Part of Brendan Mooney’s commitment to providing a high level of care for clients includes ensuring a high level of protection for any personal information we have on our records. We view the privacy of clients as an important part of our duty of care and seek to comply with all aspects of the Australian Privacy Principles.
When you come for a session with Brendan Mooney or register for a workshop or lecture, you will be asked to sign a consent form which includes notices about privacy and requests your consent. The privacy statements in the various forms specify how any information about you may be used and disclosed.
The information handling processes outlined in this policy also relate to any personal information collected online via this website.
Brendan Mooney is committed to ensuring that your personal information is secure, protected from interference, misuse, loss and unauthorised access, modification and disclosure.
Collection of your Personal Information
Personal and sensitive information
Personal Information refers to information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive Information is a subset of personal information and includes your health information as well as information pertaining to racial or ethnic origin, political opinions or membership of a political organisation, religious belief or affiliations, membership of a professional or trade association, sexual preferences or a criminal record. Sensitive information attracts additional privacy protections compared with other types of personal information.
On your first visit for a session with Brendan Mooney you will be asked to sign a Client Consent Formand to provide certain personal information including:
- Your name, address, phone number and email contact details
- Your gender, date of birth and marital status
- Emergency contact details, doctor name and medical practice
- Information about your health and any medication you may be taking
You will also be asked to consent to specific treatments and whether you are agreeable to your personal information being shared with other practitioners or medical professionals where this may enhance your treatment.
At the end of your treatment your practitioner will make a few notes about any symptoms you may have exhibited and the treatment given. These notes will be used by your practitioner for the ongoing support of your condition should you have a subsequent visit.
Children and other persons who are not able to give informed consent may come for a session with the consent of a parent or guardian. In such cases, personal information will be collected and used as described above.
We will try to collect your personal information directly from you. However, there may be instances where we will need to collect your information from other persons or entities. Whenever possible we will request this other person to have your signed consent or email giving your permission for them to provide us with your personal information. Exceptions may be if you suddenly take ill and are incapable of providing certain information which may be important for your treatment, such as if you have had a recent operation, illness or an implant and what medication you are taking.
If you have provided us with information about another person, then you will need to tell that person that you have done so, that they have a right to access their information and that they can refer to this policy for information on how we will handle their personal information.
If you have consented to your personal information being shared for educational or research purposes, seminar/presentation materials, or in research articles for health journals, your information will be de-identified unless you have consented to your personal information remaining identified.
When you access our website, anonymous technical information may be collected about your activities on the website. This may include information such as the type of browser used to access the website and the pages visited. This information is used by us to make decisions about maintaining and improving our websites and online services. This information remains anonymous and is not linked in any way to personal identification details.
Brendan Mooney does not store financial information such as credit card numbers.
How we store your personal information
We will take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss from unauthorised access, modification or disclosure. This includes a range of systems and communications security measures, as well as the secure storage of hard copy documents. In addition, access to your personal information will be restricted to people properly authorised to have access.
When you complete a consent form either at the clinic or at an event, the information on the form is entered into our database and the original document is then filed in secure storage. Only Brendan Mooney and people who have properly authorised access to the database may see your personal information unless you have consented to your practitioner sharing your information with another professional such as a General Practitioner or researcher.
When you enter your details online, they may only be viewed by people who have authorised access to the database.
We will keep your personal information for as long as it is required to provide you with the services you requested from us and to comply with legal requirements.
If we no longer require your personal information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or de-identify your personal information.
It is your responsibility to advise us should either your health situation or your personal details change so that your record is kept up to date (see ‘Correcting your personal information’ section).
How we use your personal information
Personal information is used to:
- Contact you about your appointment or any other matter in relation to the service provided to you
- Contact your emergency contact or GP in an emergency
- Better understand your health history and thus ensure your treatment is of the highest quality
- Discuss your case with other practitioners and/or medical professionals if you have consented to this and only if it is felt necessary to do so in support of your case and in your best interest
- Conduct research purposes if you have consented to this, in which case your personal information will be ‘de-identified’ that is anonymous, unless you advise us otherwise
- Allow you to purchase products and services
- Answer your enquiries and resolve complaints
- Provide you with information about any product you may have purchased or registered for, such as a workshop or other event
Credit card information is used only for payment processing and fraud prevention. This information is not used for other purposes and not retained by us.
Anonymous data may be aggregated for reporting client statistics for the clinic and to improve our customer support. If you complete a questionnaire, you may do this anonymously and you will have an option to provide your name if you have questions or are seeking further information.
With whom we share your personal information
On no account will Brendan Mooney and team sell, rent or lease your personal information to others. Brendan Mooney and team will not share your personal information with any third party without your permission unless required by law enforcement action or subpoena. For example, Brendan Mooney may be required to provide your personal information to the appointed case managers of insurance companies managing compensation cases or third party case in the treatment of injury or illness.
Personal information may be disclosed to anyone to whom you have given written and signed consent to have access to this information (e.g. a solicitor, accountant or a person who has authority to act as your attorney). This could also include referees, any financial institution nominated by you (for example in a direct debit) or anyone else you request.
