Flowwithin is committed to protecting clients' personal information in compliance with the Privacy Act 1988 (Cth) and associated Australian Privacy Principles (APPs). This policy outlines how client data is collected, used, stored, and managed.

​

definition of personal information

Personal information includes any data that identifies an individual, such as name, contact details, medical history, and other relevant information collected during psychological services.

​

client information management

Client administration is managed through online practice management software, currently facilitated through Halaxy. No client notes are held on this platform. Client notes are stored in a separate note taking platform that is only opened for the duration notes are accessed, which is also encrypted at-rest and in-transit. All client personal details are redacted from the note taking platform to minimise the impact of a potential compromise as personal details cannot be determined. Artificial intelligence tools may be used to assist with the collection and processing of session notes. Clients will always be informed and must consent before these tools or any session recordings are used.

For more information, please refer to the Halaxy Terms of Use and Halaxy Privacy Policy

​

how personal information is collected

Personal information is collected through various methods, including:

• Direct interactions during consultations (via forms, email, or text).

• Contact with Flowwithin staff.

• Information provided by other health practitioners (e.g., referrals or reports).

​

purpose of holding personal information

Personal information is collected to provide psychological services, which include assessment, diagnosis, and treatment. This information is also used to document sessions and maintain high-quality care. Clients can opt out of non-essential communications. You do not have to give all your personal information, but if you don’t, this may mean the psychological service may not be effective.

​

limits to confidentiality

Personal information will only be disclosed in the following situations:

• If subpoenaed by a court

• When there is a reasonable belief that failure to disclose the information would place the client or another person (including any child) at a serious and imminent risk of harm

• To provide a written report to another professional (eg. a GP or a lawyer) or discuss the material with another person (eg. a parent or employer) that has been nominated by the client

• When required by law.

 

All efforts will be made to discuss disclosure of your personal information prior to this occurring.

​

access to personal information

Clients can request access to or correction of their personal information by contacting michael@flowwithin.com.au. If deemed inaccurate, out of date or incomplete, reasonable measures will be taken to correct the information. These requests will be processed within 30 days. In certain situations (e.g., if access may pose a health or safety risk), Flowwithin may refuse access, with reasons provided.

​

data retention

Personal information is stored for seven years after the last consultation, in line with Australian legal and professional requirements. For clients under 18, records are kept until the client turns 25.

​

data breach response

In the event of a data breach, affected clients will be notified in compliance with the Notifiable Data Breaches (NDB) scheme and steps will be taken to mitigate potential harm.

​

concerns and complaints

Clients with concerns about their personal information can contact Michael at michael@flowwithin.com.au. 

For formal complaints, clients can contact the Office of the Australian Information Commissioner (OAIC) at 1300 363 992 or submit a complaint online at the OAIC website