Skip to content
Mindkit Logo

Privacy Policy

Provider: MINDKIT PSYCHOLOGICAL SERVICES PTY LTD ABN 99 687 719 473
Website: www.mindkit.com.au
Clinic locations: Carlton and Brunswick, Victoria, and telehealth Australia wide
Contact: (03) 7003 2743, hello@mindkit.com.au
Complaints: feedback@mindkit.com.au
Last updated: 28/9/2025

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and when you receive services from us. We comply with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Health Records Act 2001 (Vic). We keep this Policy and our practices under review to remain aligned with current Australian privacy law, including updates to the APPs and the Victorian Health Privacy Principles.

This Policy sits alongside our Website Terms of Use and our Booking and Service Terms. If those documents conflict, legal obligations under privacy law prevail.

Quick summary for users

  • What we collect: identity and contact details, sensitive health information with your consent, service and billing details (we do not store full card numbers), and technical data like IP and device info when you use our website.
  • Why we collect it: to deliver services and manage bookings, communicate with you, process payments and rebates, comply with legal obligations, improve our services, and—only with consent—send practice updates. We do not use your sensitive health information for secondary purposes like marketing without your explicit consent.
  • How long we keep it: clinical records are generally kept 7 years after last entry, or until age 25 for records created when you were under 18. Enquiry forms from non-clients are kept 12 months then deleted. When information is no longer needed, we securely destroy or de-identify it.
  • Your rights: you can request access to and correction of your information, and you can complain to us. If you are not satisfied with our response, you can contact the OAIC or the Health Complaints Commissioner (Vic).

1. What we mean by personal information

  • Personal information: information or an opinion that identifies you or could identify you. Examples: name, contact details, date of birth, address.
  • Sensitive information: includes health information, mental health information, disability information, sexual orientation, racial or ethnic origin, and religious beliefs.
  • Health information: information about your health or disability, health services provided to you, and your wishes about future health services.

We only collect sensitive and health information with your consent or where the law allows or requires it.

2. What we collect

Depending on your interaction with us, we may collect:

  • Identity and contact: name, pronouns, date of birth, address, email, phone, emergency contact, next of kin.
  • Referral and funding: GP or psychiatrist referral details, Mental Health Treatment Plan, Eating Disorder Plan, NDIS status, plan manager details, Medicare number, private health insurer details.
  • Clinical information: intake forms, history, test results, therapy notes, assessment data, collateral information from approved contacts, and reports.
  • Booking and billing: appointment history, invoices and receipts, concessions, third party funders. We may store the last four digits of a card and tokenised payment approvals through our practice system. We do not store full card numbers on our servers.
  • Communications: emails, phone messages, and messages sent through booking links.
  • Website and device: IP address, device type, pages viewed, and cookie identifiers. See Section 9 for cookies and analytics.
  • Media and recordings: we do not record sessions without express written consent. If consent is given, recordings are stored securely and handled as health information.

3. How we collect information

  • Directly from you: when you enquire, complete forms, book or attend sessions, or correspond with us.
  • From others with your consent or where permitted: referrers, treating practitioners, family members or carers, schools, support coordinators, and plan managers.
  • From systems we use: our practice management system for bookings and clinical records, telehealth platforms for calls, payment processors for transactions, and email or SMS systems for reminders.
  • From your device: through cookies and analytics when you visit our website.

4. Why we collect and how we use information

We collect and use personal and health information to:

  • provide psychological services, assessments, and reports
  • manage bookings, reminders, billing, and rebates
  • communicate with you and your authorised contacts
  • coordinate care with your referrer or other providers
  • meet legal and professional obligations, including clinical record keeping and mandatory reporting
  • improve services, quality, and safety through de identified audits and supervision
  • operate our website, including security, diagnostics, and analytics
  • send service updates and practice news. You can opt out of direct marketing at any time.

We only use or disclose your information for the primary purpose of collection, for a related secondary purpose that you would reasonably expect, where you consent, or where the law allows or requires it. We will not use your sensitive health information for a secondary purpose such as marketing without your explicit consent.

