Privacy Policy

This privacy policy outlines how we collect information so that you can feel comfortable sharing it with us. It outlines the way we at Building Resilience Occupational Therapy (ABN 13346020911) collect, hold, use and disclose personal information. We may collect personal information from children as well as adults.

WHAT PERSONAL INFORMATION WE COLLECT & HOW AND WHY WE COLLECT IT?

What personal information do we collect?

The personal information we collect is generally limited to the following: name, contact details, date of birth, job information, NDIS details, place of birth, and any communications we have.

However, we may also collect:

  • sensitive information from you with your consent, such as where we ask for information about your health, medical;

  • financial information, such as your credit card or debit card details;

  • and information about how you use our website, via third parties.

How do we collect your personal information?

The main ways we collect information are when you give it to us directly or indirectly. This might be by filling out forms on our website like sign-up or intake forms, or providing us information through phone calls, emails, or social media. Additionally, we may collect information from SMS interactions, such as responses to SMS notifications or promotional messages sent by us. We may also collect information from the person that referred you, or other people or organisations.

We love hearing from you, and we promise to keep your information safe and secure.

We also use cookies on our website. These are little bits of data that help our website work better. They might identify you and keep track of the pages you visit. This helps us improve our website and make it more secure. Plus, it makes it easier for you to use our website! You won’t have to fill in your information again and again.

At times personal information may also be gathered from third parties, such as Google Analytics or Facebook Pixel. These third parties may use cookies, web beacons and similar technology to collect or receive information about your habits on the internet.

Why do we collect your personal information?

We need your personal information to:

  • communicate with you in relation to your enquiry;

  • verify your identity for security purposes;

  • send you news if you have signed up via email or SMS (you can unsubscribe from either of these at any time);

  • conduct our business, and enable your use of our website, products, and services; and

  • in some cases, to comply with our legal obligations, such as record keeping. Typically, the law requires us to retain financial records for 7 years. Health records are generally required to be kept for 7 years for adults, and children's records are required to be kept until they turn 25 years of age. For all other types of personal information we retain the data for 3 years from the last interaction with the user, unless otherwise specified or requested by the user.) Otherwise, we generally keep the information for as long as is necessary and no more.

We also collect personal information to analyse and enhance our business operations and improve your experience with our business. This is used as statistical information to analyse our website traffic and to customise the content and advertising we provide.

You can opt-out of the collection and use of this information by changing your privacy settings or opting out.

To opt-out of Google advertising you can go here: https://tools.google.com/dlpage/gaoptout

To change your Facebook ad preferences you can go to "Facebook Help Centre", "Manage my account" and "Ad preferences".

To opt out of our emails you can Unsubscribe, and for SMS you can text back on the opt out link.

Where we collect your financial information, we use it to help you pay for our products and services. Only the staff that need to know this information have access to it, and we only keep it as long as it is necessary. We use SSL certificates to verify your identity and encrypt any data you give us. All financial information is encrypted on our servers, and we do not keep all your data (to prevent unauthorised and duplicated transactions). We do not keep any details of your direct debit, and all information is sent to our bank for processing. Furthermore, we adhere to the Payment Card Industry Data Security Standard (PCI DSS) when handling credit card data.

WHEN DO WE DISCLOSE PERSONAL INFORMATION & HOW YOU CAN ACCESS IT?

When do we disclose your personal information?

We use reasonable precautions to make sure your information stays safe and secure. Only authorised personnel can access it, and we keep it in accordance with our legal record keeping obligations. When we don't need it anymore, or it is unsolicited, we destroy it appropriately. We generally will not disclose your personal information unless we have your consent, it's required by law*, or it's necessary for us to provide you with our services. In the case of sensitive information, we will not disclose it to third parties unless it is necessary for medical treatment, required by law or you have provided explicitly consent.

* This can include where we are of the reasonable belief that there is a serious risk to life, health or safety of you or another person. For example, if there is evidence of clear danger of harm to self and/or others, we may be legally required to report this information to the authorities responsible for ensuring safety. This includes if there is a strong suspicion of physical or sexual abuse or emotional, or neglect or exposure to family violence of any person under 18 years of age. A court order could also require us to release information contained in records.

We will also ensure that all appropriate safeguards are in place in line with the Australian Privacy Principles and other relevant legislation. We will only collect your sensitive information for the purpose for which you gave it to us or for directly related purposes that you would reasonably expect or if you otherwise agree.

Sometimes we do disclose your personal information where it is necessary to obtain third-party services, like analytics, data storage, payment providers or advertising services. We do our best to make sure the providers we use comply with privacy laws and regulations. You can opt-out of the collection and use of this information by changing your privacy settings or opting out.

Cross-Border Disclosure of Personal Information

We may disclose your personal information to third-party service providers located overseas for purposes such as analytics, data storage, payment processing, or advertising services. We ensure that any overseas recipient of your personal information is subject to laws or contractual obligations that are substantially similar to the Australian Privacy Principles to protect your privacy.

Before we disclose your personal information to an overseas recipient, we will take reasonable steps to ensure that they do not breach the Australian Privacy Principles concerning your personal information. This may involve:

  • entering into binding contractual arrangements with the overseas recipients that require them to handle your personal information in accordance with our instructions and protect your personal information in a manner consistent with the Australian Privacy Principles;

  • verifying that the overseas recipient is subject to a law or binding scheme that, overall, provides for privacy protections substantially similar to the Australian Privacy Principles;

  • obtaining your express consent to the disclosure after informing you that the overseas recipient may not be required to comply with the Australian Privacy Principles.

How can you access or delete your information?

If you want to access, correct or delete your information, or to change your communication preferences via email or SMS, please email us at anya@buildingresilienceot.com. We're happy to help, unless we're required by law to withhold it. And if you have any concerns at all about your privacy, please also email us at anya@buildingresilienceot.com. You can also make a complaint with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au where you can go to the "Lodge a Privacy Complaint with us" page, or post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.

Thank you for trusting us with your personal information. Above all, we will do our best to keep it safe and use it responsibly.