Ministry of Minds Pty Ltd t/a Shrink & Co. ABN 66 166 721 115 (we, us or our), understands that protecting your personal information is important and we are committed to safeguarding your personal information. This Privacy Policy sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us, offline or online, including when you access our website, use our online contact form, telephone us, email us, SMS us, complete any questionnaire we provide to you, visit our practice, or participate in a telehealth consultation (Services).

The information we collect

We may collect personal information about you for the purpose of providing our Services to you. We may collect this information directly from you or from a third party such as your referring doctor, or from a family member, partner or other support person but only with your consent or if required or authorised by law. This may include personal information, sensitive information and health information. We store personal information in a variety of ways, including paper and electronic formats.

Personal information: is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

Sensitive information: is a sub-set of personal information that is given a higher level of protection. Sensitive information means information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation or practices, criminal records, health information or biometric information.

Health information: is a type of sensitive information and includes any personal information that is collected while providing you a health service. For example, any details you share with us in a consultation about your medical history or mental health will be health information.

The types of personal information we may collect about you include:

When you contact us:

• your name;
• your contact details, including email address, street address and/or telephone number; and
• any other personal information requested by us and/or provided by you or a third party.

When you register with us as a client (including when filling out a new patient registration form or administrative paperwork):

• your name;
• your contact details, including email address, street address and/or telephone number;
• your date of birth;
• images of you;
• your Medicare number (if you are referred to us under a mental health plan);
• details of your referring doctor;
• an emergency contact name and telephone number;
• our correspondence with you or with other health professionals about you; and
• any other personal information requested by us and/or provided by you or a third party.

When you have a consultation with us:

• personal details which are necessary and relevant to the assessment and/or treatment of your presenting mental health concern and which you choose to share with us. For example, this may include details of your schooling/training/employment status; your marital status; your beliefs and values, and views;
• sensitive information (including health information) which is necessary and relevant to the assessment and/or treatment of your presenting mental health concern and which you choose to share with us and any mental health assessment or diagnostic opinion we believe it is necessary or relevant to record. The types of sensitive information you choose to share with us may include:
  • detailed information about your current medications, your physical health and detailed information about your psychological health;
  • your gender;
  • your racial or ethnic origin;
  • your religious beliefs;
  • your philosophical beliefs;
  • your political beliefs or affiliations;
  • your sexual orientation or practices; and
  • any other sensitive details you choose to share with us;
• any other required personal information requested by us and/or provided by you or a third party.

When you visit our website:

We also may collect personal information about you, directly from you or from a third party, for the purpose of delivering our website to you. The types of personal information which we may collect when delivering our website to you include:

• your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
• information about your access and use of our Services, including through the use of Internet cookies, your communications with our online Services, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider; and
• additional personal information that you provide to us, directly or indirectly, through your use of our Services, associated applications, associated social media platforms and/or accounts from which you permit us to collect information.

How we collect personal information

We collect personal information in a variety of ways, including:

• Directly: We collect personal information which you directly provide to us, including through the ‘contact us’ form on our website or when you request our assistance via email, or over the telephone.
• Indirectly: We may collect personal information which you indirectly provide to us while interacting with us, such as when you use our website, in emails, over the telephone and in your online enquiries.
• From third parties: We collect personal information from third parties, such as details of your use of our website from our analytics and cookie providers and marketing providers. See the “Cookies and Analytics” section below for more detail on the use of cookies and tracking pixels.

Why we collect, hold, use and disclose personal information

Personal information: We may collect, hold, use and disclose personal information for the following purposes:

• to book an appointment for you whether via email or over the phone;
• to contact and communicate with you about your appointment;
• to enable your referring doctor to refer you to us and/or book an appointment for you;
• to register you as a client;
• to check you in at our practice;
• to provide our services;
• to ask your feedback on our services and/or staff;
• for internal record keeping;
• for advertising and marketing, including to send you promotional information about our services and other information that we consider may be of interest to you;
• for administrative purposes including invoicing and billing purposes;
• to enable you to access and use our website and trusted associated applications and platforms; and
• to comply with our legal obligations and resolve any disputes that we may have.

