Grow and Engage Therapy Services is committed to protecting the privacy and confidentiality of personal information. We comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), the NDIS Code of Conduct, and all relevant state-based obligations.

This policy explains how we collect, use, store, and disclose personal information when you interact with our website, use our services, or engage with us in any way.

By providing your information to us, you consent to the practices described in this policy.

What Personal Information We Collect

Depending on your interaction with us, we may collect:

General personal information

  • Name, date of birth, gender

  • Contact details (phone, email, address)

  • Emergency contact details

Service-related information

  • NDIS number (if applicable)

  • Support needs, goals, and therapy information

  • Notes from sessions or assessments

  • Reports, progress notes, and communication records

Sensitive information

We may collect sensitive information such as:

  • Health information

  • Disability-related information

  • Mental health or behavioural information

We only collect sensitive information with your consent, unless required or authorised by law.

How We Collect Information

We collect information through:

  • Service enquiries

  • Referral forms

  • Phone calls, emails, SMS, and website contact forms

  • Therapy sessions and assessments

  • Third-party providers with consent (e.g., support coordinators, other health professionals)

We also collect information when clients, guardians, or authorised representatives provide it to us.

Use of Technology and Electronic Records

We may use secure, AI-assisted features within our clinical management system (including Splose) to support the documentation of therapy services. With the participant’s informed consent, therapy sessions may be audio-recorded to assist clinicians in creating accurate clinical notes and records.

These recordings may be processed using automated tools (such as transcription or summarisation) to support clinical documentation. Recordings and any related transcripts or summaries form part of the participant’s clinical record and are handled in accordance with applicable privacy, health records, and NDIS requirements.

Audio recordings and related data are stored securely within our approved systems and are accessible only to authorised staff for clinical, supervision, quality, or compliance purposes. We take reasonable steps to protect all personal and sensitive information from misuse, loss, unauthorised access, or disclosure.

Participants may withdraw their consent to session recording at any time. Where consent is withdrawn, sessions will no longer be recorded, and this will not affect the participant’s ability to continue receiving services. Participants may also request access to, or correction of, their personal information in accordance with this Privacy Policy

Some information may be stored or processed using cloud-based systems, including systems located outside Australia. Where this occurs, we take reasonable steps to ensure that privacy protections are consistent with Australian privacy law.

How We Store Information

We store client information securely using:

Splose (Client Management System)

We use Splose, a secure practice management platform hosted in Australia. Splose stores clinical notes, client records, calendar bookings, invoices, and communication history.

Google Workspace

We use Google Workspace (Drive, Gmail) for administrative communication and secure file storage.

Both platforms use:

  • Encryption

  • Multi-factor authentication

  • Access controls

  • Audit logs

Only authorised staff members can access information required for their role.

How We Use Information

We use personal information to:

  • Provide therapy and support services

  • Plan, deliver, and document treatment

  • Communicate with clients, families, and support teams

  • Manage bookings, invoicing, and administration

  • Meet NDIS auditing and compliance requirements

  • Improve our services and website

  • Respond to feedback, complaints, and enquiries

When We Share Information

We only share information when necessary and always with consent, unless an exception applies.

Sharing with consent

We may share information with:

  • Other health professionals

  • Support coordinators

  • Plan managers

  • Family members or guardians

  • Schools, workplaces, or other providers involved in service delivery

Sharing without consent

We may disclose personal information if required by law, including:

  • Mandatory reporting obligations (child protection, risk of harm)

  • Subpoenas or legal requirements

  • NDIS Quality and Safeguards Commission investigations

  • Serious threat to life, health, or safety

Access and Correction

You have the right to:

  • Access your personal information

  • Request corrections

  • Request copies of reports or clinical notes

Requests can be made by emailing: enquiries@growandengage.com.au

We will respond within a reasonable timeframe.

Website Cookies & Analytics

Our website may use cookies and analytics tools to improve user experience. Cookies do not personally identify you.

You can disable cookies through your browser settings if you prefer.

Security of Information

We take reasonable steps to protect personal information from:

  • Loss

  • Misuse

  • Interference

  • Unauthorized access

  • Modification

  • Disclosure

Security measures include encryption, password protection, firewalls, cyber security services, and staff confidentiality obligations.

Third-Party Services

Our website may contain links to external sites. We are not responsible for the privacy practices of third-party websites.

Complaints

If you have a privacy concern, please contact:

Grow and Engage Therapy Services
Email: enquiries@growandengage.com.au

Changes to This Policy

We may update this policy from time to time. The most recent version will always be available, here, on our website.