A note from us, before we get into the formal stuff:
We don't keep secrets here. At Recovery in Mind, we believe in being open and transparent about how we look after your information, because we want you to feel confident and safe whenever you're working with us, visiting our website, or just having a look around.Privacy can be a dry topic, especially when you're already managing a lot. So we've done our best to write what follows in plain English. No legalese, no fine print, no surprises. Just a clear explanation of what we collect, what we do with it, who we share it with (and who we don't), and the choices you have along the way.If anything is unclear, or you'd like to ask a question, please reach out. We would much rather have the conversation than leave you wondering.
---------------------------------------------------------------------------------------------------------------------------------------------------
Privacy Policy (including Cookies, Ai and personal information)
Last updated: 3 May 2026
IntroductionRecovery in Mind Occupational Therapy (Recovery in Mind, we, us, our) is a mental healthoccupational therapy practice and registered NDIS provider based at 495 Princes Highway,Narre Warren, Victoria 3805. We are committed to protecting the privacy of every personwho visits our website, contacts us, or receives our services.This Privacy Policy explains what information we collect, how we collect it, howwe store and protect it, who we share it with, how long we keep it, and the choices and rightsyou have. It also explains how our internal artificial intelligence (AI) assistant, Pickle, fits intoour practice, and the cookies and similar technologies used on our website.This policy applies to participants (clients), prospective clients, family members andsupporters, referrers, employees, contractors, students, volunteers, and anyone whointeracts with our website at https://recoveryinmind.com.au or with Recovery in Mind in anyother way.
We comply with the Privacy Act 1988 (Cth), the Health Records Act 2001 (Vic), and otherrelevant Australian and Victorian legislation, which is referenced in this policy where itapplies. By using our website or our services you accept the practices described in thispolicy.
Information We CollectWe only collect personal information that is reasonably necessary to provide safe, highquality occupational therapy services and to operate our website lawfully. The kinds ofinformation we collect fall into three broad categories.
Personal information which may include:• Full name, preferred name and pronouns.• Date of birth, age, gender identity, and cultural or language background whererelevant to your care.• Contact details, including postal address, email address, and phone numbers.• Emergency contact details and details of family members, carers, supportcoordinators, plan managers, or guardians involved in your care, with your consent.• NDIS participant number, plan details, plan manager details, and funding category.• Medicare number, private health insurance details, or other funder information whereapplicable.
Sensitive and health information which may include:Sensitive information receives a higher level of protection under the Privacy Act 1988 (Cth)and the Health Records Act 2001 (Vic). With your consent, we collect and create:• Health and medical history, diagnoses, medications, and allergies.• Mental health information, trauma history, and risk assessments where clinicallyrelevant.• Disability information, sensory profiles, communication preferences, and reasonableadjustments.• Therapy goals, assessment findings, progress notes, treatment plans, reports, andclinical observations.• Communications and reports exchanged with your referrer, treating practitioners,NDIS supports, family, or carers with your consent.• Signed consent forms and service agreements
Website and technical information which may include:• Internet Protocol (IP) address, approximate location derived from IP, browser typeand version, operating system, device type, and unique device identifiers.• Pages of our website you visit, the date and time of your visit, time spent on eachpage, referring website, and search terms used to reach us.• Information you provide through online forms, including the website contact form,referral form, and newsletter sign up.• Cookies and similar tracking technologies, described in the Cookies and TrackingTechnologies section below.
How We Collect Your InformationWherever it is reasonable and practical, we collect personal information directly from you.We may also collect information from other people or organisations with your consent, orwhere authorised or required by law. Examples of how we may collect your information include:• Directly from you, in person, by phone, by email, through our website forms, orthrough electronic forms sent through our practice management system.• From your nominated referrer or treating practitioner, with your consent.• From your NDIS support coordinator, plan manager, or the National DisabilityInsurance Agency (NDIA).• From a parent, guardian, advocate, or substitute decision maker where you do nothave capacity to consent and the disclosure is lawful.• Automatically when you visit our website, through cookies and analytics tools.
How We Use Your InformationWe use your personal information only for the primary purpose for which it was collected, forclosely related purposes you would reasonably expect, or for any other purpose to which youhave consented or which is authorised or required by law. The main purposes include:• Providing safe, high quality occupational therapy assessment and intervention.• Communicating with you about appointments, reports, and your care.• Liaising with your referrer, treating practitioners, NDIS supports, family or carers withyour consent.• Preparing reports for the NDIA, funders, or other practitioners with your consent.• Issuing invoices and managing payment, including with NDIS plan managers, theNDIA, Medicare, or private funders.• Meeting our obligations under the Privacy Act 1988 (Cth), Health Records Act 2001(Vic), NDIS Act 2013 (Cth), NDIS Code of Conduct, NDIS Practice Standards, FairWork Act 2009 (Cth), Work Health and Safety Act 2011 (Cth), and AustralianTaxation Office requirements.• Managing complaints, feedback, incident reporting, and continuous improvement.• Operating, securing, and improving our website.• Sending occasional updates and resources to referrers and other professionalcontacts. We do not add participants to marketing mailing lists. Every email we sendincludes a clear unsubscribe option, and you can opt out at any time.• Complying with legal obligations, including mandatory reporting of child abuse andneglect under the Children, Youth and Families Act 2005 (Vic), authorisedinformation sharing under the Child Information Sharing Scheme and the FamilyViolence Information Sharing Scheme, court orders, subpoenas, or lawful requestsby regulators.
