Privacy Policy for Mental Health Practitioners

ANTSA Pty. Ltd. ABN 77 664 161 237 ("ANTSA", "we", "us", or "our") provides a Software-as-a-Service platform ("Platform") for Mental Health Practitioners to manage their practice and provide services to their clients. It includes the platform/application and website – www.ANTSA.com.au 

ANTSA is committed to protecting the privacy of our users, including Mental Health Practitioners (“MHP”s or “Practitioners”), Clinic Owners (person or entity who employs or contracts MHP’s), and their clients.  Ensuring the privacy and confidentiality of our Platform users is of the utmost importance to us, and we employ stringent measures to safeguard their information. This Privacy Policy outlines how we collect, use, manage, store and protect personal information in accordance with the Australian Privacy Principles as outlined in the Privacy Act 1988 (Cth).

If you are using the Platform from another country, please note that your information may be subject to different privacy laws.

1. Collection of Personal Information

Types of personal and sensitive information we collect and hold

We collect two levels of personal information – the first from MHPs and Clinic Owners (Clinic Owners may or may not be a MHP.  They are the person/entity who/which owns or manages the clinic/practice where MHP’s work) who register on the Platform; the second is from the clients invited by the MHPs. 

The types of personal information we collect may include, but is not limited to:

• Contact information such as name, email address, phone number, address, other demographics (eg. age, gender, date of birth, postcode, etc.)
• Profile information such as job title, professional qualifications, image, and registration information
• Payment information such as credit card details or bank account information
• Any other information provided by you, your clients, a third party, or obtained by us in the course of providing our services
• Profile information such as job title
• Your access and usage of the Platform (which includes data obtained through your interactions with the ANTSA website) through the use of internet cookies or other tracking technologies

We may also collect sensitive information about you if it is necessary to provide specific services to you. This includes but is not limited to information or an opinion about an individual’s:

• Racial or ethnic origin
• Religious belief
• Criminal record/s
• Health and wellbeing information;
• Political opinion
• Philosophical belief/s

2. How Personal Information is collected

We collect personal information and sensitive information (together, ‘Personal Information’) from our users in a variety of ways, including when users create an account, through online forms, when registering for our services, or when conducting business with us through our web-based platform and mobile app.

We may also collect information about you from third-party suppliers.

Use of Cookies and Similar Technologies

We may use cookies and similar technologies to collect information about how users interact with the Platform, the browsers used, geo-location data, pages visited, length of time spent within and communication with the platform, etc., to monitor and analyse usage trends. Users can manage their cookie preferences through their browser settings.

4. Storage and Security of Personal Information

Personal Information collected on the Platform will be stored using computer storage facilities or third-party storage provider supplied by Amazon Web Services (AWS). AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use their secure AWS environment to process, maintain, and store protected health information.  All of our servers are located exclusively in Australia to ensure compliance with local data protection regulations.

The security of your Personal Information is important to us.  It is important to note that no method of transmission over the internet, or method of electronic storage is 100% secure, so we cannot guarantee its absolute security.  We strive to use commercially acceptable means to protect your personal information. The steps we take to protect your Personal Information include:

• Ensuring the communications are end-to-end encrypted;
• Using secure storage methods; and
• Limiting access to Personal Information to authorised personnel.

Children’s Privacy

The Platform is designed for MHPs, therefore any child under the age of 13 years is not directly accepted.  If an MHP has a client who is under the age of 13, it is expected that the MHP has parental consent as per their individual privacy policies, insurance requirements, and legislative provisions. 

5. Privacy and Data Protection

The computer storage facilities referred to under Clause 4 above are compliant with the Health Insurance Portability and Accountability Act (HIPAA), which is a U.S. legislation that sets out the standard for privacy and data protection.  As an Australian-based entity, being HIPAA compliant is not a legal requirement.  By choosing to be HIPAA compliant regarding our storage servers, ANTSA is dedicated to having security measures in place to safeguard Personal Information. 

Other security measures taken by ANTSA to ensure adequate levels of data protection per the Australian Privacy Principles include but are not limited to:

• Taking reasonable steps to de-identify Personal Information;
• Creating back ups of the database regularly; and
• Making this platform password protected, requiring each user to create a strong password to access each of their accounts; and
• Any other security measures that may reasonably be required.

