top of page



Our practice is committed to best practice in relation to the management of information we collect. Elementa Psychology Pty Ltd has developed a policy to protect patient privacy in compliance with privacy legislation including the Privacy Act 1988 (Cth) (‘the Privacy Act’).  This Privacy Policy describes generally how we manage personal information and safeguard privacy, and is designed to inform you of:

  • the kinds of information that we collect and hold, which, as a psychology practice, is likely to be ‘health information’ for the purposes of the Privacy Act;

  • how we collect and hold personal information;

  • the purposes for which we collect, hold, use and disclose personal information;

  • the location of persons to whom we may disclose your information;

  • how you may access your personal information and seek the correction of that information;

  • how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint;

  • whether we are likely to disclose personal information to overseas recipients.

What kinds of personal information do we collect?

The type of information we may collect and hold includes:

  • your name, address, date of birth, marital status, email and contact details, and if you are under 18, the details of your parent or guardian;

  • details of your emergency contacts, including their name, phone number and relationship to you

  • your Medicare number, DVA number and other government identifiers, although we will not use these for the purposes of identifying you in our practice;

  • other health information and sensitive personal information about you, including:

    • notes of your general, physical and mental health status and history 

    • lifestyle information 

    • employment status 

    • your prescriptions and other pharmaceutical purchases

    • any diagnosis or treatments provided to you by medical professionals

    • your appointment and billing details

    • your healthcare identifier 

    • any other information about your race, sexuality or religion, when collected by a health service provider

  • insurance claim information, if relevant

  • other medical reports and forms if relevant


How do we collect and hold personal information?

We will generally collect personal information:

  • from you directly when you provide your details to us. This might be via a face-to-face discussion, telephone conversation, registration form (offline or online).

  • when you communicate or interact with us via our website, appointment booking form, online chat, email, subscription form, social media channels or when you decide to include your personal details when responding to an online advertisement for our services.

  • from a person responsible for you (for example if you are under 18 years old).

  • from third parties where the Privacy Act or other law allows it - this may include, but is not limited to: the My Health Record system, Medicare, or your health insurer.

  • from our payment gateway provider Square AU Pty Limited with your consent— All appointment bookings that are made through our website are processed securely and externally by Square AU Pty Limited.  Unless you expressly consent otherwise, we do not see or have access to any personal information that you may provide to Square, other than information that is required in order to process your appointment bookings (e.g., your name, email address and billing address).  Should you wish to obtain a copy of Square’s privacy policies, please contact them directly.

Why do we collect, hold, use and disclose personal information?

In general, we collect, hold, use and disclose your personal information for the following purposes:

  • to inform you about the health services we provide using email (direct) marketing, where you have expressed an interest in our services and have consented to receive such information.  Note you may opt out of direct marketing at any time – see ‘Unsubscribing From Direct Marketing’ below

  • to administer our website; to personalise our website for you and to enable your access to and use of the website services 

  • to provide health services to you, including telehealth services through secure online portals [or over the telephone]

  • to communicate with you in relation to the health service being provided to you 

  • to comply with our legal obligations, including, but not limited to, circumstances where it is subpoenaed by a court, for mandatory reporting under applicable child protection legislation, where failure to disclose the information would in the reasonable belief of Elementa Psychology, place a client or another person at serious risk to life, health or safety  

  • where required by law to disclose information to an overseas recipient in accordance with the under the Privacy Act 1998 (Cth) for example where a ‘permitted general situation’ exists (such as lessening or preventing a serious threat to life, health or safety, taking appropriate action in relation to suspected unlawful activity or serious misconduct) or as required or authorised under an international agreement relating to information sharing or an enforcement related activity

  • to help us manage our accounts and administrative services, including billing, arrangements with health funds, pursuing unpaid accounts, management of our ITC systems

  • for consultations with other doctors or allied health professional involved in your healthcare, where you would reasonably expect such information to be disclosed (e.g. your GP) and the disclosure of that information  is for a purpose directly related to the primary purpose for which your personal information was collected 

