Privacy Policy

This is the privacy policy of Therapy Co Pty Ltd ABN 57 657 748 037 (“Company”) and our related entities. In this document, the expressions “we”, “us” and “our” are a reference to the Company. The term “you” and “your” refers to the website user or reader of this document.

The purpose of this policy is to clearly express an up-to-date policy about our management of personal information.

 

Your Rights in Relation to Privacy

The Company understands the importance of protecting the privacy of an individual’s personal information and adopts the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Act).

This Privacy Policy sets out how we collect, use and disclose information about you, how we aim to protect the privacy of your personal information and your rights in relation to your personal information.

We may change this Privacy Policy at any time, without telling you.

Kinds of Personal Information

During the provision of our services or through your use of our website, the Company may collect your personal information. Personal information is information or an opinion about an identified, or reasonably identifiable, individual, whether or not the information or opinion is true and whether or not it is recorded in a material form.

If you’re a client (or potential client), it is highly likely that you will share some personal information with us. This includes:

  • contact details such as your name, business or personal addresses, email addresses, phone and fax numbers;
  • your employment or professional details;
  • details of your company’s ABN and/or ACN;
  • student identification number;
  • employment details;
  • educational qualifications;
  • banking and payment details; or
  • financial information including bank account and credit card details.
 

Depending on Your use of the Website, we may collect Personal Information that may be considered as sensitive information under the Act. The types of Sensitive Information that We may collect from You include Your membership of a professional or trade association. Please notify us as soon as you can of any changes to the information provided to us or if you are aware of any inaccurate, out of date, misleading or false information.

 

Collection of Personal Information

Generally, The Company will collect your personal information through:

  • direct contact with you, whether in person or over the phone, email, or mail;
  • the completion of online forms or booking forms on our website; or
  • information services providers, including social media, or publicly available information.


When you use our website, the following information may be logged for statistical purposes and for the purposes of marketing and advertising to you:

  • the date and time of your visit to our website;
  • your IP address;
  • pages that you accessed and documents downloaded; and
  • the type of browser you were using.


Cookies may be used on our website. Cookies are pieces of information that a website transfers to a computer’s hard drive for record keeping purposes. Most web browsers are set to accept cookies and do not personally identify the user.

 

 

Purpose of Collection

The company may need your personal information for the following reasons:

  • to respond to your enquiries or requests via our website;
  • so that we or our related entities can provide you with services;
  • for accounting, billing and other internal administrative purposes;
  • to invite you to events, functions or training events and provide you with updates and publications;
  • to add you to our mailing list where you have subscribed to our newsletter; or
  • any other legal requirements.
 

The Company may also use and disclose your personal information in order to inform you of products and/or services that may be of interest to you. In the event you do not wish to receive such communications, you may, at any time, request not to receive direct marketing communications from us or use any opt-out mechanism provided.

 

Disclosure of Personal Information

Generally, the Company and associated entities will only disclose your personal information for the purpose of providing services. This may include disclosing your personal information to third parties engaged to perform administrative or other business management services. This disclosure is always on a confidential basis or otherwise in accordance with law.

The Company may also disclose your personal information with your consent or if disclosure is required or authorised by law.

 

Overseas Disclosure

We will not generally disclose your personal information outside Australia. We might disclose your personal information to overseas entities if it is requested by you or you have provided consent (either express or implied). Before disclosing any personal information to an overseas recipient, the Company will take reasonable steps to ensure that the overseas recipient complies with a similar privacy scheme, but cannot guarantee or make any warranties that they will.

 

Security of Your Personal Information

We will always do our best to ensure that the personal information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. We do this by password protecting our information and using two-factor authentication where possible, having virus protection software and not clicking on suspicious-looking emails.

The Company generally holds your personal information electronically, but when it absolutely can’t be avoided, we may from time to time hold your information in paper form also.

The Company will destroy your personal information in circumstances where it is no longer required, unless required by law to retain the information.

 

Data breaches

All staff are responsible for protecting the confidentiality of client information and business information. Refer any data breaches, or suspected data breaches, to the customer services team as soon as possible.

We cannot provide any guarantee with respect to the security of your personal information and we will not be liable for any breach of security or unintended loss or disclosure of information due to the Website being linked to the internet.

 

 

What is an eligible data breach?

An eligible data breach, defined in s 26WE(2) of the Act, is when:

 

  • both of the following conditions are satisfied:
  • there is unauthorised access to, or unauthorised disclosure of, the information;
  • a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or
  • the information is lost in circumstances where:
  • unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
  • assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.

 

If there is a suspicion of a breach

If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment will be conducted within thirty (30) days.

If we believe or have reasonable grounds to believe there has been a breach then a statement will be prepared setting out:

  • the business’s details;
  • a description of the breach;
  • the kind or kinds of information concerned; and
  • recommendations about the steps that we will take in response to it.

If practicable, we will advise the contents of the statement to each of the affected clients who may be at risk from the breach. If this is not practicable we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method.

The statement will be submitted to the Privacy Commissioner.

 

Exception to reporting

Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals.

 

How You May Access Your Personal Information

Under the Privacy Act, you have a right to access and seek correction of your personal information that is collected and held by the Company.

If at any time you would like to access or correct the personal information that the Company holds about you, please contact our privacy officer: contact@autism.com.au

To obtain access to your personal information:

  • you will have to provide proof of identity to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected;
  • you will need to be reasonably specific about the information you require; and
  • The Company may charge you a reasonable administration fee, which reflects the cost to us for providing access in accordance with your request.
 

If the Company refuses your request to access or correct your personal information, we will provide you with written reasons for the refusal and details of complaint mechanisms.

 

Complaints

Please direct all privacy complaints to our privacy officer. We will take any privacy complaints seriously and deal with them in a prompt and confidential manner.

You will be informed of the outcome of your complaint following completion of the investigation, which will take no more than thirty (30) days.

In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.