PRIVACY POLICY

Side by Side Therapy Pty Ltd ACN 659 445 673 (‘we’, ‘our’, ‘us) understands the importance of, and are committed to, protecting your personal information. This Privacy Policy (Policy) sets out how we collect, use and share your personal information and how to contact us with any queries and concerns based on the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act).

Please take a moment to read our Privacy Policy as it describes what happens to personal information that we collect about you. By voluntarily supplying us with your personal information you are agreeing to be bound by this Policy.

In this Policy, a reference to “you” or “your” is a reference to a Client or the parent, legal guardian, legally appointed decision maker of a Client (referred to by us as a Client Representative) that has engaged us to provide services.

While we may update our Policy from time to time, the most recent version of this Policy will always be available on our website. If we change the Policy in any material way we will post a notice on our website along with the updated Policy. We may also contact you via your contact information on file, for example by email.

If you have any queries, concerns or complaints about how we handle your personal information, please contact our Privacy Officer in the first instance.

Our website may contain links to other websites. When a user clicks on a link to another website they are no longer subject to this Policy. We have no responsibility for linked websites and provide them solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or warranties about their accuracy, content, or thoroughness. Your disclosure of personal information to third party websites is at your own risk.

1. What types of information do we collect and why?

While providing our services to you, we collect personal information from our Clients and Client Representatives. We collect personal information through a number of mechanisms, including:

1.1 Collection from you: we collect and store information you provide directly to us (either in person, by email, by phone, or by any other direct means) in order to deliver our products and services. This includes:

• • Contact information: such as your name, address, email address, telephone number;
  • Personal information: such as date of birth, Medicare details and NDIS Plan details; and
  • Financial information: such as your bank account details, credit or debit card information information for the purpose of facilitating payments to us.

1.2 Automatic: we may use third party tools that track and measure user interaction and provides us with date to help improve our services. You can choose to opt-out of third-party tracking technologies or elect to prevent the use of cookies, however this may result in the loss of website functionality, restrict your use of the website or delay or affect the way in which the website operates

1.3 Communications: when you communicate with us, we collect information such as your contact details (such as email address or phone number). You can elect to not receive communications from us by contacting our Privacy Officer.

1.4 Digital platforms: Any information we collect from social media, or other online, platforms is collected in accordance with that platform’s terms and conditions.

1.5 Information you provide about someone else: If you provide us with personal information about someone else (especially when you act as a Client Representative), you must ensure that you are authorised to disclose that information to us and that, without us taking any further steps required by applicable privacy laws, we may collect, store, use and disclose such information for the purposes described in this Policy. Where we request you to do so, you must assist us with any requests by the Client to access or update the personal information you have collected from them and provided to us.

1.6 Sensitive Information: We may collect information considered to be sensitive information by the Privacy Act. So that we can provide our services, we may collect sensitive information about:

• • A Client’s health and/or any disabilities;
  • A Client’s former and present use of health services; and
  • Custody arrangements and child protection history, where necessary.

We collect sensitive information in order to allow us to:

• • deliver therapy and support services tailored to your needs; and
  • comply with our administrative and compliance obligations under the NDIS and with Medicare.

We will only collect this information directly from you or where we have consent to collect the information from a third party.

You have the option of either not identifying yourself (i.e. not providing your personal information) or interacting with us using a pseudonym. However, this may not be practicable when engaging us and may mean we cannot provide our services.

2. How do we use your information?

We will only use your information for the purposes for which it was collected (primary purpose) or a purpose related to that primary purpose if it would be reasonably expected by you or where we have separately obtained your consent.

We use personal information for the primary purpose of delivering social work services including therapy and related support, consultation and training services tailored to your needs.

How we use the information we collect depends, in part, on which services you use, how you use them and any preferences you have communicated to us. If you would like to restrict how your personal information is handled beyond what is outlined in this Policy, please contact our Privacy Officer.

2.1 Disclosure of personal information to third parties

We may disclose your information to third parties who assist us in providing, managing and administering our services. We will also disclose your personal information where such disclosure is required by law.

