Privacy Policy

Last updated 1 July 2026

Policy Overview

Pop Family Pty Ltd (we, us, our) is committed to protecting the privacy and security of personal information we collect and hold about individuals. We are dedicated to maintaining your trust and upholding high standards of privacy and data protection.

We have obligations as to how we collect, hold, use and disclose personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the Health Records (Privacy and Access) Act 1997 (ACT), the Health Records Act 2001 (Vic), and the Health Records and Information Privacy Act 2002 (NSW), together with equivalent laws in other jurisdictions in which our clients reside (together, the Health Privacy Acts). We also have obligations under the National Disability Insurance Scheme Act 2013 (Cth) and associated rules, and under Speech Pathology Australia’s Code of Ethics (2020).

This Privacy Policy explains how we collect, use, disclose and protect your information when you use our services, your rights regarding that information, and how to raise a privacy concern. Because we deliver all services online via telehealth, this policy also explains how your information is handled within the software we use.

Handling Your Personal Information

What Is Personal Information

Personal information means any information or opinion about an identified individual, or an individual whose identity is apparent or reasonably identifiable from the information. It may include a person’s name, date of birth, mailing address, telephone number or email address.

Health information includes any information collected in the course of providing a health service, including information about the health or disability of an individual, their wishes about future health treatment, and information about health services provided or to be provided.

Health information is sensitive information for the purposes of the Health Privacy Acts and is subject to higher standards under those Acts. We handle it accordingly.

Your Consent

Where we collect sensitive information, including health information, we collect it with your consent and only where it is reasonably necessary to provide your services, subject to limited exceptions permitted by the Health Privacy Acts.

For a child, consent is provided by a parent or legal guardian with authority to do so, except where the individual has the capacity to consent on their own behalf. Where parental responsibility is shared or subject to a court order or parenting order, we collect and act on information consistent with that order and may require evidence of it.

You may withdraw your consent at any time by contacting us using the details in the Contact Us section. If you withdraw consent or provide incomplete or inaccurate information, we may be unable to provide some or all of the services you are seeking. Withdrawal of consent does not affect handling that occurred before withdrawal, or retention we are required by law to maintain.

Dealing With Us Anonymously

You can interact with us anonymously or by using a pseudonym when it is lawful and practicable to do so, for example when making a general enquiry. If you choose to remain anonymous or use a pseudonym, it may be impracticable for us to respond to some matters, such as investigating a complaint, without knowing your identity. It is generally not practicable to remain anonymous once you become a client, because we are required to keep accurate clinical records.

Information We Collect

We collect only the information we need for the function or activity we are carrying out. The information we collect includes, but is not limited to: you or your child’s name, date of birth, email address, phone number, residential or postal address, payment information, health fund or NDIS details, government related identifiers (such as NDIS, Medicare or DVA numbers), and information about health history and family history. We require this information to assist the speech pathologist to assess and treat you.

How We Collect Your Information

We collect your personal information directly from you wherever possible, including when you provide it by phone, by completing forms, agreements or surveys, or through our website. We may also collect your information:

  • From a member of your family, next of kin, guardian or authorised representative where we are unable to collect it from you
  • From an order of an Australian court or tribunal that authorises us to be provided with the information
  • From third parties, such as doctors, allied health professionals, schools or support coordinators, whom you have provided consent to share information with us
  • From relevant government departments, such as the National Disability Insurance Agency

We collect health information directly from you unless it is unreasonable or impracticable to do so, for example where a third party who has referred you provides information collected by them.

Collection Notice

When we collect personal information or health information about you, we take reasonable steps to notify you of, or ensure your awareness of, the following:

  • Our identity and contact details
  • The facts and circumstances of collection
  • Whether collection is required or authorised by law
  • The purposes of collection
  • The consequences if the information is not collected
  • Our usual disclosures of information of the kind collected
  • Information about this Privacy Policy
  • Whether we are likely to disclose your information to overseas recipients, and where practicable, the countries in which they are located

How We Use Your Information

We use your personal information for the purpose for which you provided it, specifically to:

  • Provide speech pathology services
  • Manage our relationship with you
  • Contact you regarding matters related to your care

We may also use your information for other purposes permitted under the Privacy Act 1988 (Cth).

