Privacy Policy.
Purpose of this Policy
At Cosmovision Psychology, we value your trust and are committed to protecting your personal information. The information you provide helps us deliver safe, ethical, and effective psychological services. This policy explains how we collect, store, use, and disclose your personal information in accordance with Australian privacy law and the Psychology Board of Australia Code of Conduct (2025).
Relevant Laws and Professional Standards
Our management of your personal and health information complies with:
- Privacy Act 1988 (Cth)
- Australian Privacy Principles (APPs)
- Health Practitioner Regulation National Law
- Psychology Board of Australia — Code of Conduct (1 December 2025)
What Is Personal Information?
Personal information includes any data that identifies you or can reasonably identify you. Health information is a special category of personal information and includes information about your physical or psychological health, treatment, or disability.
What Personal Information Do We Collect and Why?
To provide safe, appropriate, and evidence-based psychological services, we may collect:
Basic identifying information
- Name, address, date of birth
- Contact details
- Emergency contact
- Medicare or health fund details (if relevant)
- Medical and mental health history
- Family history relevant to psychological wellbeing
- Educational, developmental, or employment information
- Relevant legal or forensic history (where applicable)
- Intake information
- Assessment results (psychometrics, questionnaires, neuropsychological tests)
- Session notes and formulations
- Treatment plans and progress notes
- provide assessment, diagnosis, and treatment
- tailor services to your needs
- meet legal, professional, and safety obligations
- support continuity of care with other treating professionals (with your consent)
Use and Disclosure of Personal Information
Your information is used primarily to deliver psychological services. We may disclose information:
- to your GP, referrer, or other treating professionals with your consent
- to third parties when you request or authorise this
- in reports for NDIS, insurers, employers, or schools with your consent
Mandatory Disclosures (as required by law or the 2025 Code of Conduct)
We may disclose information without your consent if:
- there is a serious and reasonably foreseeable risk of harm to you or someone else
- there is a significant threat to public health or public safety
- we are legally required (e.g., subpoena, child protection laws, mandatory reporting)
- required by the Psychology Board of Australia or AHPRA as part of regulatory processes
Storage and Security of Personal Information
We take reasonable steps to protect your information from loss, misuse, unauthorised access, or modification.
- Paper records are kept in secure, locked storage.
- Electronic records are stored on secure, password-protected, professionally managed systems.
- Data is securely backed up.
- Staff follow strict confidentiality procedures in line with the Board’s 2025 Code.
- 7 years from last contact for adults
- until a child turns 25 if they were under 18 at the time of last contact
Access to Your Personal Information
You may request access to your personal information at any time, in writing. Access may be restricted only when:
- providing access would pose a serious threat to the life, health, or safety of any person
- providing access could unreasonably impact the privacy of others
- the request is frivolous, vexatious, or relates to legal proceedings where access must occur through a formal process
You may also request corrections to your information.
Research and Personal Information
We may use de-identified information internally for service improvement. Identifiable information will not be used for research without:
- your explicit written consent
- approval from a Human Research Ethics Committee (if applicable)
Anonymity and Pseudonymity
Where lawful and clinically appropriate, you may engage with us anonymously or via a pseudonym. This is not possible when:
- we need your identity to provide safe and effective care
- the law requires identification (e.g., Medicare claims, court-ordered services)
Duty of Care and Professional Obligations
The Psychologist at Cosmovision Psychology follow the Psychology Board of Australia Code of Conduct (2025), which requires:
- providing culturally safe, respectful, and inclusive care
- consulting and obtaining informed consent throughout treatment
- appropriate record-keeping and privacy protection
- disclosing information when needed to prevent serious harm
- complying with mandatory reporting and public-safety obligations under the National Law
Data Breach Response
We comply with the Notifiable Data Breaches Scheme. If a data breach is likely to result in serious harm, we will:
1. Contain and assess the breach
2. Notify affected individuals and the Office of the Australian Information Commissioner (OAIC)
3. Take steps to prevent further breaches
See: www.oaic.gov.au/privacy/notifiable-data-breaches
Changes to This Policy
This policy may be updated to reflect changes in law, professional standards, or best practice. The most current version will always be available upon request.
Complaints
If you have a concern about how we manage your personal information, you may contact:
Cosmovision Psychology
Email: [email protected]
We aim to respond within 30 days.
If unresolved, you may contact:
- Office of the Australian Information Commissioner (OAIC) - www.oaic.gov.au/privacy/making-a-privacy-complaint, Phone: 1300 363 992
- Australian Health Practitioner Regulation Agency (AHPRA) - ahpra.gov.au
- Psychology Board of Australia (for professional conduct matters)
- NDIS Commission (if relevant to services provided)