Privacy Policy

1. Information We Collect

Personal Information

We may collect the following types of personal information:

• Contact details: Name, address, phone number, email address
• Identification: Date of birth, Medicare number, DVA number, NDIS number (where applicable)
• Appointment information: Booking details, attendance records, session notes
• Communication records: Emails, phone calls, messages sent through our website

Health Information

As a mental health service provider, we collect sensitive health information including:

• Medical and mental health history
• Current health concerns and symptoms
• Treatment plans and progress notes
• Referral information from and to other healthcare providers
• Assessment and diagnostic information
• Information about your goals, preferences, and support needs

Website Information

When you visit our website, we may collect:

• Technical data such as IP address, browser type, and device information
• Usage data including pages visited and time spent on the site
• Information submitted through contact forms

2. How We Collect Information

We collect information directly from you through:

• Initial intake assessments and ongoing sessions
• Online booking systems (Halaxy)
• Website contact forms and email communication
• Phone conversations
• Consent forms and service agreements

We may also collect information from:

• Referral sources (with your consent)
• Other healthcare providers involved in your care (with your consent)
• Funding bodies such as DVA, NDIS, or WorkCover (where you are funded through these services)

3. How We Use Your Information

We use your information for the following purposes:

• Service delivery: To provide mental health and wellbeing support, including assessment, treatment planning, and ongoing care
• Appointments: To schedule, confirm, and manage your appointments
• Communication: To respond to your enquiries and provide service updates
• Funding and billing: To process payments and claims with DVA, NDIS, WorkCover, or private health insurers
• Quality improvement: To evaluate and improve our services (using de-identified data)
• Legal compliance: To meet our obligations under health professional standards, AASW Code of Ethics, and Australian law
• Safety: To manage risk and ensure safety where there is a serious threat to your wellbeing or the wellbeing of others

4. Confidentiality and Consent

Your Right to Confidentiality

All information you share with us is treated as strictly confidential. We will not share your information with anyone without your explicit consent, except in the limited circumstances outlined below.

When Information May Be Shared

We may share your information without your consent only when:

• Legal requirement: We are required by law (e.g., court orders, subpoenas)
• Safety concerns: There is a serious and imminent threat to your life, health, or safety, or the life, health, or safety of another person
• Child protection: We have reasonable grounds to suspect a child is at risk of harm
• Professional obligations: Required under AASW Code of Ethics, NDIS Practice Standards, or DVA requirements

With Your Consent

With your written consent, we may share information with:

• Your GP or other treating health professionals
• Referral sources
• Family members or support persons you nominate
• Funding bodies (DVA, NDIS, WorkCover) for service coordination and payment

5. How We Store and Protect Your Information

Secure Storage

We take the security of your information seriously and implement measures including:

• Secure, password-protected electronic health records systems
• Encrypted data transmission and storage
• Restricted access to information (only authorized personnel)
• Regular security updates and backups
• Physical security measures for paper-based records

Retention

We retain your records in accordance with Australian health record retention requirements:

• Adults: 7 years from the date of last service
• Minors: Until the person turns 25 years of age
• Deceased clients: 7 years from the date of death

Records are destroyed securely after the retention period through confidential document destruction services.

6. Third-Party Services

Halaxy Booking System

We use Halaxy for online appointment booking. When you book through Halaxy, your information is handled in accordance with Halaxy's privacy policy. Halaxy is a secure, Australian-based health practice management system compliant with Australian privacy laws.

Website Hosting

This website is hosted by Netlify. We do not use tracking cookies or analytics that collect personally identifiable information. Basic server logs may be retained for security purposes.

Email Communication

Email is not a secure method of communication. We recommend not including sensitive health information in emails. We use encrypted email where possible for clinical communication.

7. Your Rights

Under Australian privacy law, you have the right to:

• Access: Request access to your personal and health information
• Correction: Request correction of inaccurate or incomplete information
• Explanation: Understand how and why your information is being used
• Complaint: Make a complaint if you believe your privacy has been breached

Accessing Your Records

To request access to your records, please contact us in writing at hello@mindfulmates.org. We will provide access within 30 days, subject to any legal restrictions. A fee may apply for extensive requests to cover administrative costs.

Correcting Your Information

If you believe any information we hold about you is inaccurate, incomplete, or out of date, please contact us and we will take reasonable steps to correct it.

8. DVA and NDIS Clients

DVA Requirements

If you are accessing services under a DVA referral or treatment plan, your information may be shared with DVA for:

• Service approval and authorization
• Payment processing
• Quality assurance and compliance monitoring

This sharing is authorized under DVA regulations and supports the delivery of your entitled services.

NDIS Requirements

If you are an NDIS participant, your information may be shared with:

• The NDIS Quality and Safeguards Commission for compliance purposes
• Your NDIS plan manager or support coordinator (with your consent)
• NDIS for service verification and payment processing

We comply with NDIS Practice Standards, which include strict privacy and confidentiality requirements.

9. Telehealth Services

When providing telehealth services, we use secure video conferencing platforms. We recommend:

• Using a private space for sessions
• Using a secure internet connection (avoid public Wi-Fi)
• Using headphones for privacy

We do not record telehealth sessions without your explicit written consent.

10. Children and Young People

When working with children and young people, we balance their right to confidentiality with the rights and responsibilities of parents and guardians. We explain confidentiality limits at the beginning of service and throughout.

For young people aged 15-17, we assess their capacity to consent to treatment and handle their information independently, while also considering parental involvement where appropriate.

11. Complaints and Concerns

If you have a complaint or concern about how we have handled your information, please contact us:

• Email: hello@mindfulmates.org
• Phone: 0493 315 586

We take all privacy complaints seriously and will:

• Acknowledge your complaint within 5 business days
• Investigate thoroughly and impartially
• Respond within 30 days
• Take corrective action if needed

External Complaint Options

If you are not satisfied with our response, you can lodge a complaint with:

• Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au | 1300 363 992
• Australian Health Practitioner Regulation Agency (AHPRA): www.ahpra.gov.au
• Australian Association of Social Workers (AASW): www.aasw.asn.au
• NDIS Quality and Safeguards Commission: www.ndiscommission.gov.au | 1800 035 544

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on our website
• Noting the date of the last update at the top of this page
• Notifying current clients by email or in session (for significant changes)