Privacy Statement

In this Privacy Statement:

This Privacy Statement sets out the manner in which we collect, use, disclose and manage personal information. By using our websites or using our services, you are taken to have read, and agreed to the collection, use, disclosure and handling of your personal information in accordance with Caraniche’s Privacy Policy.

We may modify this Privacy Statement at any time. You should review this Privacy Statement periodically so that you are updated on any changes.

Respecting Information Privacy

We value your privacy and we are committed to protecting the privacy and confidentiality of personal information.  In general terms, personal information is information or opinion, whether true or not, about a person whose identity is apparent, or can reasonably be ascertained, from the information or opinion (that is recorded in any form). This Privacy Statement supports our commitment to protecting your personal information. 

In collecting and handling your personal information, we are bound by the Privacy Act 1988 (Cth) (“Privacy Act”), the Health Records Act 2001 (Vic) (“Health Records Act”) and other applicable privacy regulations.

What personal information do we collect?

We collect personal information about our clients and prospective clients in the course of delivering our services and programs (including, for example, consultations, counselling and workplace group sessions). The kinds of personal information we collect will vary depending on the context of the collection.

Examples of the types of personal information we collect include:

  • your name, address and contact details,
  • billing information (e.g. payment rates and details, Medicare number and details of services delivered);
  • service or program attendance dates and times; and
  • health-related information, such as client history, clinical records, case notes, risk assessments, psychological test results, health reports and certificates, incident and feedback reports or information (see further the section on ‘Sensitive Information’ below)

We do not ask for any personal information that is not reasonably necessary for, or directly related to, our functions or business activities.  

What do we use personal information for?

We collect personal information:

  • so that we can deliver our services and programs;
  • for administration and billing purposes;
  • for research purposes;
  • for auditing, evaluation and quality assurance purposes;
  • to comply with reporting requirements;
  • to fulfil our contractual and other legal obligations; and
  • to otherwise manage our business operations.

Sensitive Information

We may collect your health-related information and other ‘sensitive information’ as defined under the Privacy Act.  We only collect your sensitive information after explaining how we will use that sensitive information and with your express consent, except in limited circumstances described below.

We may collect health information without consent where it is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety, and:

  • the particular research purpose cannot be served by collecting de-identified information;
  • it is impracticable to obtain the individual’s consent; and
  • the collection is either:
    • required by or under an Australian law (other than the Privacy Act);
    • in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind us; or
    • in accordance with guidelines issued by the National Health and Medical Research Council and approved by the Information Commissioner under s95A of the Privacy Act.

If we collect information without consent, we will take reasonable steps to de-identify that information before disclosing it to anyone else. Otherwise, we may use or disclose health information for research or statistical purposes relevant to public health or public safety when the Privacy Act permits the use or disclosure.

Collection of information on behalf of another organisation

Sometimes we collect personal Information on behalf of another organisation,, where the other organisation is the responsible custodian of the personal information.   In these cases the policies and procedures of the relevant custodian organisation will apply to the storage, handling and disclosure of that personal information.

How do we collect personal information?

Caraniche collects personal information through a variety of different methods including:

  • face to face meetings and telephone communications;
  • paper-based forms;
  • electronic forms;
  • email communications; and
  • our websites and other online tools such as software.

We will only collect your personal information from you directly, except where you have consented to collection of your personal information from someone else, or the information relates to a child or an adult who lacks capacity, in which case the relevant information may be collected from a parent or guardian.

We will only collect your sensitive information directly from you, unless it is not reasonable or practicable to do so – for example in an emergency where it may be necessary to collect health information from a guardian or relative.

Our disclosures to you when collecting your personal information

When we collect your personal information, we will take reasonable steps to inform you (as close as possible to the time we collect the information):

  • our identity and contact details;
  • the fact and circumstances of collection;
  • whether the collection is required or authorised by law;
  • the purposes of collection;
  • the consequences if personal information is not collected;
  • our usual disclosures of personal information of the kind collected;
  • information about this Privacy Statement; and
  • whether we are likely to disclose personal information to overseas recipients and, if practicable, the countries where they are located.

The matters above will generally be disclosed in our collection notices, privacy statements and consent forms.

Collection of personal information from third parties

In some cases, we collect personal information from third parties – for example:

  • health or other organisations (including public entities) that we are providing a service on behalf of;
  • another health service provider which has been, or is, involved in your care; or
  • a parent or guardian.

We collect personal information from third parties where it is reasonably necessary for, or directly related to, our functions or activities.

We will only collect sensitive information about you from a third party with your consent to the collection, unless an exception applies – including:

  • the collection is required or authorised by or under Australian law or a court or tribunal order;
  • it is unreasonable or impracticable to obtain your consent to the collection and we reasonably believe the collection is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety;
  • the collection is reasonably necessary to establish, exercise or defend a legal claim;
  • the collection relates to health information which is necessary for us to provide a health service to you and either:
    • the collection is required or authorised by or under an Australian law (other than the Privacy Act); or
    • the health information is collected in accordance with the rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind us; and
  • the collection of health information is from a client about another individual where it is part of the client’s family, social or medical history and that history is necessary to provide a health service to the client – e.g.  information about inheritable conditions.

We may, with your consent, collect personal information from (or may disclose personal information to) agencies or organisations that are responsible for paying for the services or programs that we deliver to a client (Billing Agency).

