top of page

Privacy Policy

1. Introduction

​

This Privacy Policy explains how we collect, use, disclose and protect your personal information when you use our website, contact us, or attend counselling (including in-person and telehealth sessions).

​

As a private counselling service, we handle highly sensitive health and personal information. We are committed to trauma-informed, confidential and culturally safe practice, and we manage your information in accordance with:

​

  • Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs)

  • Health Records and Information Privacy Act 2002 (NSW) and the Health Privacy Principles (HPPs)

 

By using our website or providing us with your personal information, you agree to this Privacy Policy.

​

2. Who we are and how to contact us

 

If you have questions about this Policy or how we handle your information, you can contact us using the details above.

​

Practice name: Yurandalli 
ABN: 61 529 395 719
Location: New South Wales, Australia
Website: https://www.yurandalli.com.au/ 
Email: admin@yurandalli.com.au

​

3. What information we collect

 

We collect different types of information depending on how you interact with us.

 

3.1 Information you provide directly

 

This may include:

  • Identification and contact details (e.g. name, preferred name, pronouns, date of birth, email, phone number, address).

  • Information you provide when you:

    • Submit a contact or enquiry form on the website

    • Request an appointment or referral

    • Complete intake or consent forms (online or paper-based)

    • Participate in counselling sessions (in-person, phone, or online).

​

  • Health and counselling information, such as:

    • Presenting concerns, history, goals for therapy

    • Session notes and counselling plans

    • Information about risk, safety, and support needs.

 

Because we are an allied health service provider, much of what we collect is “health information”, which is specially protected under NSW and Commonwealth law.

 

3.2 Information collected automatically via our website

 

When you visit our website, our hosting and analytics tools may automatically collect information such as:

​

  • Your IP address and approximate location

  • Browser type, device type, operating system

  • Pages visited, date and time of visit, time spent on pages

  • Referring site (e.g. search engine or link from another site).

 

This information is generally de-identified and used to help us maintain security, performance, accessibility and usability of the website.

 

3.3 Cookies and similar technologies

 

Our website may use cookies or similar technologies to:

​

  • Remember your preferences (for example, accessibility or language settings)

  • Help us understand how visitors use the site

  • Improve security (e.g. protecting forms from spam).

 

You can usually manage cookies through your browser settings. If you disable cookies, some website functions may not work as intended.

 

4. How we collect your information

 

We collect personal and health information when you:

​

  • Submit forms or send us an email, message, or SMS

  • Speak with us by phone, video, or in person

  • Attend counselling (including telehealth)

  • Are referred to us by another provider (e.g. GP or other clinician) and you or they share information with your consent (or as otherwise permitted by law).

 

We may also receive information from:

​

  • Other treating professionals, with your consent (or where otherwise permitted or required by law)

  • Third-party service providers, such as online booking systems, telehealth platforms and secure practice management systems.

 

5. Why we collect your information and how we use it

 

We collect, hold, use and disclose personal and health information where it is reasonably necessary for our functions and activities as a counselling and mental health service.

 

Main purposes include:

  • Providing counselling and support

    • Assessing your needs and risks

    • Planning and delivering counselling and support

    • Coordinating care with other providers (with your consent, where required).

  • Appointment & communication management

    • Booking and confirming appointments

    • Sending you information about your sessions (e.g. reminders, follow-up resources).

  • Practice management & quality assurance

    • Maintaining accurate clinical records

    • Supervisory and clinical governance processes (with privacy safeguards)

    • Service planning, evaluation and quality improvement (using de-identified data where possible).

  • Legal, regulatory and professional obligations

    • Meeting our obligations under privacy, health, child safety and record-keeping laws

    • Responding to subpoenas, court orders or lawful directions from regulators.

 

We do not sell your personal information or use it for unrelated direct marketing. If we ever want to use your information for another purpose (for example, a de-identified case example in training), we will seek your explicit consent.

​

6. Confidentiality, disclosure and legal limits

 

We understand privacy and confidentiality are critical for counselling. Generally, what you share with us is kept confidential within the service.

However, there are situations where we may be required or permitted by law or professional standards to use or disclose information without your consent, for example:

​

  • If we reasonably believe there is a serious or imminent risk of harm to you or someone else, and sharing information is necessary to reduce that risk.

  • If we are legally required to report concerns about a child or young person’s safety or wellbeing under child protection or related laws.

  • If we are required by a court order, subpoena, warrant or other legal process to disclose information.

  • To respond to a serious complaint, incident or insurance/indemnity matter, where sharing limited information is necessary and lawful.

 

Where it is safe, lawful and clinically appropriate to do so, we will explain these limits to you and try to discuss any necessary disclosure with you beforehand.

We may also share information with your consent, for example:

​

  • With your GP, psychiatrist or other treating professionals

  • With support people you nominate (e.g. family, carers, advocates)

  • In supported referral or care-coordination arrangements.

 

7. Website analytics, third-party services and social media

 

Our website may use third-party services (for example, website hosting, security tools, analytics and embedded content). These providers may process technical data about your visit to help us:

​

  • Secure the site

  • Monitor traffic and performance

  • Improve functionality and content.

