PRIVACY POLICY

Jennifer Gardner, Clinical Psychologist

M Psych (Clin), BSc Psych (Hons), GDip Psych, MCouns, GDip Couns, GDip ClinNutr,

GCert NutrMed, BAFA (Hons), Board Approved Supervisor, Fellow of the APS College of Clinical Psychologists, FCCLP, MACPA, EMDRAA

Purpose

This document describes the privacy policy of Jennifer Gardner for the management of your personal information.

This practice is bound by the legal requirements of the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), the Notifiable Data Breaches (NDB) scheme, and relevant New South Wales health privacy legislation.

Further detailed information about privacy, confidentiality, and record handling is provided as part of the informed consent process if you proceed with services.

Jurisdiction

This policy is governed by Commonwealth privacy law and the laws of New South Wales.

If you reside outside NSW, the Australian Privacy Principles still apply nationally. Where other laws materially affect your rights, this will be explained prior to service provision.

Collection of Personal Information

Personal information is collected in a number of ways, including when:

You provide information directly (e.g. enquiry forms, email, phone, or in-session)
Information is received from referring practitioners (e.g. GP)
Information is provided by third parties (e.g. insurers, case managers, legal representatives), where relevant

Only information necessary for the provision of psychological services or administrative purposes is collected.

Website Enquiries

Information submitted via the website enquiry form is used only to respond to your enquiry and determine whether services may be appropriate.

This form is not a secure method of communication, and you are encouraged to avoid including sensitive personal or clinical information.

Website enquiries are stored within the website platform and are retained only as long as necessary to respond and manage enquiries in accordance with privacy obligations.

Use of Personal Information

Personal information is used for:

Providing psychological services
Managing appointments
Communication with you and other professionals (with consent)
Meeting legal, professional, and administrative requirements

Storage and Security

Personal information is stored securely using electronic systems and, where applicable, secure physical storage.

Access is restricted to Jennifer Gardner and authorised personnel engaged by the practice, in accordance with privacy and data-handling procedures.

Reasonable steps are taken to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Digital Systems and Third-Party Providers

This practice uses secure, health-appropriate systems to manage information, including clinical record systems, communication platforms, and administrative tools.

These systems may involve third-party service providers, some of which may store or process data outside Australia. Reasonable steps are taken to ensure such providers meet appropriate privacy and security standards.

Cross-Border Data Handling

Some administrative information may be stored or processed securely outside Australia through approved service providers.

Where this occurs, appropriate safeguards are used in accordance with APP 8 (cross-border disclosure).

Access and Correction of Information

Clients may request access to personal information held on file. Requests are preferably made in writing.

Access will be provided in accordance with applicable privacy legislation. In some circumstances:

Access may be limited, or
A summary may be provided rather than access to raw clinical notes

where necessary to protect the privacy, safety, or wellbeing of the client or others.

Reasonable administrative fees may apply where substantial time is required to prepare records.

Confidentiality

Personal information is treated as confidential and will generally only be shared with your consent.

Information may be shared in limited circumstances including:

With your consent (e.g. GP, referrer, insurer)
For professional consultation or supervision (de-identified where possible)

Exceptions to Confidentiality

Information may be disclosed without consent where required or authorised by law, including:

Court orders or subpoenas
Mandatory reporting obligations
Where there is a serious risk to your safety or the safety of others

Data Retention

Records are retained for the minimum period required by law (generally 7 years after last contact, or until age 25 for minors) and are then securely destroyed.

Data Breaches

In the event of a data breach that may cause serious harm, this practice will take reasonable steps to: