top of page

Privacy Policy

Overview                                                                       

Calming Waves Mental Health and Family Support (Calming Waves) is committed to complying with the Privacy Act 1988, the Australian Privacy Principles 2014, Australian Association of Social Workers Code of Ethics 2020 and the privacy provisions of all applicable legislation.

 

This privacy policy covers all personal and health information we hold, that is, information or an opinion about an individual, whose identity is apparent, or can be reasonably ascertained, from that information or opinion. This includes information we have collected from people through our office, over the phone and over the internet.

 

Collecting information

When we collect personal or health information from an individual, we will ensure that we do so in a fair manner and that we let the individual know where and how to contact our organisation. We will only collect information that is necessary for one or more of our functions or activities.

 

We will advise individuals or the purpose for which their personal and health information is collected. The type of personal information we collect about you depends on the circumstances in which the information is collected. Typically, the types of personal information we may collect can include (but is not limited to) your name, address, email address and phone numbers.   

 

If you are a client/patient, we may also collect details of your date of birth, billing and payment details, Medicare and insurer details, as well as health information about you so that we can perform our services. We may also receive health information about you from other health service providers, where you have consented to us collecting that from those third-party providers.

 

If you are a parent of a child receiving services we may need to collect your name, date of birth, address and Medicare number for billing purposes.

 

Any information collected from a child or young person under the age of 18 years old requires the consent of a parent or guardian unless the child or young person is deemed a mature minor with capacity to consent.

 

Sensitive information

If we collect sensitive information or health information (as defined under the Privacy Act), we will treat it with security and confidentiality.

 

Sensitive information is defined in the Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

 

Sensitive information will be used by us only:

  • for the primary purpose for which it was obtained

  • for a secondary purpose that is directly related to the primary purpose

  • with your consent or

  • where required or authorised by law.

 

In addition to the types of personal information identified above, we may collect personal information as otherwise permitted or required by law.

 

Where you choose not to provide requested information, we will advise you of what consequences this non-disclosure may have. For example, withholding certain information may limit our ability to provide relevant offers or services to you.

 

How we collect your personal information

Some of the common ways in which we may collect personal information include:

  • if you are a client, during client on-boarding (i.e. via registration forms) and during treatment sessions

  • when you make an enquiry or order in relation to products or services, including through our website

  • from correspondence (whether in writing or electronically) or when you contact us via telephone, email, social media platforms or other means

  • in administering and performing any contracts with service providers;

  • if you attend any of our premises, we may record certain contact details so that we can comply with applicable laws, and we may also record your image and/or voice if we have surveillance systems operating at those premises.

 

Where it is reasonably practical to do so, we will collect your personal information directly from you.  However, in certain cases, we may collect personal information from publicly available sources and third parties, such as:

  • if you are a client, from referrals or reports from other health professionals and

  • if you are applying for employment or any other position with us, from referees, government bodies (e.g. police checks, if required), academic and professional bodies (e.g. to validate details and currency of qualifications).

 

Our purposes for handling your personal information

The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it.

 

Whenever practical, we endeavour to advise you of the purpose for which your personal information is collected, how we intend to use that information and to whom we intend to disclose it at the time we collect your personal information.

 

In general, we collect, use and disclose your personal information so that we can provide our goods and services to you and for purposes connected with our business operations. 

 

Some of the specific purposes for which we collect, hold, use and disclose personal information are as follows:

  • if you are a client/patient, to provide you with our services and products

  • if you are (or represent) a supplier, to receive goods or services from you

  • to consider you for a job (whether as an employee or contractor) or other relationships with us

  • to comply with our legal and regulatory obligations

  • to protect the security, health and safety of our premises, facilities, personnel and visitors

  • to address any issues or complaints that we or you have regarding our relationship and

  • to contact you regarding the above, including via SMS and email, by mail, by phone or in any other lawful manner.

 

We may also use or disclose your personal information for other purposes to which you have consented and as otherwise authorised, permitted or required by law. 

 

Disclosing information

Your personal information may be disclosed to third parties in connection with the purposes for which we collected your personal information, as described above and in any privacy collection notices we provide to you. 

 

We may also disclose your personal information in accordance with any consent you give or where disclosure is authorised, compelled or permitted by law.

 

We will only disclose personal information and health information in accordance with the Privacy Act, Health Records Act or Mental Health Act or as outlined below.

 

This may include disclosing your personal information to the following types of third parties:

  • For the purposes for which we have advised that we are collecting it, and for related purposes that the individual would reasonably expect,

  • Where we have the consent of the individual to do so,

  • With consent, to Medicare to submit a Mental Health Care Plan claim on your behalf

  • Where there are significant safety concerns for yourself or another person and disclosing information about the safety concern will assist to reduce or prevent possible harm,

  • Where there are concerns about the safety or wellbeing of a child,

  • Our suppliers, contractors and organisations that provide us with technical and support services or who manage some of our business functions

  • Our related entities (who may use and disclose the information in the same manner we can)

  • Our accountants, insurers, lawyers, auditors, payment systems and other professional advisers and

  • Any third parties to whom you have directed or permitted us to disclose your personal information (e.g. if you are a client/patient, to your treating doctor and other health professionals, to an insurer/compensation agency and/or your emergency contacts, if necessary).

