PRIVACY POLICY

This policy outlines how Altitude Clinical Psychology (ABN 46143609764) collects, holds, uses and discloses personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and other relevant laws. 

WHAT PERSONAL INFORMATION WE COLLECT & HOW AND WHY WE COLLECT IT?

What personal information do we collect?

The personal information we collect is generally limited to:

• your name and contact details e.g., email and Phone

• date of birth; 

• gender; and

• any communications we have.

We collect additional personal information about you, including sensitive information as defined in the Privacy Act 1988 (Cth), when you book an appointment and during the course of treatment. We only collect this information with your consent or when required or authorized by law. This information includes:

• your address

• emergency contact details

• your Medicare number

• GP details

• your social and medical history

• your occupational and educational history

• details of any court orders in place

• sensitive information from you with your consent, such as where we ask for information about your health; 

• responses and results from psychological tests and questionnaires

• responses and results reasonably obtained as part of a psychological assessment

• information pertaining to your session notes, treatment plan and your response to treatment

• financial information such as your credit card or direct debit details; and

• information about how you use our website, via third parties.

We may collect personal information about you if you are a healthcare professional or healthcare service provider who have referred a client to us or who are providing services to a client of ours, such as your name, medical specialty, Medicare provider number and contact details.

How do we collect your personal information?

The main way we collect information is when you give it to us, for example, via our intake forms, phone, email, or during consultations. We may also collect information through SMS interactions for appointment-related communications where you have consented to this form of contact. Before collecting your personal information, we will obtain your informed consent for the collection and use of your information as outlined in this privacy policy. You have the right to withdraw your consent at any time, though this may affect our ability to provide services to you. You have the right to withdraw your consent at any time, though this may affect our ability to provide services to you.

We may also collect personal information about you, including sensitive information, indirectly from other sources such as your GP or other healthcare professionals, government agencies administering your entitlements and benefits, a carer, a legal professional or a person responsible for your healthcare decisions. If you want to share information that includes another person’s information in which that person will be identifiable, you must seek consent from the individual and let them know about our Privacy Policy.

We use cookies on our website to enhance security and functionality. You will be notified about cookie use when visiting our website and can choose whether to accept them. These cookies may collect information about your browsing activities but do not identify you personally. You can control cookie settings through your browser preferences. 

Our website uses basic analytics tools to collect anonymous usage data that helps us improve our website functionality. This information is not linked to your personal or clinical information.

Why do we collect your personal information?

We need your personal information to:

• communicate with you in relation to your enquiry;

• assess whether we are an appropriate service for you

• provide you with psychological services such as assessing, diagnosing, and treating psychological issues or preparing reports

• enable you to receive the correct entitlements to benefits and funding for our services from third-party payers and to comply with their requirements

• conduct our business, and enable your use of our website, products, and services; and

• in some cases, to comply with our legal obligations, such as record keeping.

• Providing accurate and complete information is important for the safety, quality, and effectiveness of the services we provide. We limit our data collection to what is necessary for the stated purposes. If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you with the services you are seeking. 

If you do not wish for your personal information to be collected in a way anticipated by this Privacy Policy, Altitude Clinical Psychology may not be in a position to provide the psychological service to you.

We collect de-identified statistical information about website usage solely to improve our service delivery and ensure our website functions effectively. We do not use your personal information for advertising purposes. 

You can opt-out of the collection and use of this information by changing your privacy settings or opting out. To opt-out you can go here: https://tools.google.com/dlpage/gaoptout

To change your LinkedIn ad preferences, you can go here: https://www.linkedin.com/mypreferences/d/categories/adshttps://www.linkedin.com/mypreferences/d/categories/ads

To change your Facebook ad preferences, you can change your privacy settings.

Altitude Clinical Psychology uses secure web-based platforms to administer, score, and analyse psychometric data. We will inform you before sharing your personal information (name, date of birth, gender, and email address) with these platforms. These third-party providers are bound by strict confidentiality agreements and must comply with Australian privacy laws. We ensure these platforms maintain appropriate security standards to protect your information. If information about other individuals (‘informants’) is required, we will obtain their separate consent before collection. Each platform has been selected based on their commitment to the confidentiality and safeguarding of all personal information collected. Please see below for more information on each platform’s respective privacy policies:

•  Multi-Health Systems Inc. (MHS)

• WPS Health Solutions

• PAR, Inc. and PARIConnect

• Novopsych

WHEN DO WE DISCLOSE PERSONAL INFORMATION & HOW YOU CAN ACCESS IT? 

When do we disclose your personal information?