5. Children and young people

For clients under 18: we collect information with the involvement of a parent or legal guardian unless a mature minor exception applies. We aim to support privacy and safety while meeting legal duties and clinical best practice.

6. Disclosing your information

We disclose information only as needed for care, administration, and legal compliance:

  • Within our practice: treating clinicians, supervisors, and our remote practice manager.
  • Your care team: referrers, GPs, psychiatrists, paediatricians, allied health professionals, schools, and hospitals, where you have consented or where required.
  • Funders and payers: Medicare, private insurers, NDIS plan managers and support coordinators, and approved third party funders.
  • Service providers: practice software, telehealth platforms, secure messaging providers, IT and cloud hosting, email and SMS platforms, document storage, and payment processors such as Stripe. We require these providers to handle data securely under contract, aligned with the Australian Privacy Principles and the Victorian Health Privacy Principles.
  • Regulators and law enforcement: AHPRA, Health Complaints Commissioner, OAIC, courts and tribunals, or police when required by law or to prevent a serious threat to life, health, or safety.
  • Business changes: if our practice reorganises, merges, or transfers, information may be transferred in a way that preserves confidentiality and legal protections.

7. Overseas disclosure

Some service providers may store data in servers located outside Australia. Where this occurs, we take reasonable steps to ensure the provider will protect the information in accordance with the APPs. You can ask us which countries currently host our core systems. If we anticipate a new overseas disclosure, we will assess and document the privacy risks.

8. Storage and security

We use layered security controls: access controls with least privilege, multi factor authentication where available, encryption in transit, encryption at rest where supported, regular updates, audit logs, and staff training. Paper records are stored securely and destroyed using secure methods when no longer required. No method of storage or transmission is completely secure, however we take reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure. Our controls are designed to align with current Australian privacy law and relevant professional guidelines.

9. Cookies, analytics, and direct marketing

Our website may use cookies and similar technologies to: keep the site secure, remember your preferences, measure traffic, and improve content. We may use privacy centric analytics tools, and we may also use third party analytics or pixels. You can control cookies in your browser. Some features may not work if cookies are disabled. If we send marketing emails, you can opt out by using the unsubscribe link or by contacting us. We do not publish clinical testimonials.

If you use an embedded booking tool, please note: that tool may set its own cookies. Its use is covered by the provider’s privacy terms.

10. Access and correction

You can request access to the personal and health information we hold about you, and you can ask us to correct it if it is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond within a reasonable time: usually within 30 days. We may charge a reasonable administrative fee for large or repeated requests. In limited circumstances we may refuse access: for example where access would unreasonably impact the privacy of others or pose a serious risk to health or safety. If we refuse, we will explain why and how you can complain.

11. Retention

Under the Health Records Act 2001 (Vic) and professional guidelines, we generally keep adult health records for at least 7 years from the date of the last entry. For records created when a person was under 18, we keep them until the person turns 25. Business records may be kept longer to meet legal, tax, or insurance requirements.

12. Data breaches

If a data breach occurs that is likely to cause serious harm, we will follow the Notifiable Data Breaches scheme: we will assess the incident, take steps to reduce any harm, and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) where required. If you suspect a breach, contact us immediately at hello@mindkit.com.au or (03) 7003 2743.

13. Complaints

We take privacy concerns seriously. Please contact us at feedback@mindkit.com.au with details of your concern and the outcome you seek. We will investigate and respond. If you are not satisfied, you may contact:

  • Office of the Australian Information Commissioner (OAIC): oaic.gov.au, 1300 363 992
  • Health Complaints Commissioner (Victoria): hcc.vic.gov.au, 1300 582 113
  • AHPRA: ahpra.gov.au, 1300 419 495

14. Changes to this Policy

We may update this Policy from time to time to reflect changes to our services or the law. The latest version will be posted at www.mindkit.com.au/privacy with the effective date shown at the top. Your continued use of our website or services after an update means that you accept the revised Policy.

15. Contact us

Questions about this Policy: hello@mindkit.com.au or write to 81 Holmes St, Brunswick VIC 3056.