The Indigo Project: Privacy Policy

About this Policy

The Indigo Project Psychologists Pty Ltd ACN 607 748 363 trading as The Indigo Project (“us”, “we”, or “our”) recognises the importance of your privacy and respects your right to control how your personal information is collected and used.

We are an Australian Privacy Principle Entity (APP Entity) as defined in the Privacy Act 1988 (Cth) (the Act). This Privacy Policy has been prepared in accordance with the Australian Privacy Principles (APPs) and sets out:

  • the kinds of personal information that we collect and hold
  • how we collect and hold personal information
  • the purposes for which we collect, hold, use and disclose personal information
  • how you may access personal information about you that is held by us and seek the correction of such information
  • how you may complain about a breach of the Australian Privacy Principles and how we will deal with such a complaint
  • whether we disclose personal information to overseas recipients and the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy.

This Privacy Policy applies to our website, https://www.theindigoproject.com.au/ (the Site) which is operated by us, and to the products and services offered by us which are detailed on the Site (Our Services).

In this policy:
‘personal information’ has the same meaning as in the Act [section 6(1) of the Act] and includes:

  • ’Information or an opinion about an identified individual, or an individual who is reasonably identifiable’

The personal information you provide us may include, amongst other things, your name, address, email address and phone number. Your personal information includes sensitive information:

  • ‘sensitive information’ is a subset of personal information and is defined in the Act, includes your health information. As part of delivering Our Services, we may collect or infer health and other sensitive information about you as defined by the Act.

The kinds of personal information that we collect

To provide Our Services to you, we may collect personal information including:

  • your name
  • your date of birth
  • your contact details (e.g., address, email address, phone number)
  • your gender
  • occupation
  • credit card information (if you pay for a service)
  • allergies
  • your emergency contact details
  • your next of kin details
  • the type of appointment you are requesting
  • the reason you are seeking that type of appointment
  • information about your private health insurance fund, including your membership number
  • your Medicare, Pension, Health Care Card and Veteran Affairs number and details
  • personal preferences
  • technical data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Our Services, and
  • analytics data which we may collect directly or use third party analytics tools, to help us measure traffic and usage trends for our products and services. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving our products and services. We collect and use this analytics information in aggregate form such that it cannot reasonably be manipulated to identify any particular individual user.

We may also collect details of conversations we have with you or any other information that we may consider necessary for us to deliver Our Services to you. However, we generally try to limit the amount of personal information that we collect and hold.

We may also collect sensitive information such as medical reports, referrals, medication, health history and other health information where you consent, and such information is reasonably necessary to provide Our Services to you.

How we collect and hold personal information

We collect your personal information:

  • when you sign up for our newsletter
  • when you make an appointment, purchase a workshop or course or event, over the phone, or through our Site or via email
  • we automatically collect information through our Site and Our Services, that may not personally identifiable, such as the details of website from which you came to our Site, your IP address, browser type and other information relating to the device through which you access our Site. We may combine this information with the personal information we have collected about you.

We hold your personal information in electronic databases such as record keeping systems, practice management software, payment processing software and customer relationship management software.

The purpose for which we collect, use and disclose personal information

We will only use and disclose your personal information for the purpose it was collected.

We collect your personal information to provide Our Services to you and for administration purposes, including to improve Our Services. Please note that if you do not provide us with your personal information, such as your legal name, we may not be able to provide Our Services to you.

When you make an appointment, as part of Our Services, you can provide and we may collect, use and disclose, further information regarding the reason you wish to use Our Services, such as health information.

When you use our booking system, we will disclose your personal information to the health practitioners that you have selected for the purpose of arranging
appointments.

When you consent, your personal information may also be used or disclosed for the following reasons:

  • for our administrative team to help you
  • to send you email notifications or SMS messages relating to the appointments you have made using Our Services
  • communications or emails relating to Our Services, therapists or marketing content
  • to our related bodies corporate for business purposes
  • if we sell our business, or engage in a transfer, mergers, restructure or change of control or other similar transactions, customer information (containing personal information) is generally one of the business assets that forms part of the transaction. Your personal information may be subject to such transfer.
  • In the unlikely event of insolvency, personal information may be transferred to a trustee or debtor in possession and then to a subsequent purchaser.

We use payment processing services to facilitate your payments. The operators of the payment processing services may collect your personal information when processing your payment. Our payment processors have their own privacy policies. You should read and consider them before you agree to make a payment for Our Services. We currently use Stripe: https://stripe.com/en-au/privacy-center/legal#welcome-to-the-stripe-privacy-center and Halaxy: https://www.halaxy.com/article/privacy.

