Your privacy matters to us.

This page explains how Inner Haven Therapy collects, uses, and protects your personal information. We've written the full policy below in detail to meet our legal obligations — but here's the short version:

We collect information you share with us in order to provide you with safe, effective, and personalised care. We store it securely using Australian-based platforms. We do not sell or trade your information. You can request to access or correct your records at any time, and you can withdraw any consent you've given us.

If you have questions about any of this, please contact us — we're happy to talk it through.

Privacy Policy
Inner Haven Therapy
Last updated: 25 May 2026

Inner Haven Therapy (“we”, “us”, or “our”) is committed to protecting the privacy and confidentiality of all personal information we collect and hold. This Privacy Policy governs how we collect, use, store, and disclose personal information in connection with our counselling and psychotherapy practice and our website at www.innerhaventherapy.com.au.

This policy applies to all current and former clients, website visitors, referrers, Employee Assistance Programme (EAP) client organisations, and any other individuals whose personal information we handle.
As a registered health service provider and member of the Australian Counselling Association (ACA), we are bound by:

1. the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs);

2. the Health Records and Information Privacy Act 2002 (NSW) (HRIP Act);

3. the ACA Code of Ethics and Practice;

4. the PACFA Code of Ethics and Practice

5. the National Standards for Counsellors and Psychotherapists.

The small business exemption under the Privacy Act 1988 (Cth) does not apply to health service providers. Regardless of our size, we are bound by all obligations under the APPs.
1. Types of Information We Collect
1.1 Personal Information
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether it is recorded in a material form or not.

1.2 Sensitive Information
Sensitive Information is a category of Personal Information that attracts a higher level of protection under the Privacy Act 1988 (Cth) and the HRIP Act. It includes health information, psychological records, racial or ethnic origin, religious beliefs, political opinions, and criminal history.

The primary category of Sensitive Information we collect is health information — including clinical case notes, treatment histories, and psychological records. We collect and use Sensitive Information only:

1. for the primary purpose for which it was collected (your care and treatment);

2. for a secondary purpose directly related to that primary purpose; and

3. with your consent, or where required or permitted by law.

2. What Information Do We Collect?

2.1 Clinical and Practice Information

In the course of providing counselling, psychotherapy, and related health services, we collect:

1. Identity information: full name, date of birth, gender identity, and pronouns

2. Contact information: residential or postal address, phone number, and email address

3. Emergency contact details: name and contact details of a nominated person

4. Health and clinical information: presenting concerns, mental health and medical history, medication information, referral letters, clinical case notes, and session records

5. Financial information: payment details and billing records

6. Private health insurance details: health fund name and membership details, where you elect to claim a private health insurance rebate

7. Employment and organisational information (EAP clients): employer name, role, and referral or session authorisation details provided by or in relation to your organisation

This information is collected and stored using Halaxy, a secure, Australian-based practice management platform. Halaxy complies with Australian privacy legislation including the Privacy Act 1988 (Cth).

2.2 Website Information

When you visit our website, we may collect:

1. Technical data: IP address, browser type, device type, and referring URL

2. Usage data: pages viewed, session duration, and navigation patterns

3. Enquiry data: name, email address, phone number, and any other information submitted via our contact or booking forms

2.3 Information Shared During a Free Initial Consultation

If you participate in a free initial consultation, we collect the information you choose to share during that conversation. Where you subsequently opt in to receive our newsletter, your name and email address will be added to our mailing list.

3. How We Collect Your Personal Information

3.1 We collect personal information:

1. Directly from you: through intake forms, online booking via our website, in-session discussions, telephone calls, and written correspondence;

2. Via Halaxy: through which you complete intake paperwork including consent forms, health history questionnaires, and billing details;

3. From treating professionals: including GPs, psychiatrists, and other health practitioners who may provide referral letters or clinical summaries, where you have consented to or authorised that referral; and

4. From your employer or EAP provider: where EAP services are engaged, your employer may provide us with your contact details and referral authorisation for a specified number of sessions.

We collect personal information only by lawful and fair means, and only to the extent necessary for the purposes set out in this policy. Where practicable, we collect your Personal Information directly from you.

4. Purpose of Collection

4.1 How We Use Your Information

We collect and use your personal information to:

1. provide counselling, psychotherapy, and related health services;

2. manage appointments, billing, and administrative matters;

3. process private health insurance claims where applicable;

4. comply with our professional, ethical, and legal obligations as ACA or PACFA members and health service providers;

5. maintain clinical records as required by applicable law and professional standards;

6. communicate with you about your appointments and care;

7. provide EAP services to eligible employees of client organisations;

8. send you newsletters and other communications where you have consented (see Section 7); and

9. respond to enquiries submitted via our website.

