Privacy Policy

Reflect Renew Counselling ("Reflect Renew", "we", "us" or "our") respects your privacy and is committed to protecting your personal and health information.

This Privacy Policy explains how we collect, hold, use and disclose personal information when you:

• visit our website
• contact us or make an enquiry
• book an appointment
• participate in counselling sessions (including telehealth)
• otherwise interact with our services

Reflect Renew Counselling is operated by Deborah Kathleen Haywood, trading as Reflect Renew Counselling.
ABN: 51 513 591 548

Although Reflect Renew operates online and accepts clients from across Australia, the practice is based in Victoria and handles health information in accordance with:

• the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)
• the Health Records Act 2001 (Victoria) and the Health Privacy Principles (HPPs)

Where clients are located in other Australian states or territories, additional state or territory health privacy legislation may also apply. Reflect Renew handles all client information in accordance with the highest applicable standard.

Contact Details

Privacy enquiries can be directed to:

What Personal Information We Collect

We may collect personal information such as:

• your name and preferred name
• date of birth
• contact details (email, phone number, address)
• emergency contact details
• appointment information
• billing and payment information
• records of communications with you

Because Reflect Renew provides counselling services, we may also collect sensitive information and health information, including:

• information about your wellbeing and mental health
• presenting concerns or issues discussed in counselling
• medical or mental health history where relevant
• family or relationship context
• counselling goals
• session notes and clinical observations
• referrals, reports or relevant documents

We only collect information that is reasonably necessary to provide counselling services and operate the practice safely and professionally.

How We Collect Information

We usually collect information directly from you, including when you:

• contact us by phone or email
• complete an enquiry or intake form
• book an appointment through Acuity Scheduling
• attend counselling sessions
• participate in telehealth sessions through Google Meet

Where appropriate and with your consent, we may also collect information from:

• referring health professionals
• other healthcare providers involved in your care
• insurers
• parents or guardians (for clients under 18)

If you provide information about another person (for example an emergency contact), you should ensure you are authorised to do so.

Informed Consent

Before counselling begins, we will provide you with information about the counselling process, including the nature of services offered, the approaches used, the potential benefits and risks, the limits of confidentiality, and your rights as a client.

You will be asked to provide informed consent before participating in counselling. Consent may be given in writing or verbally. Where verbal consent is provided, this will be documented in your clinical notes.

You may withdraw your consent at any time. Withdrawing consent will not affect the lawfulness of any information handling that occurred before consent was withdrawn.

Why We Collect and Use Personal Information

We collect, hold, use and disclose personal information in order to:

• provide counselling services
• assess whether our services are appropriate for you
• manage appointments and telehealth sessions
• maintain clinical and administrative records
• communicate with you about your care
• process payments and invoices
• liaise with other health professionals involved in your care (where appropriate and with your consent)
• comply with legal, ethical and professional obligations
• manage safety risks or emergencies

We generally only use or disclose information for the purpose for which it was collected, unless you consent otherwise or the law requires or permits it (see Limits of Confidentiality below).

Confidentiality

Confidentiality is a cornerstone of the counselling relationship. Information shared in counselling sessions is treated as confidential and will not be disclosed to third parties without your consent, except where required or permitted by law.

Limits of Confidentiality

There are circumstances in which we may be required or permitted by law to disclose information without your consent. These include where:

• there is a serious and imminent risk of harm to you or another person
• we are required to make a mandatory report under child protection legislation (for example, the Children, Youth and Families Act 2005 (Vic))
• we receive a court order or subpoena requiring disclosure of information
• disclosure is required or authorised under other legislation (for example, mandatory reporting of certain communicable diseases)
• we are required to report under the Family Violence Protection Act 2008 (Vic) or similar legislation

Where possible, we will discuss any required disclosure with you beforehand. These limits will also be explained to you as part of the informed consent process before counselling begins.

