This Privacy Policy applies to Toodles Poodles Pty Ltd atf Toodles Poodles Trust, trading as Mirror of Thought Psychology (37 226 004 657) (referred to as "we," "us," or "our") in relation to the services provided through our website [insert website URL] (Website). As a registered psychologist and an APP Entity under the Privacy Act 1988 (Cth) (Privacy Act), we are committed to protecting and managing your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act, our professional ethical obligations outlined by the Australian Psychological Society's (APS) Code of Ethics, and other applicable privacy laws and guidelines.
This document sets out our policies for managing your personal information and is referred to as our Privacy Policy.
In this Privacy Policy, "we" and "us" refers to Mirror of Thought and "you" refers to any individual about whom we collect personal information.
This Privacy Policy explains how we collect, use, store, disclose, and manage your information. By using our Website or engaging with our services, you consent to the terms of this Privacy Policy. It is important that you review this Privacy Policy carefully and contact us if you have any questions or require further information.
This Privacy Policy is current as of 1 February 2026 and we may update it periodically to reflect changes in the law or our processes. We recommend that you visit this page regularly to stay informed.
1. Definitions
APP Entity means an entity to which the Australian Privacy Principles under the Privacy Act apply.
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
Privacy Officer means the person nominated by Mirror of Thought to oversee compliance with the Privacy Act and to handle privacy-related enquiries, access requests, corrections, and complaints.
Sensitive Information means information or opinion about an individual that is considered sensitive under the Privacy Act, including information or an opinion about an individual's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information, or biometric information.
2. About Mirror of Thought
Mirror of Thought is a clinical psychology clinic proving psychologist services to individuals, couples and families in Crows Nest, NSW.
3. What Information Do We Collect?
Clients and Prospective Clients
When you enquire about our services or when you become a client of Mirror of Thought, a record is made which includes your personal information.
The type of Personal Information that we collect will vary depending on the circumstances of collection and the kind of service that you request from us, but will typically include:
a. your full name, date of birth, contact details (including address, email address, telephone number, and emergency contact details), and demographic information;
b. information about your employer, occupation, or an organisation you represent, where relevant;
c. your Medicare number, private health insurance details, statutory insurance details (CTP and/or workers’ compensation) and other billing or payment information;
d. your medical history, mental health history, presenting concerns, symptoms, diagnoses, treatment plans, clinical notes, and other health-related information;
e. information about referrals from and communications with other healthcare providers (eg general practitioners, psychiatrists, or other allied health professionals);
f. information provided by you or your representatives during consultations, assessments, therapy sessions, or communications with us; and
g. any additional personal information you provide to us, or authorise us to collect, as part of your interaction with [insert Psychologist or Practice Name].
Sensitive Information
We collect Sensitive Information in the course of providing psychological services to you. This includes information about your:
a. mental health, including your psychological and psychiatric history, diagnoses, treatment history, and related health factors;
b. racial or ethnic origin, where relevant to the provision of culturally sensitive therapy;
c. sexual orientation or practices, where relevant to the therapeutic relationship;
d. genetic or biometric information, where relevant and with your consent; and
e. other information that may be considered sensitive in the context of the psychological services we provide.
We will only collect, use, or disclose Sensitive Information with your express consent, unless collection is required or authorised by law, or where collection is necessary for the establishment, exercise, or defence of a legal claim.
Visitors to Our Website
When you interact with our Website, we may collect certain information, including:
a. Personal Information you provide to us through enquiry forms, appointment booking systems, contact forms, feedback pages, or other interactive features of the Website;
b. technical information, such as your browser type, device type, IP address, pages visited, date and time of access, referral source, and usage patterns;
c. information collected through cookies, web beacons, and similar technologies, which help us improve the Website's functionality, analyse visitor activity, and deliver a more personalised experience.
You may manage cookie settings through your browser; however, certain functionality on the Website may be affected if you disable cookies. Our Website uses cookies that collect non-identifiable information. You are not identifiable from such information unless combined with other identifying data.
4. How and Why Do We Collect and Use Your Information?
Methods of Collection
We may obtain Personal Information and Sensitive Information through:
a. direct communication with you, including in-person consultations, telephone conversations, email correspondence, or via our Website;
b. tools such as online forms, registration portals, appointment booking systems, and feedback pages on our Website;
c. third parties, including your referring health professional (such as your general practitioner or psychiatrist), other healthcare providers, family members, legal representatives, or insurers, where you have consented to this or where it is authorised by law; and
d. automated collection technologies, such as cookies and analytics tools used on our Website.
We generally collect personal information directly from you. Where we collect personal information about you from other sources, we will take reasonable steps to make you aware of the information provided by the third party.
Consent for Collection of Sensitive Information
Before collecting Sensitive Information from you, we will:
a. explain the purpose for which the information is being collected;
b. inform you of the types of Sensitive Information we intend to collect;
c. explain how the information will be used and disclosed;
d. obtain your informed and express consent, either verbally or in writing, depending on the circumstances.
