PRIVACY POLICY
Harmony Psychology respects the privacy of its clients, patients, and website visitors and is committed to safeguarding personal and health information.
The way we manage personal information is governed by the Privacy Act 1988 (Cth) (“the Act”) and the Australian Privacy Principles (APPs) contained within it.
This policy outlines how we collect, use, store, and disclose personal information in accordance with these obligations.
1. Personal Information
“Personal information” is any information or opinion, regardless of format, about an individual whose identity is apparent or can reasonably be determined.
“Health information” is a subset of personal information and includes information or opinion about an individual’s physical or mental health, disability, or the provision of a health service. Health information is classified as sensitive information under the Act and is afforded additional protections.
Harmony Psychology is committed to adhering to these protections and maintaining the confidentiality of all client information in accordance with professional and ethical standards, including the Australian Psychological Society (APS) Code of Ethics.
2. Collection of Personal and Health Information
2.1 Personal Information
Harmony Psychology may receive, collect, and store personal information when an individual:
(a) contacts us via our website, social media, email, or phone;
(b) visits our practice or participates in telehealth sessions;
(c) provides information during intake or assessment processes;
(d) provides feedback or completes a questionnaire;
(e) updates personal details; or
(f) otherwise engages or corresponds with us.
We may collect the following types of personal information:
· Full name, address, telephone number, and email address;
· Date of birth and gender;
· Medicare number, private health fund or insurance details;
· Payment details (including credit card and banking information);
· Records of correspondence and enquiries;
· Anonymous website usage data, including cookies and analytics;
· Details of special requests (e.g. accessibility requirements).
2.2 Health Information
We collect health information as part of delivering psychological and allied health services.
This may include:
· Medical and psychological history, symptoms, assessments, and treatment notes;
· Referral letters, reports, and communications from other practitioners;
· Information about treatment goals, progress, and outcomes.
Harmony Psychology will only collect health information if:
(a) the individual consents to its collection;
(b) collection is required or authorised by law or a court/tribunal order;
(c) it is necessary for a permitted health situation (e.g. providing a health service); or
(d) collection is otherwise permitted under the Act.
2.3 Collection from Third Parties
We may collect personal or health information from third parties where it is unreasonable or impracticable to collect it directly from the individual.
This may include:
· Referring doctors, specialists, or allied health professionals;
· Parents, caregivers, or guardians of minors;
· Schools, employers, or insurance providers; or
· Case managers and other health or welfare agencies.
Any information obtained from third parties will be handled in accordance with this policy and relevant laws.
2.4 Purpose of Collection
We collect and use personal and health information to:
(a) provide psychological assessment, therapy, and related services;
(b) manage bookings, billing, and administration;
(c) communicate regarding appointments, reminders, or service updates;
(d) process enquiries, feedback, or complaints;
(e) identify clients and protect against unauthorised access to records;
(f) meet legal, regulatory, and ethical obligations; and
(g) contact clients as necessary regarding their care or services.
We may contact clients through telephone, email, SMS, mail, or secure digital platforms.
3. Disclosure of Personal and Health Information
3.1 Personal Information
We may disclose personal information to:
(a) entities authorised or required by law to receive such information (e.g. law enforcement, courts, government agencies);
(b) employees, contractors, professional advisors, insurers, or service providers assisting in delivering our services; and
(c) third parties, with the client’s express or implied consent.
3.2 Health Information
We may disclose health information:
(a) with your consent, to other treating health professionals involved in your care;
(b) when disclosure is required or authorised by law;
(c) when necessary to lessen or prevent a serious threat to your life, health, or safety or that of another person; or
(d) where it is otherwise permitted by the Act.
Where possible, health information will be de-identified prior to disclosure.
3.3 Direct Marketing
Harmony Psychology may use personal information to communicate information about our services, workshops, or other offerings.
Clients can opt out of receiving such communications at any time by notifying us.
We may still send legally required communications, such as billing information or regulatory notices, even if you opt out of marketing messages.
4. Storage and Security
We take reasonable steps to protect personal and health information from misuse, interference, loss, unauthorised access, modification, or disclosure.
Security measures include:
· Secure physical storage for paper records;
· Password-protected, encrypted electronic systems;
· Restricted access to health records by authorised personnel only;
· Secure disposal or de-identification of data when no longer required; and
· Staff training in confidentiality and privacy obligations.
Health records are retained for the minimum period required by law (typically seven years from the last service, or until a child turns 25).
While we strive to secure transmitted data, no online transmission can be guaranteed as entirely secure, and information transmitted to us is at the user’s own risk.
5. Accessing and Correcting Personal Information
We seek to ensure the information we hold is accurate, complete, and current.
Clients may request access to their personal information or request corrections by contacting our Privacy Officer (details below).
Requests will be addressed within a reasonable timeframe (usually within 30 days).
We may charge a small administrative fee for providing access to records.
In limited cases permitted under the APPs, access may be refused, and we will provide reasons for our decision.
6. Online Dealings and Website Use
6.1 Cookies and Analytics
Our website may use cookies, analytics tools (e.g. Google Analytics), and advertising services (e.g. Google Ads).
These tools collect non-identifiable data such as IP address, browser type, pages visited, and session duration.
Cookies help us:
· Improve the website experience;
· Understand site usage and traffic patterns; and
· Deliver relevant advertising through remarketing services.
Users can manage or disable cookies through browser settings or opt out of personalised advertising via:
· Google Analytics Opt-out Add-on.
We do not use cookies to identify individuals or track browsing beyond statistical purposes.
6.2 External Websites
Our website may include links to external sites not controlled by Harmony Psychology.
We are not responsible for the privacy practices or content of third-party websites and encourage users to review each site’s privacy policy.
6.3 Email and Data Transmission
We will not transmit personal information by email unless reasonably necessary and secure to do so, or where the client has provided consent.
7. Complaints
If you wish to make a complaint about how Harmony Psychology has handled your personal information, please contact:
Privacy Officer – Harmony Psychology
Email: Sarah@harmonypsychology.net.au
Phone: (07) 5211 0825
Address: 1/5 Ochre Way, Palmview
We will investigate and respond to your complaint within a reasonable timeframe.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC)
You may also contact your state or territory health complaints body if appropriate.
8. Data Breach Response
In the event of a data breach that is likely to result in serious harm, we will follow our Data Breach Response Plan and comply with the Notifiable Data Breaches (NDB) Scheme, including notifying affected individuals and the OAIC where required.
9. Updates and Changes
We may update this Privacy Policy from time to time to reflect legal, technological, or operational changes. Revised versions will be posted on our website and will take effect immediately upon publication. We encourage all clients and website visitors to check our policy periodically.
