1. Commitment to Privacy

I am committed to protecting your privacy and handling your personal and health information in a respectful, secure, and transparent way. This Privacy Policy explains how I collect, use, store and, if necessary, disclose your information, in line with applicable privacy laws.

As a health service provider, I comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) in how I collect, use and manage your personal and health information. As a counselling practice, Grounded Actions Counselling is considered a health service provider and must meet specific legal obligations when handling health information.

As a Registered Counsellor with the Australian Counselling Association (ACA), I am bound by the ACA Code of Ethics and Practice. This includes clear obligations around confidentiality, record-keeping, informed consent, and respectful, culturally sensitive care.

2. What Information Is Collected

Only information necessary to provide counselling services is collected. The personal information I collect may include:

• Your name, contact details, and date of birth, to help me identify and communicate with you.

• Emergency contact information, to ensure safety in urgent situations.

• Information relevant to your counselling needs and goals, such as personal history.

• Administrative information, including appointment records and payments.

3. How Information Is Collected

Personal information is collected directly from you through a range of methods, which may include:

• Intake forms, consent forms, and assessment forms.

• During counselling sessions.

• Email, phone, or other electronic communications with you.

• Online booking systems and practice management platforms.

4. Purpose of Collecting Information

Your personal information is collected for the purposes of:

• Providing counselling services.

• Managing appointments, billing, and other administrative tasks.

• Maintaining accurate and appropriate clinical records.

• Communicating with you about your care.

• Meeting legal, ethical, and professional obligations.

5. Use of Practice Platforms

Your personal information may be stored and managed using secure third-party platforms to support the delivery and administration of Grounded Actions counselling services. These platforms may include:

• Halaxy: practice management, appointment booking, billing, and record keeping.

• Healthdirect Video Call: telehealth appointments.

Your personal information is stored and managed using Halaxy, a secure health practice management platform designed for clinicians. Halaxy uses encryption and other security safeguards and states that it complies with Australian privacy law and relevant security standards and does not sell patient data. Information in Halaxy is used only as needed to manage appointments, clinical records, billing, and related practice administration in connection with your care. Further information about these measures can be found on the following webpages:

Halaxy- https://www.halaxy.com/privacy

• Halaxy acts as a secure service provider that stores and processes information on my behalf; Grounded Actions Counselling remains responsible for how your personal and health information is collected, used, and disclosed.

Healthdirect Video Call - https://help.vcc.healthdirect.org.au/about-healthdirect-videocall/privacysecurityandscalability‍ ‍

Reasonable steps are taken to ensure that any platform used is appropriate for health related information, and your information is accessed and used only as necessary to support your care and the operation of the practice. Where third-party platforms store or process information outside Australia, reasonable steps are taken to ensure they meet privacy and security standards comparable to those required under Australian law.

Occasionally, I may use AI-assisted tools to help with session note-taking or administration. When I do, I avoid including your full name or unnecessary identifying details, and I take reasonable steps to ensure any tools used meet strict privacy and security standards that are comparable with Australian law. These tools are used only to support administration and are not used to train public AI systems or for advertising.

6. Use and Disclosure of Information

Your personal information is treated as confidential and will not be disclosed without your consent, except where:

• There is a risk of serious harm to you or others.

• There is suspected abuse or neglect of a child or other vulnerable person.

• Disclosure is required or authorised by law (for example, a court order, subpoena, or mandatory reporting obligations relating to child protection or serious risk of harm). Wherever reasonably possible, I will discuss any required disclosure with you before it occurs.

• Information is shared with another professional at your request and with your written and verbal consent.

• De-identified information may be discussed in professional supervision or consultation to support safe and effective practice. Identifying details are minimised or removed wherever possible.

I will always aim to obtain your informed consent before sharing information, consistent with my ethical and professional obligations as an ACA member, except where I am legally required to disclose without consent.

7. Storage and Security of Information

Reasonable steps are taken to protect your personal information from misuse, loss, unauthorised access, or disclosure. Information may be stored securely using a combination of administrative, physical and electronic safeguards, which may include:

• Encrypted electronic systems protected by passwords and multi-factor authentication.

• Locked physical files, where applicable.

Access to information is restricted to authorised persons only.

8. Retention of Records

Counselling and assessment records are retained in accordance with legal and professional requirements. For adult clients, records are generally retained for a minimum of seven (7) years from the date of last contact. For clients under the age of 18, records are retained until the client reaches 25 years of age, or for the period otherwise 5 required by law. When records are no longer required, they are securely destroyed or permanently de-identified.

9. Access and Correction

You have the right to request access to your personal information and to request correction of information you believe is inaccurate, incomplete, or out of date. Requests may be made in writing and will be responded to within a reasonable time-frame in accordance with legal and ethical obligations. In some situations, access may be restricted or provided in a different format (for example, where providing access may pose a serious risk to your safety or the safety of others, or where I am legally unable to provide certain information). In these cases, I will explain the reasons to you and discuss available options. In some cases, a reasonable administrative fee may be charged for providing access (for example, for copying or preparing large records). You will be advised of any fee before it is charged.

10. Telehealth and Electronic Communication

Telehealth and electronic communication involve inherent privacy and security limitations. While reasonable safeguards are used, complete security cannot be guaranteed. Clients are encouraged to take reasonable steps to ensure privacy at their location and to use secure devices and internet connections.

11. Data Breaches

If a privacy or data breach occurs, reasonable steps will be taken to contain and assess the breach, reduce any harm to you, and meet any obligations under the Privacy Act 1988 (Cth), including notification where required.

12. Complaints and Concerns

If you have concerns about how your personal information is handled, you are encouraged to raise them with me directly so that we can address them together. I will take reasonable steps to respond in a timely way. If your concerns remain unresolved, you may lodge a complaint with:

• The Office of the Australian Information Commissioner (OAIC) about privacy concerns: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy complaint-with-us

• The Australian Counselling Association (ACA) in relation to ethical or professional conduct concerns.

• You may also make a complaint with the ACA through the ‘Lodge a complaint’ process on their website: https://theaca.net.au/aca-directories/lodge-a complaint

13. Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes in legal, professional, or practice requirements. The most current version will be made available to clients upon request.

14. Contact

If you have any questions about this Privacy Policy, or how your information is handled, please contact:

Charlotte Summersides (Owner and Lead Counsellor at Grounded Actions Counselling).

Email: hello@groundedactionscounselling.com.au

Phone: 0401 517 301

This policy was last updated: March 2026