  • for identification and insurance claiming

  • If you have a My Health Record, to upload your personal information to, and download your personal information from, the My Health Record system

  • To liaise with your health fund, government and regulatory bodies such as Medicare, the Department of Veteran's Affairs and the Office of the Australian Information Commissioner (OAIC) (if you make a privacy complaint to the OAIC), as necessary

  • To assist with training and education of other healthcare professionals

  • For research purposes, depersonalised information may be used subject to approval by an authorised ethics committee

  • Otherwise with your consent:

    • to provide a written report to another professional or agency, e.g., a GP or a lawyer

    • to discuss the material with another person, e.g. a parent, employer or health provider or

    • to disclose the information in another way


Your personal information will not be used, sold, rented or disclosed for any other purpose.

How can you access and correct your personal information?

You have a right to seek access to, and correction of the personal information which we hold about you.  An administration fee of $75 will be charged for providing access 


For details on how to access and correct your health record, please contact our practice as noted below under ‘Contact Details’. 


We will normally respond to your request within 30 days. 


How do we hold your personal information? 

Our staff are trained and required to respect and protect your privacy. We take reasonable steps to protect information held from misuse and loss and from unauthorised access, modification or disclosure. This includes:

  • Access to personal information being restricted on a ‘need to know’ basis 

  • Using strong password protections on all electronic systems and databases to protect electronic information from unauthorised interference, access, modification or disclosure

  • Holding your information on an encrypted database/ secure cloud storage/ industry compliant software package/ [Cloud-based business software called Microsoft Office 365 in a unique electronic medical record (eMR) created by the practice.]

  • Storing your personal information on Cloud-based business software which complies with the International Standard for Cloud Privacy called ISO27018, and which encrypts data at rest

  • [Any paper-based documents containing your personal information being destroyed in confidential waste bins once the information is uploaded into your electronic medical record]

  • [Holding any hard copies of your personal information in a lockable cabinet]

  • Our practice having robust document retention and destruction policies

  • Our staff signing confidentiality agreements

Privacy-related questions and complaints 

If you have any questions about privacy-related issues or wish to complain about a breach of the Australian Privacy Principles or the handling of your personal information by us, you may lodge your complaint in writing to (see ‘Contact details’ below for details).  We will normally respond to your request within 30 days. 


If you are dissatisfied with our response, you may refer the matter to the OAIC:

Phone: 1300 363 992


Fax: +61 2 9284 9666

Post: GPO Box 5218 

Sydney NSW 2001




Anonymity and pseudonyms

The Privacy Act provides that individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with our practice, except in certain circumstances, such as where it is impracticable for us to deal with you if you have not identified yourself.


We have determined that it is largely impracticable for our practice to deal with patients anonymously or via a pseudonym. The provision of medical services is likely to be impacted, and billing via Medicare or a health insurer where applicable is likely to be impracticable.  Therefore, generally we require that you use your name and not a pseudonym.


Please reach out to us on the telephone if you are concerned about identifying yourself, for more information on our normal operating practices.


Overseas disclosure

We may disclose your personal information to the following overseas recipients:

  • any practice or individual who assists us in providing services (such as where you have come from overseas and had your health record transferred from overseas or have treatment continuing from an overseas provider)

  • to our email and marketing service providers (located in the USA)

  • to our CRM and payment gateway service providers (located in the USA)

  • to our telehealth platform service providers (located in the USA)

  • anyone else to whom you authorise us to disclose it.


Updates to this Policy

This Policy will be reviewed from time-to-time to take account of new laws and technology, changes to our operations and other necessary developments. Updates will be publicised on the practice's website. 


Cookies and other website tracking

Our website uses "cookies" to help personalise your online experience. 


A cookie is a text file or a packet of information that is placed on your hard disk by a web page server to identify and interact more effectively with your computer. There are two types of cookies that may be used at our website: a persistent cookie and a session cookie. A persistent cookie is entered by your web browser into the "Cookies" folder on your computer and remains in that folder after you close your browser, and may be used by your browser on subsequent visits to Our website. A session cookie is held temporarily in your computer’s memory and disappears after you close your browser or shut down your computer. Cookies cannot be used to run programs. 


Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. In some cases, cookies may collect and store personal information about you. The Company extends the same privacy protection to your personal information, whether gathered via cookies or from other sources.


You can configure your internet browser to accept all cookies, reject all cookies or notify you when a cookie is sent. Please refer to your internet browser’s instructions to learn more about these functions. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of Our website.


Why we use cookies

Our website uses cookies in order to:

  • remember your preferences for using our website

  • manage the signup process when you create an account with us

  • recognise you as logged in while you remain so. This avoids your having to log in again every time you visit a new page

  • facilitate e-commerce transactions, to ensure that your order is remembered between pages during the checkout process

  • show relevant notifications to you (e.g., notifications that are relevant only to users who have, or have not, created an account or subscribed to newsletters or email or other subscription services), and

  • remember details of data that you choose to submit to us (e.g., through online contact forms).


Many of these cookies are removed or cleared when you log out but some may remain so that your preferences are remembered for future sessions.


Third party cookies

In some cases, third parties may place cookies through Our website. For example:

  • Google Analytics, one of the most widespread and trusted website analytics solutions, may use cookies de-identified data about how long users spend on Our website and the pages that they visit

  • Google AdSense, one of the most widespread and trusted website advertising solutions, may use cookies to serve more relevant advertisements across the web and limit the number of times that a particular advertisement is shown to you

  • third party social media applications (e.g., Facebook, Twitter, LinkedIn, Instagram, etc) may use cookies in order to facilitate various social media buttons and/or plugins in Our website.



We may use the Google AdWords and/or Facebook re-marketing services to advertise on third party websites to previous visitors to this site based upon their activity on this site. This allows us to tailor our marketing to better suit your needs and to only display advertisements that are relevant to you. Such advertising may be displayed on a Google search results page or a website in the Google Display Network or inside Facebook. Google and Facebook may use cookies and/or pixel tags to achieve this. Any data so collected by Google and/or Facebook will be used in accordance with their own respective privacy policies. None of your personal Google and/or Facebook information is reported to us.  


You can set preferences for how Google advertises to you using the Google Ads Settings page ( Facebook has enabled an AdChoices link that enables you to opt out of targeted advertising.


Contact details for privacy-related issues

Subject to the exceptions set out in the Health Records (Privacy and Access) Act 1997 and the Privacy Act 1988, you may access your personal information and seek the correction of that information by contacting us in writing by:



Our [Practice Administrator] or psychologist may discuss the contents, subject to the exceptions of the aforementioned Acts. If satisfied that personal information is inaccurate, out of date or incomplete, reasonable steps will be taken in the circumstances to ensure that this information is corrected. An appointment will need to be made and fees charged (if necessary) for clarification purposes.  In other cases our practice will respond within a reasonable time (within 30 days and an administration cost of $75 will be charged for providing this information). 


We note that Psychologists also have the right to refuse access to clinical records if they believe the request is malicious and vexatious, or if it could result in serious harm to the patient.


We may also require you to provide identification or validation, or require you to attend our office(s) in person to verify your identity or provide you with certain records.  We may also (in our absolute discretion) decline to provide information over the phone, or via email, or post for information security purposes.   You acknowledge and agree that the transmission of information over the internet (including email) is inherently insecure, and we cannot guarantee the security of data sent over the internet.


From time-to-time, we will ask you to verify that your personal information held by our practice is correct and up-to-date. You may also request that we correct or update your information, and you should make such requests in writing to our [Practice Administrator ] via [EMAIL] at


If you become aware that the personal information we hold about you is inaccurate, incomplete, out of date, irrelevant or misleading, then you should contact us. We will correct our records of your personal information. If we disagree with you about the accuracy of the personal information we hold about you, we will keep a record that there is a difference of opinion about that information.

bottom of page