OUR PRIVACY POLICY
[Last updated: 1 July 2026]
Your privacy is important to us at North Shore & City Hypnotherapy (“NSCH”, “we”, “our” or “us”).
We are a health service provider and, as such, we are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) regardless of our annual turnover.
Our Australian Business Number (ABN) is 31 125 377 817.
Please carefully read and understand this Privacy Policy, as it sets out our policy on the collection, use and disclosure of information about you when you access ozhypnotherapy.com.au (“Website”) and use our products and services provided through the Website (“Services”), including making a booking or placing an order to use such Services.
Your use of the Website is also subject to our Terms of Use.
Any new features added to the Services are also subject to this Privacy Policy.
1. Consent
By using the Website and our Services, you accept the provisions of this Privacy Policy.
Information collected by us is subject to the Privacy Policy in effect at the time it is collected.
You can review the most current version of this Privacy Policy at any time on this page.
This Privacy Policy may be amended from time to time.
If we make an amendment, the date at the top of this page will be updated, and in the case of a material amendment we may give you additional notice, such as by posting an announcement on the Website.
You will be taken to have accepted an amended Privacy Policy if you continue to use the Website and/or Services after it takes effect.
You are advised to review this page whenever you access the Website.
This Privacy Policy is in addition to our Terms of Use.
We do not make representations about third-party websites linked to the Website.
Once you leave our Website, you are no longer governed by this Privacy Policy.
As we are not responsible for the privacy practices of other websites, we encourage you to read their respective privacy policies.
2. Collection of Information
We collect information about you by asking you to provide it, and automatically through your use of the Website.
Some information we collect is “Personal Information” – information that identifies you as an individual, or could reasonably be used to identify you, including your name, residential address, email address, phone number, and credit card number.
Some of the information we collect during a consultation or booking – such as details about your health, medical history, or the reason you are seeking hypnotherapy – is “Sensitive Information” (including “health information”) under the Privacy Act.
We only collect Sensitive Information with your consent, and only where reasonably necessary to provide our Services to you. See clause 3 below.
When you access the Website, make a booking or purchase our Services, contact us for support, or otherwise communicate with us, we may ask you to provide Personal Information.
You may choose not to provide Personal Information, but if you withhold it, you may not be able to fully access or use the Website and our Services.
3. Types of Information Collected by Us
Information collected by us is classified as follows:
[Personal identifiers] Your first and last names, title and date of birth.
[Contact information] Your name, email address, residential address, mobile number, home phone number, etc.
[Account information] Your username (email) and password, where applicable.
[Health information – Sensitive Information] Information you provide during a booking or consultation about your health, medical or psychological history, the issue you are seeking help with, and any notes we make in the course of providing our Services to you.
This is “Sensitive Information” under the Privacy Act and receives a higher level of protection.
We only collect it with your consent (which you give by providing it to us) and only to the extent reasonably necessary to provide our Services, assess your suitability for hypnotherapy, and keep an accurate clinical record.
We do not use or disclose this information for any other purpose without your further consent, except where required or authorised by law.
[Payment information] Debit/credit card number and expiry date, billing address, etc.
(Note) We collect debit/credit card details and billing address in order to secure a booking and process payments for our Services. Card details are securely transmitted to our payment processor, Stripe, for the sole purpose of processing payments. Stripe is responsible for securely storing card details and limiting access to authorised users. We do not store any debit/credit card details on our Website or in any facility operated by us.
[Transaction information] Details of Services you have booked or ordered from us and payments made for them.
[Records of Communication] Messages sent through the Website, email messages, telephone conversations and other exchanges between us.
(Note) Information you contribute publicly, such as testimonials, reviews, comments or opinions on the Website, social media, or elsewhere, will be treated as publicly-available information.
[Preference information] Your preferences to receive marketing from us, the kind of marketing you would like to receive, and how you wish to communicate with us.
[Technical Information] Information about the hardware and software you use to access the Website, including your IP address, browser type and version, device and operating system.
