Privacy Policy

Privacy Policy

Sunny Coast Counselling

Last updated: June 2026

1. Our Commitment to Your Privacy

Sunny Coast Counselling is committed to protecting the personal information of our clients, customers, and website visitors. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and the Privacy Act 2020 (NZ) for clients based in New Zealand.

As a health service provider, Sunny Coast Counselling is bound by the Privacy Act 1988 (Cth) regardless of our size, in accordance with the health services exemption from the small business exemption under the Act.

2. About Sunny Coast Counselling

We provide individual and couples counselling, Employee Assistance Program (EAP) services, and wellbeing training and seminars. Our services are delivered:

  • in-person on the Sunshine Coast, Queensland
  • online via Zoom or Microsoft Teams
  • by telephone

We also offer digital products, including downloadable resources and online courses, through our website at sunnycoastcounselling.com.au.

Online, telephone, and product services are available to clients throughout Australia and New Zealand.

3. What Personal Information We Collect

3.1 Counselling and EAP Clients

When you engage with us for counselling or EAP services, we may collect:

  • Your name, date of birth, address, phone number, and email address
  • Emergency contact details
  • Health fund membership details and/or Medicare information
  • Health information, including your presenting concerns, mental and physical health history, session notes, and treatment records
  • Referral information (e.g., from a GP or employer)
  • Employment information (for EAP clients)

Health information is sensitive information under the Privacy Act 1988 (Cth). We handle it with the highest level of care and collect only what is necessary for the purpose of providing your care.

We also adhere to the Australian Counselling Association (ACA) Code of Ethics and Practice

3.2 Product Purchasers

When you purchase a digital product or online course through our website, we collect:

  • Your name and email address
  • Your billing address
  • Payment information

Important: Payment card details are processed directly and securely by Square (squareup.com/au). We do not store your card details on our systems. Square processes payment data in accordance with its own Privacy Policy, available at squareup.com/au/en/legal/general/privacy. Square complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

3.3 Email Subscribers

If you subscribe to receive updates, newsletters, or resources from us, we collect your name and email address. This information is stored and managed via MailerLite. You can unsubscribe at any time using the link in any email we send you.

3.4 Website Visitors

When you visit our website, we may automatically collect:

  • Your IP address and browser user agent string (used for security and spam detection)
  • Cookie data (see Section 8 – Cookies)
  • Interaction data from any embedded third-party content (see Section 9)

3.5 Website Comments

If you leave a comment on our website, we collect the information you enter in the comment form, along with your IP address and browser user agent string for spam detection. An anonymised hash of your email address may be shared with the Gravatar service to check for a profile picture.

4. How We Use Your Personal Information

We use your personal information to:

  • Provide counselling, EAP, and wellbeing services to you
  • Manage appointments and communicate with you about your care
  • Process product purchases and deliver digital products and online courses
  • Send you updates, newsletters, and resources you have subscribed to receive
  • Meet our legal and ethical obligations, including mandatory reporting requirements
  • Respond to your enquiries
  • Improve our website and services

We will not use your personal information for a purpose other than the primary purpose for which it was collected, unless you have consented or an exception under the Privacy Act applies.

5. Sensitive Information

Health information (including mental health records) is sensitive information under the Privacy Act 1988 (Cth). We collect and use health information only for the direct purpose of providing health services to you, or for purposes directly related to your care, or as required by law.

We will not use or disclose your sensitive information for direct marketing without your explicit consent.

6. Who We Share Your Personal Information With

We share your personal information only in the following circumstances:

6.1 Halaxy (Clinical Management)

We use Halaxy, a clinical management platform, to manage client appointments, session records, and related clinical information. For details on their privacy practices, visit www.halaxy.com.

6.2 Square (Payment Processing)

Payment information for product purchases is processed by Square. Square handles this data in accordance with its Privacy Policy and complies with the Australian Privacy Principles.

6.3 MailerLite (Email Marketing)

Name and email address for subscribers is stored and used to manage email communications via MailerLite. MailerLite’s Privacy Policy is available at www.mailerlite.com/legal/privacy-policy.

6.4 Health Funds and Medicare

With your consent, we may share relevant information with your health fund or Medicare for the purpose of processing claims and billing.

6.5 Employers (EAP Clients)

For EAP clients, we may confirm your attendance and/or eligibility with your employer. We will not disclose the content of your sessions without your written consent, except where required by law.

6.6 Referring Health Professionals

With your consent, we may communicate with your GP or other referring health professional as part of your care.

