Golden Hour Wellbeing

Privacy Policy

1. Our commitment to privacy 

This document is the Privacy Policy of Golden Hour Wellbeing Pty Ltd trading as Golden Hour Wellbeing (ABN 682 467 652) (‘Golden Hour Wellbeing’, ‘we’, ‘us’, ‘our’), which sets our policies for managing personal information. In this policy, ‘you’ refers to any individual that we collect personal information about.  

As an Australian health service provider, we are bound by the legal requirements of the Australian Privacy Principles (‘APPs’) set out in the Privacy Act 1988 (Cth) (‘the Act’). 

We’re committed to managing personal information in accordance with the Act and to protecting the privacy of personal information we collect through our website and through the ordinary course of our business, including through the provision of our goods and services.

2. What information do we collect about you? 

We collect personal information from the following groups of individuals we interact with as a business, as set out below. The exact type of information we collect will depend on how you interact with us but will typically include the information set out below. 

Website visitors (browsing the website and not disclosing sensitive information)

  • Contact details: (such as name, date of birth, address, contact numbers, email address and other contact details); 

  • Demographic data: (such as age and location);

  • Transaction data: (such as details about payments to and from you and other details of product or services you have purchased from us);

  • Technical data: (such as your internal protocol (IP) address, your login data (if applicable), browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website);

  • Profile data: (such as your username (if applicable), purchases or orders made by you, your interests and preferences, feedback and survey responses);

  • Usage data: (such as information about how you use our website, products and services); and 

  • Marketing and communications data: (such as your preference in receiving marketing from us and our third parties and your communication preferences). 

Anonymous website browsing

You may visit our website without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry), any personal information you provide to us will be managed in accordance with this Privacy Policy.

Use of cookies

Our website use cookies. A “cookie” is a small file stored on your computer's browser, which assists in managing customised settings of the website and delivering content. We collect certain information such as your device type, browser type, IP address, pages you have accessed on our websites and on third-party websites. You are not identifiable from such information. 

You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.

Third party links 

Our websites may contain links to third-party websites. We are not responsible for the content or privacy practices of websites that are linked to our website.

Prospective clients and clients (including website visitors that disclose sensitive information)

All of the information set out above in ‘Website visitors’ plus the following:

  • Health information: (such as medical history, diagnoses, medications, doctors’ reports, mental health care plan, allergies, adverse events, social history, family history and risk factors);

  • Details of other health service providers involved in your care: (such as referring doctor’s name, phone and address, copies of referral letters and medical reports);

  • Health information in your Digital Health Record: including your healthcare identifier (if you participate and only with your consent); and 

  • Health care identifiers: (such as your Medicare details, DVA details, NDIS number, health fund details). 

Prospective employees and employees

We collect personal information when recruiting personnel, such as:

  • your name

  • contact details

  • qualifications; and 

  • work history. 

Generally, we will collect this information directly from you. We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). 

Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions (for example, positions which involve working with children).

Other individuals (including contractors)

We may collect personal information about other individuals who are not our clients. This includes customers and members of the public who participate in events we are involved with; individual service providers and our contractors; and other individuals who interact with us on a commercial basis. 

The kinds of personal information we collect will depend on the capacity in which you are dealing with us. Generally, it would include:

  • your name;

  • contact details; and 

  • information regarding our interactions and transactions with you. 

You can always decline to give us any personal information we request, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about personal information we have requested, please let us know.

3. Collecting information about children 

We may collect personal information about children where they fit into one of the above disclosed classes (client, prospective client, or where children participate in events we are involved with). 

Where children do not have sufficient maturity and understanding to make decisions about their personal information, we will require their parents or guardians to make decisions on their behalf.

4. How we collect personal information 

We are committed to using lawful and fair means to collect personal information and collecting it from others only when it is unreasonable or impracticable to obtain certain information from our clients directly. 

We collect personal information in a number of ways:

  • When someone visits our website; 

  • When someone makes an enquiry with us (for example, by telephone or email); 

  • When someone books and appointment with us; 

  • When someone signs up to a marketing subscription, such as a newsletter sign-up form; 

  • When someone contacts us via email or our website; 

  • When you apply for a position with us; 

  • When someone completes a client intake questionnaire; 

  • When we received a mental health care plan; and

  • When someone participates in one of our programs or services.

We collect sensitive information in more limited circumstances, such as:

  • When someone makes an enquiry with us and the sensitive information is disclosed to us to facilitate referral to an appropriate service provider; 

  • When someone is referred to us by another service provider through a referral; and 

  • When someone participates in one of our programs or services and the sensitive information is disclosed to us to facilitate the delivery of the program or service.

We limit the circumstances in which we collect personal and sensitive information indirectly. This may be where a person has authorised us to collect information from other health service providers they have disclosed information to (for example, information provided via referral or medical reports). 

5. Why do we collect and use your personal information? 

We collect personal information reasonably necessary to carry out our business, to assess and manage our clients' needs, and provide our goods and services. 

We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you and/or third parties and managing client relationships.

The purposes for which we usually collect and use personal information depends on the nature of your interaction with us, but may include: 

  • to contact and communicate with clients and potential clients;

  • for the purpose of booking and delivering our services;

  • to verify transactions to ensure that we are not subject to any potential risk or fraudulent activity;

  • to ensure we are the right fit for clients;

  • to ensure the accurate and safe provision of services;

  • to communicate with other healthcare providers involved in a person’s care;

  • to conduct activities relating to research, quality assurance and improvement processes, accreditation, audits, risk and claims management, client satisfaction surveys and staff education and training;

  • to market to you and others, including remarketing (this may involve the use of a Facebook pixel or similar technology to allow us to display our advertising to you elsewhere on the internet, for example, on Google or Facebook);

  • when required for administrative and internal record keeping;

  • for statistical purposes; and

  • as required by law.

Direct collection 

We are committed to using lawful and fair means to collect personal information and collecting it from others only when it is unreasonable or impracticable to obtain certain information from our clients directly. 

We may collect and update your personal information over the phone, by email, over the internet or social media, or in person. 

We may also collect personal information about you from other sources, for example, where you have authorised us to collect information from other health service providers that you have disclosed information to (for example, information provided via referral, mental health care plan or medical reports). 

We only collect, hold, use and disclose sensitive information where it is necessary for us to provide a service we have been engaged to perform, and not for any unrelated purposes (for example, for research or marketing), unless we have received the person’s prior informed consent.

6. Do we sell or rent personal information? 

We never sell or rent personal information we collect. 

7. Do we use automated decision making?

Automated decision-making means decisions that are made solely or substantially by computer programs or algorithms without direct human involvement and which use personal information collect by us for the purpose of providing products, services or other business functions. 

This includes decisions relating to eligibility, access or delivery of services and any actions that are directly or substantially related to the operation of automated systems. 

We do not use computer programs to make or assist in decisions that significantly affect your rights or interests. 

Decision making is neither fully nor substantially assisted by artificial intelligence. 

8. Can you deal with us anonymously?

We will provide individuals with the opportunity of remaining anonymous or using a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry). 

Generally, it is not practicable for us to deal with individuals anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to use our services or participate in our events, programs or activities we manage or deliver.

9. How do we hold your personal information?

How the information is held

We store information in paper-based files or other electronic record keeping methods in secure databases (including trusted third-party storage providers based in Australia and overseas). We use Halaxy for scheduling and client file management. 

Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). 

Where we store personal information electronically, we do so in: 

  • dedicated information storage software, such as client relationship management (CRM) software (such as Halaxy);

  • the backend of our website; and 

  • the backend of our social media accounts, such as Facebook and Instagram.

We are required to keep client files for minimum periods as required by law and professional obligation. Please be aware that we are required to keep your confidential and personal information on file for certain minimum periods of time. These are, at a minimum:

  • 7 years since the last entry was made for adult client records; and 

  • Until the 25th birthday of clients who were younger than 18 years old when the last entry was made. 

