Privacy Policy
for Management of Personal Information
This document describes the privacy policy of My Mental Fitness Pty Ltd (ACN: 638 748 615) (“Get Mentally Fit”, “we”, “us”) for protecting the privacy of personal information we collect about you, including through our website, located at www.getmentallyfit.com.au, as well as through the provision of mental fitness programs and/or services or directly from you.
As a health service provider, we are bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
If you do not wish for your personal information to be collected in a way anticipated by this Privacy Policy, we may not be in a position to provide our services to you. In some circumstances, you may request to be anonymous or to use a pseudonym, unless it is impracticable for us to deal with you, or if we are required or authorised by law to deal with identified individuals.
Personal Information We Collect
The types of personal information we collect may include:- Name, date of birth, address(es), contact numbers, email address and other contact details;
- Financial payment details (such as your credit card number);
- Transaction data (including details about payments to and from you and other details of products you have purchased from us);
- Technical data (including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website);
- Profile data (including your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses);
- Usage data (including information about how you use our website, products and services); and
- Marketing and communications data (including your preferences in receiving marketing from us and our third parties and your communication preferences).
Sensitive Information
We may also collect the following sensitive information:- Personal information about racial or ethnic origin; or
- Personal information about political opinions; or
- Personal information about membership of a political association; or
- Personal information about religious beliefs or affiliations; or
- Personal information about philosophical beliefs; or
- Personal information about membership of a professional or trade association; or
- Personal information about membership of a trade union; or
- Personal information about sexual orientation or practices; or
- Personal information about criminal record;
- Health information, including medical history, medications, allergies, adverse events, immunisations, social history, family history, risk factors and protective factors;
- Details of other health service providers involved in your care and copies of any referral letters and/or medical reports and test results;
- Health information contained in your digital health record including an individual’s healthcare identifier (if you participate and only with your consent);
- Medicare number, healthcare identifiers and health fund details; and
- Information or opinion about a person’s health and expressed wishes about future care.
How We Collect Personal Information
We are committed to using lawful and fair means to collect personal information and collecting it from others only when it is unreasonable or impracticable to obtain certain information from our clients directly. We may collect personal information in a number of ways:- When someone visits our website; and
- When someone makes an enquiry with us (for example, by telephone or email); and
- When someone purchases a product or service from us; and
- When someone signs up to a marketing subscription; and
- When someone contacts us via email, our website or via social media such as Facebook or Instagram; and
- When someone participates in one of our programs or services.
- When someone makes an enquiry with us and the sensitive information is disclosed to us to facilitate referral to an appropriate service provider; and
- When someone participates in one of our programs or services and the sensitive information is disclosed to us to facilitate the delivery of the program or service.
- We need to obtain personal and/or sensitive information from an individual’s responsible person (such as their parent or guardian) due to incapacity (such as being a minor); and
- Where a person has authorized us to collect information from other health service providers they have disclosed information to (for example, information provided via referral or medical reports); and
- From a person’s employer (if we have been engaged to provide services to the individual at the employer’s request).
How We Hold and Protect Personal Information
We store all personal information we collect electronically, including on or within:- Storage devices within our computers and telephone equipment
- Dedicated information storage software, such as client relationship management (CRM) software
- Third party secure storage services, such as GoogleDrive
- The backend of our website
- The backend of our social media accounts, such as Facebook and Instagram
Security
We are committed to ensuring that the personal information we hold is secure and protected from misuse, interference, loss and unauthorised access, modification or disclosure. We undertake the following precautions to protect personal information we hold- our website contains pages encrypted with SSL (Secure Sockets Layer) to ensure the safety of any data that is submitted through use of this website
- we limit access to personal information to a “need-to-know” basis
- the backend of our website and social media accounts is password protected
- we protect devices we use to collect, hold, use and disclose personal information with industry-standard anti-virus software
- our devices are protected by passwords and are stored in secure premises
- data is securely stored on cloud servers
- all hard copies of personal information are kept in secure storage with access by authorised personnel only
- all conversations involving the discussion of personal information take place in private, where conversations are unable to be overheard by unauthorised personnel
- if we no longer need personal information, we take reasonable steps to delete or de-identify the information
- all sensitive information is held in secure storage systems protected by passwords
- we limit access to sensitive information to a “need-to-know” basis
- we protect devices we use to collect, hold, use and disclose sensitive information with industry-standard anti-virus software
- our devices are protected by passwords and are stored in secure premises
- data is securely stored on cloud servers
- all hard copies of sensitive information are kept in secure storage with access by authorised personnel only
- all conversations involving the discussion of sensitive information take place in private, where conversations are unable to be overheard by unauthorised personnel.
