Skip to main content

Privacy Policy

Privacy Policy for Mental Health Practitioners

ANTSA Pty. Ltd. ABN 77 664 161 237 ("ANTSA", "we", "us", or "our") provides a Software-as-a-Service platform ("Platform") for Mental Health Practitioners to manage their practice and provide services to their clients. It includes the platform/application and website – www.ANTSA.com.au 

ANTSA is committed to protecting the privacy of our users, including Mental Health Practitioners (“MHP”s or “Practitioners”), Clinic Owners (person or entity who employs or contracts MHP’s), and their clients.  Ensuring the privacy and confidentiality of our Platform users is of the utmost importance to us, and we employ stringent measures to safeguard their information. This Privacy Policy outlines how we collect, use, manage, store and protect Personal Information in accordance with the Australian Privacy Principles as outlined in the Privacy Act 1988 (Cth).

If you are using the Platform from another country, please note that your information may be subject to different privacy laws.

  1. Collection of Personal Information

 

Types of personal and sensitive information we collect and hold

 

We collect two levels of Personal Information – the first from MHPs and Clinic Owners (Clinic Owners may or may not be a MHP.  They are the person/entity who/which owns or manages the clinic/practice where MHP’s work) who register on the Platform; the second is from the clients invited by the MHPs. 

The types of Personal Information we collect may include, but is not limited to:

  • Contact information such as name, email address, phone number, address, other demographics (eg. age, gender, date of birth, postcode, etc.)
  • Profile information such as job title, professional qualifications, image, and registration information
  • Payment information such as credit card details or bank account information
  • Any other information provided by you, your clients, a third party, or obtained by us in the course of providing our services
  • Profile information such as job title
  • Your access and usage of the Platform (which includes data obtained through your interactions with the ANTSA website) through the use of internet cookies or other tracking technologies

We may also collect sensitive information about you if it is necessary to provide specific services to you. This includes but is not limited to information or an opinion about an individual’s:

  • Racial or ethnic origin
  • Religious belief
  • Criminal record/s
  • Health and wellbeing information
  • Political opinion
  • Philosophical belief/s
  1. How Personal Information is collected

We collect Personal Information and sensitive information (together, ‘Personal Information’) from our users in a variety of ways, including when users create an account, through online forms, when registering for our services, or when conducting business with us through our web-based platform and mobile app.

We may also collect information about you from third-party suppliers.

Use of Cookies and Similar Technologies

We may use cookies and similar technologies to collect information about how users interact with the Platform, the browsers used, geo-location data, pages visited, length of time spent within and communication with the platform, etc., to monitor and analyse usage trends. Users can manage their cookie preferences through their browser settings.

  1. Storage and Security of Personal Information

Personal Information collected on the Platform will be stored using computer storage facilities or third-party storage provider supplied by Amazon Web Services (AWS). AWS enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) to use their secure AWS environment to process, maintain, and store protected health information.  All of our servers are located exclusively in Australia to ensure compliance with local data protection regulations.

The security of your Personal Information is important to us.  It is important to note that no method of transmission over the internet, or method of electronic storage is 100% secure, so we cannot guarantee its absolute security.  We strive to use commercially acceptable means to protect your Personal Information. The steps we take to protect your Personal Information include:

  • Ensuring the communications are end-to-end encrypted;
  • Using secure storage methods; and
  • Limiting access to Personal Information to authorised personnel.

Children’s Privacy

The Platform is designed for MHPs, therefore any child under the age of 13 years is not directly accepted.  If an MHP has a client who is under the age of 13, it is expected that the MHP has parental consent as per their individual privacy policies, insurance requirements, and legislative provisions. 

  1. Privacy and Data Protection

The computer storage facilities referred to under Clause 3 above are compliant with the Health Insurance Portability and Accountability Act (HIPAA), which is a U.S. legislation that sets out the standard for privacy and data protection.  As an Australian-based entity, choosing to be HIPAA compliant is not a legal requirement, but by choosing HIPAA compliant storage servers, ANTSA is dedicated to having security measures in place to safeguard Personal Information.  This demonstrates our commitment to privacy and data protection. 