4.2 Consequences of Not Providing Information

You are not obliged to provide us with your personal information. However, if you choose not to provide certain information, we may be limited in our ability to deliver safe and effective care. The following outlines the potential consequences:

1. Identity and contact information: If you do not provide basic identifying and contact details, we will be unable to establish a therapeutic relationship, manage appointments, or communicate with you about your care.

2. Health and clinical information: If you choose not to share relevant health history, presenting concerns, or other clinical information, our capacity to provide appropriately tailored and clinically safe treatment may be significantly limited. This may affect the quality, scope, or continuity of the care we are able to offer.

3. Emergency contact details: Without a nominated emergency contact, our ability to respond effectively in the event of a clinical emergency may be compromised.

4. Financial information: If payment or billing details are not provided, we will be unable to process appointments or complete any applicable private health insurance claims on your behalf.

We will always discuss with you, in an open and non-judgmental way, any concerns you may have about sharing particular information, and will explore together how we can best support you within any boundaries you set.

5. Disclosure of Your Information

We do not sell, rent, or trade your personal information. We may disclose your information in the following circumstances:

5.1 Clinical Supervision and Peer Consultation

As part of our commitment to providing high-quality, ethically grounded care, your therapist may discuss aspects of your case with a clinical supervisor or professional peers in a peer consultation setting. This is conducted:

1. in accordance with the ACA & PACFA Code of Ethics and Practice and the National Standards for Counsellors and Psychotherapists;

2. on a strictly confidential basis, with identifying details minimised wherever possible;

3. for the sole purpose of improving your treatment outcomes, maintaining professional competence, and meeting professional obligations; and

4. as a recognised secondary purpose directly related to your primary treatment.

All clinical supervisors and peers engaged in these consultations are bound by equivalent professional confidentiality obligations.

5.2 Private Health Insurance

If you elect to claim a private health insurance rebate, we will disclose your name, health fund details, and relevant treatment information to your nominated private health insurer as required to process your claim. This disclosure occurs with your consent, given when you provide your insurance details. Clients may also process claims manually and independently, and are encouraged to do so. We may collect your private health fund details to better assist with this process where possible.

5.3 Halaxy (Practice Management Platform)

Your personal and clinical information is stored and managed within Halaxy. Halaxy operates in accordance with Australian privacy law. For information about Halaxy’s data security and storage practices, please refer to Halaxy’s Privacy Policy at www.halaxy.com

5.4 Heidi Health (AI-Assisted Clinical Scribing)

We may use Heidi Health to assist in transcribing and summarising session content for the purpose of generating clinical notes. See Section 6 for full details.

5.5 Other Service Providers

We may share your personal information with other third-party service providers who assist in operating our practice and website, including website hosting and maintenance providers. These providers are engaged under confidentiality arrangements and are required to handle your information in accordance with Australian privacy law.

5.6 Legal and Safety Disclosures

Notwithstanding our confidentiality obligations, we may be required or permitted to disclose your personal information without your consent where:

1. we hold a genuine belief that disclosure is necessary to prevent serious and imminent risk of harm to you or to another person;

2. we are subject to a court order, subpoena, or other legal compulsion;

3. we are required to comply with mandatory reporting obligations under applicable child protection legislation; or

4. disclosure is otherwise required or authorised by law.

Where legally permitted, we will endeavour to notify you before making any such disclosure.

5.7 Overseas Disclosure

Some of our service providers may store or process data outside Australia. Where your personal information is disclosed to an overseas recipient, we take reasonable steps to ensure that the recipient handles your information in a manner consistent with the Australian Privacy Principles (APP 8). We encourage you to review the privacy policies of Halaxy and Heidi Health for information about their respective data storage locations and security arrangements.

6. AI-Assisted Scribing — Heidi Health/Halaxy

We may use Heidi Health or Halaxy, an artificial intelligence-assisted clinical documentation tool, to transcribe and summarise session content for the purpose of producing clinical notes.

We will always:

1. inform you before any AI scribing is used in a session via our information and consent form, or before use if that has yet to be completed;

2. obtain your express written consent before activating the AI scribe via our information and consent form. Or verbal consent in situations where that is not possible, and

3. offer you the option to decline AI scribing at any time, in which case notes will be prepared manually.

All AI-generated notes are reviewed and approved by your therapist before being accepted into your clinical record. No AI-generated notes are finalised or retained without therapist verification.

You may withdraw your consent to AI scribing at any time by notifying your therapist in writing or verbally before a session. Withdrawal applies to all future sessions and does not affect the validity of previously recorded and approved notes.

7. Marketing Communications and Newsletters

Following a free initial consultation, and where you have given us your express consent, we may send you newsletters, mental health resources, and other communications relevant to our practice and services.

