Norwest Wellbeing
CalendarPhone
Your privacy matters

Privacy and Cookie Policy

Norwest Wellbeing is committed to protecting your privacy and complying with the Australian Privacy Principles and the NSW Health Records and Information Privacy Act 2002.

Last updated: 29th January 2025

Norwest Wellbeing (operated by Damas Group Pty Ltd ABN: 58 162 956 274) is committed to protecting your privacy and complying with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and the NSW Health Records and Information Privacy Act 2002.

This Privacy Policy describes how we collect, use, store, and disclose your personal information and health information when you use our website, booking services, and clinical services.

Key terms

  • "We," "us," "our," and "Norwest Wellbeing" refer to Damas Group Pty Ltd and our clinical hypnotherapists, Paul Smith and Rebecca Smith.
  • "You" refers to any person who visits our website or uses our services.
  • "Personal information" means information about an identifiable individual.
  • "Health information" means personal information about your physical or mental health.
  • Data Controller: Damas Group Pty Ltd, L2, Suite 210, 4 Columbia Court, Norwest NSW 2153
  • Privacy Officer: Paul Smith
  • Contact: hello@norwestwellbeing.com.au | (02) 8069 9777

1. What personal information we collect

Information you provide directly

  • Contact details: Name, phone numbers, email address, postal address
  • Demographic information: Date of birth, gender identity, occupation
  • Health information: Medical history, current medications, GP details, mental health history, treatment goals, session notes
  • Emergency contacts: Names, relationships, contact details
  • Payment information: Credit card details (processed securely by our payment providers)
  • Communication records: Emails, phone calls, messages, feedback, and complaints

Information collected automatically

  • Website usage: IP address, browser type, device information, pages visited, time spent on site
  • Cookies and tracking: Session data, preferences, analytics data
  • Location data: General location based on IP address (not precise location tracking)

Information from third parties

  • Healthcare providers: With your consent, information from your GP, psychologists, or other treating practitioners
  • Referral sources: Information from people who refer you to our services
  • Payment providers: Transaction confirmations and payment status
  • AI processing data: Transcription accuracy logs, processing timestamps, and system performance data (used for quality improvement only)

2. Audio and video recording

Norwest Wellbeing uses audio and video recording in two distinct ways to ensure your safety and provide quality clinical care. By visiting our clinic, you consent to these recording practices as outlined below.

2.1 Security and safety recording

Purpose:

We operate video surveillance throughout our clinic premises (excluding treatment rooms) for: security and protection of clients, staff, and property; safety monitoring and incident prevention; compliance with duty of care obligations; insurance and risk management requirements.

What is recorded:

  • Reception and waiting areas
  • Hallways and common areas
  • Entry and exit points
  • External clinic perimeters

What is NOT recorded:

  • Treatment rooms (unless separately consented for therapeutic purposes; see Section 2.2)
  • Private consultation areas
  • Bathrooms or changing areas

Storage and retention:

  • Recordings are stored securely on encrypted systems
  • Security footage is typically retained for 30 days
  • Extended retention may occur if an incident requires investigation
  • Recordings are automatically deleted after the retention period

2.2 Therapeutic session recording

Purpose:

During your hypnotherapy sessions, we use recording for:

Video recording:

  • Client and practitioner safety: Protecting both you and our practitioners during sessions
  • Professional protection: Providing objective records in case of any concerns or complaints
  • Quality assurance: Ensuring professional standards are maintained

Audio recording:

  • Accurate clinical documentation: Recording conversations to ensure precise and comprehensive treatment notes
  • Treatment planning: Reviewing sessions to develop effective ongoing treatment plans
  • Progress monitoring: Tracking your therapeutic journey accurately over time
  • Professional standards: Maintaining detailed clinical records as required by professional guidelines
  • Clinical supervision: Supporting supervision and consultation with qualified practitioners

Your consent and rights:

  • You provide consent for therapeutic recording when you sign your intake form
  • Recording only occurs in treatment rooms with your knowledge and consent
  • You can request to stop recording at any point during your session
  • You may withdraw consent for future recordings (this won't affect previously recorded sessions)
  • You have the right to access, correct, or request deletion of your recordings
  • You can receive copies of your recordings (reasonable fees may apply)

Storage and security:

  • All therapeutic recordings are stored on secure, encrypted, password-protected systems
  • Files are named using client ID numbers, not personal names
  • Access is restricted to your treating practitioners (Paul Smith and Rebecca Smith)
  • Recordings are stored on Australian-based servers only
  • We do not transfer recordings overseas without your additional written consent

Retention period:

  • Adult client recordings: Retained for 7 years from your last appointment
  • Clients under 18: Retained for 7 years from when you turn 18, or 7 years from last appointment (whichever is longer)
  • Recordings are securely destroyed when no longer required

Clinical benefits:

Audio recording allows us to: focus fully on you during the session rather than taking extensive notes; capture exact details of your concerns and responses; create more accurate and comprehensive treatment plans; ensure nothing important is missed or forgotten; provide better continuity of care across sessions.

