This policy should be read in conjunction with our Terms and Conditions policy.
Michelle McClintock (MM) has adopted this Policy in accordance with privacy laws.
This Policy specifies how MM handles Personal Information, which we collect in order to conduct our Services.
In the course of delivering our Services and communicating with the public, MM may also collect information about Individuals who do not use our Services.
Capitalised words in this Policy are defined terms. Defined terms are explained at the end of this Policy.
2. Collecting information directly from people
MM collects Personal Information directly when an Individual:
- contacts MM by telephone, fax, email, Facebook or any other form of communication;
- gives MM his or her information in person, on paper, or in electronic form, including an online inquiry, a GP referral and new client intake form;
- sends MM a message through SMS or a third party app;
- subscribes to the mindful psychologist website;
- MM also collects Personal Information directly when:
- MM’s analytics service may log details about website visits; and
- MM’s website places a cookie on an Individual’s device or store Individuals’ I.P. addresses.
3. Collecting information from third parties
With an Individual’s explicit permission, MM records and collects Personal Information about Individuals from third parties when:
- MM manages records about an Individual using our Services;
- third parties (such as medical doctors) give MM access to files containing Personal Information;
- MM is given written or verbal information from a family member, teacher, medical practitioner or health practitioner, EAP, a referring agency, or any other referral source; and
- parents and guardians provide information about their children or children in their care.
4. Types of information that Michelle McClintock (MM) collects and holds
Using processes described in this Policy, MM collects the following categories of Personal Information about Individuals:
- Content – may include whatever Personal Information is included in the content Individuals sharewhen using MM’s Services;
- Identity Information – may include name, signature, date of birth, nationality, license & registration details, Medicare details, private health insurance member details, family details, employment details, educational information;
- Contact Information – may include email address, social media profile, telephone & fax numbers, residential and postal addresses;
- Internet Data – webpage views, IP address, referring web site addresses, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google.
5. Sensitive information
Privacy laws categorise certain types of Personal Information as “sensitive information”, including information (that is also Personal Information) about an Individual’s:
- racial or ethnic background;
- political opinions;
- religious beliefs or affiliations;
- philosophical beliefs;
- criminal activity or records; and/or
- sexual orientation and/or practices;
as well as Health information about an Individual, including:
- any information or opinion about the Individual’s health and mental health status, health services provided, or wishes regarding health care; and
- information collected to provide, or in providing, a health service of any kind.
MM collects health information from Individuals in the provision of Services. If Individuals disclose other sensitive information to Michelle McClintock, this may be included in your health record.
6. How MM stores Personal Information
MM holds and stores Personal Information using:
- Storage Services – third party data storage services including, but not limited to, PayPal and Dropbox apps, CoachesConsole (practice management software), Suncorp Bank (Suncorp) for payment transactions, Facebook (business page messaging), and any other applications or software used for business operations;
- MM Devices – devices, such as mobile phones, operated by MM and employees and contractors; and
- Paper Files – printed paper and files.
You may change your details at any time by advising us in person or in writing via email.
MM will take reasonable precautions to protect Personal Information from unauthorised access. This includes measures to secure MM’s physical facilities and electronic networks. MM secures Personal Information that MM collects with requirements and agreements between MM and employees and contractors.
MM limits access to personal information to those with a valid and legitimate reason for using that information. MM information storage includes security measures such as passwords, pins, encryption, session expiries, SSL network encryption, SSL certificate and website transmission encryption, the use of reputable vendors (e.g., Google, eFax and CoachesConsole), two-factor authentication, and physical destruction of paper documents once electronically uploaded.
Dropbox security information: https://help.dropbox.com/accounts-billing/security/how-security-works
CoachesConsole security information: https://www.coachesconsole.com/features/security-compatibility/
Efax security information: https://www.efax.com.au/privacy-policy
Suncorp Australia Bank security information: https://www.suncorp.com.au/banking/security.html
MM does not and will not store an Individual’s credit card information on any device or server. For more information on security, please contact MM using the details listed below.
8. Deleting your information
MM will only delete Personal Information when considered appropriate under relevant state and national laws. MM’s deletion process includes:
MM identifying all digital records relating to the individual and delete them from these digital storage media; and
MM identifying any paper records relating to the individual and shred these onsite or personally de-identify them.
Records relating to adult clients will be kept for seven years following the date of last contact and records regarding children are to be kept until the child attains the age of 25 years.
MM has certain obligations under Australian laws to retain some client information for a prescribed period of time (seven years or once the person turns 25, whichever occurs first).
9. Why data is held, used and disclosed
MM’s handling of Personal Information includes holding, using and sometimes sharing the Personal Information so that MM can:
facilitate the creation of appointments;
manage records about Individuals’ appointments, psychological health and treatment;
offer surveys or questionnaires;
transact with Individuals and process payments;
facilitate Medicare and health insurance claims;
assess and improve their Services; and
provide secure access to their Services.
For more information on when MM shares Personal Information, see below.
