Privacy policy

      I.         Introduction                                     

This privacy policy is to provide information to you, our client, on how your personal information (which includes your health information) is collected and used within our practice, and the circumstances in which we may share it with third parties. The Australian Privacy Principles (or APPs) are the cornerstone of the privacy protection framework in the Privacy Act 1988 (Privacy Act). They apply to any organisation or agency the Privacy Act covers.

   II.         Why and when your consent is necessary

When you register as a client of our practice, you provide consent for the Australian registered business ‘Melinda Brown’ to access and use your personal information, so we can provide you with the best possible healthcare. Only staff and authorised third parties who need to see your personal information will have access to it. If we need to use your information for anything else, we will seek additional consent from you to do this.

 III.         Why do we collect, use, hold and share your personal information?

Our practice will need to collect your personal information to provide healthcare services to you. Our main purpose for collecting, using, holding and sharing your personal information is to manage your health. We also use it for directly related business activities, such as financial claims and payments, practice audits and accreditation, and business processes (e.g. staff training).

 IV.         What personal information do we collect?

The information we will collect about you includes your:

  • names, date of birth, addresses, phone, email, country of birth, religious affiliation

  • contact details of your nominated person to be notified in the event of an emergency

  • payment details collected via our clinical software program Halaxy and/or manual written forms (only to process cancellation fees or as advised per the ‘Therapeutic Agreement’ form)  

  • medical information including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors, previous psychological services, presenting concerns

  • healthcare identifiers

  • Medicare number (where available) for identification and claiming purposes

  • health fund details (where available) for identification and claiming purposes

    V.         Dealing with us anonymously

You have the right to deal with us anonymously or under a pseudonym unless it is impracticable for us to do so or unless we are required or authorised by law to only deal with identified individuals. Please see the OAIC for further information

 VI.         How do we collect your personal information?

Our practice may collect your personal information in several different ways.

  1. Our practice makes use of clinical software programs Halaxy and Square and/or manual written paper forms to store your personal and demographic information as provided to us via your registration forms. When you make your first appointment or agree to engage in our services, our practice staff will collect this information electronically via these clinical software programs and/or by paper. By collecting this information, you consent to our use of these programs in the storage of your personal information of which these external software providers are not subject to our privacy policy.

  2. We may also collect your personal information when you visit our website, send us an email or SMS, telephone us, make an online appointment or communicate with us using social media. Communicating with us via social media may put your own anonymity at risk (i.e., liking Facebook posts, commenting on Instagram).

  3. In some circumstances personal information may also be collected from other sources. Often this is because it is not practical or reasonable to collect it from you directly. This may include information from:

    • your guardian or responsible person

    • other involved healthcare providers, such as General Practitioners, specialists, hospitals, community health services and pathology and diagnostic imaging services

    • your health fund, Medicare, or the Department of Veterans’ Affairs (as necessary).

VII.         When, why and with whom do we share your personal information?

We sometimes share your personal information:

  • with third parties who work with our practice for business purposes, such as accreditation agencies or information technology providers

  • in professional supervision to discuss an appropriate counselling plan when necessary (i.e., to lessen or prevent any harm to a clients’ life or others’ life)

  • with other healthcare providers (i.e., attendance letter to a General Practitioner)

  • when it is required or authorised by law (i.e., court subpoenas, to assist in locating a missing person)

  • when it is necessary to lessen or prevent a serious threat to a client’s life, health or safety or public health or safety, or it is impractical to obtain the patient’s consent

  • to establish, exercise or defend an equitable claim

  • for the purpose of confidential dispute resolution process

  • when there is a statutory requirement to share certain personal information

Only people who need to access your information will be authorised to do so. Other than while providing health services or as otherwise described in this policy, our practice will not share personal information with any third party without your consent.

Our practice standards have been set by Australian law, in accordance with the Spam Act 2003 and the Spam Regulations 2021. The Spam Act 2003 and the Spam Regulations 2021 outline the rules about sending commercial electronic messages. When you become our client, you acknowledge and consent to receiving commercial electronic messages for the purposes of appointment setting, appointment reminders, appointment changes, cancelled or missed appointments and any administrative-related messages in line with our therapeutic agreement. You may opt out of direct marketing at any time by notifying our practice in writing.

VIII.         How do we store and protect your personal information?

Your personal information may be stored at our practice in various forms and stores all personal information securely in accordance with the APPs.

Personal information is primarily stored in our clinical software systems as outlined in Section IV. Our electronic intake forms are generated using an online software system Halaxy. We utilise Square and Halaxy to facilitate in the appointment setting process. Information collected may be stored on international servers outside of Australia. Please refer to the privacy policies of Halaxy and Square for further information as external software providers are not subject to our privacy policy. By using our services, you consent to the processing of information and data about you by our clinical software programs.

