WINKLER PSYCHOLOGY

PRIVACY POLICY

We provide clinical psychology services and in this Privacy Policy we, us or our means Christopher Winkler (ABN 61 686 694 145) trading as Winkler Psychology.

This Privacy Policy sets out our commitment to protecting the privacy of your personal information. In providing our services to you, personal information about you may be provided to us, or otherwise collected by us, offline or online, including when you access our website, use our online contact form, telephone us, email us, SMS us, complete any questionnaire we provide you, visit our practice or participate in a telehealth consultation (Services).

What personal information do we collect?

We may collect personal information about you for the purpose of providing our Services to you. We may collect this information directly from you or from a third party such as your referring doctor, or from a family member, partner or other support person but only with your consent or if required or authorised by law. This may include personal information, sensitive information and health information.

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

Sensitive information: is a sub-set of personal information that is given a higher level of protection under the Australian Privacy Principles. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

Health information: is a type of sensitive information and includes any personal information that is collected while providing you a health service. For example, any details you share with us in a consultation about your medical history or mental health will be health information.

The types of personal information we may collect about you include:

When you contact us:

  • your name;
  • your contact details, including email address and/or telephone number; and
  • any other required personal information requested by us and/or provided by you or a third party.

When you register with us as a client:

  • your contact details, including email address, mailing address, street address and/or telephone number;
  • your date of birth;
  • your Medicare number (if you are referred to us under a mental health plan);
  • details of your referring doctor;
  • an emergency contact name and telephone number;
  • our correspondence with you or with other health professionals about you; and
  • any other required personal information requested by us and/or provided by you or a third party.

When you have a consultation with us:

  • personal details which are necessary and relevant to the assessment and/or treatment of your presenting mental health concern and which you choose to share with us. For example, this may include details of your schooling/training/employment status; your marital status; your beliefs and values, and views;
  • sensitive information (including health information) which is necessary and relevant to the assessment and/or treatment of your presenting mental health concern and which you choose to share with us and any mental health assessment or diagnostic opinion we believe it is necessary or relevant to record. The types of sensitive information you choose to share with us may include:
    • detailed information about your current medications, your physical health and detailed information about your psychological health;
    • your racial or ethnic origin;
    • your religious beliefs;
    • your philosophical beliefs;
    • your political beliefs or affiliations;
    • your sexual orientation or practices; and
    • any other sensitive details you choose to share with us;
  • any other required personal information requested by us and/or provided by you or a third party.

When you visit our website:

We also may collect personal information about you, directly from you or from a third party, for the purpose of delivering our website to you. The types of personal information which we may collect when delivering our website to you include:

  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider; and
  • additional personal information that you provide to us, directly or indirectly, through your use of our website or associated applications from which you permit us to collect information.

Cookies: We may use cookies on our online Services from time to time. Cookies are text files placed in

your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. If and when you choose to provide our online Services with personal information, this information may be linked to the data stored in the cookie.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our online Services.

Web beacons: We may use web beacons on our website from time to time. Web beacons (also known as Clear GIFs) are small pieces of code placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

Why do we collect and use your personal information?

We collect, hold, use and disclose personal information for the following purposes:

  • to book an appointment for you whether via email or over the phone (using only enough personal information to effectively respond to your request);
  • to contact and communicate with you about your appointment (using only enough personal information to effectively respond to your request);
  • to enable your referring doctor to refer you to us and/or book an appointment for you;
  • to register you as a client
  • to check you in at our practice;
  • to provide our clinical psychology services;
  • for internal record keeping;
  • for administrative purposes including invoicing and billing purposes;
  • to enable you to access and use our website and trusted associated applications and platforms; and
  • to comply with our legal obligations and resolve any disputes that we may have.

How do we disclose your personal information?

We may disclose your personal information to:

  • third party service providers as required for the purpose of enabling them to assist us in providing our Services to you, including (without limitation):
    • our practice management cloud based software Power Diary (see their privacy policy https://www.powerdiary.com/privacy-policy/) to manage your appointments, our clinical records and our correspondence with or related to you. Power diary uses Amazon Web Services (https://aws.amazon.com/compliance/australia-data-privacy/) as their infrastructure provider with data stored in Australia. Both use a range of strong security measures. To read about Power Diary’s security, see https://www.powerdiary.com/au/security/);
    • software to send and receive emails and for internal business purposes, including for accounting purposes and for business document storage;
    • IT services for IT support, advice and management;
    • telehealth solutions;
    • payment service providers; and
    • telecommunication service providers.
  • professional advisors (such as our accountant or lawyers, where required);
  • our employees, contractors and/or related entities (on a need to know basis);
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights; and
  • any other relevant third parties, where we make a clinical decision that we must disclose your personal information, based on an assessment of your best interests, taking into account your age, health, safety and any possible immediate or substantial risk to you.

