Privacy Policy

Policy Document for the Management of Personal Information by Mindfulness Programs Australasia (MPA)

This document describes the privacy policy of MPA for the management of participant’s personal information. The psycho-educational service provided is bound by the legal requirements of the Australian Privacy Principles set out in various legislation such as the Privacy Act 1988 (Cth) as well as The Personally Controlled Electronic Health Records Act 2012, The Personal Information Protection Act 2004 (Tas) and the Personal Information Protection Principles under that Act.

App Information
App Name: Mindful Wellbeing
Developer: Chloe Laroge
Service Provider and Copyright Holder: Mindfulness Programs Australasia (MPA)
Contact: admin@mindfulnessaus.com.au

Data Storage and Technical Information
The Mindful Wellbeing app stores user data securely using Firebase, Google’s cloud-based platform. User data is encrypted and stored in accordance with Firebase’s security standards. The app collects minimal usage analytics, including:

  • Date of last login for service continuity purposes
  • Basic app performance metrics (crash reports, error logs)

No personally identifiable information is used for tracking purposes beyond what is necessary to provide the service.

Participant information

Participant information is stored in either/or/both a secure internet-based program/secured filing cabinet which is accessible only to authorised employees and contractors. The information on each file includes personal information such as name, address, contact phone numbers, some aspects of medical history, and other personal information collected as part of providing the service.

How Participant’s personal information is collected

A participant’s personal information is collected in a number of ways during service contact with MPA, including when provided directly to a program facilitator or administration officer, using hardcopy forms, internet-based forms, correspondence via email, or via a conversation.

Consequence of not providing personal information

If the participant does not wish for their personal information to be collected in a way anticipated by this Privacy Policy, we may be compromised in providing a service to that person. There is a minimum level of information we require in order to provide a safe service. However, once that minimum amount of information is collected e.g. contact details and concerns related to reason for doing the program, other information is optional and will not preclude access to services. In addition, consent may be provided for different levels of disclosure of the information, such as to the funding body of some programs – see MPA Confidentiality and Consent form where this will be explained according to the applicable program. Information will NOT be disclosed outside of MPA to any organisation unless explicit verbal consent is given. Pseudonyms and anonymity is allowable.

Purpose of holding personal information

A participant’s personal information is gathered and used for the purpose of providing psycho-educational services, which includes assessing, tailoring and monitoring of services to the extent allowable in the program and by participants. The personal information enables the facilitator to provide a relevant and informed service and where consent is given, to report to the funding bodies.

Disclosure of personal information

Participant’s personal information will not be disclosed except when:

  1. It is subpoenaed by a court; or
  2. Failure to disclose the information would in the reasonable belief of the facilitator place a participant or another person at serious risk to life, health or safety; or
  3. The participant’s prior approval has been obtained to:
    1. provide a written report to another professional or agency, e.g., a GP or funding body; or
    2. discuss the material with another person, e.g. health provider; or
    3. disclose the information in another way e.g. to the funding body; or
  4. you would reasonably expect your personal information to be disclosed to another professional or agency (e.g. your GP) and disclosure of your personal information to that third party is for a purpose which is directly related to the primary purpose for which your personal information was collected; or
  5. disclosure is otherwise required or authorised by law.

A participant’s personal information is not disclosed to overseas recipients, unless the participant consents or such disclosure is otherwise required by law. Participants will receive emails from MPA regarding future sessions and courses if participants have chosen to opt-in. Participants’ personal information will not be used, sold, rented or disclosed for any other purpose.

Requests for access and correction to participant information

At any stage participants may request to see and correct the personal information about them kept on file. The facilitator may discuss the contents with them and/or give them a copy, subject to the exceptions in the Privacy Act 1988 (Cth). If satisfied that personal information is inaccurate, out of date or incomplete, reasonable steps will be taken in the circumstances to ensure that this information is corrected. All requests by participants for access to or correction of personal information held about them should be lodged with MPA. These requests will be responded to in writing within 30 days, and an appointment will be made if necessary, for clarification purposes.

Concerns

If participants have a concern about the management of their personal information, they may discuss this with a Director of MPA by contacting them via ph: 0488 064 228, email: admin@mindfulnessaus.com.au or via post PO Box 572 Ulverstone, TAS, 7315. They may also contact the funding body for PHT funded courses, Primary Health Tasmania on ph: 1300 653 169, or the relevant funding organisation. Upon request they can obtain a copy of the Australian Privacy Principles, which describe their rights and how their personal information should be handled. Ultimately, if participants wish to lodge a formal complaint about the use of, disclosure of, or access to, their personal information, they may do so with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a-privacy-complaint or by post to:

Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.

Updated 04/08/25 CL

Ten Personal Information Protection Principles (PIPP)

Complaints can only be made about an alleged breach of one or more of the 10 PIPP in the Act. The PIPP are as follows:

1. Collection

An organization can only collect your personal information if it is necessary to fulfil one or more of its functions or activities. It must take reasonable steps to notify you of its contact details, your rights of access and the main consequences if you do not provide the information.

2. Use and Disclosure

Generally, your personal information can only be used and disclosed for the purpose for which it was collected, for a secondary purpose that you would reasonably expect or if you have consented to the use or disclosure. The law allows some uses without consent, such as to protect public health or law enforcement purposes.

3. Data Quality

Organizations must take reasonable steps to ensure your personal information is accurate, complete, up to date and relevant to its functions.

4. Data Security

Organizations must take reasonable steps to protect personal information from misuse, loss, unauthorized access, modification or disclosure.  An organization must take reasonable steps to destroy or permanently de-identify your personal information when it is no longer needed.

5. Openness

Organizations must have clear policies on the way they manage personal information. You may ask a personal information custodian, in general terms, what information it holds, how it collects it and for what purpose is the information used.

6. Access and correction

You have a right to access your personal information and seek corrections if the information is incorrect, incomplete, out of date or misleading.

7. Unique identifiers

A personal information custodian must not assign a unique identifier to an individual unless it is necessary to carry out its functions efficiently.

8. Anonymity

Where it is lawful and practicable you should have the option of not identifying yourself when transacting with a personal information custodian.

9. Disclosure of information outside Tasmania

A custodian may disclose personal information about an individual to a body outside of Tasmania if the disclosure is required by law or is necessary for the performance of a legal contract.

10. Sensitive information

This includes your racial or ethnic origin, political opinions and membership of political associations, religious or philosophical beliefs, membership of professional or trade associations or trade unions, sexual preferences, health information and criminal record. The Act puts special restrictions on the collection of sensitive information.

Taken from the website:

www.ombudsman.tas.gov.au

on May 15 2019