[Usage information] Your frequency of use of the Website and Services, pages visited, and whether you have received, read or replied to our messages.
4. Email Addresses and Direct Marketing
We may send notification emails to the email address you provide regarding bookings, cancellations, purchases, billing or other activities that are part of the Services and relate to you.
We may send periodic news, updates and/or related service information.
You may opt out of marketing emails at any time by following the unsubscribe instructions included in each email, and any commercial electronic messages we send will comply with the Spam Act 2003 (Cth), including by identifying us as the sender and providing a functional unsubscribe facility.
5. Log Files
As with most websites, we automatically gather certain information and store it in log files, which log visitors to the Website and track actions occurring on it.
This includes IP addresses, browser type, referring/exit pages, operating system, date/time stamps, and clickstream data.
We may combine this automatically-collected log information with other information we hold about you, to improve our Website and Services.
It is used for analysis of trends, administration of the Website, tracking of user behaviour, and collection of demographic information.
6. Tracking Technologies
We use cookies – small files that often include a unique anonymous identifier – to provide certain features and functionality, by storing information including your preferences and the pages you access or visit, and to optimise your experience by customising Website content based on browser type and other information.
We do not store sensitive personal information, such as mailing addresses or account passwords, in the cookies we use.
Type of Cookies We Use
Cookies can be “Persistent” or “Session” cookies. Persistent cookies remain on your device when you go offline; session cookies are deleted when you close your browser. We use both, for the purposes below.
Necessary/Essential Cookies – Session cookies, administered by us. Essential to provide the Website’s services and enable certain features; they help authenticate users and prevent fraudulent use of accounts.
Cookies Policy/Notice Acceptance Cookies – Persistent cookies, administered by us. Identify whether users have accepted our use of cookies.
Functionality Cookies – Persistent cookies, administered by us. Let us remember choices you make, such as login details or language preference, for a more personal experience.
Tracking and Performance Cookies – Persistent cookies, administered by third parties. Track traffic to and use of the Website; information gathered may be linked to a pseudonymous identifier associated with your device. We may also use these to test new pages or features.
Targeting and Advertising Cookies – Persistent cookies, administered by third parties. Track your browsing habits so we, or third-party advertisers with our permission, can show advertising more likely to interest you.
Your Choices Regarding Cookies
If you prefer to avoid cookies, you must disable them in your browser and delete any already saved. You may do this at any time. If you do not accept our cookies, you may experience inconvenience and some features may not function properly.
Visit your browser’s help pages (e.g. Chrome, Edge, Firefox, Safari) for instructions on deleting or refusing cookies.
We also use similar technologies such as web beacons, tags and pixels to analyse trends, track user behaviour and gather demographic information, including how you interact with our email messages.
7. Disclosure to Third Parties
We do not sell, exchange, or trade your Personal Information to any third party.
Personal Information may be accessed by our third-party service providers – namely our booking, payment and analytics providers – only to the extent necessary to administer, manage, operate and improve our Website and Services.
The service providers we currently use are:
(a) Acuity Scheduling, to manage bookings and store client contact and appointment information (including, where you provide it, health information relevant to your booking). Acuity Scheduling is operated by a US-based provider, so using it involves disclosing your information to an overseas recipient;
(b) Stripe, to process payments. Stripe is a PCI-DSS compliant payment processor that may store and process data outside Australia (including in the United States); and
(c) Google Analytics, to understand Website traffic and usage (see below).
Cross-border disclosure: Before disclosing your information to these overseas providers, we take reasonable steps to ensure they handle it consistently with the Australian Privacy Principles – including by relying on their published security and privacy commitments and standard contractual terms.
However, an overseas recipient may not always be subject to privacy obligations equivalent to the APPs, and by using the Website and our Services (including by making a booking or payment) you consent to this disclosure.
If you would prefer not to have your information disclosed overseas in this way, please contact us to discuss alternative arrangements before booking.
