Privacy Policy

About this policy

The purpose of this privacy policy is to:

  • communicate the personal information handling practices of Throughlines;
  • enhance the transparency of our operations, and
  • give clients a complete understanding of the sort of personal information Throughlines holds, and the way we handle that information.

If you wish to make any comments or suggestions about our privacy policy, you can do so by contacting Throughlines via:


Any comments and/or suggestions will be reviewed and considered.

This privacy policy is reviewed and updated annually. Changes will be advertised via our website.

The privacy policy was last reviewed in February 2020.

Our obligations under the Privacy Act

This privacy policy sets out how we comply with our obligations under the Privacy Act 1988 (Privacy Act). This Privacy Policy ensures we comply with the Australian Privacy Principles (APP) in the Privacy Act which regulate how we collect, use, store and disclose personal information, and how individuals may access, and correct personal information held about them.

Personal information

Personal information is defined in s 6(1) of the Privacy Act as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not, and
  • whether the information or opinion is recorded in a material form or not’.

What constitutes personal information will vary, depending on whether an individual can be identified or is reasonably identifiable in the particular circumstances. For example, personal information could include:

  • a name or address
  • bank account details
  • photos or videos
  • information about an individual’s mannerisms, their opinions or where they work.

Sensitive information Sensitive information is a subcategory of personal information with additional requirements under the Privacy Act. Sensitive information is defined in the Privacy Act as information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record that is also personal information; health information about an individual, genetic information about an individual, biometric information that is to be used for the purpose of automated biometric verification/identification and biometric templates.

The kinds of personal information collected and held by Throughlines

We collect and hold a variety of personal information, as included in the list below:

Personal Information

  • name
  • age and gender
  • contact details (including address, phone and email addresses)
  • bank account details
  • employment details (including occupation, qualifications, CV and remuneration)
  • education details (level of education, study assistance and courses)
  • financial information (ABN)
  • details of products and services we have provided to you and/or that you have enquired about, and our response to you;
  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
  • additional personal information that you provide to us, directly or indirectly, through your use of our Site, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
  • any other personal information requested by us and/or provided by you or a third party.

Sensitive information
(a subset of Personal information)

  • racial or ethnic origin
  • political opinion or association
  • religious beliefs or affiliations
  • philosophical beliefs
  • trade or professional associations and memberships
  • health or genetic information

Dealing with Throughlines without being identified or using a pseudonym

The Australian Privacy Principles introduce the option for individuals to not identify themselves, or the option of using a pseudonym when dealing with some entities in relation to a particular matter (unless it is impracticable to do so, or we are legally required to deal with individuals who identify themselves).
An entity does not have to comply with this if it is impracticable for the entity to deal with individuals who have not identified themselves. Generally, it would be impractical for Throughlines to provide this option, however we are open to discussing this option should the need arise.

How Throughlines collects and holds your personal information

How Throughlines collects your personal information

When we collect personal information about you, in the majority of cases, we will collect this information directly from you or your therapist (our client). However, there may be times where we may collect personal information from an agent or a third party. If this occurs, such collection will be in accordance with the APPs.

Other entities that may collect your personal information on behalf of Throughlines

As well as collecting personal information directly from you, Throughlines may also collect your personal information through other individuals or organisations acting on behalf of Throughlines including those such as contracted service providers.

Methods of collection

When we collect personal information, we may do this through using forms (either electronic or hard copy), online portals, other electronic or paper correspondence (including emails and written correspondence) and at times verbal conversations or interviews.
Throughlines collects personal information in a variety of ways, including (but not limited to):

  • paper-based forms
  • electronic forms
  • databases
  • telephone communications
  • email communications

The purpose of collection is important as it restricts how we can use and disclose your personal information, unless an exception in the Privacy Act applies. This is discussed in more detail later in this privacy policy.

Unsolicited personal information

On occasion, unsolicited personal information is provided to Throughlines by individuals (or other entities) without it being requested. Throughlines deals with this personal information in accordance with the APP that relates to unsolicited personal information (APP 4).

Information collected through our website and online services

Information can be collected by using our website and online services. Some of this may be personal information, which is summarised in the list below:

Emails and electronic forms

We may record your email address if you send us a message online. Your email address will not be added to a mailing list unless you have provided it to us in order to subscribe to one of our subscription services.
Where you choose to send us a completed electronic form that includes your personal details, we collect personal information such as name, address and email address. The information collected by email or electronic forms will be used only for the purpose for which you provided it, unless an exception applies.

Payment information

If you choose to pay for a service or product using secure credit card payment facilities, you will be asked to provide your credit card details. Credit card details are encrypted from the moment they are entered into an electronic form. All other information entered into an electronic form will be encrypted upon submission to the department.
Throughlines stores encrypted credit card details only until the industry standard charge back period has expired (currently 10 months).

Google Analytics

Throughlines uses Google Analytics, a web analytics service provided by Google Incorporated (Google). Reports obtained from Google Analytics are used to help improve our website. Google Analytics uses ‘cookies’ to help analyse how users use the site.
The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States of America. Google will use this information for the purpose of evaluating your use of our website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
By using Throughlines website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Please refer to Google’s privacy policy for further information.

How Throughlines holds your personal information

Throughlines is considered to ‘hold’ your personal information where it:

  • physically possesses a record containing your personal information, or
  • has the right or power to deal with the information, even if it does not physically possess it (such as where the personal information is stored on servers owned by a third party, to which we have access to, or in archived files).

