Privacy Policy

Ballina Byron Psychology Pty Ltd t/a as Justin Doran Psychology is committed to providing high-quality psychological care. This policy outlines our ongoing obligations in relation to how we manage your personal information.

We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth), as well as the professional obligations of registered psychologists under the AHPRA Code of Conduct.

A copy of the Australian Privacy Principles is available from the Office of the Australian Information Commissioner at: www.oaic.gov.au.

What is personal information

Personal information is information or an opinion that identifies an individual.

Examples of the personal information we collect include:

  • Identification and contact details: Name, date of birth, address, email, phone number, and emergency contact details.
  • Demographic and administrative details: Medicare number, GP or referrer details, private health or funding information, claim numbers (e.g. workers compensation or CTP), appointment history, and correspondence.
  • Health and psychological information: Presenting concerns, medical and mental health history, family and developmental history, medications, assessment results, treatment plans, and outcome measures.
  • Information from third parties: Referrals, reports, letters, or test results from GPs, psychiatrists, paediatricians, specialists, schools, and other health professionals.
  • Billing and payment information: Fees, invoices, payment records, and limited payment method details processed via secure payment providers.

How is personal information collected

We collect personal information in several ways, including when:

  • You contact our service via telephone, email, SMS, email or online contact forms (for example, to make enquiries, arrange appointments, or change bookings).
  • You provide information directly during face-to-face or telehealth consultations.
  • You complete psychological measures or assessments, such as questionnaires or psychological tests.
  • Other health practitioners (e.g. your GP, psychiatrist, paediatrician, or other referrer) provide referrals, reports, or correspondence.
  • External organisations (e.g. insurers, third-party funders, employers, or compensation schemes) provide information relevant to your referral or claim, where you have consented or permitted by law.
  • You provide explicit consent for recordings of face-to-face or telehealth consultations. You may withdraw this consent at any time, and no further recordings will be made.
  • You use our website. Our website may collect technical information (such as cookies or similar technologies) for analytics and site functionality. You can adjust your browser settings to refuse cookies, although this may affect some features.

Purpose of collecting and holding personal information

We collect and hold personal information that is reasonably necessary to provide psychological services and to meet our legal, regulatory and professional obligations. These purposes include:

  • Receiving and triaging referrals, including the management of waitlists.
  • Managing appointments and communicating with you about your care.
  • Providing psychological assessment and treatment, including understanding your background, needs and goals to collaboratively plan and review care.
  • Coordinating care with your GP, referrer and other treating professionals, where you have provided consent or where permitted or required by law.
  • Preparing psychological reports.
  • Processing payments, Medicare claims, and private health or third-party funding claims, and maintaining accurate financial records.
  • Meeting legal, professional and insurer requirements, including maintaining appropriate clinical records and responding to complaints, audits or investigations.
  • Quality assurance, service improvement, and (where practicable) deidentified reporting, research or service evaluation using aggregated or deidentified data.

How personal information is stored

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps include administrative, technical and physical safeguards.Personal information is stored in a variety of ways, including:

  • Cloud-based practice management systems with password protection and multi-factor authentication.
  • Password-protected computer systems and devices.
  • Cloud-based psychological testing platforms with password protection and multi-factor authentication.
  • Artificial intelligence services for the transcription and/or writing of case notes and reports, utilising password protection and multi-factor authentication.
  • Email systems protected by password and multi-factor authentication
  • Locked filing cabinets or locked office spaces for any paper records.

Correspondence with your GP, other health professionals or third parties may be sent via secure electronic fax (e-fax) services using encryption technology, by email, or via Australia Post. While we take reasonable steps to protect information, communication via email, e-fax and postage carries some inherent privacy risks.

Payments are processed through established and secure payment providers where applicable.

Clinical records are generally retained for at least 7 years after your last contact. For clients under 18, records are retained until at least age 25, or longer where required by law or professional standards.

Where session recordings are made with your consent, they are stored securely and retained only for the agreed purpose and duration, after which they are deleted, unless you have provided separate written consent for longer retention.

Confidentiality of personal information

Access to personal information is restricted to treating psychologists and authorised staff, and only to the extent necessary to provide services and manage the practice.

