We help people develop and grow with life's challenges

Our experienced clinicians are here to support the mental health of people of all ages, with a focus on clinical, educational and developmental psychology.

Three images showing a young child, a school age child and adolescent

Privacy Policy

Level Up Psychology (ABN: 40 654 820 167)

Level Up Psychology Pty Ltd (Level Up, we, us) is committed to protecting personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and applicable Victorian law, including the Health Records Act 2001 (Vic). This policy explains how we collect, use, disclose and store personal information, and how you can access and correct it.

Who this policy covers

Clients and prospective clients, parents/guardians and carers, website visitors, referrers and other health professionals, job applicants, contractors, students and volunteers.

1. What we mean by personal and sensitive information

1.1. Personal information is information or an opinion about an identified person, or a person who is reasonably identifiable.

1.2. Sensitive information includes health information and information about racial or ethnic origin, religious beliefs, sexual orientation or practices, criminal record, and other categories defined in the Privacy Act. We only collect sensitive information where it is reasonably necessary to provide our services, with consent (unless an exception applies).

2. How we collect information

2.1. We collect information in several ways, including:

3. What we collect

3.1. Clinical and administrative information (as relevant to your care), for example:

3.2. Payment information. Payment details may be collected and processed by our payment service provider(s). Where a third-party provider is used, your card details are handled under that provider's security controls and privacy policy.

3.3. Website analytics data (see Section 6) such as pages viewed, session duration, clicks/scrolls and approximate location (e.g., city/region), collected via cookies and similar technologies. We do not link analytics data to your clinical record.

4. Why we collect, use and disclose information

4.1. We collect, use and disclose personal information to:

4.2. We may also use de-identified information for service planning, audit and quality improvement.

4.3. We do not sell personal information.

5. Disclosures (who we share information with)

5.1. We disclose personal information where reasonably necessary for the purposes above, where you consent, or as required/authorised by law. Typical recipients include:

5.2. Overseas disclosure. Some providers operate globally and may store information outside Australia (including the USA). Where practicable, we take reasonable steps to ensure recipients protect personal information consistently with Australian standards.

6. Cookies, Google Analytics and Hotjar

6.1. Cookies. Our site uses cookies and similar technologies to operate and measure site usage. You can manage cookies through your browser settings; blocking cookies may affect site functionality.

6.2. Google Analytics (GA4). We use Google Analytics to understand site performance and aggregate user behaviour (e.g., pages viewed, time on page, device/browser). Google uses cookies and may process data on servers outside Australia. We use these insights to improve our website and content. We do not use Google Analytics to identify individuals or to combine analytics with clinical records.

6.3. Hotjar. We use Hotjar to gather aggregate insights (e.g., heatmaps and anonymised session replays) to improve usability. Hotjar uses cookies and similar technologies and may process data outside Australia. We configure Hotjar to limit the collection of personal information (for example, by avoiding the capture of keystrokes or form field inputs where possible). We do not use Hotjar to identify individuals or to combine analytics with clinical records.

6.4. Opt-out choices. You can: (a) adjust your browser settings to block/clear cookies; (b) use built-in "Do Not Track"/privacy settings; and (c) use available vendor opt-outs for analytics services. Your clinical care is unaffected by any analytics opt-out.

7. Session recordings and AI transcription

7.1. We may, with your explicit consent, record sessions for clinical purposes (e.g., accurate note-keeping, training or supervision) and use a secure AI transcription service under strict controls.

7.2. Recordings are managed in a controlled and secure environment and used only for professional purposes.

7.3. The AI transcription service is required to meet robust security standards; recordings are not retained by the service after transcription, and data is stored on servers located in Australia where applicable.

7.4. Access to recordings/transcriptions is role-based and limited to authorised personnel. Further detail is set out in our internal Session Recording Policy.

7.5. Clients are not permitted to record sessions (see our Session Recording Policy).

8. Children and young people

8.1. We have zero tolerance for child abuse and are committed to child safety. We meet our legal obligations to protect children, including mandatory reporting and reportable conduct where required. See our Child Safe Policy for commitments and reporting pathways.

8.2. Where a child engages our services, we collect information from the child and (as appropriate) from a parent/guardian or school. Additional safeguards apply to access, consent and disclosures.

9. Storage, security and retention

9.1. Security. We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Clinical records are stored electronically in encrypted form on Australian-based servers with access restricted to authorised personnel. Where hard-copy information is held, it is kept in secure storage.

9.2. We also maintain internal information-security, acceptable-use and social-media standards (see our ICT, Social Media and Data Breach Policy) and a data breach response plan.

9.3. Separation and de-identification. Certain intake/quality improvement data may be stored in de-identified form and separately from identified clinical records.

9.4. Retention. Health records are retained in line with legal and professional obligations. In Victoria, this typically means at least 7 years from the last date of service for adults, and until the person turns 25 for records created when the person was under 18. After statutory periods, records are securely destroyed or de-identified.

10. Data breaches

10.1. If a data breach occurs that is likely to result in serious harm, we will act promptly to contain, assess and minimise risk and, where required, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches scheme. Our internal Data Breach Plan sets out reporting, 30-day assessment, notification and review steps.

11. Direct marketing

11.1. We do not use health information for direct marketing. We may send you practice updates or service information using your contact details. You can opt out at any time.

12. Anonymity and pseudonymity

12.1. You may request to interact anonymously or using a pseudonym where lawful and practicable. In most clinical contexts this is not feasible. Where agreed, fees must be paid at the time of appointment.

13. Access and correction

13.1. You may request access to, or correction of, your personal information by contacting us (see Section 16). We will verify your identity and respond within a reasonable time.

13.2. If we decline access/correction in limited circumstances permitted by law, we will provide written reasons and outline complaint options.

13.3. If copies of documents are requested and we agree, a reasonable fee may apply (e.g., $1.00 per page) payable before delivery.

14. Consequences of not providing information

14.1. If you choose not to provide information reasonably necessary for care, we may be unable to offer or continue the service you seek.

15. Third-party services and overseas recipients

15.1. We use reputable third-party platforms to support care delivery (e.g., practice management, telehealth and assessment systems named in Section 5). Where these providers are overseas, we take reasonable steps to ensure your information is handled to Australian standards or otherwise as permitted by law.

16. How to contact us (and complaints)

Privacy enquiries/requests/complaints

Email: admin@leveluppsychology.com.au

Address: 2/15 Ricketts Road, Mount Waverley VIC 3149

Phone: 03 9115 7372

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) on 1300 363 992, or lodge a complaint online at www.oaic.gov.au or by post to GPO Box 5218, Sydney NSW 2001.

17. Our internal governance

17.1. We uphold privacy and confidentiality through our internal ICT, Social Media and Data Breach Policy (including the Data Breach Plan), Session Recording Policy, Child Safe Policy, and Code of Conduct. Summaries of these policies can be made available on request.

18. Changes to this policy

18.1. We may update this policy from time to time. The current version is published on our website and takes effect on posting.

Last updated: 10 November 2025