Throughlines also holds personal information in a range of audio-visual, paper and electronic based records. Personal information is held on the basis that it meets the collection and security requirements of the APPs, and our own policies and procedures.

Storing and securing personal information

The following outlines how we store and secure personal information:

  • All staff are provided file maintenance training to ensure information (including personal information) is managed in an efficient, uniform and accountable manner. This includes how documents (including those which contain personal information) should be treated and how to identify information which may or may not need to form part of an official record. This also includes how documents should be secured on a day to day basis including a clear desk routine.
  • We provide staff training in a number of areas including risk, record keeping, information security, FOI and privacy.
  • We provide staff training on best practice for managing emails and how information contained in electronic information should be held, stored and secured.
  • We have IT Security Systems in place to ensure we hold and secure electronic information safely (including personal information). Presently this system is Zoho Security.

Personal information held by third parties.

Under the Privacy Act Throughlines is required to take measures to ensure that when your personal information is to be held by a third party, that the third party complies with the same privacy requirements applicable to us.
Throughlines has privacy clauses in all of its legal documents, including funding deeds, services contracts and various other ad-hoc arrangements. This is to ensure third parties that we deal with are required to handle personal information in accordance with the APPs.

Retention and destruction of personal information

Throughlines will take reasonable steps to destroy or de-identify your personal information if we no longer need it for the purpose it was collected, unless:

  • it is contained in a Commonwealth record, or
  • we are required by law or a court/tribunal order to retain the information.

The purposes for which Throughlines collects, holds, uses and discloses your personal information

The purpose for Throughlines collecting your personal information is important as it restricts how we can use and disclose your personal information, unless an exception in the Privacy Act applies. Unless an exception applies, Throughlines will:

  • only use or disclose your personal information for the purpose it was collected, and
  • notify you of this purpose at the time of collection, or as soon as practicable after collection.

Throughlines will only use or disclose your personal information for another purpose where it is able to do so in accordance with the Privacy Act.

There are a number of general purposes for which we collect your personal information. To provide further information regarding these purposes, the list below outlines the purpose for which information is typically collected, including information about how personal information is used and disclosed in accordance with that purpose. It also includes some brief information regarding how we restrict access to your personal information.

Purpose of Collection: To contact and communicate with you.
Use and disclosure: Personal information may be disclosed to third parties.
Access: Throughlines staff responsible for the particular task.

Purpose of Collection: To communicate with our client (your therapist) on your behalf.
Use and disclosure: Personal information will be used to communicate with individuals. It may be disclosed to relevant third parties.
Access: Throughlines staff responsible for administration.

Purpose of Collection: To manage client contact books and client information records
Use and disclosure: Personal information may be disclosed to third parties.
Access: Throughlines staff responsible for the particular task.

Purpose of Collection: To manage client schedules and calendars.
Use and disclosure: Personal information may be disclosed to third parties.
Access: Throughlines staff with the responsibility for distribution of requested information.

Purpose of Collection: To provide our services to our clients.
Use and disclosure: Personal information may be disclosed to third parties.
Access: Throughlines staff responsible.

Purpose of Collection: For internal record keeping, administrative purposes, invoicing and billing
Use and disclosure: Personal information may be disclosed to third parties.
Access: Throughlines staff responsible.

Purpose of Collection: For analytics, market research and business development, including to operate and improve our Site, associated applications and associated social media platforms.
Use and disclosure: Personal information may be disclosed to third parties.
Access: Throughlines staff responsible.

How to access and seek correction of your personal information

Individuals have a right to request access to their personal information and to request its correction if it is inaccurate, out of date, incomplete, irrelevant or misleading.

Throughlines will take reasonable and practicable steps to provide you access and/or make a correction to your personal information, unless we consider there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes.
Otherwise, if Throughlines corrects your personal information, at your request, we will also take reasonable steps to notify other organisations (bound by the Privacy Act) of the correction; if we have previously disclosed your personal information to those organisations.

How you can complain about the treatment of your personal information and how the complaint will be handled

You can make a complaint if you believe Throughlines has breached the APPs or mishandled your personal information.

Privacy breaches can be caused by a variety of factors, affect different types of personal information and give rise to a range of actual or potential harm.

Consequently, there is no single way of responding to a privacy breach. Each breach will need to be dealt with on a case-by-case basis.

General procedures for making a privacy complaint

If you believe Throughlines has breached the APPs or mishandled your personal information:

  1. Contact Throughlines: In the first instance, any privacy concerns or complaints should be reported to us, this can be done by email at
  2. Reasonable amount of time: throughlines will acknowledge your concern or complaint promptly upon receipt, if you provide your contact details. Throughlines is committed to an efficient, considered and fair resolution of concerns or complaints. All complaints are taken seriously, and you can expect to be treated fairly and equitably.

Internal procedures for privacy breaches and/or complaints

The following steps outlines our internal procedures for a privacy complaint and/or breach:

  1. Contain the breach and undertake preliminary assessment;
  2. Identify who needs to be made aware of the breach internally and externally;
  3. If the preliminary assessment finds that a serious breach has occurred Throughlines will engage a more detailed investigation to find out if we have breached our obligations under The Privacy Act.
  4. Internal investigative report will be compiled advising on the findings and any recommended actions.