Privacy Policy

Tides & Trees
ABN 74 559 882 461

Tides & Trees recognises that your right to privacy is fundamental, particularly when you trust us with sensitive information about your mental health. This Privacy Policy sets out how we collect, hold, use, and disclose your personal information in accordance with the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and our obligations as a registered health practitioner under the Health Practitioner Regulation National Law and the Nursing and Midwifery Board of Australia (NMBA) standards.

Legislation We Comply With

  • Privacy Act 1988 (Cth)

  • Australian Privacy Principles (APPs)

  • Privacy Amendment (Notifiable Data Breaches) Act 2017

  • Health Practitioner Regulation National Law (Queensland)

  • Health (Drugs and Poisons) Regulation 1996 (Qld)

  • My Health Records Act 2012 (Cth), where applicable

  • Freedom of Information Act 1982 (Cth), where applicable

Acknowledgement

We are required under Australian Privacy Principle 1.4 to publish a clearly written Privacy Policy that is freely available. This document is that policy.

Where there is any inconsistency between this policy and the Privacy Act or relevant legislation, the legislation will prevail.

The Kind of Personal Information We Collect

To provide mental health care, we collect personal information including:

  • Your name, date of birth, gender, and contact details

  • Medicare number and health insurance details

  • Emergency contact information

  • Referrer details (where applicable)

  • Banking and payment details for billing

  • Identification details where required

Because we provide mental health care, we also collect sensitive information as defined under the Privacy Act, including:

  • Information about your mental and physical health

  • Medical history, current medications, and past treatment

  • Family and social history relevant to your care

  • Information about your race, ethnicity, religion, sexual orientation, or other personal characteristics, where these are clinically relevant to your care

  • Risk-related information, where this is relevant to your safety or the safety of others

  • Treatment notes, clinical correspondence, and assessment outcomes

  • Where you join a group program, information shared by you in that group setting

How We Collect Personal Information

We collect personal information directly from you when you:

  • Submit an enquiry or contact form on our website

  • Book an appointment through our online booking system (Zanda)

  • Complete intake forms

  • Attend appointments, in clinic, outdoors, or via telehealth

  • Communicate with us by email, phone, or SMS

  • Are referred to us by your GP or another health professional

In some cases, we may receive information about you indirectly, such as from:

  • A referring GP, psychiatrist, or other health practitioner

  • A family member or carer with your consent

  • Pathology providers and other clinicians involved in your care

  • A pharmacist, where relevant to prescribing

We may also collect non-identifying information from website visits (browser type, IP address, pages visited) for the purposes of website analytics and administration.

Telehealth Sessions

Telehealth sessions are conducted through secure, encrypted video platforms. We do not record telehealth sessions unless we have your explicit written consent. Clinical notes taken during telehealth sessions are stored under the same security standards as in-person notes.

You are responsible for ensuring privacy in your own environment during telehealth sessions.

Outdoor Sessions

We hold a number of sessions outdoors as part of walk and talk therapy or the Nature Connection Group. While we choose locations that offer reasonable privacy, we cannot guarantee that conversations will not be overheard by third parties in public spaces. You will be informed of this prior to outdoor sessions and asked to provide informed consent.

Group Therapy Confidentiality

Group programs (such as the Nature Connection Group) involve participants sharing information with one another. While we ask all group participants to respect each other's confidentiality, we cannot legally guarantee that other participants will keep your information private. You will be informed of this before joining a group and will be asked to sign a group confidentiality agreement at the first session.

How We Use Your Personal Information

We use your personal information to:

  • Provide mental health assessment, therapy, and care

  • Prescribe medication and order pathology where clinically indicated

  • Communicate with you about your appointments and care

  • Communicate with other practitioners involved in your care (with your consent)

  • Bill for our services, including via Medicare and private health insurers

  • Maintain records as required by law and professional standards

  • Respond to your enquiries

  • Comply with our legal and professional obligations

  • Improve our services

Who We Share Your Information With

We will only share your information with third parties in the following circumstances:

With your consent — including communication with your GP, treating team, family, or carers.

