Privacy Policy

This Privacy Policy applies to all Personal Information collected by Mind Heart Body Psychology (ACN 642 417 712) (“we”, “us” ,“our”), including through our website https://www.mindbodyheartpsychology.com.au. By using our website or providing us with your information, you consent to us collecting, holding, using and disclosing your Personal Information as described in this Policy.

About Us and Our Structure

We provide consulting rooms and administrative support services to independent psychologist practitioners who operate their own psychology practices (Practitioners). Each Practitioner is a separate legal entity and an independent contractor, not an employee or agent of ours.

This policy outlines our privacy practices and explains the limited circumstances in which we may collect or have access to your Personal Information. Each Practitioner is responsible for maintaining their own privacy policy and complying with their legal obligations under the Privacy Act and relevant professional codes of conduct, including those issued by the Australian Psychological Society (APS), Psychology Board of Australia, the Australian Counselling Association’s Code of Ethics or the Psychotherapy & Counselling Federation of Australia (PACFA) Code of Ethics 2017.

We are committed to providing quality services and to protecting your privacy in accordance with our obligations under the Privacy Act 1988 (Cth), the Health Records Act 2001 (Vic), the Australian Privacy Principles (APPs) and the Health Privacy Principles (HPPs).

A copy of the Australian Privacy Principles may be obtained from the Office of the Australian Information Commissioner at www.oaic.gov.au.

If you have privacy concerns relating to your treating Practitioner, please contact them directly.

What is Personal Information?

The Privacy Act 1988 (Cth) currently defines “Personal Information” as meaning information or an opinion about an identified individual or an individual who is reasonably identifiable:

  1. whether the information or opinion is true or not; and

  2. whether the information or opinion is recorded in a material form or not.

This includes health information, which refers to information about your physical, mental or psychological health, medical history, or any health service provided to you

If information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as Personal Information and will not be subject to this Privacy Policy.

What Information Do We Collect?

The Personal Information we collect may include:

  1. Full name, contact details, date of birth and home address

  2. Medicare, health fund, and billing details

  3. Appointment and intake information

  4. Administrative health information (e.g., referral letters, care plans, appointment notes)

  5. Emergency contact and their contact details

  6. Information from website use, including cookies, IP address, browser type, and website usage

We may also collect information relevant to your treatment or our services, including health history, family history, ethnic background, and lifestyle.

We do not collect or store full clinical records unless explicitly directed to do so by your treating Practitioner.

Sensitive Information

Sensitive Information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

We only collect Sensitive Information where it is reasonably necessary for our functions or activities and either:

  1. the individual has consented; or

  2. we are required or authorised by or under law (including applicable privacy legislation) to do so.

How We Collect Personal Information

We may collect Personal Information:

  1. When you provide it to us directly (e.g., forms, calls, emails)

  2. During consultations or through communication with your treating Practitioner

  3. From third parties (e.g., referrers, insurers, Medicare, family members)

  4. Via our website or telehealth platforms (cookies, analytics tools)

We may use cookies to enhance your website experience. You may disable cookies in your browser, but this may affect website functionality.

Purpose of Collection

We collect Personal Information to:

  1. Provide administrative services

  2. Support Practitioners to deliver services

  3. Schedule and manage appointments

  4. Communicate with you about your care

  5. Process billing and claims (e.g., Medicare)

  6. Improve services and website functionality

  7. Send newsletters or updates if you subscribe (you may opt out at any time)

  8. Comply with legal obligations

5. Disclosure of Personal Information

We may disclose Personal Information:

  1. To your treating Practitioner

  2. To administrative staff and service providers (e.g., IT, billing, cloud services)

  3. To referrers, healthcare providers or insurers (with your consent or instruction)

  4. In emergencies to emergency contacts or responders

  5. As required by law (e.g., court order, child protection)

We do not sell, rent or trade personal information.