2.3 When we may share recordings

We will only share your recordings with third parties: with your written consent; when required by law or court order; if there's a serious risk of harm to yourself or others; for professional supervision or consultation (maintaining confidentiality); for insurance or legal proceedings related to your treatment; in emergency situations where your safety is at risk.

2.4 Quality and technical limitations

While we maintain high-quality recording equipment and security systems: we cannot guarantee perfect recording quality due to technical limitations; equipment failures may occasionally occur; we are not liable for technical issues that affect recording quality; backup systems are in place to minimise technical problems.

2.5 Training and educational use

Additional consent required:

If you wish to help other clients by allowing your recordings to be used for training purposes: separate written consent is required; all identifying information will be removed; recordings will only be used for professional training of qualified practitioners; you can withdraw this consent at any time.

2.6 Data security measures for recordings

We protect your recordings through: end-to-end encryption of all files; multi-factor authentication for system access; regular security audits and updates; staff training on privacy and confidentiality; secure backup procedures; incident response protocols.

3. How we use your information

Primary purposes:

  • Clinical care: Providing hypnotherapy services, treatment planning, and progress monitoring
  • Clinical documentation: Audio recording sessions to ensure accurate, comprehensive treatment notes and maintain professional clinical records
  • Health and safety: Emergency situations, duty of care obligations, risk assessment
  • Administration: Appointment booking, payment processing, client communications
  • Legal compliance: Meeting regulatory requirements, responding to legal requests

Secondary purposes (with consent):

  • Marketing: Sending newsletters, treatment updates, health tips (opt-in only)
  • Quality improvement: Service development, staff training, client satisfaction surveys
  • Research: Anonymous, aggregated data for treatment effectiveness studies

Direct marketing: We only send marketing communications with your explicit consent. You can unsubscribe at any time using the link in our emails or by contacting us directly.

AI-assisted documentation: Using artificial intelligence to transcribe audio recordings into accurate written clinical notes and maintain comprehensive session records.

3A. Artificial intelligence and automated processing

How we use AI:

We may use artificial intelligence and automated systems to: transcribe audio recordings (converting your session recordings into written clinical notes and documentation); manage administrative tasks (appointment bookings, client communications, and scheduling); improve services (analysing website usage patterns and service delivery using anonymised data only); assist with communication (generating administrative correspondence and documentation templates).

AI and your information:

  • Personal and health information may be processed by AI systems for transcription and administrative purposes only
  • AI transcription services are used to convert session audio into written clinical notes
  • All AI processing occurs on secure systems with appropriate privacy protections
  • AI systems do not have independent access to your information without human oversight
  • All AI-generated clinical notes and transcriptions are reviewed and verified by your treating practitioner
  • No AI system makes clinical decisions about your treatment

Data security for AI processing:

  • AI services used are selected for their privacy and security standards
  • Where possible, AI processing occurs on Australian-based secure systems
  • Third-party AI services are bound by strict confidentiality agreements
  • Your information is encrypted during AI processing
  • AI processing logs are maintained for security and quality purposes

Your AI rights:

  • You can request human review of any AI-processed information
  • You can opt-out of AI transcription services (manual notes will be taken instead)
  • You have the right to know when AI has been used in processing your information
  • You can request corrections to any AI-generated content in your records
  • AI processing does not affect your other privacy rights

4. Who we share your information with

Healthcare providers:

  • Your GP, psychiatrists, psychologists, or other treating practitioners (with your written consent)
  • Emergency services if there's an immediate risk to your safety or others' safety

Service providers:

  • Booking system providers: For appointment management
  • Payment processors: For secure payment processing (they don't access your health information)
  • IT support providers: For secure system maintenance (under strict confidentiality agreements)
  • Professional supervisors: Qualified hypnotherapists for clinical supervision (maintaining confidentiality)
  • AI transcription services: Secure artificial intelligence platforms that convert audio recordings to text for clinical documentation (under strict confidentiality agreements and privacy protections)
  • Google (Google Ads): We share information with Google to measure and attribute conversions from our advertising (for example, when a booking is completed after someone has clicked our ad). This may include contact information (such as email and phone) in a hashed, non-readable form only, so that Google can match conversions to ad clicks in accordance with their customer data policies. We do not use this for building advertising audiences; it is used only for conversion measurement.

Legal requirements:

  • Law enforcement, when required by court order or subpoena
  • Regulatory bodies for professional oversight
  • Child protection services if required under mandatory reporting laws
  • Coroners or other authorities if legally required

Business transactions: In the event of a business sale, merger, or acquisition, your information may be transferred to the new owners under the same privacy protections.

Clinical recordings and health information: We may share your therapeutic recordings and health information with other healthcare professionals involved in your care (such as your GP, psychiatrist, or other therapists) with your written consent, or when required by law for your safety or the safety of others.

We will never: sell your personal or health information to third parties; use your information for purposes other than those stated; share your information without a proper legal basis or your consent.

