Privacy Policy 1 | Lighthouse Relationships Psychology & Counselling

Privacy Policy

This policy should be read in conjunction with our Terms and Conditions policy.

1. Introduction

· Lighthouse Relationships has adopted this Policy in accordance with privacy laws.

· This Policy specifies how Lighthouse Relationships handles Personal Information, which we collect in order to conduct our Services.

· In the course of delivering our Services and communicating with the public, Lighthouse Relationships may also collect information about Individuals who do not use our Services.

· Capitalised words in this Policy are defined terms. Defined terms are explained at the end of this Policy.

2. Collecting information directly from people

Lighthouse Relationships collects Personal Information directly when an Individual:

· contacts Lighthouse Relationships by telephone, email, Facebook or any other form of communication;

· gives Lighthouse Relationships his or her information in person, on paper, or in electronic form, including an online inquiry, a referral and new client intake form;

· sends Lighthouse Relationships a message through SMS or a third party app;

· subscribes to our website;

Lighthouse Relationships also collects Personal Information directly when:

· Lighthouse Relationships’s analytics service may log details about website visits; and

· Lighthouse Relationships’s website places a cookie on an Individual’s device or store Individuals’ I.P. addresses.

3. Collecting information from third parties

With an Individual’s explicit permission, Lighthouse Relationships records and collects Personal Information about Individuals from third parties when:

· Relationship Educators manage records about an Individual using our Services;

· third parties give Lighthouse Relationships access to files containing Personal Information;

· Lighthouse Relationships is given written or verbal information from a family member, medical practitioner or health practitioner, EAP, a referring agency, or any other referral source; and

· parents and guardians provide information about their children or children in their care.

4. Types of information that Lighthouse Relationships collects and holds

Using processes described in this Policy, Lighthouse Relationships collects the following categories of Personal Information about Individuals:

· Content – may include whatever Personal Information is included in the content Individuals sharewhen using Lighthouse Relationships’s Services;

· Identity Information – may include name, signature, date of birth, nationality, license & registration details, Medicare details, private health insurance member details, family details, employment details, educational information;

· Contact Information – may include email address, social media profile, telephone & fax numbers, residential and postal addresses;

· Internet Data – webpage views, IP address, referring web site addresses, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google.

5. Sensitive information

Privacy laws categorise certain types of Personal Information as “sensitive information”, including information (that is also Personal Information) about an Individual’s:

· racial or ethnic background;

· political opinions;

· religious beliefs or affiliations;

· philosophical beliefs;

· criminal activity or records; and/or

· sexual orientation and/or practices; as well as Health information about an Individual, including:

· any information or opinion about the Individual’s health and mental health status, health services provided, or wishes regarding health care; and

· information collected to provide, or in providing, a health service of any kind.

Lighthouse Relationships collects health information from Individuals in providing our Services. If Individuals disclose other sensitive information to psychologists, this may be included in records created by psychologists and sometimes managed by Lighthouse Relationships. Individual psychologists, not Lighthouse Relationships, take final responsibility for recording other sensitive information disclosed to them during appointments (i.e., case notes or other records). Lighthouse Relationships may step in to manage such information if relationship educators cease to act in association with Lighthouse Relationships and/or their ethical requirements and may be required to hand over records to Lighthouse Relationships upon termination.

6. How Lighthouse Relationships stores Personal Information

Lighthouse Relationships holds and stores Personal Information using:

· Storage Services – third party data storage services including, but not limited to, Google email and apps, Squarespace Scheduling, Acuity and Convert Kit (practice management and booking software), Stripe and Commonwealth Bank of Australia (CBA) for payment transactions, Facebook (business page messaging), and any other applications or software used for business operations;

· Lighthouse Relationships Devices – devices, such as mobile phones, operated by contractors and employees of Lighthouse Relationships’ business; and

· Paper Files – printed paper and files.

You may change your details at any time by advising us in person or in writing via email.

7. Security

Lighthouse Relationships will take reasonable precautions to protect Personal Information from unauthorised access. This includes measures to secure Lighthouse Relationships’ physical facilities and electronic networks. Lighthouse Relationships secures Personal Information that Lighthouse Relationships collects with requirements and agreements between Lighthouse Relationships and employees and contractors.

Lighthouse Relationships limits access to personal information to those with a valid and legitimate reason for using that information. Lighthouse Relationships information storage includes security measures such as passwords, pins, encryption, session expiries, SSL network encryption, SSL certificate and website transmission encryption, the use of reputable vendors (e.g., Google, Acuity, Convert Kit and Stripe), two-factor authentication, and physical destruction of paper documents once electronically uploaded.

· Google security information: https://www.google.com/policies/privacy/#infosecurity

· Squarespace security measures: https://www.squarespace.com/measures

· Acuity security information: Security, Privacy & Compliance – Acuity Scheduling

· Convert Kit security information: ConvertKit LLC Privacy Policy

· Stripe security information: Security at Stripe

Lighthouse Relationships does not and will not store an Individual’s credit card information on any device or server. For more information on security, please contact Lighthouse Relationships using the details listed below.

