Privacy Policy

Lumaura Psychology Pty Ltd (“Lumaura”) respects and protects the privacy of all clients and staff. This Privacy Policy sets out how we manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Last updated: 23 August 2025

1. General

1.1 This Privacy Policy applies to the management of personal information by Lumaura Psychology Pty Ltd ACN 690 056 850. All psychological services provided by Lumaura are subject to the requirements of the Privacy Act 1988 (Cth) and the APPs.

1.2 This Privacy Policy outlines:

• the categories of Personal Information collected;

• the way such information is collected, used, held, and disclosed;

• the parties to whom such information may be disclosed; and

• the rights of individuals to access and correct their Personal Information.

1.3 Lumaura may, at its discretion, amend this Privacy Policy from time to time. Any material amendments will be notified by publication on our website.

2. Reviewing this Privacy Policy

2.1 By executing a Client Consent Form, whether in person or electronically, you acknowledge that Lumaura may collect, use, and disclose your Personal Information, including Sensitive Information, in accordance with this Privacy Policy.

2.2 Use of Lumaura’s Website constitutes consent to the collection, processing, storage, and disclosure of Personal Information as set out herein.

2.3 Where Lumaura engages with corporate entities, it may collect Personal Information relating to their employees, officers, or associates. Entities providing such information must ensure affected individuals are directed to this Privacy Policy.

3. Definitions

For the purposes of this Privacy Policy:

• “Client Intake Documentation” means documentation provided to clients upon registration or update, including medical history, consent forms, payment details, and terms and conditions.

• “Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not.

• “Sensitive Information” has the meaning ascribed under the Privacy Act and includes health information, as well as information relating to racial or ethnic origin, political affiliation, professional or trade associations, religion, sexual orientation or practices, criminal history, and genetic or biometric information.

• “Services” means psychological treatment, counselling, telehealth, referrals, and related healthcare services provided by Lumaura.

• “Website” means https://lumaurapsychology.com.au and any other domain operated by Lumaura.

• “you” or “your” refers to the client or their authorised representative.

• “Lumaura” means Lumaura Psychology Pty Ltd ACN 690 056 850.

4. Client Information

4.1 Client records are maintained in secure storage, either in locked physical facilities or password-protected electronic systems, accessible only by authorised personnel and service providers in accordance with Lumaura’s policies. Records typically include contact information, medical history, and other data relevant to the provision of Services.

5. Types of Personal Information Collected

5.1 Lumaura collects and holds the following categories of Personal Information:

• identifying details (e.g., name, date of birth);

• contact information (e.g., address, phone, email);

• profile details (e.g., survey responses, feedback);

• health fund information;

• government identifiers (e.g., Medicare, NDIS, DVA numbers);

• financial details (e.g., payment and billing information);

• Sensitive Information, including health and medical records, specialist reports, test results, diagnoses, treatment history, and related clinical information.

6. Collection of Personal Information

6.1 Lumaura collects Personal Information by:

• direct provision from clients via forms, correspondence, or consultations;

• interactions with clinical or administrative staff; and

• third-party disclosures such as referrals, reports, or correspondence from other healthcare providers.

7. Consequences of Non-Disclosure

7.1 Where a client elects not to provide Personal Information in accordance with this Privacy Policy, Lumaura may be unable to provide Services. Clients may request anonymity or the use of a pseudonym, except where impracticable or prohibited by law.

8. Purpose of Collection and Retention

8.1 Personal Information is collected and retained for the purpose of providing Services, including assessment, diagnosis, treatment, and preparation of reports. Documentation is required to ensure accurate record-keeping and continuity of care.

9. Disclosure of Personal Information

9.1 Personal Information will not be disclosed except where:

• required or authorised by law;

• Lumaura reasonably believes failure to disclose would pose a serious risk to life, health, or safety; or

• the client has expressly authorised disclosure, including:

  • to another professional (e.g., GP, lawyer);

  • to a nominated third party (e.g., parent, employer, funder);

  • for any other specified purpose directly connected to the Services provided.

9.2 Lumaura does not disclose Personal Information overseas unless required by law or with explicit client consent. In the case of Telehealth clients located in New Zealand, the provisions of 9.1 above will apply, including the application of New Zealand law in relation to 9.1 (a) above.  Personal Information will not be sold, rented, or used for unrelated purposes.

9.3 In the event of unauthorised access, disclosure, or loss, Lumaura will implement its Data Breach Response Plan and take all reasonable steps to mitigate potential harm.

10. Access and Correction

10.1 Clients may request access to or correction of their Personal Information at any time. Access may be subject to exceptions under the Privacy Act 1988 (Cth).

10.2 Where information is inaccurate, incomplete, or outdated, Lumaura will take reasonable steps to correct it.

10.3 Requests for access or correction should be directed in writing to the Privacy Officer. A written response will be provided within 30 days.

Contact details:

• Email: admin@lumaurapsychology.com.au

• Post: P.O. Box 1011, Indooroopilly, Brisbane QLD 4068

• Phone: +61 473 055 560

11. Concerns and Complaints

11.1 Complaints regarding the handling of Personal Information should be directed to Lumaura’s Privacy Officer in the first instance.

11.2 A copy of the Australian Privacy Principles is available on request.

11.3 If a complaint cannot be resolved with Lumaura directly, it may be referred to the Office of the Australian Information Commissioner (OAIC):

• Phone: 1300 363 992

• Online: OAIC Privacy Complaints

• Post: GPO Box 5288, Sydney NSW 2001

12. Third-Party IT Systems

12.1 Lumaura utilises secure third-party platforms to support the delivery of Services, including:

• Halaxy – practice management software used for scheduling, billing, and secure client record management;

• Novo Psych – psychological assessment and reporting platform.

12.2 By engaging Lumaura’s Services, you consent to your Personal Information, including Sensitive Information, being stored and processed using these systems. These providers are bound by data protection obligations consistent with the Privacy Act 1988 (Cth) and APPs.

12.3 Lumaura takes reasonable steps to ensure third-party providers implement strong security measures. However, as with all electronic storage and transmission systems, a residual risk of data breach or unauthorised access remains.

12.4 Any incidents involving unauthorised access or disclosure through third-party systems will be managed in accordance with Lumaura’s Data Breach Response Plan and the Notifiable Data Breaches Scheme.