Last updated 1 July 2026
Pop Family Pty Ltd (we, us, our) is committed to protecting the privacy and security of personal information we collect and hold about individuals. We are dedicated to maintaining your trust and upholding high standards of privacy and data protection.
We have obligations as to how we collect, hold, use and disclose personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the Health Records (Privacy and Access) Act 1997 (ACT), the Health Records Act 2001 (Vic), and the Health Records and Information Privacy Act 2002 (NSW), together with equivalent laws in other jurisdictions in which our clients reside (together, the Health Privacy Acts). We also have obligations under the National Disability Insurance Scheme Act 2013 (Cth) and associated rules, and under Speech Pathology Australia’s Code of Ethics (2020).
This Privacy Policy explains how we collect, use, disclose and protect your information when you use our services, your rights regarding that information, and how to raise a privacy concern. Because we deliver all services online via telehealth, this policy also explains how your information is handled within the software we use.
Personal information means any information or opinion about an identified individual, or an individual whose identity is apparent or reasonably identifiable from the information. It may include a person’s name, date of birth, mailing address, telephone number or email address.
Health information includes any information collected in the course of providing a health service, including information about the health or disability of an individual, their wishes about future health treatment, and information about health services provided or to be provided.
Health information is sensitive information for the purposes of the Health Privacy Acts and is subject to higher standards under those Acts. We handle it accordingly.
Where we collect sensitive information, including health information, we collect it with your consent and only where it is reasonably necessary to provide your services, subject to limited exceptions permitted by the Health Privacy Acts.
For a child, consent is provided by a parent or legal guardian with authority to do so, except where the individual has the capacity to consent on their own behalf. Where parental responsibility is shared or subject to a court order or parenting order, we collect and act on information consistent with that order and may require evidence of it.
You may withdraw your consent at any time by contacting us using the details in the Contact Us section. If you withdraw consent or provide incomplete or inaccurate information, we may be unable to provide some or all of the services you are seeking. Withdrawal of consent does not affect handling that occurred before withdrawal, or retention we are required by law to maintain.
You can interact with us anonymously or by using a pseudonym when it is lawful and practicable to do so, for example when making a general enquiry. If you choose to remain anonymous or use a pseudonym, it may be impracticable for us to respond to some matters, such as investigating a complaint, without knowing your identity. It is generally not practicable to remain anonymous once you become a client, because we are required to keep accurate clinical records.
We collect only the information we need for the function or activity we are carrying out. The information we collect includes, but is not limited to: you or your child’s name, date of birth, email address, phone number, residential or postal address, payment information, health fund or NDIS details, government related identifiers (such as NDIS, Medicare or DVA numbers), and information about health history and family history. We require this information to assist the speech pathologist to assess and treat you.
We collect your personal information directly from you wherever possible, including when you provide it by phone, by completing forms, agreements or surveys, or through our website. We may also collect your information:
We collect health information directly from you unless it is unreasonable or impracticable to do so, for example where a third party who has referred you provides information collected by them.
When we collect personal information or health information about you, we take reasonable steps to notify you of, or ensure your awareness of, the following:
We use your personal information for the purpose for which you provided it, specifically to:
We may also use your information for other purposes permitted under the Privacy Act 1988 (Cth).
If you provide incomplete or inaccurate information, or withhold personal or health information, we may not be able to provide you with the services you are seeking.
We may disclose your information, with your consent, to:
We may also disclose your information to a member of your family, next of kin, guardian, authorised representative, the police, ambulance services, hospitals or emergency medical centres where necessary to address a serious threat to your life, health or safety.
To provide the best environment in which to treat you, we may use or disclose your personal and health information where necessary for:
We do not use any image or video footage of clients without consent. Where a session is recorded, we record it only with consent, store it within our secure practice management and video software (our clinical records system and our primary video platform Zoom, with Microsoft Teams or Google Meet used as fallback options), and retain it consistent with the Data Retention section below. These providers are included in our current list of service providers.
We may record, monitor and transcribe inbound and outbound phone calls through our cloud phone provider for staff training, accuracy checks, and establishing the facts in the event of a complaint or incident review. Individuals are informed before recording and may opt out at any time. Call recordings and transcripts are stored securely by our cloud phone provider and are deleted after 1 year. If a caller opts out, the call is not recorded and necessary information is recorded manually by the Pop team. Our cloud phone provider is included in our current list of service providers.
