What is this policy about?

This policy outlines how I collect, use and manage your personal information. I recognise, respect and protect your right to privacy and confidentiality, and I am committed to complying with the Australian Privacy Principles in the Privacy Act 1988 (Cth).

What is personal information and why do I collect it?

Personal information is any information about an individual that can be used to identify them directly or indirectly. Examples of personal information I collect may include: names, phone number, email address, residential address, date of birth, medical information relevant to the service being provided, psychological history, reasons for accessing my services, and emergency contact.

Sharing your personal information with me helps me to provide a relevant and informed service and support you in processing your identified concerns. Due to my duty of care, you cannot be anonymous. You may ask to use a pseudonym, but a name as listed on identification documents is required.

How do I collect your personal information?

I collect your personal information in a variety of ways including: information you share verbally with me; written communication received from you via email, SMS or letter; intake forms; via my customer relations management software; and from third parties where applicable and with consent. I will only request and retain personal information that is necessary to the service I am providing to you. If a third party (such as another health service) provides me with personal information about you, I will take reasonable steps to ensure you are made aware of the information provided.

Privacy and my website

My website is hosted on Squarespace; please refer to their privacy policy HERE. I use a third-party client management platform called Cliniko; please refer to their privacy policy HERE.

Cookies may be used to improve your experience on my website; they are used exclusively for the purpose of tracking which pages on my website you have visited and for how long. These types of cookies are used by me to help me deliver content my site visitors enjoy and find useful, as well as to create effective marketing campaigns. Most browsers are initially set to accept cookies; however, you may reset your browser to notify you when you receive a cookie or to reject cookies generally. Most browsers offer instructions on how to do so in the ‘Help’ section of the toolbar.

My website may contain links to other websites. Please be aware that I am not responsible for the content or privacy practices of other sites, and these websites are not subject to my privacy policy. If you navigate to other websites from my website, I advise you to read their privacy policies.

Privacy and online psychotherapy sessions

I use Cliniko’s telehealth service for online sessions. All telehealth sessions are encrypted end-to-end using Datagram Transport Layer Security/Secure Real-time Transport Protocol (DTLS/SRTP). Cliniko uses a Peer-to-Peer (P2P) service, ensuring no one other than clients and myself can access the sessions, and communications between us on the telehealth session is direct, without any third-party mediator. Cliniko does not record or keep a copy of telehealth sessions, and no information is stored anywhere on their services. For General Data Protection Regulation (GDPR), Australian Privacy Principles (APP), Health Insurance Portability and Accountability Act (HIPAA), and Personal Information Protection and Electronic Documents Act (PIPEDA) compliance, Cliniko provides the following assurances: Personal Health Information (PHI) or Personal Identifiable Information (PII) will not be transmitted anywhere for the telehealth session; the P2P connection is as secure as possible; any logs that are created will not contain any PHI or PII; and the service being used has implemented the ISO 27001, Privacy Shield, Cloud Security Alliance, and SOC 2 security best practices to ensure that their systems are secure.

Disclosure of your personal information 

I will not disclose personal information about you to third parties without your consent, except when the disclosure is required by law. As part of my ethical responsibility to reflect on my counselling practice, I may discuss my work with you in confidential discussions with my clinical supervisor. In such situations, content presented is de-identified.

Storage of your personal information

Your personal information will be stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. The method of storage varies between types of information and includes both hard copies and digital files, either on a secure server or offline. The security of your personal information is very important to me, but no method of transmission over the internet, or method of electronic storage, is 100% secure. While I strive to use commercially acceptable means to protect your personal information, I cannot guarantee its absolute security. If I become aware of a security breach, I will promptly investigate, take appropriate remedial action, and notify the individual(s) affected, in accordance with the Privacy Act.

Destruction of your personal information

When your personal information is no longer needed for the purpose for which it was obtained, I will take reasonable steps to destroy or permanently de-identify it.

Maintaining the integrity of your personal information

I will take all reasonable steps to ensure that your personal information is accurate and up to date. If you find that the information I have is not up to date or is inaccurate, please advise me as soon as practicable so I can update my records and continue to provide a quality service to you.

Accessing your personal information

You may request access to personal information I hold about you. I may ask you to specify what information you require and I may charge an administrative fee where I provide access. I will deal respectfully with all requests for access to personal information as required by the Privacy Act. I may refuse to provide access if the Privacy Act allows or requires me to do so. If you wish to access your personal information, please email me at hello@kyliestrelan.com. In order to protect your personal Information, I may require identification from you before releasing the requested information.

Complaints

If you think your personal information has not been handled in line with the Privacy Act, please contact me in the first instance (hello@kyliestrelan.com). If I am unable to resolve your complaint or if you are not satisfied with the outcome, then you may make a complaint to the Office of the Australian Information Commissioner.

Changes to this policy

This policy will be reviewed and updated periodically, to take account of new laws and technology, changes to operations and practices, and to ensure it remains appropriate and relevant.

Contact me

If you have any questions relating to this policy, please email me at hello@kyliestrelan.com

Kylie Strelan Psychotherapy Privacy Policy updated 24 March 2026.