We will disclose (in accordance with any consent withdrawn) the personal and health information (such as information from our sessions) to any authorised Client Representative of a Client, or to any other individual nominated in the relevant Individual Service Agreement. This communication is necessary to provide the highest level of treatment, however you may withdraw consent to these disclosures at any time.

We also may disclose your personal information to third parties that:

• • Assist in providing you with health services, such as any other health practitioners that we may refer you to or with whom we communicate;
  • Are nominated as community organisations or individuals to which you have consented disclosure of your information to; and
  • We are required to disclose information to in accordance with compliance obligations (such as under the NDIS or Medicare);
  • Other third parties where we have obtained consent or been instructed to disclose personal information by you.

We will not disclose your personal information unless we believe on reasonable grounds that you have provided your authorisation. In certain circumstances we may be required to disclose your personal information without your consent to comply with our NDIS/Medicare disclosure obligations, court orders, subpoenas or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your personal information.

2.2 Use of Artificial Intelligence (AI)

In limited cases, we may use AI technologies to assist with administrative tasks (e.g., transcription or drafting case notes). Only de-identified information will be used, and AI will not be employed for automated decision-making in relation to clients.

3. How do we store and secure the information we collect?

We store your personal information both as physical files in a secured, locked area and on our electronic data base system and on computers with appropriate back up and security systems.

3.1 Security and management of personal information

We will take reasonable steps to protect the personal information we hold from misuse, loss, and unauthorised and accidental access, modification, disclosure, destruction, or other action which prevents or otherwise hinders our access to your personal information on a temporary or permanent basis.

We do this by:

• For physical files, only keeping paper records in secure, locked physical locations;
• For electronic files, using both Apple iCloud Advanced Data Protection and Halaxy practice management software, a healthcare industry leader in data protection and transparency. Halaxy employs bank-grade security and encryption, ensuring data is secure at rest and in transit via TLS/SSL protocols. Data is backed up daily and stored securely in Australia. More information about Halaxy’s security can be found here < https://www.halaxy.com/article/security >;
• Requiring any third party providers to have acceptable security measures to keep personal information secure;
• Imposing confidentiality requirements on our employees; and
• Only providing access to personal information once proper identification has been given.

While we take all steps reasonable in the circumstances to protect your information, in the unlikely event of a data breach we will notify you in accordance with our obligations under the Privacy Act. Where there is a risk of serious harm arising from the breach, we will notify you and any relevant authorities.

We will only keep your personal information for as long as we require it for the purpose for which it was collected. However, we may also be required to keep some of your personal information for specified periods of time, for example under applicable health care and other legislation.

If we no longer require your personal information, and are not legally required to retain it, we will take reasonable steps to destroy or de-identify the personal information.

3.2 Sending information overseas

We do not disclose or store personal information overseas.

4. How to access and control your information?

4.1 Accessing the information we hold about you

Under the APPs you may have a right to obtain a copy of the personal information that we hold about you. To make a request to access this information please contact us in writing. We will require you to verify your identify and specify what information you wish to access. If eligible, we will grant you access to the information within 30 days.

If we accept the request, we may charge a fee to cover the costs of verifying your application, and retrieving, reviewing and copying any material requested (depending on the scope of the request).

4.2 Updating your personal information

We endeavour to ensure that the personal information we hold about you is accurate, complete and up to date. Please contact us at the details above if you believe that the information we hold about you requires correction or is out of date. We endeavour to process any request within 30 days and will provide written reasons if your request is rejected, as well as providing details for making a complaint about the refusal if necessary.

5. Complaints

If you are concerned that we have not complied with your legal rights or the applicable privacy laws, contact our Privacy Officer in the first instance. Please contact our Privacy Officer (contact details above) with a thorough description of your concerns and a response will be provided within a reasonable period. All complaints must be in writing.

When processing a compliant, we will require you to provide us with information to confirm your identity before processing a request related to information we may hold about you.

We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also contact the Office of the Australian Information Commissioner as follows:

Director of Compliance Office of the Australian Information Commissioner

GPO Box 5218

Sydney NSW 2001

For more information on privacy see the Australian Information Commissioner’s website.