Where required by law — including:

  • Subpoenas, court orders, or coronial inquiries

  • Mandatory reporting obligations (child protection, certain communicable diseases)

  • Notifications under AHPRA's mandatory notification framework

  • Reporting under the Health (Drugs and Poisons) Regulation 1996 (Qld), including QScript reporting for Schedule 8 prescribing

Where there is serious risk to safety — to the extent reasonably necessary to lessen or prevent a serious threat to the life, health, or safety of you or another person.

With service providers who help us operate the practice (such as our practice management software provider, secure data storage providers, accountants, IT support). These providers are bound by privacy obligations.

Schedule 8 Prescribing

Where Schedule 8 medications are prescribed, information about prescriptions is reported to QScript (the Queensland real-time prescription monitoring system) as required by law. Records of Schedule 8 prescribing are also retained in accordance with the Health (Drugs and Poisons) Regulation 1996 (Qld).

How We Store Personal Information

Your information is stored in:

  • Secure practice management software (Zanda) hosted on Australian servers

  • Encrypted electronic systems for clinical records

  • Locked storage for any physical documents

  • Secure cloud-based systems with two-factor authentication

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, and disclosure, including:

  • Multi-factor authentication

  • Encrypted data transmission and storage

  • Regular software updates and security reviews

  • Staff training on privacy obligations

Despite our best efforts, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of information transmitted over the internet.

Retention of Records

We retain clinical records in accordance with Queensland Health record-keeping requirements:

  • Adult records: minimum seven years from the date of the last entry

  • Records of children: until the patient turns 25

After these retention periods, records are securely destroyed.

Data Breach Notification

In the event of a data breach that is likely to result in serious harm, we will:

  • Take reasonable steps to contain the breach

  • Notify affected individuals as soon as practicable

  • Notify the Office of the Australian Information Commissioner (OAIC), in accordance with the Notifiable Data Breaches scheme

Access to Your Information

You have the right to:

  • Access the personal information we hold about you

  • Request corrections to information that is inaccurate or out of date

  • Request a copy of your clinical records, subject to applicable law

  • Withdraw consent for the use of your information, subject to legal record-keeping obligations

To request access, please contact us at admin@tidesandtrees.com.au.

We will respond to access requests within a reasonable timeframe. We may charge a reasonable administrative fee for the cost of providing copies of records.

In some circumstances, access may be refused or limited, including where:

  • Access would pose a serious threat to the life, health, or safety of any person

  • Access would unreasonably impact the privacy of others

  • The request is frivolous or vexatious

  • Access is unlawful or would prejudice an investigation

Overseas Disclosure

We do not routinely transfer personal information overseas. Some of our third-party service providers (such as cloud storage or email services) may store data on servers outside Australia. Where this is the case, we take reasonable steps to ensure these providers comply with Australian privacy standards.

Marketing

We will only send you marketing or promotional information (such as newsletters or updates about upcoming groups) with your express consent, and you may unsubscribe at any time. We do not use your sensitive health information for marketing purposes under any circumstances.

Cookies and Website Analytics

Our website may use cookies and analytics tools to understand how visitors use the site. These do not identify you personally. You can disable cookies in your browser settings, though some features of the site may not function as intended.

External Links

Our website may contain links to other websites. We are not responsible for the privacy practices of external sites. We encourage you to read the privacy policies of any external sites before sharing your information with them.

Complaints

If you have a concern about how we have handled your personal information, please contact us first:

Email: admin@tidesandtrees.com.au
Phone: 0490 726 276

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

  • Website: oaic.gov.au

  • Phone: 1300 363 992

  • Post: GPO Box 5218, Sydney NSW 2001

Changes to This Policy

This policy is current as of May 2026. We may amend this policy from time to time. The most current version will always be available on our website.

Contact Us

If you have any questions about this Privacy Policy or about how we handle your personal information, please contact:

Tides & Trees
Steph Picanso, Mental Health Nurse Practitioner
Email: admin@tidesandtrees.com.au