Sensitive information: We only collect, hold, use and disclose sensitive information for the following purposes:

• any purposes you consent to, such as:
  • to provide a written report to another agency or professional, e.g. a general practitioner or a lawyer;
  • to discuss the material with another person, e.g. a parent, employer, health provider, or third party funder;
  • where we take your photograph, for patient identification purposes. We administer injectable antipsychotic medications, and therefore robust patient identification is necessary to reduce potential errors. Patient photographs remain on the patient record, for reasons such as reducing the chance of the incorrect patient screen being open during consultations and minimising medication and Medicare errors;
  • to disclose the information in another way; or
  • to disclose to another professional or agency (e.g. your general practitioner);
• secondary purposes that are directly related to the primary purpose for which it was collected, including disclosure to the below listed third parties as reasonably necessary to provide our Services to you;
• to refer you to medical or health service providers, to contact emergency services, or to speak with your family, partner or support person where we reasonably believe there is a serious risk to the life, health or safety of you or another person and it is impracticable for us to obtain your consent; and
• if otherwise required or authorised by law.

Methodology and collection of consent for taking photographs

We take a photograph of patients upon arrival for their first appointment, and before any sessions commence. This is to ensure correct and accurate patient identification in the patient records, especially for sessions that occur in satellite locations. This enhances patient privacy and security. Patient photographs are taken with their knowledge, at the time it is taken, using various technological resources available in each location. Where administrative support is unavailable (e.g. after-hours) the practitioner will take the photograph of the patient at the first consult as much as practicable, or deferred until administrative support is available.

In compliance with the Management System of Shrink & Co., and this policy, it is mandatory that all patients have their photographs taken prior to the commencement of sessions, unless there are exceptional circumstances. In limited and certain circumstances and where practicable, Shrink & Co. may be able to accommodate identifying those patients without a photograph but relying on a pseudonym and other verification information. The authority to approve such exceptions lies with Senior Management only, and escalation protocols must be adhered to.

Storage and security of photographs

Patient photographs are taken electronically and saved against the individual patient’s medical record. This then becomes a component of the medical record, and is therefore stored as one unit. Photographs are only stored in electronic format against the electronic medical record – no other electronic copies are stored anywhere else, and no hard copies of patient photographs are produced or stored. Security and safety of patient photographs are therefore identical to the security and safety of their entire electronic medical record, which is maintained by the medical software vendor.

CCTV

Closed Circuit Television (CCTV) refers to camera surveillance devices that capture images of people and activity and includes other surveillance devices of the same or similar nature.

We operate CCTV at our physical offices (including common areas, as well as consultation rooms) to:

• help ensure the safety and security of our staff, property, contractors and visitors;
• detect the arrival of visitors to the site;
• detect potential criminal activity; and
• provide evidence to the Police, court or tribunal proceedings, or a public sector agency where it is necessary for them to uphold the law.

Any footage collected will be used in compliance with the Privacy Act 1988 (the Privacy Act) and other applicable legislation.

Nature of surveillance

CCTV operates at all times of the day and night, in areas specified by physical signage. Signage indicating that a CCTV system is in operation will be placed both at the entrance to the building under surveillance, as well as in the physical proximity of the system itself.

Footage captured may be captured up to 24 hours a day, seven days a week. Only video feeds are captured. No audio feed is captured.

Covert surveillance will only be carried out in exceptional circumstances, where there are strong grounds to suspect that misconduct is occurring.

Storage and access to video footage

Footage is accessible only by our senior management. On occasion, we may store footage and review it for the purposes of investigating an incident.

Any footage retained by us is erased every 90 days, unless we determine that it is necessary to retain footage as evidence.

Footage of events and movements is sufficient to identify individuals and is therefore regarded as “personal information” under the Privacy Act. Individuals will only be able to access CCTV footage if required by law. The general public and media shall not have access to any CCTV footage, unless a person is requesting to access footage of themselves. An administrative fee is payable for the provision of such information.

In assessing a person’s request for footage of themselves, the ability to maintain the privacy of any other identifiable individual in the footage will be taken into consideration.

Consent

Patients are to be notified of our CCTV and photograph policy at the point of initial appointment. They are required to verbally agree and comply with this policy prior to the first appointment being made. Upon arrival for their first appointment, written consent must be obtained from the patient by way of a consent form. Patient’s signed consent for their photograph to be taken is necessary prior to any sessions commencing.

