Privacy Policy
Our Commitment to Your Privacy
Bright Mind Psychology strictly adheres to:
-
Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)
-
Health Records Act 2001 (Vic) for health information
-
Notifiable Data Breaches (NDB) Scheme (72-hour reporting mandate)
We collect only information essential to providing psychological services and educational programs, with transparency about how it is used.
How We Collect and Hold Information
Collection Methods
Source, Information Type and Examples
Website Interactions - Technical Data - IP address, cookies, browser type
Client Intake Forms - Health Information - Medical history, treatment goals
Course Enrollment - Personal Details - Name, email, payment records
Telehealth Sessions - Clinical Records - Session notes, video transcripts (via Zanda/Zoom)
​
Storage and Security
-
Electronic Records: Encrypted (AES-256) on Australian servers
-
Third-Party Platforms:
-
Zanda (practice management): Security Compliance
-
Zoom (telehealth): Compliance
-
Use and Disclosure of Information
Primary Purposes
We use your information to:
-
Provide psychological therapy tailored to your needs
-
Deliver educational courses (online and in-person)
-
Process payments and send invoices
-
Respond to inquiries
​
Limited Disclosure Circumstances
Information is never shared without consent except but not limited to the following scenarios:
​
(a) Clinical referral - Your GP or specialist - Signed consent form
(b) Safety emergency - Emergency services - Mental Health Act 2014 (Vic)
(c) Legal obligation - Courts/police - Valid subpoena
(d) Service delivery - Zanda/Zoom/Online Learning Platform - APP 8-compliant contracts
​
Overseas Data Transfers
Where data leaves Australia (e.g., Zoom US servers):
-
Encryption in transit (TLS 1.3) and at rest
-
Compliance with APP 8.1 (consent obtained via telehealth form)
Your Privacy Rights
Access and Correction
-
Request records via info@brightmindpsychology.com.au (Subject to Privacy Act exemptions).
-
Withholding relevant information may limit our ability to support you effectively and ethically
-
Corrections processed within 14 business days
​
Opt-Out and Deletion
-
Unsubscribe from marketing emails via footer link
-
Health records retained 7 years (adults) per law
​
Complaints
We comply with the Health Records Act 2001 (Vic) and Privacy Act 1988 (Cth). In a data breach likely to cause harm, we will notify you and the OAIC within 72 hours per the Notifiable Data Breaches Scheme. Complaints may be lodged with OAIC (www.oaic.gov.au)
Website-Specific Data Handling
For www.brightmindpsychology.com.au (hosted on Wix)
​
Cookies and Tracking
We use cookies to:
-
Maintain secure sessions (essential)
-
Analyze website traffic via Google Analytics (anonymized IPs)
-
Measure ad effectiveness
​
Your control options:
-
Block non-essential cookies via browser settings
​
​European visitors: Our cookie solution may not meet GDPR tiered consent requirements. We recommend using browser-level controls if you require granular cookie management
​
Data Handling Protocols
a) User Submissions (Forms):
-
Retention:
-
Unanswered inquiries: Deleted after 6 months
-
Service-related submissions: Migrated to clinical records
-
b) Embedded Content (YouTube/Vimeo):
-
Placeholder thumbnails used until click activation
-
No third-party tracking until user interaction
c) Security Measures:
-
WAF + DDoS protection (via Wix)
-
Monthly vulnerability scans
-
Breach response protocol:
-
Immediate site isolation
-
OAIC notification within 72hrs
-
​​​
Policy Updates
This Policy may be updated at our discretion. Revised versions become effective upon publication on this page.