1. Introduction
Steven Dufty Psychology is committed to protecting your privacy and managing your personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth). This policy explains how I collect, use, store, and disclose your personal information in the course of providing psychological services.
A copy of the Australian Privacy Principles is available at www.oaic.gov.au.
2. Information I Collect
I collect personal information necessary to provide psychological services, which may include:
General information: your name, date of birth, contact details (phone, email, address), Medicare details, private health insurance details, emergency contact information, and referral information (e.g., GP referrals).
Sensitive/health information: information about your mental and physical health, presenting concerns, treatment history, session notes, and any other information you share during the course of our work together.
I collect information directly from you (in person, via telehealth, phone, email, or intake and other forms) and, with your consent, from third parties such as GPs, other treating health professionals, or family members where relevant.
3. How I Use and Disclose Your Information
Your information is used to provide and manage psychological services, process Medicare, NDIS, DVA and private health insurance claims, facilitate payments, and meet my legal and professional obligations.
I may share your information with other health professionals involved in your care (with your consent), Medicare and private health insurers for billing purposes. Any third parties I engage are required to handle your information appropriately.
I will also disclose information where required or authorised by law, or where necessary to prevent a serious and imminent threat to your safety or the safety of another person.
I do not use your personal information for direct marketing or supply information to parties which do.
4. Storage and Security
Your records and client portal are stored securely using Zanda (allied health practice management software), which is ISO 27001 certified and operated in line with Australian Psychological Society (APS) standards. Security measures include password protection, encryption, two-factor authentication, and secure data transmission. Paper records are stored securely and destroyed appropriately when no longer needed.
Please note that some third-party service providers may store data on servers located overseas. By engaging my services, you consent to this where necessary.
I do not store credit card information.
5. Retention and Deletion of Records
I am required by law to retain client records for a minimum of seven years from the date of last contact, or until a client turns 25 years of age (whichever is later) where the client was under 18 at the time of last entry.
6. Accessing Your Information
You have the right to request access to your personal information. To make a request, please contact me using the details below. I will respond within a reasonable timeframe and may decline requests only where permitted under the Australian Privacy Principles.
7. Complaints
If you have a concern about how your personal information has been handled, please contact me in the first instance. I will endeavour to respond within 10 business days and resolve the matter within 30 days.
If you are not satisfied with my response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.
8. Policy Updates
This policy may be updated from time to time. The current version will always be available on this website.
9. Contact
Please contact me for any other query related to privacy and confidently
Steven Dufty Psychology
Copyright © 2026 Steven Dufty Psychology - All Rights Reserved.