Refusals and escalation

At the point of Intake, the Intake Officer or Front Desk Receptionist must explain the process for patient photographs to be taken and why this is being done. The particular situation of Shrink & Co. is relevant to supporting the implementation of this policy, including the sensitive nature of our field of practice, the absence of administrative staff or a check-in point at some of our sites and the administration of anti-psychotic medications. This heightens the need for good identification. It also suggests that the use of photographs to identify patients would in fact enhance protection of their privacy. For those patients who do not agree to their photo being taken and stored, further clarification of those patients’ reasons is required. Explaining to patient the reasons for the policy usually resolves their concerns.

If any patient were to remain in opposition to collection and storage of their photograph, this must then be escalated to Senior Management. It would turn on the particular circumstances as to whether or not Shrink & Co. could reasonably refuse to treat them in our practice. This would depend on their reasons for refusal, the nature of their condition (for example, if they were experiencing an acute illness period or otherwise, or if the act of photography exacerbates a trauma response), and whether alternatives to a photograph could be reasonably accommodated for that patient whilst still maintaining appropriate confidentiality and professional standards.

Only Senior Management has the authority to accept and approve, or refuse an exemption to the photograph requirement. The decision and its reason(s) are to be documented on the patient’s clinical records, where available. Where no legitimate reason exists for exemption from the Photograph requirement, it is necessary for the practice to therefore refuse a clinical service and refer them back to their referrer.

Where any patient refuses to disclose any or adequate personal information, in compliance with this policy, it is necessary for the practice to therefore refuse a clinical service and refer them back to their referrer.

Our disclosures of personal information to third parties

We may disclose personal information to:

• third party service providers for the purpose of enabling them to provide their services, to us, including (without limitation);
• our employees, contractors and/or related entities;
• our existing or potential agents or business partners;
• marketing or advertising providers;
• email marketing providers (such as MailChimp);
• anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
• courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
• courts, tribunals, regulatory authorities and law enforcement officers, as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
• third parties to collect and process data, such as Google Analytics (To find out how Google uses data when you use third party websites or applications, please see www.google.com/policies/privacy/partners/ or any other URL Google may use from time to time), Facebook Pixel or other relevant analytics businesses; and
• any other third parties as required or permitted by law, such as where we receive a subpoena.

Google Analytics:

We have enabled Google Analytics Advertising Features including Remarketing Features, Advertising Reporting Features, Demographics and Interest Reports, Store Visits, Google Display Network Impression reporting. We and third-party vendors use first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together.

You can opt-out of Google Analytics Advertising Features including using a Google Analytics Opt-out Browser add-on found here. To opt-out of personalised ad delivery on the Google content network, please visit Google’s Ads Preferences Manager here or if you wish to opt-out permanently even when all cookies are deleted from your browser you can install their plugin here.  To opt out of interest-based ads on mobile devices, please follow these instructions for your mobile device: On android open the Google Settings app on your device and select “ads” to control the settings. On iOS devices with iOS 6 and above use Apple’s advertising identifier. To learn more about limiting ad tracking using this identifier, visit the settings menu on your device.

Overseas disclosure

While we store personal information in Australia, where we disclose your personal information to the third parties listed above, these third parties may store, transfer or access personal information outside of Australia.

Unless we seek and receive your consent to an overseas disclosure of your personal information, we will only disclose your personal information to countries with laws which protect your personal information in a way which is substantially similar to the Australian Privacy Principles and/or we will take such steps as are reasonable in the circumstances to require that overseas recipients protect your personal information in accordance with the Australian Privacy Principles.

Your rights and controlling your personal information

Your choice: Please read this Privacy Policy carefully. If you provide personal information to us, you understand we will collect, hold, use and disclose your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect our ability to provide our Services to you and your use of our Services.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Anonymity: Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us.

Restrict and unsubscribe: To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Access: You may request access to the personal information that we hold about you.  An administrative fee is payable for the provision of such information. Please note, in some situations, we may be legally permitted to withhold access to your personal information. If we cannot provide access to your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal. If we can provide access to your information in another form that still meets your needs, then we will take reasonable steps to give you such access.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to promptly correct any information found to be inaccurate, out of date, incomplete, irrelevant or misleading. Please note, in some situations, we may be legally permitted to not correct your personal information. If we cannot correct your information, we will advise you as soon as reasonably possible and provide you with the reasons for our refusal and any mechanism available to complain about the refusal.

Complaints: If you wish to make a complaint, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take in response to your complaint. If you are not satisfied with our response, you also have the right to contact the Office of the Australian Information Commissioner.

