Multiple functions including email communication, form distribution and collection, resource storage and sharing

• Xero - Financing, invoicing, and accounting

• Covium, Zoom - Telehealth conferencing

• CommBank/Verizon, Square AU, Stripe - Payment processing

Limitations to confidentiality

As set out above, we may disclose personal information to third parties. We may also be required to disclose confidential information, which may contain personal information, that you (or the client) shares with us in the course of providing the Services where:

• (a) the client’s parent or guardian has a legal right to access the confidential information;

• (b) you provide us with consent to provide the confidential information to a third party e.g. another health practitioner, lawyer, family member, educator, third party funder, or other third party you consent to;

• (c) disclosure of information is directly related to the primary purpose for which your confidential information was collected and the Services provided e.g., providing a treatment progress report to a referring doctor under a Medicare-rebated referral;

• (d) where we are legally required to disclose the confidential information, e.g. where we receive a subpoena, where a government agency funding the Services requires this information, reporting of child neglect or abuse, or where we are subject to routine auditing;

• (e) where we form the reasonable belief that there is an immediate and specified risk of harm (to life, health, or safety) to the client or another identifiable person or persons that can be avoided only by disclosing the confidential information; or

• (f) we obtain professional supervision relating to providing our Services to you, as part of our ethical and professional requirements of providing psychological services, and have concealed your identity and the identity of associated parties during the process of obtaining such supervision.

Mandatory Notifications About Registered Health Practitioners: With respect to our provision of supervision services to other health practitioners, there are additional limitations to confidentiality that apply and are legally governed by the Health Practitioner Regulation National Law (referred to as ‘the National Law’). Notifiable concerns have a specific meaning under the National Law. There are four concerns that may trigger a mandatory notification, depending on the risk of harm to the public:

• impairment

• intoxication while practising

• significant departure from accepted professional standards, and

• sexual misconduct.

If we come to learn that your conduct has passed the different mandatory reporting thresholds for these four areas of public safety risk, we will be obligated to make a mandatory notification about your conduct in accordance with the National Law. For details about our mandatory reporting obligations, please review the National Law.

Consent Orders & Court Orders

It is important that you provide us with a copy of any consent orders or court orders in place involving the Client, prior to the commencement of Services being provided, particularly where have an impact on the Services or on the access to the confidential information by a parent or guardian of the Client. We agree to keep this information confidential, in accordance with this Privacy Policy.

Overseas disclosure

While we store personal information in Australia, where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside of Australia.

We take reasonable steps to use Australian based third-party service providers where practicable. However, occasionally these providers are located outside of Australia or need to transfer or access your information outside of Australia to assist us in providing our Services to you. By providing us with personal information, you understand we may disclose a limited amount of your information outside of Australia and acknowledge that where we disclose personal information to a third party outside of Australia, we will only use reputable third parties and we will only disclose the personal information necessary for the recipient to assist us in supplying our Services to you.

We will only disclose your personal information overseas in accordance with the Australian Privacy Principles.

Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Where you are the parent or guardian of a patient, we reserve the right to ask you and collect information on any applicable court order, to determine whether patient record access may be granted to you.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you also have the right to contact the Office of the Australian Information Commissioner.

Health records: As required by law, if you are 18 years or over at the time we create or add to your health record, we will keep your client records for a minimum of seven years since the last point of client contact, unless legal or other organisational requirements specify otherwise. In the case of records collected while you are under 18 years old, we will retain the records at least until you attain the age of 25 years, unless legal or other organisational requirements specify otherwise.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

Our physical storage procedures

We aim to minimise our carbon footprint by ‘going paperless’ wherever possible. However, where required that we collect personal information on paper, such as when we are conducting an assessment, we will ensure that any physical records are stored securely in a locked premises, or shredded and destroyed.

Our electronic storage procedures

We will protect the privacy of your personal information stored on our devices by using password protection, encryption, two-factor authentication, manually inserting passwords (rather than using password autosave/autofill features), and deleting locally saved information when it is no longer required to be stored on the physical device. We also utilise reputable software providers (as set out in this Privacy Policy) to assist us to ensure the safe and secure storage of personal information.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

Consequence of not providing personal information

If you do not wish for your personal information to be collected in a way anticipated by this Privacy Policy, we may not be able to provide Services to you. You may request to be anonymous or to use a pseudonym, unless it is impracticable for us to deal with you or if we are required or authorised by law to deal with identified individuals. In most cases it will not be practicably possible for you to be anonymous or to use a pseudonym to receive our Services.

Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy. Please review our Website Terms of Use for further information.

Marketing Emails

We may send you promotional emails about our business’s activities or other useful information (e.g., wellbeing tips). There will be an opt-out option in these emails if you wish to no longer receive such emails from us.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

For any questions and notices, please contact us at: info@amazeinminds.com.au

Last update: 29 September 2022