We use trusted third-party software to deliver and manage our services. We share personal information with these providers only as needed for the purpose for which it was collected, and our arrangements require them to protect it consistently with this policy and applicable law. We use providers for the following functions:
Some of these providers store or process information overseas, as described in the Overseas Disclosure section below. We maintain a current list of the specific providers we use, including a link to each provider’s privacy policy. We review that list and the linked privacy policies at least annually.
We may also disclose information to government agencies, including the National Disability Insurance Agency (NDIA), the Department of Veterans’ Affairs (DVA), the NDIS Quality and Safeguards Commission, and child safety organisations, where required for legal, regulatory or safeguarding purposes.
Some of the providers in our list of service providers store or process personal information outside Australia, including in the United States and other countries where those providers operate. This applies to our video telehealth, card payment processing, cloud phone, website analytics, internal communications, and email and file storage providers. Our clinical records system, AI-assisted clinical documentation tool, customer relationship management system, and accounts receivable and payments collection provider store Australian client data in Australia. Where an Australian hosting option is available and appropriate, we prefer it. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles it consistent with the Australian Privacy Principles, except where an exception under APP 8 applies. In some cases we may seek your express consent to disclose your information to an overseas recipient.
We do not send commercial electronic messages by email, SMS or other means unless you have consented or we are otherwise permitted to under the Spam Act 2003 (Cth). Every commercial electronic message we send includes information about us and an unsubscribe facility. We will not add your email address to a mailing list without your consent, and you can opt out of marketing communications at any time using the unsubscribe link or by contacting us using the details in the Contact Us section. We do not use sensitive information for direct marketing without your consent, and we do not sell your personal information. We will always obtain prior consent before using your information for research.
You have a right to request access to the personal and health information we hold about you. You will be asked to complete a “Request for Information” form before information is released. You may also request correction of information you believe is inaccurate, incomplete or out of date. We will respond to access and correction requests within a reasonable period and without unreasonable delay. If we do not agree to amend a record, we will permit you to make a statement of the requested changes and will enclose it in your records, and we will notify you of our reasons for refusal except where it would be unreasonable to do so. Any charge for providing access will not be excessive.
We take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date.
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Our approach includes, but is not limited to:
Our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of personal information we hold. While we take all reasonable steps to protect your information, no data transmission over the internet can be guaranteed to be totally secure.
We maintain procedures to identify, contain, assess and respond to data breaches. Where a breach is likely to result in serious harm to an affected individual, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).
We retain your personal information for as long as needed to provide services to you and to comply with our legal obligations, resolve disputes and enforce our agreements. In line with health records legislation, we generally retain adult clinical records for at least 7 years from the date of last service. For a client who is a minor, we retain records until the client reaches 25 years of age, or for 7 years from the date of last service, whichever is later. Email and correspondence records are retained for up to 7 years. When information is no longer required, we take reasonable steps to mark it as “beyond use”, destroy or de-identify it.
Our website uses cookies to analyse website traffic, enable social media sharing functionality, and improve your website experience. We use Google Analytics and HubSpot for website analytics and communications. Our web servers also record connection information such as IP address, browser type, and the date, time and address of requests, in aggregate, to diagnose problems and improve the website. You can manage or disable cookies through your browser settings, though some features may not function as intended.
Our website may contain links to other websites, including social media. Those sites are not under our control and we are not responsible for their conduct or privacy practices. We encourage you to review the privacy statement of any website before providing personal information to it.
We may amend this Privacy Policy from time to time to keep it current and reflective of our practices. Changes take effect on release on our website or by email. Where our practices change, we apply the updated practices to information collected from the date of the change.
If you have a privacy concern or believe we have mishandled your personal information, please contact us using the details below. We will acknowledge your complaint promptly and aim to respond within 30 days. If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992. If your concern relates to NDIS supports, you may also contact the NDIS Quality and Safeguards Commission on 1800 035 544.
Pop Family Pty Ltd is responsible for the handling of personal information described in this policy. To raise a privacy question, make a request, or lodge a complaint, contact us:
Privacy contact: Chief Executive Officer
Pop Family Pty Ltd
Phone: 1300 26 11 60
Email: [email protected]
In this discovery call, the Speech Therapist will:
P.S. If you have had speech therapy before or already know what you’re after, you can jump to our appointment booking form here.
Book your free 15 minute discovery call with one of our experienced Speech Therapists below.
Online Speech Therapy, all sessions delivered via telehealth.
Fill out the form below and we’ll be in touch.