Storage and security

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, to safeguard and secure personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. These procedures include:

• securing any personal information we hold in an electronic format behind password log ins (typically with multi factor authentication);
• securing any personal information we hold in physical files in a locked cabinet;
• encrypting data, using virus protection software, implementing firewalls; and
• limiting internal access to the personal information we hold about you based on a need to know basis.

While we are committed to security, we cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk.

Cookies and Analytics

We may use cookies, tracking pixels and similar technologies on our website from time to time. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your email address or other personally identifiable information. Tracking pixels are tiny, invisible images (typically the size of one pixel) embedded in web pages or emails. Cookies and tracking pixels, by themselves, do not tell us your email address or other personally identifiable information. However, they do recognise you when you return to our online website and allow third parties to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If and when you choose to provide our online website with personal information, this information may be linked to the data stored in the cookie or collected by tracking pixels. Unlike cookies, tracking pixels do not store any information on your device, but instead send information to our servers when the pixel is loaded.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies.

You can block tracking pixels by using ad-blocking or privacy-focused browser extensions. Some email providers allow you to block images by default, which can prevent tracking pixels in emails from loading.

However, if you use your browser settings to block all cookies (including essential cookies) and tracking pixels you may not be able to access all or parts of our website and you may not receive personalised content.

Personal information retention

Your personal information is only kept while it is required for the purpose for which it was collected or as required by law. It will then be securely destroyed or de-identified.

Health records are kept for a minimum of 7 years since the last time you we provided you a health service. Where we provide services to children, we keep your health record at a minimum until you reach the age of 25. When we destroy your health record, we keep a written note of your name, the date we destroyed it, and the time period the record covered.  

Use of Artificial Intelligence

Overview: We may use artificial intelligence and machine learning technologies, including AI Technologies provided by third parties (include for example, PatientNotes) (AI Technologies) in our business operations and the provision of our Services. We will only use AI Technologies when legally permitted and necessary for our business operations.

How we use AI Technologies: We may use AI Technologies for the following purposes:

• to transcribe your sessions with affiliated practitioners;
• to improve and optimise our services and operations;
• to automate certain processes and communications, such as generating reports and clinical assessments;
• to personalise your experience with our services;
• for quality assurance purposes; and
• to assist with patient support and queries.

Data Protection and Security: Where we use service providers who provide AI Technologies to us, we will take reasonable steps to ensure that such service providers handle your personal information according to privacy law, including by ensuring that we have contracts in place requiring the service provider to protect personal information.

We may input your personal information into platforms provided by AI Technology service providers which may then be used to train the service provider’s AI Technologies model based on that information.

Your Rights and our Commitments: We will treat information generated or inferred by the AI Technologies about individuals as personal information and you maintain all rights over your personal information as outlined in this Privacy Policy, regardless of whether AI Technologies are used in processing. When using AI Technologies with your personal information:

• Transparency and control: We will inform you when AI Technologies are being used to make decisions that may significantly affect you. We will implement processes to verify the accuracy of AI-generated outputs and we will take reasonable steps to maintain human oversight and review of significant AI-generated decisions. Our staff are trained to understand the limitations of AI systems and verify outputs before they are relied upon; and
• Security: We implement appropriate technical and organisational measures to ensure that our use of AI Technologies maintains the security and integrity of your personal information. This includes regular testing and monitoring of AI outputs for accuracy and reliability; and
• Risk mitigation: We regularly assess and document the risks associated with our use of AI Technologies in processing personal information and implement appropriate mitigation measures. This includes ongoing monitoring of AI Technologies and regular reviews of their performance and impact.

Consent to Marketing

You understand that we may collect your marketing and communications data as part of our provision of our services, including your contact details for marketing, preferences in receiving marketing from us and our third parties, your communication preferences, and your survey responses. You understand and agree that we may use this information for advertising and marketing, including to send you promotional information about our goods and services, events and experiences and information that we consider may be of interest to you, and to send you surveys to receive your feedback about our services. To object to processing for direct marketing/unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.

Links to other websites

Our website may contain links to other party’s websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our website. We recommend you check our website regularly to ensure you are aware of our current Privacy Policy.

For any questions or notices, please contact our Office Administrator at:

Ministry of Minds Pty Ltd ABN 66 166 721 115

Email: feedback@shrinkco.com 

Last update: 12^th August 2025