Last updated: 8 JUNE 2025
Privacy Policy
This Privacy Policy applies to all personal information collected by NeuroNest Psychology (we, us or our) via the website located at www.neuronestpsychology.com.au (Website) and additional data security software
1. What information do we collect?
The kind of Personal Information that we collect from you will depend on how you use the website. The Personal Information which we collect and hold about you may include:
(a) Demographic information such as name, age, phone number, postal address or email address
(b) Personal details such as area of employment or identity affiliations
(c) Sensitive health information such as current medical and psychological diagnoses
(d) Payment details
(e) For sensitive health information, we will: (i) Obtain your explicit consent before collection (ii) Only collect information necessary for providing our services (iii) Store this information with enhanced security measures (iv) Restrict access to authorised healthcare professionals only (v) Retain records in accordance with legal requirements
2. Types of information
The Privacy Act 1998 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information.
Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.
If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “Personal Information” and will not be subject to this privacy policy.
Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
3. How we collect your Personal Information
(a) We may collect Personal Information from you whenever you input such information into the Website, related app, through email, phone or SMS, via telehealth video conferencing or provide it to Us in any other way.
(b) We may also collect cookies from your computer which enable us to tell when you use the Website and also to help customise your Website experience. As a general rule, however, it is not possible to identify you personally from our use of cookies.
(c) We use different types of cookies including essential cookies for Website functionality, analytical cookies to improve user experience, and marketing cookies that may be set by third parties. These cookies can be managed through your browser settings. Third-party cookies are subject to their respective privacy policies, which we encourage you to review.
(d) Where reasonable and practicable we collect your Personal Information from you only. However, sometimes we may be given information from a third party, in cases like this we will take steps to make you aware of the information that was provided by a third party.
4. Purpose of collection
(a) We collect Personal Information to provide you with the best service experience possible on the Website and keep in touch with you about developments in our business.
(b) Your Personal Information may be exposed from time to time to maintenance and support personnel acting in the normal course of their duties. Support staff will never be exposed to sensitive health information.
(c) By using our Website, you consent to the receipt of direct marketing material. We will only use your Personal Information for this purpose if we have collected such information direct from you, and if it is material of a type which you would reasonably expect to receive from use. We do not use sensitive Personal Information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature, such as an unsubscribe button link.
(d) Prior to sending any direct marketing communications, we will obtain your explicit opt-in consent through a clear and specific authorization process. You may modify your marketing preferences at any time through your account settings or by contacting us directly. We maintain detailed records of your consent choices and will honour your preferences within 2 business days of any changes.
(e) When collecting Personal and sensitive Information for digital intervention programs, we maintain dedicated secure storage systems and restrict access to authorized clinical staff only. This information is used solely for program delivery, progress tracking, and support and will not be shared with third parties without your explicit consent is provided or it is required by law.
5. Security, Access and correction
(a) We store your Personal Information in a way that reasonably protects it from unauthorised access, misuse, modification or disclosure. When we no longer require your Personal Information for the purpose for which we obtained in, we will take reasonable steps to destroy and anonymise or de-identify it. Most of the Personal Information that is stored in our client files and records will be kept for a minimum of 7years to fulfill our record keeping obligations and legal requirements.
We implement industry-standard security measures including encryption, access controls, and secure data centers to protect your Personal Information. When deletion is required, we use secure erasure methods including digital shredding and physical destruction of storage media.
We take reasonable steps to ensure your personal information is secure and protected from misuse or unauthorised access. Our information technology systems are password protected and where possible, encrypted. We use a range of administrative and technical measures to protect these systems. The telehealth system we use for video sessions is also end-to-end encrypted. However, we cannot guarantee the security of your personal information.
In the event of a data breach or security incident affecting Personal Information, we maintain a comprehensive incident response plan. We will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) within 30 days of becoming aware of an eligible data breach, as required by the Notifiable Data Breaches scheme. Our response includes immediate containment measures, forensic investigation, impact assessment, and implementation of additional security controls to prevent recurrence. We maintain detailed incident logs and conduct post-incident reviews to strengthen our security framework.