Personal data given to Brendan Mooney may be transferred across state borders for the purposes of data consolidation, storage and simplified management.
Your personal information may be shared with a related party overseas where this is necessary to provide a service, such as when you attend an event in the UK.
Access to your personal information
If you have access to your personal information online, such as when you register and book for an event, then you may access your information using your user name and password. If you have completed a consent form at the clinic or at an event, you can request access to your personal information at any time by contacting us to make your request (contact details are listed on the first page). If you believe that any information is incorrect or outdated, you may ask for a correction to be made. A request for access will be processed within a reasonable time, usually less than a week for a straightforward request. More time may be needed, depending on the nature of the request. There is no fee for requesting access to your information.
In a very few cases we may be unable to give you access to certain information for example where:
- We no longer hold or use the information
- Providing access would have an unreasonable impact on the privacy of others
- The request is vexatious
- Providing access would be unlawful
- The information relates to existing or anticipated legal proceedings
- Providing access would prejudice or be likely to prejudice the prevention, detection, investigation and prosecution of unlawful activity
- Disclosure would pose a threat to the life or health of any individual
If we refuse your request, we will tell you the reason why. If we are not required to provide you with access to the information requested, we will consider, if reasonable, whether the use of a mutually agreed intermediary would allow sufficient access to meet your needs and ours.
Correcting your personal information
Brendan Mooney and team strive to keep your personal information accurate, however, it is your responsibility to notify us when your details change. If you believe any information we hold about you is inaccurate, incomplete or out-of-date, you should contact us and we will provide you with a copy of your information to view and following your authorisation we will change your information. Your personal information can be provided either via an email with the document being attached as a PDF, or the document can be printed and mailed to you.
To protect your privacy and security, we will take reasonable steps to verify your identity, before granting access to your data. In some cases we may ask you to put your request in writing. Where you have registered for an event online you may access and amend your details using your user name and password.
The most effective way to view and change your personal information submitted on a consent form at the clinic or at an event, is to request a new consent form from Brendan Mooney either at the clinic or an event as this information is not currently available to view on-line.
Making a complaint
You can contact us at any time if you have any questions or concerns about this document or about how your personal information has been handled. See contact details on the front page of this policy.
We value your comments and opinions. We will answer any questions you may have, correct any error on our part or resolve any complaint that you may have about our information handling practices.
Once you have contacted us in relation to your concerns, if you are not satisfied with our response, or if you do not feel your complaint has been resolved, you are able to seek advice from the Office of the Australian Information Commissioner by calling 1300 363 992.
If you want to make a complaint in NSW about a health related service you can contact the NSW Health Care Complaints Commission by calling the toll free number 1800 043 159 or emailing firstname.lastname@example.org
Online data collection and use
The following discloses our information gathering and dissemination practices:
Our contact and subscription forms require visitors to give us contact information, like their name and email address, and unique identifiers. We use contact information from the contact and registration forms to send visitors information about our services and products. The contact information is also used to contact visitors when necessary if they have subscribed to a mail list. Visitors may opt-out of receiving future mailings by choosing to unsubscribe by sending us an email stating so. Unique identifiers are collected to verify the user's identity and for use in our record system.
Our site uses an order form for customers to request information, products, and services. We collect visitor's contact information and unique identifiers. Contact information from the order form is used to send orders and information about our company to our customers. The customer's contact information is also used to get in touch with the visitor when necessary. Users may opt-out of receiving future mailings. Unique identifiers are collected from website visitors to verify the user's identity and for use as account numbers in our record system.
We use your IP address to help diagnose problems with our server, and to administer our website. Your IP address is used to help identify you and to gather broad demographic information.
We are not responsible for the privacy practices or the content of third party sites that choose to place links to our site on their website.
Security of your personal information
We will take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss and from unauthorised access, modification or disclosure. We limit access to personal information to properly authorised staff within the organisation and ensure that those who do have access respect the privacy of personal information that they are handling. Authorised access to personal and sensitive information is conducted within a ‘need to know’ principle. Personal/sensitive information is only accessed by those staff members who need it to carry out their duties.
Security also includes a range of systems and communication security measures, as well as the secure storage of hard copy documents. These include:
- An encrypted client database for collection of client information
- Password secured digital client notes
- Individual database user logins for effective auditing of data amendments
- A password protected server
- A closed office WiFi network strictly accessible to staff only
- Daily off site back ups; and
- Password locked screens on all office computers
In line with our policy of ensuring a high level of care and protection for any personal information we may hold about you, Brendan Mooney has an ongoing commitment to periodically brief team members on their obligations and responsibilities with digital security and to ensure they are made aware of the best practices for use of common technologies like email and video conferencing. All client consultations at the clinic are held in soundproof rooms for maximum privacy.
We keep your personal information for as long as it is required to provide you with the products and services you requested from us and to comply with legal requirements. If we no longer require your personal information for any purpose, including legal purposes, we will take reasonable steps to securely destroy or de-identify your personal information.