Your psychologists and counsellors may disclose confidential information obtained in the course of their provision of psychological services under any one or more of the following circumstances:

a) with the consent of the relevant client or a person with legal authority to act on behalf of the client;

b) where there is a legal obligation to do so;

c) if there is an immediate and specified risk of harm to an identifiable person or persons that can be averted only by disclosing information; or

d) when consulting colleagues, or in the course of supervision or professional training, provided the practitioner:

    1. conceals the identity of clients and associated parties involved; or

    2. obtains the client’s consent, and gives prior notice to the recipients of the information that they are required to preserve the client’s privacy, and obtains an undertaking from the recipients of the information that they will preserve the client’s privacy.

Teaching and Research

We may use de-identified information (information that cannot reasonably identify you) for teaching purposes, quality improvement, and to support research that helps monitor, evaluate, and improve medical and healthcare services.

If you do not wish for your personal information to be included in a de-identified data set for these purposes, you may withdraw your consent at any time by contacting our Privacy Officer in writing, including your full name, date of birth, and address. This will not affect your ability to receive services from us.

Storage and Security of Information

We take reasonable steps to protect Personal Information through:

  1. Secure digital systems (e.g., encrypted practice software, password protection)

  2. Anti-virus software

  3. Secure filing and restricted access to physical documents

  4. Staff training on privacy obligations

  5. Policies for data retention and destruction (7 years after last contact, or until age 25 for minors)

Where applicable we will comply with the Notifiable Data Breaches (NDB) scheme. If a breach is likely to result in serious harm, we will notify you and the OAIC.

Overseas Disclosure

Some third-party service providers (e.g., Microsoft, Google) may store or process data overseas. We will take reasonable steps to ensure they comply with privacy standards substantially similar to the Australian privacy laws. However, when you provide your personal information to us, you consent to the disclosure of that information outside of Australia in the circumstances described, and acknowledge that we are not required to ensure overseas recipients handle that personal information in compliance with Australian privacy laws.

Access, Correction and Maintenance

You have rights under the APPs to access or correct your personal information. Requests must be made in writing and may require ID verification.

For access to clinical records, please contact your treating Practitioner directly. We may charge a reasonable administrative fee for copies.

If you would like us to make Personal Information about you available to another health service provider who is treating you, you can make a request by contacting us in writing by email using the address details under Contact Us. Any request for us to provide personal information that we hold about you to another provider will be reviewed and actioned by your Practitioner.

We take steps to keep information accurate and up to date. Please notify us of any changes.

Website Use and Third-Party Links

We may provide links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third-party website. If you visit these websites, they will be governed by their own terms of use, including their own privacy policies.

Direct Marketing

By using the Website, you consent to the receipt of direct marketing material. We will only use your Personal Information for this purpose if we have collected such information directly from you, and if it is material of a type which you would reasonably expect to receive from us. We do not use sensitive Personal Information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature.

Minors

We are committed to protecting the privacy of children and young people. If you are under 18 years of age, we will assess whether you have the capacity to consent to the collection, use, and disclosure of your Personal Information. If you are considered mature enough to understand your privacy rights, you may provide your own consent. Otherwise, we will seek consent from your parent or legal guardian.

Parents and guardians may request access to, or correction of, their child’s Personal Information where appropriate. We will always act in the best interests of the child when handling personal information.

If you have any questions or concerns about the privacy of children’s Personal Information, please contact us using the details provided in this policy.

Complaints

If you have a complaint regarding your privacy, please contact our Privacy Officer in writing. We will investigate and respond promptly. If you are not satisfied, you may contact:

  1. Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au

  2. Health Complaints Commissioner (Vic): www.hcc.vic.gov.au

Policy Updates

This Policy may be updated from time to time. The latest version will always be available on our website or by request.

Contact Us

For privacy queries, access requests or complaints, please contact:

Attention: The Privacy Officer

Mind Body Heart Psychology Pty Ltd

242 Toorak Road, South Yarra VIC

Phone. 0451051891
Fax. (03) 7048 9948
Email. mindbodyheartpsychology@gmail.com