(b) The Australian Privacy Principles: (i) permit you to obtain access to the Personal Information we hold about you in certain circumstances (Australian Privacy Principle 12); and (ii) allow you to correct inaccurate Personal Information subject to certain exceptions (Australian Privacy Principle 13). Where you would like to obtain such access, please contact us in writing on the contact details set out at the bottom of this privacy policy.
6. Complaint procedure
If you have a complaint concerning the manner in which we maintain the privacy of your Personal Information, please contact us as on the contact details set out at the bottom of this policy. All complaints will be considered by Ruby Simms-Cumbers and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner and/or the Australian Health Practitioner Regulation Agency (AHPRA).
7. Overseas transfer
Your Personal Information will not be disclosed to recipients outside Australia unless you expressly request us to do so. If you request us to transfer your Personal Information to an overseas recipient, the overseas recipient will not be required to comply with the Australian Privacy Principles and we will not be liable for any mishandling of your information in such circumstances.
Prior to any overseas transfer of your Personal Information, we will obtain your explicit consent and provide you with details of: (a) the specific countries or regions where your data may be transferred; (b) any relevant privacy laws or protections in those jurisdictions; (c) potential risks of data handling in those territories; and (d) security measures we implement to protect your information during transfer. You may withdraw your consent for overseas transfers at any time by notifying us in writing.
8. GDPR
In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. The fact that you may be located in Europe does not, however, on its own entitle you to protection under the GDPR. Our website does not specifically target customers located in the European Union and we do not monitor the behaviour of individuals in the European Union, and accordingly the GDPR does not apply.
While the GDPR may not directly apply, we acknowledge the importance of international data protection standards and maintain appropriate security measures that align with global privacy best practices. Where reasonable and practicable, we voluntarily implement data protection measures consistent with international standards to safeguard all users' personal information, regardless of their location.
For international data transfers, we implement appropriate safeguards including standard contractual clauses and technical measures to ensure data protection. Where we process personal information, we do so based on legitimate business purposes, consent, or legal obligations. We maintain detailed records of processing activities and conduct regular assessments to ensure compliance with international data protection principles, including data minimisation, purpose limitation, and storage limitation.
9. How to contact us about privacy
If you have any queries, or if you seek access to your Personal Information, or if you have a complaint about our privacy practices, you can contact us through: [email protected].
Home | Services | Contact
View our Privacy Policy and Terms and Conditions here.
© NeuroNest Psychology 2025. All Rights Reserved.
NeuroNest Psychology acknowledges the Whadjuk Noongar people as the Traditional Custodians of the land on which we live and work here in Boorloo (Perth). We pay deep respect to Elders past and present, and recognise the strength, knowledge, and resilience of Aboriginal and Torres Strait Islander peoples.
We acknowledge the ongoing impacts of colonisation, racism, and intergenerational trauma, including continued barriers to accessible, safe, and culturally-informed healthcare. At NeuroNest, we are committed to learning, unlearning, and co-creating safer spaces that honour all forms of diversity.
Always was, always will be, Aboriginal land.
All care is taken in the preparation of the information and published materials on this site. NeuroNest Psychology does not make any representations or give any warranties about its accuracy, reliability, completeness or suitability for any particular purpose. To the extent permissible by law, NeuroNest Psychology will not be liable for any expenses, losses, damages (including indirect or consequential damages) or costs which might be incurred as a result of the information being inaccurate or incomplete in any way and for any reason.This site may contain hypertext links, frames or other references to other parties and their websites. NeuroNest Psychology cannot control the contents of those other sites, and make no warranty about the accuracy, timeliness or subject matter of the material located on those sites. NeuroNest Psychology do not necessarily approve of, endorse, or sponsor any content or material on such sites. NeuroNest Psychology make no warranties or representations that material on other websites to which this website is linked does not infringe the intellectual property rights of any person anywhere in the world.NeuroNest Psychology are not, and must not be taken to be, authorising infringement of any intellectual property rights contained in material or other sites by linking or allowing links to, this website to such material on other sites.If you have any concerns regarding the content of the Website, please contact NeuroNest Psychology.