What Happens If You Do Not Provide Your Information

If you provide incomplete or inaccurate information, or withhold personal or health information, we may not be able to provide you with the services you are seeking.

Disclosure of Information

We may disclose your information, with your consent, to:

  • Other health professionals or representatives involved in your treatment (such as a school, parent, nominated contact or representative)
  • The referrer, such as your medical practitioner, through progress or discharge summaries
  • Relatives, guardians, close friends or legal representatives, to provide information about your condition

We may also disclose your information to a member of your family, next of kin, guardian, authorised representative, the police, ambulance services, hospitals or emergency medical centres where necessary to address a serious threat to your life, health or safety.

Other Uses and Disclosures

To provide the best environment in which to treat you, we may use or disclose your personal and health information where necessary for:

  • Quality assurance processes, audits, risk and claims management, client satisfaction surveys, and staff education and training
  • Invoicing, billing and account management
  • Liaising with health funds, Medicare, the Department of Veterans’ Affairs, the National Disability Insurance Agency, or other third parties involved in your care to verify treatment provided
  • Sending appointment reminders and follow up care messages by text or email to the contact details you have provided

Images, Video and Session Recordings

We do not use any image or video footage of clients without consent. Where a session is recorded, we record it only with consent, store it within our secure practice management and video software (our clinical records system and our primary video platform Zoom, with Microsoft Teams or Google Meet used as fallback options), and retain it consistent with the Data Retention section below. These providers are included in our current list of service providers.

Recording and Transcribing of Phone Interactions

We may record, monitor and transcribe inbound and outbound phone calls through our cloud phone provider for staff training, accuracy checks, and establishing the facts in the event of a complaint or incident review. Individuals are informed before recording and may opt out at any time. Call recordings and transcripts are stored securely by our cloud phone provider and are deleted after 1 year. If a caller opts out, the call is not recorded and necessary information is recorded manually by the Pop team. Our cloud phone provider is included in our current list of service providers.

Third-Party Software and Service Providers

We use trusted third-party software to deliver and manage our services. We share personal information with these providers only as needed for the purpose for which it was collected, and our arrangements require them to protect it consistently with this policy and applicable law. We use providers for the following functions:

  • Clinical records and practice management
  • AI-assisted clinical documentation (clinical note-taking)
  • Video telehealth and meetings
  • Payment processing and accounts management
  • Client relationship management and communications
  • Email, file storage and document handling
  • Cloud phone and call recording
  • Website analytics
  • Internal staff communications

Some of these providers store or process information overseas, as described in the Overseas Disclosure section below. We maintain a current list of the specific providers we use, including a link to each provider’s privacy policy. We review that list and the linked privacy policies at least annually.

We may also disclose information to government agencies, including the National Disability Insurance Agency (NDIA), the Department of Veterans’ Affairs (DVA), the NDIS Quality and Safeguards Commission, and child safety organisations, where required for legal, regulatory or safeguarding purposes.

Overseas Disclosure

Some of the providers in our list of service providers store or process personal information outside Australia, including in the United States and other countries where those providers operate. This applies to our video telehealth, card payment processing, cloud phone, website analytics, internal communications, and email and file storage providers. Our clinical records system, AI-assisted clinical documentation tool, customer relationship management system, and accounts receivable and payments collection provider store Australian client data in Australia. Where an Australian hosting option is available and appropriate, we prefer it. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient handles it consistent with the Australian Privacy Principles, except where an exception under APP 8 applies. In some cases we may seek your express consent to disclose your information to an overseas recipient.