10. Disclosing Personal Information
MM shares Personal Information with others in the following ways:
facilitating the sharing of information about inquiries, bookings, processing Medicare rebates, invoices and payments;
sharing information with other health practitioners, parents/guardians, teaching staff, governmental institutions including Medicare and private healthcare insurers; and
sharing information with administration staff and business service providers.
11. Information requests: Family court orders and parent plans
MM has a process for verifying the identify of any person requesting information in relation to a person under 18, if they are not the parent or caregiver that has initiated the engagement of our services. MM need to verify that person’s right to access information about a child with written evidence, to ensure that we only share information with people who are appropriately authorised to access this information about a child.
MM’s requirements for processing information requests are:
We need to receive copies of the following documents via email or post, from people that have not personally initiated the engagement of a child with our services, before we are able to communicate any information in relation to a person under 18 who is accessing our services:
A clear scanned copy of your driver’s license or passport so we have evidence of your identity;
A full copy of the family court order with your personal details as they appear on your proof of identity. Please indicate which section/s or clause/s describe accessing health information in relation to the child mentioned in the order;
A letter from you stating your full name, date of birth, the child’s name and date of birth, your relationship to the child, and that you wish to request a written summary of health information in relation to this child, as well as the purpose for this request. Please note, we only provide written summaries in response to these requests.
As the contents of a written summary takes a psychologist time to carefully prepare and check, and typically takes them 1.5 hours, we charge an information request service fee of $262.50 (1.5 hours @ our hourly rate of $175) to prepare and provide this summary.
We need to receive full payment before commencing the preparation of this document. Your psychologist will provide account details to make a secure electronic funds transfer.
We will provide the summary within 10 business days of receiving payment to prepare the document
This summary is not an assessment or a report, as we have a company policy to not provide assessments or reports for family court and custody related purposes.
We are bound by our professional code of ethics to maintain confidentiality of the child and the parent who has engaged treatment from us. As such, the summary will not contain records or transcripts of information any parties have communicated in confidence. The overview will discuss the findings of any assessments conducted, interventions provided, and recommendations that the treating psychologist has made regarding the child.
Note: All information requests must meet the requirements stated above, and if they don’t, we will not be able to provide information in relation to any person under 18. Further emails or calls from anyone requesting information will not remove the need to follow the processes outlined above, and any such communications will be ignored or reported to authorities if they are persistent or harassing in any way.
12. Access to Personal Information
When MM uses the services of third party businesses in order to provide our Services, they may gain access to MM’s data, including Personal Information. Such third party services may include:
Hosting – Cloud and web hosting services used by MM such as Dropbox applications https://help.dropbox.com/accounts-billing/security/how-security-works and CoachesConsole https://www.coachesconsole.com/features/security-compatibility/
Support – administration staff and contractors, IT support services, web and software development contractors;
Business analytics – Google Analytics (see http://www.google.com/intl/en/policies/privacy/)
Payments – Suncorp Australia Bank (Suncorp) for EFTPOS and PayPal payment system (https://www.paypal.com/au/) (see https://www.suncorp.com.au/about-us/legal/privacy.html and https://www.paypal.com/au/webapps/mpp/ua/privacy-full)
Billing – private health insurers and Medicare (see https://www.humanservices.gov.au/individuals/privacy)
MM will only share Personal Information with these third parties to the extent necessary to perform their functions. These third parties typically have their own privacy and security policies. For more information about this, contact MM using the details listed below.
13. Disclosing information overseas
MM use other service providers for the purposes of administration, such as PayPal (online payments), Dropbox (cloud storage) and CoachesConsole (clinic management software), who have data centres overseas in countries such as the USA. Thus, MM may store some Personal Information overseas. Individuals may not have the same rights relating to their information when it is overseas as they would under Australian privacy law.
By using reputable and large companies such as PayPal, Dropbox and CoachesConsole, we take reasonable steps to ensure that the Personal Information that we transfer to overseas recipients will not be held, used or disclosed by the recipient of the information.
14. Contacting us
Individuals can contact MM if they want to access, correct or delete Personal Information, or lodge a complaint to MM by contacting MM via email: firstname.lastname@example.org
MM reserves the right to refuse access or correction where reasonable grounds exist for doing so, such as when providing access would be unlawful or compromise the privacy of another person.
15. Complaints process
If Individuals have a complaint about privacy, they can contact MM using the email listed above. MM will respond to complaints in writing within a reasonable period (usually 10 business days from the day we receive an email).
MM will try to work with Individuals to resolve complaints entirely within 20 business days, although that period may be longer if it is reasonable to take longer given the nature of the complaint.
If Individuals are unsatisfied with our response, they may refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).
means a natural person, not a business entity or organisation.
means information about an Individual whose identity is apparent, or can reasonably be established, from that information. This includes information like names, telephone numbers, email addresses and physical addresses.
means this document, drafted in accordance with the Privacy Act 1988 (Cth).
means Michelle McClintock and her staff, associates and contractors.
means the following services:
managing inquiries from the public;
arranging psychology and coaching appointments, including face-to-face appointments, video-conferencing, telephone appointments;
facilitating Medicare and private health insurance claims in relation to appointments;
facilitating payment for appointments; and
managing the documentation and records associated with appointments.