8. Deleting your information

Lighthouse Relationships will only delete Personal Information when considered appropriate under relevant state and national laws. Lighthouse Relationships’ deletion process includes:

1. Lighthouse Relationships identifying all digital records relating to the individual and delete them from these digital storage media; and

2. Lighthouse Relationships identifying any paper records relating to the individual and shred these onsite or personally de-identify them.

Records relating to adult clients will be kept for seven years following the date of last contact.

Lighthouse Relationships has certain obligations under Australian laws to retain some client information for a prescribed period of time (seven years or once the person turns 25, whichever occurs first).

9. Why data is held, used and disclosed

Lighthouse Relationships’s handling of Personal Information includes holding, using and sometimes sharing the Personal Information so that Lighthouse Relationships can:

· facilitate the creation of appointments with relationship educators or psychologists;

· manage records about Individuals’ appointments, psychological health and treatment;

· offer surveys or questionnaires;

· transact with Individuals and process payments;

· facilitate Medicare and health insurance claims;

· assess and improve their Services; and

· provide secure access to their Services.

For more information on when Lighthouse Relationships shares Personal Information, see below.

10. Disclosing Personal Information

Lighthouse Relationships shares Personal Information with others in the following ways:

· facilitating the sharing of information about inquiries, bookings, processing Medicare rebates, invoices and payments;

· sharing information with other health practitioners, governmental institutions including Medicare and private healthcare insurers; and

· sharing information with administration staff and business service providers.

11. Access to Personal Information

When Lighthouse Relationships uses the services of third party businesses in order to provide our Services, they may gain access to Lighthouse Relationships’s data, including Personal Information. Such third party services may include:

· Hosting – Cloud and web hosting services used by Lighthouse Relationships such as Google applications https://www.google.com/policies/privacy/ and Cliniko https://www.cliniko.com/security

· Support – administration staff and contractors, IT support services, web and software development contractors;

· Business analytics – Google Analytics (see http://www.google.com/intl/en/policies/privacy/)

· Payments – Stripe (see Security at Stripe)

· Billing – private health insurers and Medicare (see https://www.humanservices.gov.au/individuals/privacy)

Lighthouse Relationships will only share Personal Information with these third parties to the extent necessary to perform their functions. These third parties typically have their own privacy and security policies. For more information about this, contact Lighthouse Relationships using the details listed below.

12. Disclosing information overseas

Lighthouse Relationships use other service providers for the purposes of administration, such as Google Email and Acuity Scheduling (office management software), who have data centres overseas in countries such as the USA and Ireland. Thus, Lighthouse Relationships may store some Personal Information overseas. Individuals may not have the same rights relating to their information when it is overseas as they would under Australian privacy law.

By providing Lighthouse Relationships with Personal Information, Individuals consent to the transfer of their Personal Information to overseas recipients as contemplated by this privacy policy. If Individuals consent to overseas transfer, Lighthouse Relationships is not accountable for overseas recipients’ handling of their information.

By using reputable and large companies such as Google and Acuity Scheduling, we take reasonable steps to ensure that the Personal Information that we transfer to overseas recipients will not be held, used or disclosed by the recipient of the information.

13. Contacting us

Individuals can contact Lighthouse Relationships if they want to access, correct or delete Personal Information, or lodge a complaint to Lighthouse Relationships by contacting Lighthouse Relationships Director and Privacy Officer via email: megan@lighthouserelationships.com.au

Lighthouse Relationships reserves the right to refuse access or correction where reasonable grounds exist for doing so, such as when providing access would be unlawful or compromise the privacy of another person.

14. Complaints process

If Individuals have a complaint about privacy, they can contact Lighthouse Relationships using the email listed above. Lighthouse Relationships will respond to complaints in writing within a reasonable period (usually 10 business days from the day we receive an email).

Lighthouse Relationships will try to work with Individuals to resolve complaints entirely within 20 business days, although that period may be longer if it is reasonable to take longer given the nature of the complaint.

If Individuals are unsatisfied with our response, they may refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).

15. Amendment

Lighthouse Relationships may amend this Privacy Policy at our discretion. Individuals who continue to use our Services after receiving notice from Lighthouse Relationships of such an amendment, agree to be bound by the Privacy Policy as amended.

16. Definitions

Individual, Individuals

means a natural person, not a business entity or organisation.

Personal Information

means information about an Individual whose identity is apparent, or can reasonably be established, from that information. This includes information like names, telephone numbers, email addresses and physical addresses.

Policy, Policies

means this document, drafted in accordance with the Privacy Act 1988 (Cth).

Lighthouse Relationships means its staff, associates and contractors.

Service, Services

means the following services:

· managing inquiries from the public;

· arranging appointments with psychologists, including face-to-face appointments, video-conferencing, telephone appointments, and work, home or school visits;

· facilitating Medicare and private health insurance claims in relation to appointments;

· facilitating payment for appointments; and

· managing the documentation and records associated with appointments.