You may provide consent by:
1. signing a consent form at the commencement of therapy or treatment;
2. providing verbal consent during a consultation, which will be documented in your clinical records; or
3. providing consent via our Website or other electronic means, where applicable.
You may withdraw your consent at any time by notifying us in writing. However, withdrawal of consent may affect our ability to provide you with certain services.
Purpose of Collection
We collect, use, and store your information for the following purposes:
a. providing psychological counselling, therapy, assessment, and treatment services to you;
b. maintaining accurate and comprehensive client records, including clinical notes, treatment plans, progress reports, and correspondence;
c. responding to enquiries, feedback, and requests for information received through our Website or other communication channels;
d. liaising with referring medical professionals, psychiatrists, general practitioners, allied health providers, or other service providers, as necessary and with your consent, to deliver coordinated care;
e. arranging and conducting telepsychology or telehealth consultations via video conferencing or telephone;
f. processing payments, billing, managing accounts, and engaging in debt recovery activities;
g. improving the content, functionality, and user experience on our Website;
h. complying with professional, legal, ethical, and regulatory requirements, including obligations under the Privacy Act, the APS Code of Ethics, mandatory reporting obligations, and other applicable standards;
i. addressing complaints, incidents, or legal claims, and managing risk and legal liabilities;
j. conducting clinical supervision, training, and professional development activities using de-identified or pseudonymised information;
k. undertaking research, quality improvement activities, and statistical analysis using de-identified data; and
l. providing administrative and technical support for our services.
We also collect and use personal information for secondary purposes directly related to the primary purpose of collection, where you would reasonably expect such use or disclosure, or where we have obtained your consent.
5. Telepsychology and Digital Services
We may offer telepsychology services via video conferencing platforms, telephone consultations, or other digital communication tools. When you engage with us through these platforms, we collect and handle your personal and sensitive information in accordance with this Privacy Policy.
When providing tele-psychology services, we:
a. use secure, encrypted platforms to protect the confidentiality and security of your communications;
b. collect information necessary for the delivery of the service, including audio and video recordings where you have consented;
c. ensure that our third-party service providers comply with applicable privacy and security standards;
d. inform you of any limitations or risks associated with digital communication, including potential interruptions, technical failures, or unauthorised access; and
e. obtain your informed consent before commencing telepsychology services.
You have the right to refuse telepsychology services and request in-person consultations where practicable.
6. Disclosure of Information
We respect your right to privacy and adopt a secure, confidential, and ethical approach to managing data.
Third-Party Disclosures
We do not disclose your information to third parties except as set out in this Privacy Policy or as permitted or required by law. Situations where disclosure may occur include:
a. sharing necessary data with third parties that assist us in service delivery, including IT service providers, cloud storage providers, software vendors, billing and payment processors, and administrative support services, who are contractually bound to handle your information securely and in accordance with the APPs;
b. disclosures to other healthcare providers involved in your care, including general practitioners, psychiatrists, allied health professionals, and medical specialists, with your consent or as necessary for coordinated care;
c. disclosures to your family members, carers, or legal representatives, with your consent or where it is in your best interests and you lack the capacity to provide consent;
d. disclosures required or authorised by law, including court orders, subpoenas, statutory reporting obligations (such as mandatory reporting of child abuse or risks of serious harm), or compliance with regulatory authorities;
e. disclosures in emergency circumstances, including situations where there is a serious threat to your life, health, or safety, or to the life, health, or safety of another person, in which case we may disclose information to appropriate persons (such as emergency services, hospital staff, or police) to assist with medical care or intervention;
f. disclosures for the purposes of clinical supervision, training, or professional development, where your information is de-identified or pseudonymised to protect your identity;
g. disclosures to insurers, Medicare, or private health funds for the purposes of processing claims or verifying eligibility for services, with your consent; and
h. disclosures to legal advisers, auditors, or other professional consultants in connection with the management of legal liabilities, compliance, or business operations.
Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.
Cross-Border Transfers
We will not disclose your Personal or Sensitive Information to recipients outside Australia unless:
a. you expressly consent to such disclosure;
b. the disclosure is necessary for the provision of services to you (for example, where we use cloud-based storage or software providers with servers located overseas);
c. the overseas recipient is subject to a law or binding scheme that provides substantially similar protections to the APPs, and there are mechanisms available to you to enforce protection of your information under that overseas law; or
d. we take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your information, including by obtaining contractual commitments from the recipient to handle your information in accordance with the APPs.
Where your information is transferred overseas, it is likely to be transferred to recipients located in [insert countries or regions, eg the United States, the European Union, or other jurisdictions where our service providers operate].
7. Protecting and Storing Your Information
We take all reasonable steps to protect your Personal and Sensitive Information from misuse, interference, loss, unauthorised access, modification, or disclosure. We achieve this through a combination of:
a. secure physical storage systems, including locked filing cabinets and restricted access to premises;
b. electronic security measures, such as firewalls, encryption, secure servers, password protections, and access controls;
c. restricted access to Personal Information, limited to authorised personnel who require access to perform their duties;
d. regular reviews and updates of our security policies and procedures;
e. training of staff and contractors on privacy obligations and data security practices; and
f. secure disposal methods for records that are no longer required, including shredding of paper records and secure deletion or de-identification of electronic records.