6.7 Legal and Mandatory Reporting Obligations

We may be required to disclose your personal information without your consent where we have a legal or ethical obligation to do so. This may include situations involving a risk of serious harm to you or others, or as required under Queensland child protection legislation, the Mandatory reporting requirements of the relevant health practitioner code of ethics, or other applicable law.

6.8 Spam Detection

IP addresses and browser user agent strings from website comments may be checked through an automated spam detection service.

7. Cross-Border Disclosure of Personal Information

Some third-party service providers we use operate outside of Australia, which means your personal information may be stored or processed overseas. This includes:

  • Square – may store and process data in the United States, Canada, Japan, Ireland, France, Spain, and the United Kingdom.
  • MailerLite – is based in the European Union and may store data internationally.

Where we disclose your personal information to overseas recipients, we take reasonable steps to ensure those recipients handle it consistently with the Australian Privacy Principles. By providing us with your personal information, you consent to it being disclosed to overseas recipients as described in this policy.

8. Direct Marketing

If you have subscribed to receive emails from us, we may send you updates, resources, and information about our services. You can opt out at any time by:

  • Clicking the unsubscribe link in any email we send; or
  • Contacting us directly at john@sunnycoastcounselling.com.au

We will not use sensitive information (such as health records) for direct marketing.

9. Cookies

Cookies are small data files stored on your device when you visit a website. Our website uses cookies in the following ways:

Comment cookies

If you leave a comment, you may opt in to saving your name, email address, and website in cookies for one year so you do not need to re-enter these details on future visits.

Login cookies

If you log in to your account on our website, cookies are used to save your login information for up to two weeks. Screen preference cookies last for one year. Logging out removes login cookies.

Temporary cookies

A temporary cookie is set when you visit our login page to check whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

You can control or delete cookies through your browser settings. Disabling cookies may affect some functionality of our website.

10. Embedded Content from Other Websites

Pages on our website may include embedded content from other platforms (such as videos or social media posts). Embedded content from other websites behaves in exactly the same way as if you had visited those websites directly. These external sites may collect data about you, use cookies, and monitor your interactions with that content.

11. How Long We Retain Your Personal Information

Counselling records – In Queensland, health records must be retained for a minimum of 7 years from the date of last service (or until a child patient turns 25, whichever is later), in accordance with the Health Practitioner Regulation National Law and relevant professional standards.

Product purchase records – We retain transaction records for the period required by Australian tax and business law (generally 5–7 years).

Email subscriber data – We retain your details for as long as you remain subscribed. You may unsubscribe at any time.

Website comment data – Comments and their metadata are retained indefinitely to support follow-up comment approvals.

12. Security of Your Personal Information

We take reasonable technical and organisational steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These measures include:

  • Secure clinical records management through Halaxy
  • Payment processing through PCI-DSS compliant Square
  • Secure electronic communications

In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breachesscheme under the Privacy Act 1988 (Cth).

13. Accessing and Correcting Your Personal Information

You have the right to:

  • Request access to the personal information we hold about you
  • Request that we correct any personal information that is inaccurate, incomplete, or out of date

To make a request, please contact us using the details in Section 15. We will respond within a reasonable time (generally within 30 days). In some circumstances, we may be required or permitted to refuse an access or correction request — if so, we will explain the reason in writing.

14. New Zealand Clients

For clients and customers based in New Zealand, your personal information is also handled in accordance with the Privacy Act 2020 (NZ) and the Information Privacy Principles (IPPs).

Your rights under the New Zealand Privacy Act 2020 include the right to:

  • Request access to personal information we hold about you
  • Request correction of personal information that is inaccurate or misleading

To make a request or raise a concern, please contact us using the details below. If you are not satisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner New Zealand (OPC NZ) at www.privacy.org.nz or by calling 0800 803 909.

15. Privacy Complaints

If you have concerns about how we handle your personal information, please contact us first so we can attempt to resolve the matter.

Australian clients: If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

New Zealand clients: You may lodge a complaint with the Office of the Privacy Commissioner New Zealand at www.privacy.org.nz or by calling 0800 803 909.

16. Contact Us

For any privacy-related enquiries, access requests, or complaints, please contact:

Sunny Coast Counselling

Contact person: John Belchamber

Email: john@sunnycoastcounselling.com.au

Website: sunnycoastcounselling.com.au/get-in-touch/

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. The current version will always be available on our website. We encourage you to review this policy periodically.

This policy was last updated in June 2026.