Privacy Policy

Mental Health Management
Last updated: 03 October 2025

1. Introduction

Mental Health Management (“we”, “us”, “our”) is committed to protecting the privacy of individuals who interact with our services, website, and programs in Australia. This Privacy Policy describes how we collect, use, store, disclose, and manage personal information, including health-related information, in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our website (mentalhealthmanagement.com.au), registering for our services, or providing information to us, you agree to the terms of this Privacy Policy.

2. Scope

This policy applies to:

  • All personal and sensitive information collected or held by us in connection with our services, website, and operations.

  • Our interactions with clients, website users, employees, contractors, vendors, and other stakeholders.

  • Our use, storage, disclosure, retention and disposal of that information.

We may update this policy from time to time. The version of the policy posted on our website is the one in effect at any given time.

3. What is personal and sensitive information?

  • Personal information is any information or opinion about an identified individual, or an individual who is reasonably identifiable. This includes name, address, email, telephone number, date of birth, etc.

  • Sensitive information is a subset of personal information that is afforded greater protection, and includes information about health, mental health, genetic information, racial or ethnic origin, sexual orientation, or criminal record.

Given our nature of work in mental health, we may collect and handle sensitive health information.

4. How we collect personal information

4.1 Solicited collection

We collect personal and sensitive information when it is reasonably necessary for us to provide services, to manage our website, or to comply with legal obligations. Common situations include:

  • When you sign up for our services, create an account, or register via forms

  • When you complete intake, assessment, or health questionnaires

  • When you communicate with us (by email, phone, chat)

  • When you attend sessions (in person, online)

  • When third parties (e.g. referring professionals, other service providers) share relevant information with your consent

  • Automatically via our website (e.g. analytics, usage data, IP address)

We endeavor to collect directly from you, unless it is impractical to do so.

4.2 Unsolicited information

If we receive information that we did not solicit (e.g. by mistake), we will promptly assess whether it should be securely destroyed or de-identified, unless retention is required by law.

5. Notice and consent at collection

Where we collect personal or sensitive information, we will take reasonable steps to notify you of:

  • The identity of the entity collecting the information

  • The purposes for which we collect the information

  • To whom we may disclose the information

  • Any law that requires collection

  • The main consequences if you choose not to provide the information

  • How to access or correct your information

  • Whether the information is likely to be disclosed overseas

In many cases, we will obtain your consent (express or implied) to collect and use sensitive health information.

6. Use and disclosure

6.1 Primary purpose

We will use your personal and sensitive information for the primary purposes for which you provided it, including but not limited to:

  • Providing mental health, counselling or support services

  • Managing appointments, billing, client records

  • Communicating with you about our services or programs

  • Monitoring, evaluation, and quality improvement

  • Complying with legal or regulatory obligations

  • Internal administration and reporting

6.2 Secondary uses

We will not use your information for purposes other than those you would reasonably expect, unless:

  • You consent to the additional use or disclosure

  • The use or disclosure is required or authorised by law

  • The use or disclosure is for a permitted “secondary purpose” under the APPs

6.3 Disclosure to third parties

We may disclose information to:

  • Other health professionals, with your consent or as necessary for your care

  • Contractors or service providers (e.g. IT, billing, cloud hosting) who assist us in providing services

  • Legal or regulatory bodies if required by law or to protect rights, safety, or property

  • Entities overseas if required (we will notify you if we do so)

7. Cross-border disclosures

If we need to disclose personal information outside Australia, we will comply with the APPs regarding cross-border disclosure, ensuring that the overseas recipient is bound by similar privacy protections or obtaining your consent, unless a permitted exception applies.

8. Data quality, integrity, and security

8.1 Quality and integrity

We take reasonable steps to ensure that the personal information we collect, use, or disclose is accurate, complete, up-to-date, relevant and not misleading.

8.2 Security

We implement safeguards to protect information from misuse, loss, unauthorised access, modification or disclosure. These may include encryption, secure servers, locked storage, access controls, staff training, and regular audits.

When information is no longer needed, we will securely destroy or de-identify it, unless retention is required by law.

9. Access and correction

You may request access to personal information we hold about you, and ask for it to be corrected or updated. We will respond within a reasonable time, and in most cases within 30 days.

In certain cases, we may refuse access or correction (for example, if providing access would compromise someone else’s privacy, or where refusal is permitted by law). If we refuse, we will provide reasons and advise how you may complain.

10. Anonymity, pseudonymity & choice

Where lawful and practicable, we will allow you to interact with us anonymously or under a pseudonym. However, for many services (especially health or clinical services) your identity or key personal details are required for safety, proper care, record-keeping, billing, or legal compliance.

11. Cookies, analytics & website data

We and our service providers may collect non-personal or de-identified data about website usage (such as IP addresses, device/browser type, pages visited, timestamps) for analytics, debugging, improving the site, and security.

We may use cookies or similar technologies to improve your experience. You can usually disable or refuse cookies via your browser settings, although this may affect site functionality.

12. Handling data breaches

If we become aware of a data breach involving personal or sensitive information, we will follow our data breach response plan, including containing the breach, investigating, notifying affected individuals when required, and reporting to the Office of the Australian Information Commissioner (OAIC) where required under the Notifiable Data Breach (NDB) scheme.

13. Direct marketing & communications

From time to time, we may send you information about our services, events, or resources, if you have consented or it is permitted by law.

You may opt out of these communications at any time. Even if you opt out of marketing, we may still send you administrative or service-related messages.

14. Complaints, feedback & enforcement

If you believe we have breached this policy or the Australian Privacy Principles, you may contact our Privacy Officer. We will investigate and aim to respond promptly.

If you’re dissatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

15. Contact Information

Privacy Officer
Mental Health Management
Email: hello@mentalhealthmanagement.com.au

16. Additional notes for health / mental health contexts

  • In some cases (e.g. risk of harm to self or others, legal obligations, or court order), we may disclose information without consent, but only to the extent necessary and permitted by law.

  • With your consent, we may share information with carers, family members, or other health providers as part of your treatment plan.

  • We take extra care to ensure confidentiality and informed consent before sharing any mental health or sensitive health information.