Privacy Policy for the Management of Personal Information

This document describes the privacy policy of Melissa Geftakis Psychology for the management of personal information, including information collected through the provision of psychological services and information collected via the practice website. This practice is bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).

1. Storage of Client Information

Client files are held in Halaxy, an Australian-based practice management system used widely by health practitioners across Australia. Data is stored on servers located in Australia, encrypted both at rest and in transit (via TLS/SSL), with daily backups and 24-hour threat detection monitoring. Halaxy is hosted on Amazon Web Services (AWS) infrastructure, which holds PCI DSS Level 1 and ISO 27001 certifications for its hosting environment. Access to client records is restricted to Melissa Geftakis and is protected by two-factor authentication. Client records include personal details such as name, address, contact information, medical history, and other information collected as part of providing psychological services.

2. How Personal Information is Collected

Personal information is collected in a number of ways, including:

  • Information provided directly by the client via intake forms or correspondence.

  • Information provided by other health practitioners via referrals, correspondence, or medical reports.

  • Information collected through a secure online appointment scheduling system.

If a client does not wish for their personal information to be collected as described in this policy, Melissa Geftakis Psychology may not be in a position to provide psychological services to that client.

3. Purpose of Holding Personal Information

Personal information is gathered and used for the purpose of providing psychological services, which includes assessing, diagnosing, and treating a client’s presenting concerns. Information is retained to document what occurs during sessions and to enable the provision of a relevant and informed psychological service.

4. Disclosure of Personal Information

All personal information gathered during the provision of services will remain confidential except where:

  • Disclosure is required or authorised by law, including by court subpoena.

  • Failure to disclose would place a client or another person at serious risk to life, health, or safety.

  • The client has provided prior consent to share information with another professional or agency (e.g. a GP, lawyer, or insurer).

  • Clinical consultation with another professional is required to provide better clinical services — in such cases, identifying details will remain confidential.

A client’s personal information will not be disclosed to overseas recipients unless consent has been given or disclosure is otherwise required by law. Personal information will not be used, sold, rented, or disclosed for any other purpose.

5. Access and Correction

Clients may request access to or correction of their personal information at any time. Requests should be made in writing and will be responded to within 21 days. An appointment may be arranged if clarification is required. Access may be subject to certain limitations under the Privacy Act 1988 (Cth).

If personal information is found to be inaccurate, out of date, or incomplete, reasonable steps will be taken to correct it.

6. Data Breaches

In the event of unauthorised access, disclosure, or loss of personal information, Melissa Geftakis Psychology will activate a data breach response plan and take all reasonable steps to minimise any risk of consequential harm. Clients will be notified in accordance with the requirements of Australian privacy law.

7. Privacy Concerns and Complaints

If you have a concern about the management of your personal information, please contact Melissa Geftakis in the first instance. A copy of the Australian Privacy Principles is available on request and describes your rights and how your personal information should be handled.

If you wish to lodge a formal complaint, you may do so with the Office of the Australian Information Commissioner (OAIC):

8. Website Data Collection

This policy also applies to information collected when you visit our website, melissageftakis.com.au.

When you browse the site, we use Google Analytics 4 to understand how visitors interact with our content. This may include the pages viewed, the time spent on each page, the type of device used, and approximate geographic location based on IP address. This information is collected in aggregate and is not used to identify individual visitors. IP addresses are anonymised by Google before storage.

Cookies — small text files stored by your browser — may be used to support website functionality and analytics. You can disable cookies through your browser settings; this will not affect your ability to use the website.

If you submit information through the contact form on the website, that information is processed by Squarespace (the platform on which the website is hosted) and forwarded to Melissa Geftakis by email. Contact form submissions are used solely to respond to your enquiry. They are not used for marketing purposes and are not shared with any other third parties.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on (tools.google.com/dlpage/gaoptout) or by using your browser’s “Do Not Track” setting.

Last reviewed: April 2026. This policy will be reviewed and updated as required.