Our Website does not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our Website are encouraged to exercise care in sending personal information via the internet.
Retention of Records
We retain your records for the period required under Australian laws, industry standards, and professional guidelines applicable to the psychological profession. Specifically:
a. for clients, clinical records are retained for a minimum of seven years following the last date of service;
b. other records, such as financial and administrative records, are retained in accordance with applicable legal and regulatory requirements.
When these records are no longer required, they will be securely destroyed or permanently de-identified in accordance with our record destruction policy.
8. Your Rights
You may have the following rights regarding your Personal and Sensitive Information:
Access and Correction
Under the Privacy Act, you have a right to access the Personal Information we hold about you. If you believe the information is inaccurate, incomplete, out-of-date, irrelevant, or misleading, you may request a correction.
To exercise these rights, please contact our Privacy Officer at the details provided below. We will process access requests within a reasonable timeframe, typically within 30 days of receipt of your request. We may ask you to provide further information to verify your identity before granting access to your information.
We will not charge you for making a request to access your personal information, but you may be charged for the reasonable time and expense incurred in compiling information in response to your request, particularly for large or complex requests.
We may decline your request to access or correct your personal information in certain circumstances in accordance with the APPs, including where:
a. providing access would pose a serious threat to the life, health, or safety of any individual, or to public health or public safety;
b. providing access would have an unreasonable impact on the privacy of other individuals;
c. the request is frivolous or vexatious;
d. the information relates to existing or anticipated legal proceedings and the information would not be accessible by the process of discovery in those proceedings;
e. providing access would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations;
f. providing access would be unlawful;
g. denying access is required or authorised by law or a court/tribunal order; or
h. providing access would prejudice the investigation of possible unlawful activity or enforcement-related activities conducted by, or on behalf of, an enforcement body.
If we refuse your request, we will provide you with a written notice setting out the reasons for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
We will take reasonable steps to ensure that the personal information we collect, use, or disclose is accurate, complete, and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.
Complaints and Enquiries
If you believe your privacy has been breached, or if you have a complaint about the way we have handled your personal information, please contact us using the details below. We are committed to addressing your concerns and rectifying any identified breaches.
The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within seven days of receipt.
If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within seven days and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents, and speak with individuals involved.
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know and provide you with an updated timeframe.
If we are unable to resolve the issue to your satisfaction, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the OAIC website at www.oaic.gov.au.
9. Can You Deal with Us Anonymously?
We will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable, for example, when making a general enquiry about our services.
Generally, it is not practicable for Mirror of Thought to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services or participate in programs or activities we manage or deliver.
10. Use of Website and Direct Marketing
We may collect information through our Website, including data provided through enquiry forms, appointment booking systems, feedback pages, or cookies. By using our Website, you are deemed to have consented to this collection in accordance with this Privacy Policy.
We may occasionally use your contact details to send information about our services, upcoming events, workshops, educational materials, and other opportunities that may interest you. Such communications may be sent via email, SMS, or post.
You may opt out of receiving direct marketing communications at any time by:
a. using the unsubscribe mechanism provided in the communication (such as an unsubscribe link in an email);
b. contacting us directly using the contact details below and requesting to be removed from our marketing list; or
c. updating your communication preferences via your account on our Website, where applicable.
Please note that even if you choose to opt out of marketing communications, we may still contact you where necessary to administer ongoing services, respond to your enquiries, or provide you with important information about our services or changes to this Privacy Policy.
We will not use or disclose your Sensitive Information for direct marketing purposes.
11. Notifiable Data Breaches
In the event of a data breach that is likely to result in serious harm to any individuals whose personal information is involved in the breach, we will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act.
This includes:
a. conducting an assessment to determine whether the breach is likely to result in serious harm;
b. taking reasonable steps to remediate the breach and prevent further unauthorised access, use, or disclosure;
c. notifying affected individuals as soon as practicable, providing details of the breach, the types of information involved, and steps individuals can take to protect themselves; and
d. notifying the OAIC in accordance with the requirements of the NDB scheme.
If you suspect that your personal information has been subject to unauthorised access, use, or disclosure, please contact us immediately using the details below.
12. Amendments to this Privacy Policy
We reserve the right to amend or update this Privacy Policy at any time to reflect changes in laws, regulations, or our practices. Changes will take effect immediately once posted on our Website. We will update the effective date at the end of this Privacy Policy to reflect when the most recent changes were made.
We recommend that you visit this page regularly to stay informed of any updates to this Privacy Policy.
13. Contact Details
If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your information, please contact us:
Privacy Officer: James Etter
Address: Suite 1, Level 1, 20 Falcon Street, Crows Nest 2065
Email: james@mirrorofthought.com.au
Telephone: 02 9223 5184
This Privacy Policy is effective as of 1 February 2026