Direct Marketing and Electronic Messages

We do not send commercial electronic messages by email, SMS or other means unless you have consented or we are otherwise permitted to under the Spam Act 2003 (Cth). Every commercial electronic message we send includes information about us and an unsubscribe facility. We will not add your email address to a mailing list without your consent, and you can opt out of marketing communications at any time using the unsubscribe link or by contacting us using the details in the Contact Us section. We do not use sensitive information for direct marketing without your consent, and we do not sell your personal information. We will always obtain prior consent before using your information for research.

Access and Correction

You have a right to request access to the personal and health information we hold about you. You will be asked to complete a “Request for Information” form before information is released. You may also request correction of information you believe is inaccurate, incomplete or out of date. We will respond to access and correction requests within a reasonable period and without unreasonable delay. If we do not agree to amend a record, we will permit you to make a statement of the requested changes and will enclose it in your records, and we will notify you of our reasons for refusal except where it would be unreasonable to do so. Any charge for providing access will not be excessive.

Quality of Data

We take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date.

Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. Our approach includes, but is not limited to:

  • Card information encrypted before transmission and handled by our payment providers, not stored on our servers
  • Encryption across our software, including data storage, internal communications, video calling and practice management software
  • Use of reputable software that meets recognised international standards and demonstrates strong corporate governance, extending to hardware security
  • Strict, role-based access controls, with multi-factor and two-factor authentication for sensitive data and core business systems
  • Regular audits and live monitoring of core systems to detect and respond to vulnerabilities or security breaches promptly
  • Secure cloud storage with fail-safe backups; hard copies are destroyed once digitally scanned
  • Data minimisation, collecting only what is necessary
  • Employee training on data protection and privacy

 

Our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of personal information we hold. While we take all reasonable steps to protect your information, no data transmission over the internet can be guaranteed to be totally secure.

Data Breaches

We maintain procedures to identify, contain, assess and respond to data breaches. Where a breach is likely to result in serious harm to an affected individual, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

Data Retention and Disposal

We retain your personal information for as long as needed to provide services to you and to comply with our legal obligations, resolve disputes and enforce our agreements. In line with health records legislation, we generally retain adult clinical records for at least 7 years from the date of last service. For a client who is a minor, we retain records until the client reaches 25 years of age, or for 7 years from the date of last service, whichever is later. Email and correspondence records are retained for up to 7 years. When information is no longer required, we take reasonable steps to mark it as “beyond use”, destroy or de-identify it.

Cookies, Website Analytics and Server Logs

Our website uses cookies to analyse website traffic, enable social media sharing functionality, and improve your website experience. We use Google Analytics and HubSpot for website analytics and communications. Our web servers also record connection information such as IP address, browser type, and the date, time and address of requests, in aggregate, to diagnose problems and improve the website. You can manage or disable cookies through your browser settings, though some features may not function as intended.

Links to Other Websites

Our website may contain links to other websites, including social media. Those sites are not under our control and we are not responsible for their conduct or privacy practices. We encourage you to review the privacy statement of any website before providing personal information to it.

Changes to This Policy

We may amend this Privacy Policy from time to time to keep it current and reflective of our practices. Changes take effect on release on our website or by email. Where our practices change, we apply the updated practices to information collected from the date of the change.

How to Make a Privacy Complaint

If you have a privacy concern or believe we have mishandled your personal information, please contact us using the details below. We will acknowledge your complaint promptly and aim to respond within 30 days. If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992. If your concern relates to NDIS supports, you may also contact the NDIS Quality and Safeguards Commission on 1800 035 544.

Contact Us

Pop Family Pty Ltd is responsible for the handling of personal information described in this policy. To raise a privacy question, make a request, or lodge a complaint, contact us:

Privacy contact: Chief Executive Officer

Pop Family Pty Ltd

Phone: 1300 26 11 60

Email: [email protected]

Begin your journey with Pop

In this discovery call, the Speech Therapist will:

P.S. If you have had speech therapy before or already know what you’re after, you can jump to our appointment booking form here.

Book your free 15 minute discovery call with one of our experienced Speech Therapists below.

Book a Free Discovery Call

Online Speech Therapy, all sessions delivered via telehealth.

Fill out the form below and we’ll be in touch.