Where we disclose your personal information to third parties, it is important to us that the third party handles your personal information in accordance with the applicable Australian privacy laws.

Overseas disclosure: We take reasonable steps to use Australian based third party service providers where practicable. However, occasionally these providers are located outside of Australia or need to transfer or access your information outside of Australia to assist us in providing our Services to you.

By providing us with personal information, you understand we may disclose a limited amount of your information outside of Australia and acknowledge that where we disclose personal information to a third party outside of Australia, we will only use reputable third parties and we will only disclose the personal information necessary for the recipient to assist us in supplying our Services to you.

Disclosing your sensitive information

Your sensitive information may only be used and disclosed for:

  • purposes for which you may consent, such as:
    • to provide a written report to another agency or professional, e.g. a general practitioner or a lawyer;
    • to discuss the material with another person, e.g. a parent, employer, health provider, or third party funder;
    • to disclose the information in another way; or
    • to disclose to another professional or agency (e.g. your general practitioner);
  • secondary purposes directly related to the primary purpose for which your sensitive information was collected, including disclosure to the above listed third party services providers as reasonably necessary to provide our Services to you;
  • to refer you to medical or health service providers, or to speak with your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person and is impractical for us (or we are unable) to obtain your consent; and
  • if otherwise required or authorised by law, such as where the information is subpoenaed.

Your rights and controlling your personal information

Choice and consent: Please read this Privacy Policy carefully. By providing personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Anonymity: Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us. For example, if you make a general enquiry, you may choose to use a pseudonym but where we provide our psychology services to you we will require that you provide some identifying information.

Restrict and Unsubscribe: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. To unsubscribe from our e-mail database or opt-out of communications (including any marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request details of the personal information that we hold about you. An administrative fee may be payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. We will respond to your request in writing within 30 days and we will tell you if we cannot provide access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date. Please note, in some situations, we may be legally permitted to not correct your personal information. We will respond to your request in writing within 30 days and we will tell you if we cannot correct your information.

Complaints: If you wish to make a complaint about how we have handled your personal information, please contact us using our contact details at the end of this Privacy Policy and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. If your complaint is not satisfactorily handled by us, you may choose to lodge a formal complaint

with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a-privacy-complaint or by post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. These procedures include:

  • securing any personal information we hold in an electronic format behind password log ins (typically with multi factor authentication);
  • securing any personal information we hold in physical files in a locked cabinet;
  • encrypting data, using virus protection software, implementing firewalls; and
  • limiting internal access to the personal information we hold about you based on a need to know basis.

Although we take measures to safeguard against unauthorised disclosures of information, due to the inherent risks associated with the Internet, we cannot assure you that the personal information we collect and send over the Internet, will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Personal information retention

Your personal information is only kept while it is required for the purpose for which it was collected or as required by law. It will then be securely destroyed or de-identified.

Health records are kept for a minimum of 7 years since the last time you we provided you a health service. We generally don’t work with children at our practice, but if you were a child when we provided you a psychological service then we keep your health record at a minimum until you reach the age of 25. When we destroy your health record, we keep a written note of your name, the date we destroyed it, and the time period the record covered. This is to comply with the Health Record Act 2001 (VIC).

Links to other websites

We do not have any control over any website which is not our website and we cannot be responsible for the protection and privacy of any personal information which you provide whilst visiting other websites. Those websites are not governed by this Privacy Policy and we recommend that you review the privacy policies on those other website before using them.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website and making it available to you in hard copy within our practice. We

recommend you regularly check our website and the policy available in our practice to ensure you are aware of our current Privacy Policy.

For any questions or notices, please contact Chris Winkler at:

Christopher Winkler (ABN 61 686 694 145) trading as Winkler Psychology

Email: chris@winklerpsychology.com.au

Phone: 03 9108 7236

Fax: 03 8330 5928

Last update: 02 June 2020