5. Data storage and security

Security measures:

  • Encryption: All health information is encrypted in storage and transmission
  • Access controls: Multi-factor authentication and role-based access
  • Staff training: Regular privacy and security training for all team members
  • Physical security: Secure premises with restricted access to client files
  • System monitoring: Regular security audits and incident response procedures

Data location:

  • All information is stored on secure servers located in Australia
  • We do not transfer personal or health information overseas without your explicit consent
  • Cloud storage providers are Australian-based and subject to Australian privacy laws

Retention periods:

  • Adult health records: 7 years from last appointment
  • Minor health records: 7 years from when client turns 18, or 7 years from last appointment (whichever is longer)
  • Security recordings: 30 days (unless investigating an incident)
  • Financial records: 7 years as required by Australian taxation law
  • Marketing preferences: Until you unsubscribe or we cease operations

6. Your privacy rights

Under Australian privacy law, you have the right to:

Access:

  • Request copies of your personal and health information
  • Receive information about how we've used and disclosed your information
  • Obtain access within 30 days (reasonable fees may apply for extensive requests)

Correction:

  • Request corrections to inaccurate or incomplete information
  • Add statements if we disagree about accuracy
  • Have corrections passed on to third parties where appropriate

Deletion:

  • Request deletion of your information (subject to legal and clinical requirements)
  • Have information anonymised where deletion isn't possible

Restriction:

  • Object to certain uses of your information
  • Withdraw consent for secondary purposes (doesn't affect previous lawful processing)
  • Opt-out of direct marketing at any time

Managing your recordings:

You can request access to your therapeutic recordings, request corrections, or ask for recordings to be deleted (subject to legal and clinical requirements). To make these requests, please contact our Privacy Officer at privacy@norwestwellbeing.com.au or call us during business hours.

Complaint:

  • Lodge a complaint with us about privacy breaches or concerns
  • Complain to external authorities if unsatisfied with our response

AI transparency: Request information about any AI processing of your personal or health information

Human review: Request human verification of any AI-generated content in your records

AI opt-out: Decline AI processing of your information where alternative methods are available

7. Cookies and website tracking

Types of cookies we use:

  • Essential cookies: Required for website functionality and security
  • Analytics cookies: Help us understand how visitors use our website (Google Analytics)
  • Preference cookies: Remember your settings and language preferences

Third-party services:

  • Google Analytics: Provides website usage statistics (anonymised data)
  • Google Ads: We share hashed contact information with Google for conversion measurement (to attribute completed bookings to our ads). See Section 4 for full details.
  • Booking system: Manages appointments and client communications
  • Social media plugins: If you interact with our social media content

Your choices: You can control cookies through your browser settings, but some website functionality may be limited if you disable essential cookies.

8. Children's privacy

We provide services to clients aged 16 and over. For clients under 18: parent or guardian consent is required; we may need to share information with parents/guardians for safety reasons; special retention rules apply (records kept until 7 years after turning 18); additional privacy protections are in place.

9. Cross-border disclosure

We do not routinely transfer personal information overseas. If overseas disclosure becomes necessary: we'll obtain your explicit consent; ensure equivalent privacy protections are in place; only use countries with adequate privacy laws or approved entities.

10. Data breaches

In the event of a data breach: we'll assess and contain the breach immediately; notify relevant authorities within 72 hours if required; inform affected individuals if there's a likely risk of serious harm; take steps to prevent future breaches; maintain records of all data breaches.

11. Changes to this policy

We may update this Privacy Policy to reflect: changes in privacy laws; new services or technologies; improvements to our privacy practices.

How we notify you:

  • Email notification to registered clients
  • Prominent website notice
  • Updated "last modified" date

Continued use of services indicates acceptance of changes.

12. Complaints and contact

Privacy complaints process:

  • Contact us first: hello@norwestwellbeing.com.au or (02) 8069 9777
  • We'll respond within 7 days to acknowledge your complaint
  • Investigation completed within 30 days with a written response
  • Appeal process available if you're unsatisfied

AI and automated processing concerns: If you have questions about our use of artificial intelligence or automated processing of your information, please contact our Privacy Officer who can provide detailed information about specific AI systems used and your rights regarding AI processing.

Privacy and recording concerns

If you have concerns about our recording practices: Privacy Officer: Paul Smith. Email: hello@norwestwellbeing.com.au. Phone: (02) 8069 9777. Address: L2, Suite 210, 4 Columbia Court, Norwest NSW 2153.

External complaint options

Contact details

  • Privacy Officer: Paul Smith
  • Email: hello@norwestwellbeing.com.au
  • Phone: (02) 8069 9777
  • Address: L2, Suite 210, 4 Columbia Court, Norwest NSW 2153
  • Business hours: Monday to Friday, 9:00 AM to 5:00 PM

This Privacy Policy complies with: Privacy Act 1988 (Cth) and Australian Privacy Principles; Health Records and Information Privacy Act 2002 (NSW); Therapeutic Goods Administration requirements; Professional association standards (AACHP); Australian Consumer Law.