Online Bookings, Telehealth and Digital Storage

Reflect Renew uses trusted third-party service providers to operate the practice. These include:

• Acuity Scheduling (Squarespace) for online appointment bookings
• Google Meet for telehealth sessions
• Google Workspace for secure digital storage of files and communications
• Google Analytics 4 for website analytics (see Website Cookies below)

Telehealth sessions are conducted via Google Meet. Sessions are not recorded unless this is discussed and agreed to in advance.

These service providers use industry-standard security measures including encryption of data in transit and at rest. Their respective privacy policies are available on their websites. We take reasonable steps to satisfy ourselves that these providers handle information securely and consistently with applicable privacy laws.

Overseas Disclosure

Because Reflect Renew uses cloud-based systems, some information may be stored or processed outside Australia. For example, Acuity Scheduling (Squarespace) and Google Workspace / Google Meet may store or process information in countries including the United States and other international data centre locations.

Under Australian Privacy Principle 8, Reflect Renew remains accountable for the handling of your personal information by overseas recipients. We take reasonable steps to ensure these providers handle information in accordance with the Australian Privacy Principles. If you have concerns about overseas data handling, please contact us using the details above.

How We Protect Your Information

We take reasonable steps to protect the personal and health information we hold from misuse, loss, unauthorised access or disclosure. These steps include:

• use of secure, encrypted cloud storage systems
• multi-factor authentication on accounts that store or access client information
• password protection and access controls
• encrypted communications where practicable
• device-level security measures including screen locks and up-to-date software
• secure handling of any paper records
• confidentiality obligations

We regularly review our security practices to ensure they remain appropriate for a telehealth counselling practice. Cybersecurity risks are considered as part of our broader risk management approach, and we maintain appropriate insurance coverage in relation to data security.

Website Cookies

The Reflect Renew website uses Google Analytics 4 to understand how visitors use the site. Google Analytics collects information such as pages visited, time spent on the site, approximate geographic location (country/region level), device and browser type, and how you arrived at the site. This information is aggregated and does not identify you personally.

Google Analytics uses cookies — small text files stored in your browser — to distinguish visitors and measure usage over time. Data collected is sent to and processed by Google on servers which may be located outside Australia, including in the United States (see Overseas Disclosure below).

We do not use Google Analytics for advertising or remarketing purposes. If you would prefer not to be tracked, you can install the Google Analytics Opt-out Browser Add-on or adjust your browser's cookie settings.

Basic cookies may also be set by the website platform or booking system for functionality and security purposes.

Direct Marketing

Reflect Renew does not currently send marketing newsletters or promotional emails. You may receive service-related communications such as appointment confirmations, appointment reminders, telehealth links, and invoices or receipts. These communications are necessary to provide counselling services.

Anonymity

Where lawful and practicable, you may make a general enquiry anonymously. However, it is generally not possible to provide counselling services anonymously, because identity information is necessary for clinical records, appointment management and safety obligations.

How Long We Keep Records

Under Victorian health privacy law, health information and counselling records (including session notes, clinical observations, and all personal and health information held in relation to your care) must generally be retained for:

• at least 7 years after the last client contact, or
• until a child client turns 25,

whichever is longer. When records are no longer required by law, they will be securely destroyed or permanently de-identified.

Access to Your Information

You may request access to the personal or health information we hold about you. To make a request, please contact us using the details above.

We may ask you to provide identification before releasing records. Requests relating to health information are usually responded to within 45 days, as required under Victorian health privacy law.

You may also request that incorrect or incomplete information be corrected. If we correct information that has previously been disclosed to a third party, we will take reasonable steps to notify that third party of the correction.

Data Breaches

If we become aware of a data breach involving personal information, we will promptly investigate and take appropriate steps to contain the breach and mitigate any potential harm.

Where a breach is likely to result in serious harm and we have been unable to prevent the likely risk of serious harm with remedial action, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme.

We maintain appropriate insurance coverage to support our response in the event of a data breach.

Complaints

If you have a privacy concern or complaint, please contact Reflect Renew first so we can try to resolve the issue. We aim to acknowledge your complaint within 7 days and provide a substantive response within 30 days.

If you are not satisfied with our response, you may contact:

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. The latest version will always be available on the Reflect Renew website.