We will take reasonable precautions to protect your personal information in accordance with the Australian Privacy Principles, including implementing appropriate security measures against loss, unauthorised access, disclosure, misuse, or modification. Your information is stored securely using industry-standard safeguards and is accessible only to authorised personnel who require it for your care. Information is kept in accordance with our legal record keeping obligations and then destroyed appropriately. If it is unsolicited, it is also destroyed. We generally will not disclose your personal information unless:

• you consent;

• it is required or authorised by law*; or

• it is reasonably necessary for one of the purposes for which we collect it.

* This can include where we are of the reasonable belief that there is a serious risk to life, health or safety of you or another person. For example, if there is evidence of clear danger of harm to self-and/or others, we may be legally required to report this information to the authorities responsible for ensuring safety. This includes if there is a strong suspicion of physical or sexual abuse or emotional, or neglect or exposure to family violence of any person under 18 years of age. A court order could also require us to release information contained in records.

• You would reasonably expect your personal information to be disclosed and disclosure to that third party is for a purpose directly related to the primary purpose for which your personal information was collected. For example, a GP or medical specialist involved in your care, a hospital for higher levels of care, the ambulance service, government agencies and other third-party payers administering subsidies and benefits to which you may be entitled such as Medicare

• A regulatory body requests this information;

We may disclose your personal information where necessary to third-party service providers who assist in our operations, such as secure data storage providers and payment processing services. These providers are bound by strict confidentiality obligations and must comply with the Australian Privacy Principles and relevant healthcare privacy regulations. To protect your personal information, we endeavour to ensure that our third-party service providers also comply with the Australian Privacy Principles, but some third parties we use may collect, hold, and process personal information overseas.  You can opt-out of non-essential collection and use of your information by changing your privacy settings or contacting us, except where we are required by law or professional standards to maintain certain information.

How can you access or delete your information? 

Under APP 12 and APP 13, you have the right to access your personal information and request corrections to ensure it is accurate, up-to-date, and complete. We will respond to such requests within 30 days. However, under the Health Records Act, we are required to retain clinical records for a minimum of 7 years after the last contact for adult clients, and until a child client turns 25 years of age. These records cannot be deleted during these mandatory retention periods. You can update your contact details and communication preferences by contacting us by email.  If you consider that we have breached any privacy laws, please also email us at astrid@altitudepsychology.com.au. You can make a complaint with the Office of the Australian Information Commissioner by phone at 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a- privacy-complaint or post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.

ADDITIONAL PROVISIONS FOR EUROPEAN CITIZENS

If you are a resident of the European Economic Area (“EEA”) or the UK you have certain rights and protections under the General Data Protection Regulations ("GDPR") or its UK equivalent, The Data Protection Act 2018. We want you to know that we take these rights seriously and will always do our best to protect your personal information. We are what's called a "controller" under the GDPR as we collect, use and store your personal information to provide you with our website services and information about them.

We will always rely on a lawful reason for processing your information, such as:

• where you have given us valid express consent to use your personal information we will rely on that consent, and only use the personal or sensitive information for the specific purpose for which you have given consent; and

• where we need comply with the law or act in an emergency, we will rely on that lawful means of processing your personal information.

Your Rights

Under Australian privacy law and health records legislation, you have various rights regarding your personal and health information, including the right to access and correct your information, understand how we handle your information, and make complaints about our handling of your information. If you are an EEA or UK resident, you have additional rights under the GDPR including the right to be informed; right of access; to rectification; to object; to restrict processing; to erasure or to be forgotten; to data portability; and the right not to be subject to automated processing. You can opt out of marketing communications by following the unsubscribe instructions in our emails. Please note that we may still need to send you essential communications about your healthcare services, appointments, or other information required for your ongoing care. In some circumstances where we have a legal basis to do so we may continue to process your information after you have withdrawn consent, for example if it is necessary to comply with an independent legal obligation or if it is necessary to do so to protect our legitimate interest in keeping our services secure.

Security

We maintain all personal and health information in accordance with the Privacy Act 1988, the Australian Privacy Principles, and relevant state health records legislation. Information is kept confidential and secure, with access restricted to authorized personnel who need it to provide your healthcare services. We collect and retain information as required by law and professional standards, including specific retention periods for health records as mandated by state legislation. We implement and maintain appropriate technical, security and organisational measures to protect your personal information against unauthorised or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure. We ensure the encryption and pseudonymisation of personal information and we have adequate cyber security measures in place. Where necessary for your care or as required by law, we may need to disclose your information to third parties, including other healthcare providers, Medicare, private health insurers, or mandatory reporting authorities. Any overseas transfer of your health information will only occur with your explicit consent or as permitted by Australian privacy laws. We ensure all third parties comply with relevant Australian privacy laws and professional standards.

Changes to this policy

We may periodically make changes to this policy to reflect changes in the law or professional best practice guidelines. We encourage you to review this policy to remain informed.

Thank you!

Thank you for trusting us with your personal information. Above all, we will do our best to keep it safe and use it responsibly.