Other security measures taken by ANTSA to ensure adequate levels of data protection per the Australian Privacy Principles include but are not limited to:

  • Taking reasonable steps to de-identify Personal Information;
  • Creating back-ups of the database regularly;
  • Making this platform password protected, requiring each user to create a strong password to access their accounts;
  • Implementing two-factor authentication (2FA) for all user accounts to provide an extra layer of security, requiring a second verification step during login;
  • Any other security measures that may reasonably be required.

Here are some of the areas of HIPAA compliance that are of note:

  1. Encryption

To comply with HIPAA, ANTSA utilises the Advanced Encryption Standard (AES), a block cipher algorithm as the encryption standard. Specifically, we use AES-256 which employs a 256-bit key length to fully encrypt and decrypt Personally Identifiable Information (PII) data of clients/patients.

  1. Data transport and storage
  • The infrastructure we rely on is Amazon Web Service AWS), including services like S3, which are well-versed in HIPAA compliance and provide reliable data transport and storage capabilities
  • Additionally, we have implemented HTTPS on our website to ensure secure data transmission to cyberspace
  1. Data backup and recovery

To safeguard your data, ANTSA regularly backs up and encrypts the information you enter on the platform before transporting it to our servers.  This proactive approach allows us to restore data in case of emergencies and mitigates the risk of data loss.

  1. Security and Authentication
  • Users are restricted to log in from only one device at a time, preventing multiple logins for the same account
  • To maintain security, users are automatically logged off after a certain period of inactivity
  • Users are required to create strong passwords adhering to ANTSA’s guidelines, ensuring password strength
  • To provide an additional layer of security, two-factor authentication (2FA) is implemented for all user accounts
  • In order to protect users’ accounts from unauthorised access via the reset password flow, we utilise expiration and one-time tokens for the reset password link
  1. Closing statement

We prioritise your safety and security by implementing robust measures to protect your Personal Information.

  1. Data Collection and Use

Legal Basis for Data Processing

We process Personal Information based on several legal grounds to ensure compliance with relevant data protection laws and to provide our services effectively. The legal bases for processing your Personal Information may include:

  • Consent: Where you have provided explicit consent for the collection and use of your Personal Information for specific purposes, such as marketing communications or the collection of sensitive data.
  • Contract: Processing is necessary for the performance of a contract to which you are a party, such as when you register and use our Platform within your practice.
  • Legal Obligation: We may process your Personal Information to comply with legal requirements, including obligations related to taxation, regulatory compliance, and responding to lawful requests from authorities.
  • Legitimate Interests: We may process Personal Information where it is necessary for our legitimate interests, such as improving our services, ensuring the security of the Platform, and protecting the rights of ANTSA, our users, and others, provided these interests are not overridden by your rights and interests.

By clearly outlining the legal basis for processing, we aim to ensure transparency and compliance with both Australian and international data protection standards.

  1. Data Breach Notification

ANTS Pty Ltd is committed to safeguarding your Personal Information and takes data security very seriously. Despite our best efforts to protect your information, in the unlikely event of a data breach, we have a response plan in place to address the situation promptly and effectively.

In accordance with the requirements of the Australian Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme, ANTSA will take immediate steps to contain the breach and prevent further unauthorised access to your information. If a data breach is likely to result in serious harm to individuals whose information is involved, we will notify the affected individuals as soon as practicable. This notification will include:

  • The nature of the breach,
  • The type of information involved,
  • The steps taken to mitigate the breach,
  • Recommendations for what individuals should do to protect themselves, and
  • Our contact details for further information or assistance.

Additionally, we will notify the Office of the Australian Information Commissioner (OAIC) about the breach as required by the NDB scheme. We are committed to transparency and will keep affected individuals informed throughout the process, ensuring that appropriate actions are taken to protect your privacy and minimise any potential harm.