Personal information gathered by your psychologist will remain confidential except for certain circumstances. In most cases, any sharing of information will only occur with your consent. Our practice asks for your consent to share information when:

  • Sharing your information with a family member, guardian or carer. 
  • Discussing with others, such as your GP, employer, or any agencies which may be paying for your attendance. 
  • Providing a written report regarding your assessment or treatment to another professional agency, such as your GP, lawyer or insurance company. 
  • For disclosing the information in any other way not referenced in this document. 

We will only use or disclose your personal information for the primary purpose for which it was collected, for a related purpose (or, for sensitive information, a directly related purpose) that you would reasonably expect, with your consent, or as otherwise permitted or required by law.

Exemptions to the confidentiality of personal information

There are times when your psychologist may release your information without obtaining your consent such as:

  • When a court requires information by issuing a subpoena or providing information is otherwise required or authorised by law. 
  • When it is required because the psychologist must make a mandatory report on a concern such as child protection responsibilities or serious criminal acts. 
  • When the psychologist discloses information because they believe you or someone else is at risk of serious harm. 

Where possible, we will make reasonable efforts to discuss any such disclosures with you.

Psychologists are required to provide regular written progress reports to general practitioners, psychiatrists or paediatricians when you are referred under the Medicare Better Access Scheme. By signing this consent form you are aware of your psychologist’s obligation to do this as part of the psychological service.

Psychologists are also required to consult and receive supervision from colleagues from time-to-time. If your information is shared in this context, all care is taken to deidentify your information in such a way that you remain anonymous.

Data breach response

If we become aware of, or suspect, an eligible data breach involving personal information that is likely to result in serious harm, we will:

  • Take immediate steps to contain the breach
  • Assess the nature and extent of the breach, including the type of information affected
  • Take reasonable steps to reduce any risk of harm and secure our systems
  • Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable, where required, in accordance with the Notifiable Data Breaches scheme

We take data security seriously and will respond promptly and transparently to any such incidents.

How to access personal information or request a correction

You may request access to, or correction of, the personal information we hold about you.

Your psychologist can discuss your record with you and, where appropriate, provide access or a copy of your information, unless an exemption applies under the Privacy Act or other relevant legislation (for example, where access may pose a serious threat to the life, health or safety of any individual, or where giving access would unreasonably impact the privacy of others).

Requests can be made to your psychologist or our administration team. Requests are preferably made in writing. We will respond within a reasonable period (usually within 30 days).

In some circumstances, a reasonable fee may be charged where significant administrative time is required, or where an appointment is needed to review the information with you.

If you believe that the information we hold about you is inaccurate, incomplete or out of date, you may request that it be corrected. We encourage you to discuss your concerns with your psychologist or our administration team.

If we decline to provide access or to correct information, we will provide reasons and information about how you can make a complaint. Where appropriate, you may request that a statement be added to your record noting your view.

Concerns or complaints

If you have any concerns about how your personal information has been collected, used or managed, we encourage you to raise this with your psychologist or contact our administration team in the first instance. We take privacy concerns seriously and will aim to respond promptly. If needed, we may contact you to better understand your concerns.

Phone: 0415 134 194
Email: admin@justindoran.com.au

We will endeavour to respond to your complaint within a reasonable timeframe (usually within 30 days).

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Phone: 1300 363 992
Online: via the OAIC online complaint form
Mail: GPO Box 5288, Sydney NSW 2001

Communication

We may use your contact details to communicate with you about your care and our services. This may include contact via phone, SMS or email.This communication may include:

  • Appointment confirmations, reminders and changes
  • Information relevant to your care or treatment
  • Administrative information relating to our services

With your consent, we may also send you updates or resources that may be relevant to your interests or wellbeing.

You may opt out of receiving non-essential communications at any time by contacting us.

While we take reasonable steps to protect your information, communication via SMS and email carries some inherent privacy risks.

Appointment reminders are provided as a courtesy; however, it remains your responsibility to attend scheduled appointments.

Updates to this policy

We may review and update this Privacy Policy from time to time to reflect changes in law, technology or our practice operations.

The most current version will be available on our website and will include the date it is effective from. Where appropriate, we may take reasonable steps to notify you of any significant changes.

Last updated: April 2026