1. You may opt out of receiving marketing communications at any time by clicking the unsubscribe link included in every email, or by emailing unearth@innerhaventherapy.com.au should it be unavailable. If you are unable to locate the unsubscribe link, you may contact us directly at unearth@innerhaventherapy.com.au and we will process your request promptly.

2. We will process all opt-out requests within 5 business days and will not send further marketing communications after that time.

3. We will retain the minimum information necessary (your email address and opt-out preference) to ensure ongoing compliance with your request.

4. We will not use your clinical or health information for marketing purposes.

5. Marketing communications will not be excessive in frequency. As a general guide, we aim to send no more than 2 communications per month, and will never exceed 5 communications in any calendar month. Each communication will clearly display a preference management option.

Our marketing communications comply with the Spam Act 2003 (Cth), including the requirements for accurate sender identification, a functional unsubscribe mechanism, and prompt honouring of unsubscribe requests.

8. Cookies and Website Tracking

We use cookies on our website to improve functionality and user experience.
Essential cookies for the purpose of: Core website functionality (e.g., session management, secure login). Retention period: Session — deleted when browser is closed.

Analytical cookies for the purpose of: Understanding how visitors use our site (e.g., pages visited, session duration). Retention period: Up to 13 months.

Marketing cookies for the purpose of: Tracking engagement with our content (set by third-party providers). Retention period: Up to 90 days.

Third-party cookies are subject to the respective privacy policies of those providers, which we encourage you to review. You can manage or disable cookies through your browser settings; however, disabling essential cookies may affect website functionality.

9. Security of Your Information

We take reasonable steps to protect your personal information from unauthorised access, misuse, modification, or disclosure. Our security measures include:

1. password-protected and encrypted systems, including Halaxy and Heidi Health;

2. role-based access controls limiting access to authorised personnel only;

3. encrypted communication channels for electronic correspondence;

4. regular review of the security practices of our service providers; and

5. physical security measures for any paper-based records.

When personal information is no longer required for the purpose for which it was collected, we will take reasonable steps to destroy or de-identify it securely, including through digital shredding and secure physical disposal of storage media.

10. Retention of Your Personal Information

We retain personal information for as long as is necessary for the purposes set out in this policy, and in accordance with our legal and professional obligations under the Health Records and Information Privacy Act 2002 (NSW), the ACA & PACFA Code of Ethics, and applicable financial record-keeping requirements.Ca
Adult clinical records (clients aged 18 or over at the time of service): 7 years from the date of last contact.

Minor client clinical records (clients under 18 at the time of service): Until the client turns 25, or 7 years from the date of last contact, whichever is longer.

Financial and billing records: 7 years from the date of the transaction.

Website enquiry data: 2 years from the date of last contact, or until deletion is requested.

Marketing consent and opt-out records: Retained for as long as necessary to honour your preference.

Complaint records: 7 years from the date of resolution.

After the applicable retention period, records will be securely destroyed or de-identified.

11. Access and Correction

Under the Australian Privacy Principles:

1. APP 12 permits you to request access to the personal information we hold about you; and

2. APP 13 allows you to request correction of personal information that is inaccurate, incomplete, or out of date.

To make an access or correction request, please contact us in writing using the details in Section 13. We will respond within a reasonable timeframe.

In limited circumstances, we may be unable to provide access to certain clinical records — for example, where disclosure could pose a serious threat to your health or safety, or where access is restricted by law. Where we decline a request, we will provide written reasons.

12. Complaints

If you have a concern about how we have handled your personal information, please contact us using the details in Section 13.

All complaints will be:

1. acknowledged within 5 business days of receipt,

2. investigated thoroughly, impartially, and with detailed records maintained; and

3. responded to with a written outcome within 30 business days.

Where additional time is required, we will notify you in writing and provide an updated timeframe. If your complaint is substantiated, we will take appropriate remedial steps in consultation with you.

If you remain dissatisfied with our response, you may refer your complaint to:

4. Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au | 1300 363 992

5. NSW Information and Privacy Commission (for matters under the HRIP Act): www.ipc.nsw.gov.au

6. Australian Counselling Association (ACA): theaca.net.au (for professional conduct matters)

7. The Psychotherapy and Counselling Federation of Australia (PACFA): pacfa.org.au (for professional conduct matters)

Complaint records will be retained for 7 years following resolution.

13. Contact Us

For all privacy enquiries, access requests, correction requests, or complaints, please contact:

Inner Haven Therapy

71 Gipp St, Collingwood, Melbourne, VIC 3066

Email: unearth@innerhaventherapy.com.au

Website: www.innerhaventherapy.com.au

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or professional standards. The current version will always be available on our website. We encourage you to review this policy periodically.

Last updated: 25 May 2026