1. Encryption

To comply with HIPAA, ANTSA utilises the Advanced Encryption Standard (AES), a block cipher algorithm as the encryption standard. Specifically, we use AES-256 which employs a 256-bit key length to fully encrypt and decrypt Personally Identifiable Information (PII) data of clients/patients.

2. Data transport and storage

• The infrastructure we rely on is Amazon Web Service AWS), including services like S3, which are well-versed in HIPAA compliance and provide reliable data transport and storage capabilities
• Additionally, we have implemented HTTPS on our website to ensure secure data transmission to cyberspace

3. Data backup and recovery

To safeguard your data, ANTSA regularly backs up and encrypts the information you enter on the platform before transporting it to our servers.  This proactive approach allows us to easily restore data in case of emergencies and mitigates the risk of data loss.

4. Security and Authentication

• Users are restricted to log in from only one device at a time, preventing multiple logins for the same account
• To maintain security, users are automatically logged off after a certain period of inactivity
• Users are required to create strong passwords adhering to ANTSA’s guidelines, ensuring password strength
• To provide an additional layer of security, two-factor authentication (2FA) is implemented for all user accounts
• In order to protect users’ accounts from unauthorised access via the reset password flow, we utilise expiration and one-time tokens for the reset password link

5. Closing statement

We prioritise your safety and security by implementing robust measures to protect your personal information.

6. Use and Disclosure of Personal Information

We use and disclose Personal Information to provide our services, including:

• Managing Practitioners' accounts
• Facilitating communication between Practitioners and clients
• Developing, maintaining, and protecting our products and services
• Conducting research or compiling and analysing statistics relevant to health or safety

We may disclose personal information to certain third-party service providers who assist us in providing our services, including payment processors and email service providers. We may also disclose personal information to comply with legal obligations or protect the rights, property, or safety of ANTSA or our users.

In the case of non-payment for goods or services provided by us, we may disclose your information to debt-collectors, credit reporting agencies, tribunals, courts, and other authorities. 

Marketing Communications

We may send marketing communications to you about our services, promotions, or updates. Users can opt-out of receiving marketing communications by following the instructions provided in the communication.

Your Personal Information is not routinely disclosed overseas.

7. Retention of Personal Information

We retain personal information for as long as necessary to provide our services and fulfill our legal obligations. We may also retain personal information for research and analysis purposes. When personal information is no longer required, we securely destroy or de-identify it.

How long is your personal information stored?

Practitioners & Clinic Owners - We store and allow you access to your personal information as long as you have an account on the Platform. When you close your account, your Personal Information will not be accessible, however, if your account is reactivated you will be able to access it again. When you end your subscription or fail to meet your payment obligation your personal information will be stored but not accessible.

Clients - We store your personal information as long as you have an account on the Platform. When you close your account, your personal information will not be accessible. If you do not re-join the platform with a subscription, your data will remain inaccessible.

There is a mandatory need to retain payment and receipt data for Australian Taxation purposes (up to 7 years). 

8. Access to and Correction of Personal Information

You have the right to access and correct personal information we hold about you. To request access or correction, please contact us using the contact details provided below.

9. Third-Party Links

The Platform may contain links to third-party websites or services. This Privacy Policy only applies to the Platform and does not apply to third-party websites or services. We have no control over and assume no responsibility for the privacy policies, practices, or content of third-party websites or services.

10. Complaints

If you have a complaint about our privacy practices, contact us using the contact details provided in this Privacy Policy. We will investigate the complaint and respond as soon as is practicable.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time at our discretion. You are advised to review this Privacy Policy periodically for any changes.  Changes will be effective immediately upon posting the updated policy on the Platform.

CONTACT

Please contact:

Attention: The Data Protection Officer

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

P.O. Box 2324, Blackburn South, VIC, 3130

Or ring +61 3 881 22 373 during regular business hours (Eastern Standard Time - Melbourne)

COMPLAINTS

If you have been in contact with ANTSA P/L about a matter regarding data privacy and you do not believe that it was dealt with satisfactorily, you can make a complaint to the Office of the Australian Information Commissioner - www.oaic.gov.au/privacy/privacy-complaints

This Privacy Policy is effective as of 1 July, 2023.