10. How do we protect your personal information 

We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure, as follows: 

  • our website contains pages encrypted with SSL (Secure Sockets Layer) to ensure the safety of any data that is submitted through use of this website;

  • we maintain physical security over paper and electronic data stores, such as through locks and security systems at our premises;

  • we also maintain computer and network security, for example, we use firewalls (security measures for the Internet);

  • we maintain other security systems such as user identifiers and passwords to control access to our computer systems;

  • we limit access to personal information to a “need-to-know” basis;

  • your use of Halaxy requires 2 factor authentication 

  • the backend of our website and social media accounts is password protected;

  • we protect devices we use to collect, hold, use and disclose personal information with industry-standard anti-virus software;

  • our devices are protected by passwords and are stored in secure premises;

  • data is securely stored on cloud servers;

  • all hard copies of sensitive information are kept in secure storage with access by authorised personnel only; 

  • all conversations involving the discussion of personal information take place in private, where conversations are unable to be overheard by unauthorised personnel; and

  • if we no longer need personal information, we take reasonable steps to delete or de-identify the information.

Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.

We take steps to destroy or de-identify information that we no longer require. 

11. How do we disclose your personal information? 

For website visitors (browsing the website and not disclosing sensitive information)

We disclose your personal information for the purpose of: 

  • booking and delivering our services;

  • verifying transactions to ensure that we are not subject to any potential risk or fraudulent activity;

  • marketing to you and others, including remarketing (this may involve the use of a Facebook pixel or similar technology to allow us to display our advertising to you elsewhere on the internet, for example, on Google or Facebook);

For prospective clients and clients (including website visitors that disclose sensitive information)

The purposes for which we may use and disclose your personal information will depend on the services we are providing you. 

For example, if you have engaged us to deliver goods or services, we may disclose information about you to other service providers (such as another member of your treatment team or a new practitioner for the purposes of a referral). 

We won’t disclose your personal information without your consent, unless otherwise required by law. 

We disclose your personal and sensitive information as part of our professional obligation to discuss cases with supervisors.

If you have consented to My Health Record, we may disclose information to My Health Record. 

For prospective employees and employees

We may disclose your information to the Australia Taxation Office in relation to your tax obligations. 

For other individuals (including contractors)

We may disclose information (other than sensitive information, unless we have your consent) to third parties we engage in order to provide our services, including contractors and service providers used for data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving and mail-outs.

Third parties to whom we have disclosed your personal information may contact you directly to let you know they have collected your personal information and to give you information about their privacy policies.

Use and disclosure for administration and management

We will also use and disclose personal information for a range of administrative, management and operational purposes. This includes:

  • administering billing and payments and debt recovery;

  • planning, managing, monitoring and evaluating our services; 

  • for the purposes of facilitating the sale of the business (where that person is subject to appropriate confidentiality obligations); 

  • quality improvement activities;

  • statistical analysis and reporting;

  • training staff, contractors and other workers;

  • risk management and management of legal liabilities and claims (for example, liaising with insurers and legal representatives);

  • responding to enquiries and complaints regarding our services;

  • obtaining advice from consultants and other professional advisers; and

  • responding to subpoenas and other legal orders and obligations.

We may use and disclose personal information to a third-party contractor, such as a virtual assistant, who delivers our administrative functions as described above. 

They will have access to: 

  • client names and contact details; 

  • appointments; 

  • practice management software (Halaxy) — limited to scheduling/billing functions; 

  • social media accounts and the back end of the website; 

  • invoices and billing information; 

  • Medicare card or other third partying funding (for example, DVA, and similar identifiers where appropriate);

  • referrals and treatment plans from third parties, such as those sent by a general practitioner, which may contain diagnosis, previous treatment, medical history, and similar personal information; 

  • general referral letters and correspondence sent to third party for scheduling purposes; and 

  • administrative notes. 

They will not have access to clinical, session or supervision notes, Court Orders, psychological assessments and reports, or crisis or risk documentation. 

Other uses and disclosures

We may use and disclose your personal information for other purposes explained at the time of collection or otherwise as set out in this Privacy Policy. 