  • As required by law, or

  • Under other circumstances permitted under the Act.

 

In the course of our business activities, we may need to disclose some of your personal information to relevant staff.

 

Social Media

Calming Waves may from time to time operate social media accounts. While Calming Waves will not publish personal or confidential information about you, certain social media accounts may allow you and other users to post or interact with content. Should you choose to do so, you should assume that such social media facilities will be publicly accessible and any information you post may be viewed, copied or used by any other person who accesses the content. Calming Waves strongly advises you not to share personal or confidential information on its social media facilities and encourages you to contact us directly to discuss our services and how we may help you.

 

Marketing and opt-out

We may provide you with information and advertisements about products, services and promotions either from us, or from third parties which may be of interest to you, where you have asked us to (or have otherwise consented to us doing so), or it is otherwise permitted by law.

 

We will always provide you with a nil-cost way of contacting us to “opt-out” from receiving any marketing communications and product offers. You can also opt-out by contacting us (see "Contact details" section below).

​

Accessing and correcting your personal information

You may contact us (see "Contact details" section below) to request access to the personal information that we hold about you and/or to make corrections to that information, at any time.  We will respond to all requests for access to or correction of personal information within a reasonable time.

 

On the rare occasions when we refuse access (which we will only do in accordance with applicable laws), we will provide you with a written notice stating our reasons for refusing access. 

 

We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing. 

 

We will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal information.

 

To protect your personal information, we may require identification from you before releasing the requested information.

​

Storage and Security

We will hold personal information as either secure physical records, electronically on our computer systems, in cloud storage, and in some cases, on third-party servers.

 

Our goal is to protect the personal information collected by us. We take all reasonable steps to keep your personal information secure, safe and protected from misuse, interference, loss or unauthorised access.

 

When your personal information is no longer needed for the purpose for which it was obtained and is not required to be kept by law, we will take reasonable steps to destroy or permanently de-identify it. We may need to retain records containing personal information to comply with record-keeping obligations, and for other legitimate business purposes (such as quality assurance).

 

Personal and health information is collected and stored in the Cliniko practice management system. The Calming Waves data entered in Cliniko are stored in Australia. Calming Waves remains the owner of the information and Cliniko is the custodian of the information. Cliniko provides end-to-end data encryption which means all data are transmitted and stored securely. Cliniko represents that it meets all Australian Privacy Principles and regulations.  Only Calming Waves staff have access to this information. You may review Cliniko’s privacy and security information at cliniko.com.

 

Payment information is collected and stored in Medipass which also has end-to-end encryption. Only the required information is stored and it is stored in Australia. Credit card information is not kept beyond what is required for operational and regulatory requirements.

 

Contact information submitted via the ‘contact us’ web form at calmingwaves.com.au/contact is processed via Wix. Information is processed by Wix on international servers. More information on the processing and retention of information by Wix may be obtained from privacy information on wix.com. Information transmitted to Calming Waves is retained for the purpose of receiving and responding to the contact/enquiry; it may also be used for operational purposes such as analysing the number and source of contacts and to meet our record-keeping obligations.

 

Data quality

We will take all reasonable steps to ensure that the data we collect, use or disclose is accurate, complete and up to date and has been obtained directly from you or other reputable sources.

 

If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

 

Unauthorised disclosure or access

As Calming Waves is committed to protecting the privacy of individuals, we will view unauthorised disclosure of, or access to, personal and health information by our employees or contractors, as a serious breach of this policy. Appropriate action (which may include disciplinary or legal action) will be taken in such cases.

 

Availability and review of Policy

We will make a copy of our up-to-date privacy policy available upon request.

 

This policy will be reviewed from time to time and any amendments will be incorporated into the updated policy.

 

Complaints

If you have any questions, concerns or complaints about this Privacy Policy or how we handle your personal information, including if you believe we have breached the Australian Privacy Principles, please contact us (see "Contact details” section below).

 

When contacting us please provide as much detail as possible in relation to your question, concern or complaint.

 

We take all complaints seriously and will respond to your complaint in accordance with any applicable timeframes imposed by law and otherwise within a reasonable period. We request that you cooperate with us during this process and provide us with any relevant information that we may need.

 

If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:

Office of the Australian Information Commissioner

GPO Box 5288, Sydney NSW 2001

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au

https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us

 

Contact details

Our contact details are as follows:

 

Calming Waves mental Health and Family Support

55 McMahons Road, Frankston Victoria

info@calmingwaves.com.au

03 99997393

 

For more information about Calming Waves privacy policy please  CONTACT US

​

Date of Privacy Policy: 29/08/23

 

Acknowledgements

This Privacy Policy was created using a template provided by the Australian Association of Social Workers (AASW), which includes content from these resources:

  • Template Privacy Policy for Private Practitioners, Allied Health Professions Australia (AHPA)

  • Privacy Policy Template, Business Victoria

bottom of page