Use and disclosure of personal information

We will only use or disclose personal information for the primary purpose for which we collected it and any secondary purpose contemplated by the context of collection, for example where:

  • you have consented to use or disclosure of the personal information for the secondary purpose;
  • you would reasonably expect us to use or disclose your information for that secondary purpose and:
  • for personal information that is not sensitive information, the secondary purpose is related to the primary purpose of the collection; or
  • the secondary purpose is directly related to the primary purpose of the collection (e.g. complaint handling, incident monitoring, disclosure to clinical supervisors by psychiatrists, psychologists or social workers);
  • the use or disclosure is required or authorised by or under an Australian law or a court or tribunal order;
  • the use or disclosure is necessary to lessen or prevent a serious threat to the health, safety or welfare of a person or the public;
  • the use or disclosure is required in order for us to take appropriate action in relation to suspected unlawful activity or serious misconduct; or
  • we reasonably believe that the use or disclosure is reasonably necessary for law enforcement related activities.

In addition, we may use or disclose health information for research or statistical purposes relevant to public health or public safety in accordance with the Privacy Laws, for example, where:

  • you have consented to the use or disclosure; and
  • the use or disclosure is for the same (primary purpose) for which the information was collected; or
  • the use or disclosure is otherwise for a purpose which is directly related to the primary purpose of the collection, and you would reasonably expect us to use or disclose the information for that purpose.

We will not publish any of your personal information collected for research purposes unless you have provided consent. You will have the right to opt out of any research project at any time.

Storing and securing personal information

The security of the personal information that we collect is paramount.  We take all reasonable steps to protect information from misuse and loss, and from unauthorised access, modification and disclosure. We apply appropriate physical, technical and protective data security practices to all personal information that we hold.

We will take all reasonable steps to destroy or permanently de-identify personal information if it is no longer required in accordance with Privacy Laws.

In accordance with the Health Records Act and the Australian Psychological Society (APS) Code of Ethics, client files are destroyed 7 years after the date of our last contact with the client (or such longer period as may be required by applicable law), except that files relating to minors will generally be retained until the minor reaches the age of 25 or such longer period as may be required by law.

Where personal information is deemed to be a ‘public record’ then such information will be retained and disposed of as required under the Public Records Act 1973 (Vic).

Where we collect information on behalf of a Custodian Organisation, the security and storage of that information will be the responsibility of the Custodian Organisation.

De-identified information and anonymity

We may provide you with the option of not identifying who you are or using a pseudonym, but only where it is lawful and practicable to do so.  In the context of providing our services and programs, it will usually be impracticable to transact with an individual anonymously due to the type of information required from an individual e.g., contact details, medical history, referrals, etc.

From time to time we use certain de-identified information such as anonymous or statistical usage data, anonymized IP addresses, browser or platform types.

Access to and correction of personal information

We will take reasonable steps to ensure that all personal information that we collect and hold is accurate, up to date and not misleading, having regard to the purpose(s) for which the information is to be used.

You have the right to access, update and correct information that we hold about you.  Your requests to exercise these rights should be directed to our Privacy Officer at the contact details at the end of this Privacy Policy.  We will respond to a request for access within a reasonable period. 

In most cases, we will be able to provide you with a summary of any personal information that we hold about you free of charge. However, in some circumstances, reasonable costs may be charged and we will explain the reasons for any charge that is applied.

For information about you held by a Custodian Organisation, any requests to access, update or correct this information must be directed to the relevant Custodian Organisation.

There are some situations where we cannot provide you access to your personal information, for example where:

  • access would or could comprise a serious threat to the life or to health of a person;
  • access would have an unreasonable impact upon the privacy of other individuals;
  • the request for access is frivolous or vexatious;
  • providing access would be unlawful;
  • providing access would be likely to prejudice an investigation of possible unlawful activity; or
  • an enforcement body performing a lawful security function asks us not to provide access to the information on the basis that providing access would be likely to cause damage to national security.

Where we are not able to provide access to personal information or we are not willing to make a correction to personal information, we will notify you and provide our reasons.

Cookies

From time to time we may use cookies and measurement software and tools on our websites. We use and disclose the information collected through the use of cookies, measurement software and tools in accordance with this Privacy Policy. This includes using the information to report statistics, analyse trends, administer our services, diagnose problems and target and improve the quality of our websites. If you do not want information collected through the use of cookies, measurement software and tools, you may be able to delete or reject Cookies or some of the measurement software features through your browser or the settings section of your mobile or tablet device. Disabling these features may cause some of the functions on our websites not to work properly.

Making a complaint

If you wish to complain about our handling of your personal information, you may lodge a complaint with our Privacy Officer.  We will investigate your complaint and provide a response within a reasonable period of time.

If you remain unhappy with the way we have handled your personal information or you are not satisfied with the way in which we have handled your complaint may lodge a complaint with:

  • the Health Complaints Commissioner (in relation to health information); or
  • the Office of the Australian Information Commissioner.

Contact details and further information

Caraniche Privacy Officer
Address: Level 1, 260 Hoddle St, Abbotsford VIC 3067
Phone: (03) 8417 0500
Email: [email protected]

For further information and guidance on the Privacy Laws and the role of the Office of the Australian Information Commissioner see https://www.oaic.gov.au

For further information and guidance on the handling of health information specifically and the role of the Health Complaints Commissioner see https://www.hcc.vic.gov.au

For further information on the Australian Psychological Society Code of Ethics, see https://www.psychology.org.au/About-Us/What-we-do/ethics-and-practice-standards/APS-Code-of-Ethics

Privacy Statement last updated on 31 of January 2024
© Caraniche Pty Ltd 2024. All rights reserved.