Introduction 

At Stone by Stone Psychology (“we”, “our”, or “us”), we are committed to safeguarding your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the APS Code of Ethics. This policy outlines how we collect, use, store, and disclose your personal and health information when you engage with us. 

Who This Policy Applies To 

This Privacy Policy applies to all individuals engaging with Stone by Stone Psychology, including clients, prospective clients, website visitors, service providers, healthcare professionals, and support persons. It also applies to interactions via our website, communication channels, and social media. 

What is Personal Information? 

“Personal information” refers to data that identifies you or could reasonably identify you. This includes your name, date of birth, contact details, medical history, and psychological notes. “Sensitive information” is a subset of personal information and includes details about your mental and physical health, racial or ethnic background, religious beliefs, sexual orientation, and criminal history. 

What We Collect and Why 

We collect personal and sensitive information as required to deliver ethical, safe, and effective services. The type of information depends on your relationship with us: 

a. Clients 

• Name, date of birth, gender identity 

• Contact details and emergency contact 

• Medicare, NDIS, or insurance details 

• Referral forms, consent documents 

• Psychological history, family background, life history 

• Test results, diagnoses, and treatment notes 

b. Referring Professionals & Funders 

• Professional title and contact details 

• Medicare provider number (if applicable) 

• Information required for coordinated care 

c. Contractors & Third Parties 

• Business contact details 

• Information relevant to transactions or service provision 

If you do not provide required information, we may be unable to offer services or support safely and effectively. 

How We Collect Your Information 

Information is collected through: 

• Intake forms, therapy sessions, phone calls, and emails 

• Referrals from GPs, legal representatives, or insurers 

• Website interactions, including contact forms and analytics 

• SMS and voicemail communications 

• Third-party platforms and digital tools used in service delivery 

Where possible, we collect information directly from you. If we collect details about someone else, you must have their permission and inform them of this policy. 

Storage and Retention of Information 

All records are held in secure electronic systems hosted in Australia, and paper-based documents (where used) are either securely stored or digitized and destroyed. Access to your information is limited to authorised personnel only. We are legally required to retain client information for 7 years from the last entry date in your record, or until you reach 25 years of age, if you were a minor at the time of service. 

How We Protect Your Information 

To maintain confidentiality and protect against misuse, we implement the following safeguards: 

• Locked storage for physical records (where used) 

• Password protection, firewalls, and two-factor authentication for digital records 

• Encrypted email and secure servers 

• Regular audits to ensure compliance with privacy obligations 

• Secure destruction or de-identification of data no longer needed 

Despite our best efforts, no system can be guaranteed as completely secure—especially for information sent electronically or delivered to you (e.g., via email or paper copies). 

Use of Information 

We use your personal information to: 

• Assess suitability for psychological support 

• Provide therapy, assessment, and consultation services 

• Coordinate care with healthcare providers and funders 

• Send reminders, resources, invoices, and treatment-related materials 

• Improve our services through internal quality reviews 

We only collect the minimum information needed to achieve these goals. 

Disclosure of Information 

We may disclose your information: 

• To your GP, psychiatrist, insurer, or other health professionals involved in your care 

• To your legal representative (with written consent) 

• When discussing clients in individual or group supervision to retain best practice. In these instances, a pseudonym will be used and all personal information will be de-identified. 

• To third-party funders (e.g., Medicare, NDIS) to enable billing and rebates 

• If required by law, court order, or subpoena 

• When necessary to prevent serious risk to your health or safety, or the safety of others 

In couples or family therapy, information provided in shared sessions may be disclosed if legally required—even if it relates to both parties. Your data is never sold, rented, or shared for commercial purposes. 

Digital Data, Cookies & Analytics 

We may collect anonymised usage data via our website to improve digital services. Data may be gathered using: Google Analytics, Microsoft Clarity, or Meta Business Suite (e.g., Facebook/Instagram). 

This includes: 

• Time spent on pages 

• Device and browser type 

• General geographic region 

This data is de-identified and does not include names, addresses, or IPs. You may opt out of Google Analytics using Google’s opt-out tools. 

AI and Digital Tools 

We may use Artificial Intelligence (AI) tools to summarise practitioner notes or referral letters. These tools operate under strict data processing agreements. Your data is never used to train external AI models. If you do not wish AI to be used in your care, please notify your treating psychologist. 

SMS Reminders and Communications 

We use SMS messages to send appointment reminders. If you do not wish to receive these, please let us know in writing at stonebystonepsychology@hotmail.com. Your number will not be used for marketing purposes. 

Accessing or Correcting Your Information 

You can request access or corrections by emailing stonebystonepsychology@hotmail.com. We may: 

• Ask you to verify your identity 

• Charge a reasonable fee for administrative processing when requesting documents 

• Offer access via an in-person session with your treating psychologist 

In some cases, access may be denied to protect your wellbeing or the privacy of others. We will notify you in writing if this occurs and explain why. 

Notifiable Data Breaches 

In the event of a data breach likely to result in serious harm, we will follow Stone by Stone Psychology’s Data Breach Plan which includes;

• Notifying affected individuals 

• Contact any relevant regulation bodies depending on the severity of the breach

• Take immediate action to contain and resolve the issue 

Anonymity and Pseudonymity 

Where lawful and practical, you may use a pseudonym or remain anonymous—for example, when making general enquiries. However, full identification is required for any psychological treatment or reporting. 

Changes to This Policy 

This policy may be updated periodically to reflect legal changes or improvements to our practice. The latest version will always be available on our website. Continued use of our services implies agreement with the most current version. 

Contacting Us 

For questions, access requests, or to lodge a complaint about how your information is handled, please contact us in writing: 

📧 Email: stonebystonepsychology@hotmail.com 

We aim to respond to all written requests within 30 days. 

If you’re dissatisfied with our response, you may contact: 

• Office of the Australian Information Commissioner: www.oaic.gov.au 

• Australian Health Practitioner Regulation Agency (AHPRA): www.ahpra.gov.au 

• Australian Psychological Society (APS): www.psychology.org.au