  1. Use and Disclosure of Personal Information

We use and disclose Personal Information to provide our services, including:

  • Managing Practitioners' accounts
  • Facilitating communication between Practitioners and clients
  • Developing, maintaining, and protecting our products and services
  • Conducting research or compiling and analysing statistics relevant to health or safety

In addition, we may use anonymised or de-identified data for research, analytics, and to improve our services. This data will not contain any personally identifiable information and cannot be linked back to you or your clients. The use of anonymised data allows us to gain insights into usage patterns, enhance the functionality of the Platform, and contribute to the broader field of mental health through research and development.

We may disclose Personal Information to certain third-party service providers who assist us in providing our services, including payment processors and email service providers. We may also disclose Personal Information to comply with legal obligations or protect the rights, property, or safety of ANTSA or our users.

Debt Collection and Legal Disclosures

In the case of non-payment for goods or services provided by us, we may disclose your information to debt-collectors, credit reporting agencies, tribunals, courts, and other authorities.   Such disclosures will be made in accordance with applicable laws and only to the extent necessary to resolve the payment issue.

Automated Decision-Making and Profiling

ANTSA may use automated decision-making processes and profiling within the Platform to enhance the user experience and provide information to Mental Health Practitioners (MHPs) and their clients. Automated decision-making refers to the ability of our Platform to make decisions based on the data provided without human intervention. This may include features like setting automatic reminders, notifications, or analysing client engagement patterns to determine levels of distress.

The use of profiling is done to optimise the Platform’s functionality, allowing practitioners to better understand their clients’ behaviours and track their progress between sessions. Profiling may involve analysing client data (such as mood, task completion, and communication frequency) to offer insights that support treatment planning.

ANTSA ensures that no significant or legally binding decisions about users or clients are made solely based on automated processes. Users have the right to request human intervention or review if they believe an automated decision has been made in error or is inappropriate for their situation. If you have any concerns about automated decision-making, please contact us directly.

Marketing Communications

We may send marketing communications to you about our services, promotions, or updates. Users can opt-out of receiving marketing communications by following the instructions provided in the communication.

Your Personal Information is not routinely disclosed overseas.

  1. Retention of Personal Information

We retain Personal Information for as long as necessary to provide our services and fulfill our legal obligations. We may also retain Personal Information for research and analysis purposes. When Personal Information is no longer required, we securely destroy or de-identify it.

How long is your Personal Information stored?

Practitioners & Clinic Owners - We store and allow you access to your Personal Information as long as you have an account on the Platform. When you close your account, your Personal Information will not be accessible, however, if your account is reactivated you will be able to access it again. When you end your subscription or fail to meet your payment obligation your Personal Information will be stored but not accessible.

Clients - We store your Personal Information as long as you have an account on the Platform. When you close your account, your Personal Information will not be accessible. If you do not re-join the platform with a subscription, your data will remain inaccessible.

There is a mandatory need to retain payment and receipt data for Australian Taxation purposes (up to 7 years). 

  1. Access to and Correction of Personal Information

You have the right to access and correct Personal Information we hold about you. To request access or correction, please contact us using the contact details provided below.

  1. Third-Party Links

The Platform may contain links to third-party websites or services. This Privacy Policy only applies to the Platform and does not apply to third-party websites or services. We have no control over and assume no responsibility for the privacy policies, practices, or content of third-party websites or services.

  1. Complaints

If you have a complaint about our privacy practices, contact us using the contact details provided in this Privacy Policy. We will investigate the complaint and respond as soon as is practicable.

  1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time at our discretion. You are advised to review this Privacy Policy periodically for any changes.  Changes will be effective immediately upon posting the updated policy on the Platform.

CONTACT

Please contact:

Attention: The Data Protection Officer

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

P.O. Box 2324, Blackburn South, VIC, 3130

Or ring +61 3 881 22 373 during regular business hours (Eastern Standard Time - Melbourne)

 

COMPLAINTS

If you have been in contact with ANTSA P/L about a matter regarding data privacy and you do not believe that it was dealt with satisfactorily, you can make a complaint to the Office of the Australian Information Commissioner - www.oaic.gov.au/privacy/privacy-complaints

This Privacy Policy is effective as of 4th September, 2024.