All mobile electronic devices are password protected. Paper-based records are used and kept in accordance with the APPs. Paper case notes and paper intake forms will be primarily stored in a secure location of our business practice, where your file is under lock and key. Any case notes will have non-identifying information and will use a coding system for your privacy.

We strive to use privacy respecting open-source software that have complied with third party audits such as Bitwarden, Protonmail and Signal. Other third-party applications that we utilise are WordPress, Elementor, Skype, Zoom, Gmail, Facebook and Instagram; please see their privacy policies for further information.

Access to personal information is only given to staff, contractors (such as our IT service provider) and clinical software program employees who require it to complete their job in assisting us. 

We use up-to-date virus protection software on our computers and regularly conduct software updates on our devices and website to help guard against cyber-attacks. 

We store and dispose of personal information held within records in accordance with the Archives Act 1983 and relevant records authorities.

 IX.         How can you access and correct your personal information at our practice?

You have the right to request access to, and correction of, your personal information. Only you or another person you have authorised, such as a legal guardian or authorised agent, can make the request. An organisation or agency must be satisfied the request came from you or a person you authorised. We require you to put this request in writing by emailing [email protected] and you will be asked for information that identifies you. Please include:

  • your name and contact details

  • the personal information you want to access

  • how you’d like access to the personal information (such as receiving a copy by email or post, or if you just want to look at the information)

  • if you authorise a person or organisation to access the personal information on your behalf

We will respond to your request for access to personal information within 30 days of receiving your request. We have the right to refuse access to your personal information if we have a valid reason to do so, in accordance with the Office of the Australian Information Commissioner (OAIC). A fee of $100 will be charged for the preparation of this information. The charge may include the cost of:

  • staff searching for, locating and retrieving the requested information, and deciding which personal information is relevant to the request

  • staff reproducing and sending the personal information

  • the postage or materials involved in giving access

  • using an intermediary, if necessary

Our practice will take reasonable steps to correct your personal information where the information is not accurate or up to date. From time to time, we will ask you to verify that your personal information held by our practice is correct and current. You may also request that we correct or update your information, and you should make such requests by emailing [email protected]

    X.         How can you lodge a privacy-related complaint, and how will the complaint be handled at our practice?

We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing via the below email contact details. We will then attempt to resolve it in accordance with our resolution procedure.

Attn: Melinda Brown

[email protected]

We will respond to the complaint within 30 days of receiving the complaint in writing.  You may also contact the OAIC. For further information visit or call the OAIC on 1300 363 992.

 XI.         Privacy and our website

a.     How we protect your personal information

Our website is hosted by Namecheap which is a company based in the United States of America; please see their privacy policy for further information. The security of your personal information is important to us, but no method of transmission over the Internet, or method of electronic storage is 100% secure. Whilst we strive to use current industry standards and recommendations to protect your personal information, we cannot guarantee its absolute security. 

b.     Cookies

To improve your experience on our site, we may use ‘cookies’.  A cookie is a small text file that our site may place on your computer as a tool to remember your preferences. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website.

c.     Links to other websites

Our website may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other sites, and these websites are not subject to our privacy policy. We are not responsible for the content of these websites or the privacy practices of these sites.  If you navigate to other websites via our website, we advise you to read their privacy policy.

d.     Service Providers

We may employ third party companies and individuals to facilitate our website service, to provide a website service on our behalf, or to assist us in analysing how our website is used.

These third parties have access to your personal information shared via the website, only to perform these tasks on our behalf, and are obligated not to disclose or use it for any other purpose.

Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

By using this website, you consent to the processing of data about your browsing habits by Google in the manner described in Google’s Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable JavaScript, or use the opt-out service provided by Google.

Our website also uses interfaces with social media sites such as Facebook, Instagram and others.  If you choose to “like” or “share” information from this website through these services, you should review the privacy policy of that service.  If you are a member of a social media site, the interfaces may allow the social media site to connect your visits to this website with other Personal Information.

e.     Embedded Content

This website may include embedded content (e.g. videos, images, articles, etc.). Embedded content belongs to the website it links to and thus their website may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content.

f.      Post Comments

When visitors leave comments on the website, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help with spam detection.

XII.         Policy review statement

We may update our Privacy Policy from time to time and will post any changes to our new Privacy Policy to our website. You are advised to review this Privacy Policy periodically for any changes.



The Privacy Policy for the Australian registered business ‘Melinda Brown’ is intended for use as a guide of a general nature only and may or may not be relevant to particular practices or circumstances. By using this website, you accept the policies and restrictions set forth in this online Privacy Policy and persons should exercise their own independent skill or judgement, or seek appropriate professional advice. This Online Privacy Policy may be revised from time to time by updating this posting. Users of this site or clients of this business are bound by any such revisions and should therefore periodically visit this page to review the then current Online Privacy Policy to which you are bound.