Why We Collect, Hold, Use and Disclose personal information
We collect, hold, use and disclose client’s personal information as is reasonably necessary for us to provide our services, including for the following purposes:- to contact and communicate with clients and potential clients;
- for the purpose of providing mental fitness and wellbeing services to clients, which include in person and online courses;
- to facilitate and comment on psychological assessments, such as the Mental Toughness Questionnaire (MTQ – Plus);
- if relevant to services being provided, to provide psychological diagnoses;
- to access, update and transfer of electronic client records, including those contained in My Health Record (if participating);
- to communicate with other healthcare providers involved in a person’s care;
- to liaise with Medicare, health funds and/or government department as required by law and as required for billing and rebate purposes;
- to conduct activities relating to research, quality assurance and improvement processes, accreditation, audits, risk and claims management, client satisfaction surveys and staff education and training;
- when required for administrative and internal record keeping for a minimum of 7 years after our last contact (or if the client is under 18, until they turn 25);
- for statistical purposes; and
- as required by law.
We only collect, hold, use and disclose sensitive information where it is necessary in order for us to provide a service who have been engaged to perform, and not for any unrelated purposes (for example, for research or marketing) unless we have received the person’s prior informed consent.
Personal and sensitive information may be disclosed to our contractors who assist us to provide our services (for example, contract facilitators who assist us in running our programs). Where we disclose sensitive information to contractors, we will require them to agree to protect all such information to at least the standard set out in this policy.
We do not disclose personal information to overseas recipients.
never sell or rent personal or sensitive information we collect.
Requests to Access, Correct or Delete Information
Access:
You can request details of personal information that we hold about you in certain circumstances set out in the Privacy Act 1988 (Cth) (the Act). We may refuse to provide you with information that we hold in certain circumstances set out in the Act. Otherwise, we will provide access to the information if it is reasonable and practicable to do so. In most cases we will do this free of charge, but if your request requires significant effort or expense on our part, we might ask for compensation for that.
Correction:
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details set out below.
We will endeavour to promptly correct any information found to be inaccurate, incomplete, or out of date and to notify of the correction, unless it is impracticable or unlawful to do so.
Deletion:
If you want us to delete personal information we hold about you or to not collect information from you for a specific purpose, please contact us using the details set out below.
Please note that if we agree to delete information, because of backups and records of deletions, it may be impossible to completely delete the information without retaining some residual information.
We will respond to any request to access, correct or delete information within a reasonable time.
Unsubscribe
We like to keep our customers and website visitors up to date, so from time to time we will send you newsletters, invitations and updates. Not to worry: our emails will always come with an “Unsubscribe” button, so you can opt out at any time. To unsubscribe from our email database, or opt out of communications, use the “Unsubscribe” button in our communication or contact us using the details set out below.
Concerns
If you have a concern about management of your personal information, please contact Emily Johnson at moreinfo@getmentallyfit.com.au We can also provide you with a copy of the Australian Privacy Principles, which describe your rights and how your personal information should be handled, on request.
If unsatisfied with our response, you may lodge a formal complaint about the use of, disclosure of, or access to, your personal information, with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a-privacy-complaint or by post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.
Changes to this policy
If we decide to change our Privacy Policy, we will let you know by posting such changes on our website.