​

If we use social media platforms (e.g. via buttons or links), those platforms may also collect information about you according to their own privacy policies. We recommend you review the privacy policies of any third-party services you use or access through links from our website.

​

8. Where and how we store your information

​

We take reasonable steps to protect personal and health information from misuse, interference, loss, unauthorised access, modification or disclosure, as required by the APPs and HPPs.

​

Measures may include:

  • Secure electronic clinical record or practice management systems

  • Encrypted connections (HTTPS/SSL) for our website and (where available) telehealth

  • Role-based access controls and strong password practices

  • Confidentiality obligations for staff and contractors

  • Regular data back-ups and security updates

  • Secure destruction or de-identification of information when it is no longer required and it is lawful to do so.

 

Your information may be stored in:

  • Secure electronic systems hosted in Australia; and/or

  • Reputable cloud services (which may use data centres in Australia or overseas).

​

We will endeavour to use reputable services.

​

9. How long we keep your information

​

We keep personal and health information for as long as needed:

​

  • To provide counselling and related services

  • To comply with professional, ethical and legal record-keeping requirements 

  • To manage any complaints, incidents or legal claims.

 

After this time, and when it is lawful to do so, we will securely destroy or de-identify your information.

​

10. Your rights to access and correct your information

 

Under Australian privacy law and the HRIP Act, you generally have the right to:

​

  • Request access to the personal and health information we hold about you

  • Request corrections if you believe the information is inaccurate, incomplete, out-of-date or misleading.

​

You can make a request by contacting us (see section 2). We may need to verify your identity and, in some cases, ask you to put your request in writing. We aim to respond within a reasonable time.

​

In limited situations, we may refuse access or restrict access (for example, if providing access would create a serious risk to your life, health or safety or that of another person, or where information is subject to legal privilege). If we refuse access or correction, we will explain why, and inform you of your options.

​

11. Data breaches

 

Despite our best efforts, security risks can never be entirely eliminated. If we become aware of a data breach involving personal information, we will:

​

  1. Take immediate steps to contain and assess the breach.

  2. Reduce the risk of harm where possible.

  3. Where required, notify you and the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches (NDB) scheme, which applies to health service providers covered by the Privacy Act.

 

We may also consider notifying other relevant bodies where appropriate (for example, the Information and Privacy Commission NSW, professional regulators or law enforcement).

 

12. Children and young people

 

We often support children and young people. When handling personal and health information about a child or young person, we take particular care to:

​

  • Consider capacity, consent and involvement of parents/carers/guardians, in line with relevant laws and professional standards

  • Prioritise safety, wellbeing and the best interests of the child or young person

  • Respect their privacy and dignity, explaining confidentiality (and its limits) in developmentally appropriate ways.

​

Where appropriate, we may ask for the child or young person’s own views about information sharing, and balance these with legal requirements and clinical judgement.

 

13. Third-party websites and links

 

Our website may link to external websites or services. We are not responsible for the privacy practices, content or security of those third-party sites. We recommend you review the privacy policy of any website you visit.

 

14. Complaints and concerns about privacy

 

If you have a question, concern or complaint about how we handle your personal information or this Privacy Policy, please contact us first (see section 2).

 

Please let us know:

  • What happened

  • How it has impacted you

  • What you would like us to do.

 

We will take your concerns seriously and aim to respond within a reasonable timeframe.

 

If you are not satisfied with our response, you may have the right to complain to one or more external bodies, for example:

​

Office of the Australian Information Commissioner (OAIC)

For concerns about our compliance with the Privacy Act 1988 (Cth) and Australian Privacy Principles. See the OAIC website for up-to-date contact details and complaint options.

​

Information and Privacy Commission NSW (IPC)

For concerns about the handling of health information under the Health Records and Information Privacy Act 2002 (NSW), you can complain to the NSW Privacy Commissioner through the Information and Privacy Commission NSW.

 

Other bodies

Depending on the issue, you may also be able to contact other regulators or complaint bodies (for example, the NSW Health Care Complaints Commission) about aspects of your care or professional conduct.

​

15. Changes to this Privacy Policy

 

We may update this Privacy Policy from time to time to reflect changes in our services, technology, or legal requirements. The updated version will be published on our website with a revised “Last updated” date.

​

We encourage you to review this page periodically to stay informed about how we protect your privacy.

​

Created: 20.11.2025

​

​

​

​

Acknowledgment of Country

​

As a Gamilaraay Murri living and working on Dharawal Country, I acknowledge the Dharawal people as the Traditional Custodians of the lands and waters where Yurandalli is grounded. I honour the strength, wisdom and leadership of Dharawal peoples, and the ongoing connections to Country, language, story, kin and spirituality that continue to thrive here. I pay my deepest respects to Elders past and present, and to the young people who are carrying culture forward in their own ways.

​

I also acknowledge my own Gamilaraay kin, Country and ancestors, whose courage, creativity and community care shape the way I walk alongside clients, families and communities. Yurandalli is guided by Aboriginal and Torres Strait Islander ways of knowing, being and doing, and is committed to amplifying First Nations voices, solutions and healing practices. Our work is one small part of the long story of First Nations survival, joy, resistance and renewal.

​

© 2025 by RCS-Health - Gamilaraay owned and operated. 

Yurandalli Counselling Wollongong
bottom of page