12. Do we disclose your personal information overseas?

Our website provider, Squarespace will disclose personal information to the United States of America by way of their Tier III data centre. By providing us with your personal information, you consent to us disclosing your personal information overseas in this way. Privacy protections in America may not be the same as in Australia and by providing consent, you understand and agree that we wont be liable for a breach of the Australian Privacy Principles by the overseas recipient.   

13. Do we use or disclose your personal information for direct marketing?

We do not use your personal information for direct marketing. 

14. Use of Heidi Artificial Intelligence (AI)

We use Heidi AI for the purpose of maintaining accurate, complete, and accessible health records, assisting clinicians in delivering psychological services efficiently and securely. All transcription will occur in accordance with the relevant Privacy Laws, including the Privacy Act 1988 (Cth) and Australian Privacy Principles, and ethical standards governing psychological practices in Australia.

Where you provide us with informed consent, psychological notes containing sensitive information will be processed using Heidi AI technology. Such information will be used solely for the purpose of transcription, storage, and record maintenance associated with professional psychological services.

Personal information will not be disclosed to any unauthorised third party or transferred or stored outside Australia or made accessible to external parties without your express written consent, except as required by law.

All reasonable steps, including but not limited to the use of encryption, access controls, regular security audits, and ongoing employee training, will be taken to ensure information remains confidential and protected against loss, misuse, interference, unauthorised access, use, modification or disclosure. Information will be handled in accordance with the Privacy Act, the Australian Privacy Principles, and industry-standard data security measures.

AI transcription accuracy is subject to inherent limitations, including possible misinterpretation or erroneous output. Notes transcribed by Heidi AI will be reviewed by qualified staff (including your psychologist) for accuracy and reliability prior to inclusion in your clinical record.

You have the right to withdraw this consent at any time. Upon withdrawal:

  • no further psychological notes will be transcribed via Heidi AI;

  • the psychological practice will take reasonable steps to cease ongoing use of Heidi AI with respect to your personal information and sensitive information;

  • all future processing, use, or disclosure of your information through Heidi AI will be stopped as soon as practicable and within 30 days of receiving written notice;

  • subject to professional and legal requirements, you may request deletion or de-identification of any previously transcribed notes; and

  • confirmation of action taken regarding withdrawal will be provided in writing.

16. What happens in a data breach? 

If a data breach occurs, we will comply with our obligations under the Privacy Act and related legislation.

17. Accessing your personal information 

You are entitled to access your personal information held by us on request. To request access to your personal information please contact us by email at admin@goldenhourwellbeing.com

You will not be charged for making a request to access your personal information, but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.

18. Correcting and updating your personal information 

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change. 

However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.

We may decline your request to access or correct your personal information in certain circumstances in accordance with the APPs. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.

19. Deleting your personal information 

If you want us to delete personal information we hold about you or to not collect information from you for a specific purpose, please contact us at admin@goldenhourwellbeing.com.  

We are required by law to keep records for minimum periods as set out in this policy. We will not be able to delete records while they are within these minimum periods. 

Please note that if we agree to delete information, because of backups and records of deletions, it may be impossible to completely delete the information without retaining some residual information. 

We will respond to any request to delete information within a reasonable time. 

20. Making a complaint 

Raising the issue with us 

You can contact us at any time if you have questions or concerns about this Privacy Policy or about the way in which your personal information has been handled. We will first consider your complaint to determine whether there are simple steps that we can take to resolve your complaint. We will respond to your complaint within a reasonable time. 

If your complaint is more complex, we’ll respond to acknowledge your complaint within a reasonable period and will work to complete an investigation promptly. We may require additional information from you and the outcome you seek. We’ll keep you updated about the timeline for an outcome. 

We can also provide you with a copy of the APPs, which describe your rights and how your personal information should be handled, on request. 

Making a complaint to the OAIC

If you’re unsatisfied with our response or you believe that we may have breached an APP or the Act, you can make a compliant to the Office of the Australian Information Commissioner (‘OAIC’). You can contact the OAIC by telephone on 1300 363 992 or by using the contact details on their website

21. Changes to this policy

We may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our website regularly to keep up to date with any changes.

For any questions or notice, please contact us by emailing admin@goldenhourwellbeing.com.  

This privacy policy was last updated: May 2026.