Please be advised that our third-party service providers have their own privacy policies, which are outside the scope of this Privacy Policy.
Our Services may also be delivered to you via third-party communication platforms such as Zoom, FaceTime, Teams, WhatsApp or Signal, where you agree to a session being conducted this way; those platforms’ own privacy policies will apply to information handled through them.
Our Website uses Google Analytics. You may opt out by following these instructions.
We may be required to disclose Personal Information in response to lawful requests by public authorities, such as government or regulatory requests, including to meet law enforcement requirements. We may also disclose your Personal Information as required by law – for example, to comply with a subpoena or court order – or when we believe in good faith that disclosure is necessary to protect the rights, property or safety of NSCH, our clients or others, or to investigate fraud.
If we are involved in a merger, acquisition or sale of all or part of our business, we will notify you by email and/or a prominent Website notice of any change in ownership or use of your Personal Information, and any choices available to you.
8. Security
We are committed to keeping your information secure.
Your Personal Information is stored in a manner that reasonably protects it from misuse, loss, and unauthorised access, modification or disclosure.
We review and update our security measures having regard to current technology, and aim to protect the security, integrity and confidentiality of Personal Information both in transmission and once received.
Our Website uses SSL encryption: a current SSL certificate verifies our identity to your browser and encrypts data you submit, indicated by a closed padlock or other trust mark in your browser.
Any information submitted through our forms is encrypted on transmission using SSL.
Once received, we take reasonable steps to keep it secure on our systems. However, no data transmission over the internet can be guaranteed to be completely secure; transmission of Personal Information is at your own risk, and we are not responsible for circumvention of security measures on the Website beyond our reasonable control.
For your protection, we never store debit/credit card numbers on our servers. Card information you provide is processed by our payment gateway, Stripe, using encryption during transmission.
If we experience a data breach that is likely to result in serious harm to you (an “eligible data breach” under the Notifiable Data Breaches scheme), we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as soon as practicable, in accordance with our obligations under the Privacy Act.
9. Use of Our Website and Services by Minors
Our Website and Services are intended for adults. Data about all visitors to the Website is collected automatically regardless of age, and we recognise some visitors may be minors.
If you are under 18, you may use our Website and access our Services only with the consent of, and where a booking is made and health information provided by, your parent or guardian, who is responsible for the accuracy of any information provided on the minor’s behalf.
10. Retention Period
We keep your Personal Information for as long as we need it to: provide the Services you have requested; comply with the law and our legal obligations, including any period required by tax authorities; and resolve disputes and enforce our agreements, including supporting a claim or defence in court.
Consistent with recognised good practice for health records in Australia, we generally retain clinical/health information for a minimum of seven years from the date of your last consultation with us, or, if you were a minor at the time of that consultation, until you turn 25 – whichever is longer.
When Personal Information is no longer needed for the purpose it was collected, we take reasonable steps to destroy or permanently de-identify it.
11. Accessing and Updating Your Information
You may access the Personal Information that you have provided to us at any time by logging in to your account.
Please keep the information you have given us accurate and up to date, to avoid any problems accessing our Services.
If you discover that information we hold about you is incorrect, you may ask us to correct, update, amend, delete or deactivate it by contacting us.
We will respond to your request as soon as practicable and, in any event, within a reasonable timeframe, generally within 30 days.
When we receive a request to access, correct or delete Personal Information, we will take reasonable steps to verify your identity before taking any action, to safeguard your information.
If we refuse a request for access or correction, we will tell you why (unless we are not required by law to do so) and how you may complain about our refusal.
12. Complaints and Inquiries
If you have any complaints or queries about our Privacy Policy, or wish to make a privacy complaint, please contact us:
North Shore & City Hypnotherapy Sydney
POBOX 3086, North Turramurra, Sydney, NSW 2074, Australia
TEL: 02-9943-1106
We will investigate your complaint and aim to respond within 30 days.
If you are not satisfied with our response, or how we have handled your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC): oaic.gov.au, or by phoning 1300 363 992.