We may, from time to time, use personal information, other than sensitive information, for other purposes where it would be reasonably expected by you or if permitted by the Privacy Act, for example:

  • to facilitate transactions
  • in relation to professional advice such as legal and accounting, auditors services and advice

We may be required to disclose your personal information under an Australian law or court.

Consent to collection of sensitive information

Generally, before we can collect your sensitive information, such as your health information, you must give us your consent to collect that information. In general, we attempt to limit the sensitive information we collect, however this may not always be possible due to nature of Our Services.

We may also collect sensitive information from you if required or authorised by or under an Australian law or if another exception under the Privacy Act applies, for example where collection is required to lessen or prevent a serious threat to your life, health or safety or to public health and safety.

If you wish to withdraw your consent, please contact us via the contact details at the bottom of this Privacy Policy. When you withdraw your consent, we will not be able to provide you with Our Services.

Children’s privacy

We may provide Our Services to individuals who are under the age of 15, however in these circumstances, we seek to obtain the consent of a parent or guardian. We do not knowingly collect personal information from persons under the age of 15 without the express consent of a parent or legal guardian.

If you are a parent or guardian and you are aware that your children have provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we will take steps to remove that information from our servers.

Access and accuracy

We encourage you to contact us to keep your personal information up to date. You can access and/or correct personal information we hold about you at any time by contacting us. To modify your (email or SMS) subscriptions or to opt-out of receiving communication, please contact hello@theindigoproject.com.au.

We will respond to your request to access or correct for personal information within a reasonable time. We reserve the right to charge an administration fee to cover the costs of responding to your request, for example, where personal information is held in storage. We will always seek to communicate these fees to you in advance.

If required by law or where the personal information may relate to existing or anticipated legal proceedings, we may deny your request for access to your personal information. We will respond to your request, setting out the reasons for our refusal in writing.

Storage and Security

We will take reasonable steps to protect your personal information from misuse, loss, unauthorised access and modification or disclosure. We cannot guarantee the security of any personal information transmitted to us via the internet and such transmission is at your risk. This is an inherent risk you assume when you use Our Services.

If we no longer require the use of your personal information, we will take reasonable steps to destroy or permanently de-identify it when we are legally permitted to do so.

Personal information may be stored electronically through third-party data centres, which may be located overseas, or third-party secure storage facilities. Wherever possible, we use third parties who provide high standards of data security and storage in compliance with the Act.

Data Breach Notification Scheme

If we have reason to suspect a data breach has occurred, we will undertake an assessment in accordance with the Notifiable Data Breach (NDB) Scheme. If we determine there has been an eligible data breach, we will notify you as soon as reasonably practicable. If you suspect that a data breach has occurred, please contact us immediately so that we may conduct the assessment as required under the NDB Scheme.

Cookies, Web Beacons and Analytics

We, or our third-party service providers, may use cookies, web beacons (clear GIFs, web bugs) and similar technologies to track site visitor activity and collect site data. We may combine this data with the personal information we have collected from Customers. Examples of information that we may collect include technical information such as your computer’s IP address and your browser type, and information about your visit such as the products you viewed or searched for, the country you are in, what you clicked on and what links you visited to get to or from our Site. If we identify you with this information, any use or disclosure of that information will be in accordance with this Privacy Policy.

Third-party Websites

This privacy policy does not apply to any third-party linked which may also collect and use information about you. We are not responsible for any of the information collected by any such third party.

At times, Our Site may contain links to other third-party websites. Any access to and use of such linked websites is not governed by this Privacy Policy, but, instead, is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of such third-party websites.

Marketing Emails

With your consent, we may send you direct marketing emails and information about Our Services in accordance with the Spam Act 2004 (Cth). You may follow the opt-out instructions in these emails to stop receiving these emails.

Consent to International Transfer

Where we reasonably believe that the recipient is legally or contractually bound to principles that are substantially similar to the APPs, we may transfer your personal information to overseas to related entities or employees, external service providers in relation to cloud storage and data processing.

Changes to this Policy

We may change this Privacy Policy from time to time and where those changes materially impact, we will seek to give you notice in advance. This Privacy Policy is current as of June 2022.

Questions or complaints

If you have any questions or complaints or wish to contact us regarding your privacy, please contact us:

If you make a complaint to us and you are not satisfied with the way that we have handled your complaint, you are may contact the Office of the Australian Information Commissioner by calling 1300 363 992 or via https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us.