How we Store and Protect Your InformationRecovery in Mind is committed to data sovereignty and privacy by design. We hold yourinformation in secure cloud and on premises systems, with technical, physical, andadministrative controls in place at every layer.
Clinical records: Clinical records are kept in Zanda, our secure cloud based practicemanagement system. Data is encrypted in transit and at rest in line with Zanda securitystandards. Access requires individual usernames and strong passwords, with multi factorauthentication enabled. Staff accounts are disabled the day after a staff member leaves.
Organisational documents: Operational, governance, employment, and financialdocuments are stored on Microsoft SharePoint, with enterprise grade encryption, folder levelpermissions, version history, and automated backups. Clinical staff and administrative staffonly see the folders relevant to their role.
AI environment (Pickle): Our AI assistant Pickle runs on a privately controlled gateway,OpenWebUI, hosted on a server physically located at our practice in Narre Warren.Documents and chat content stay on this local server. Access to Pickle is protected by Cloudflare Zero Trust, which blocks anyone who is not signing in with a Recovery in Mindemail address. Role based access control limits backend access to authorised IT andmanagement personnel. The AI section below explains this in more detail.
Physical records: We aim to keep records electronically wherever possible. Where anypaper notes exist, they are kept secure within our office, never left in public areas, andconfidential paper waste is shredded.
Other safeguards:• Strong individual passwords, changed at least annually, with no password sharing.• Multi factor authentication on key clinical and email systems.• Remote access only through a secure virtual private network (VPN).• Office locked outside business hours, alarmed, and with controlled access.• Mandatory privacy, cyber security, and AI training for all staff at induction andannually.• Regular review of our Information Security Policy, Data Management and Storage
Procedure, and Data Breach Response PlanWhile we use industry recognised safeguards, no method of transmission over the internetor electronic storage is completely secure. We cannot guarantee absolute security but wework continuously to protect your information and to respond quickly to any concerns.
Who We Share Your Information WithWe do not sell your personal information. We share information only where it is necessary todeliver your care, to operate our practice and website, or where we are authorised orrequired by law. Information is shared with:• You and your authorised representatives: such as a guardian, advocate, parent,or person with legal authority.• Other treating practitioners and referrers: for example general practitioners,psychiatrists, psychologists, support coordinators, and NDIS providers, with yourconsent.• Funders: the National Disability Insurance Agency (NDIA), NDIS plan managers,Medicare, the Department of Veterans’ Affairs, private health insurers, or employers,where you have asked us to invoice or report to them.• Regulators and oversight bodies: including the NDIS Quality and SafeguardsCommission, the Office of the Australian Information Commissioner (OAIC), theHealth Complaints Commissioner Victoria, the Australian Health Practitioner Regulation Agency (AHPRA), and Occupational Therapy Australia, where reporting isrequired or permitted by law.• Trusted service providers: carefully selected suppliers who help us run our practiceand website. These currently include Zanda (practice management), Microsoft(Microsoft 365 and SharePoint), Cloudflare (security and access control), our websitehosting provider, our accountant, our IT support providers, and our supervision andclinical governance partners. These providers are bound by confidentiality andprivacy obligations and only access information they need to provide their service.• Law enforcement, courts, and child or family violence authorities: wheredisclosure is required by law, court order, subpoena, mandatory reporting obligationsunder the Children, Youth and Families Act 2005 (Vic), authorised informationsharing under the Child Information Sharing Scheme or the Family ViolenceInformation Sharing Scheme (under the Family Violence Protection Act 2008 (Vic)),or to lessen or prevent a serious threat to life, health, or safety.• In the event of a business transfer: if Recovery in Mind is involved in a sale,merger, restructure, or transfer of all or part of its business, your information mayform part of the assets transferred. Any successor will be bound to handle yourinformation in line with this policy and Australian privacy law.We do not disclose your information to overseas recipients other than through trustedtechnology providers (such as Microsoft) for the operation of standard business systems.Where overseas storage or processing occurs, we choose providers that meet recognisedsecurity standards and we use Australian based services or Australian data residencywherever practical.
Artificial Intelligence and Our AI Assistant PickleRecovery in Mind uses an internal AI assistant called Pickle to support our occupationaltherapists with administrative work, professional writing, and clinical drafting. Pickle is part ofhow we reduce paperwork so that our therapists can spend more time directly with you. Wehave built Pickle around the principles of safety, transparency, ethics, data sovereignty, andhuman oversight.
Where Pickle lives and how it works:• Pickle runs on OpenWebUI, a private, controlled gateway hosted on a serverphysically located at our Narre Warren practice.• Documents and chat content uploaded to Pickle stay on this local server. They do notleave our environment.• When Pickle needs to generate a response, only the plain text excerpts that formyour prompt are sent through a secure application programming interface (API) to anenterprise grade AI inference service. The provider of this service does not store ortrain on our prompts and does not use them to refine its main models.• Access to Pickle is protected by Cloudflare Zero Trust. Only people signing in with aRecovery in Mind email address can reach the login screen. Role based accesscontrol limits backend access to authorised IT and management staff.• We do not use public AI tools such as ChatGPT, Claude, or Gemini to process yourpersonal or health information.
What we use Pickle for:• Drafting and proofreading reports, letters, and clinical documentation in thetherapist’s own voice.• Translating complex information into plain English on request.• Reviewing and improving practice resources, templates, and policies.• Administrative tasks such as drafting emails, agendas, and meeting summaries.• With your consent, supporting clinical documentation through AI assistedtranscription, where every draft is reviewed and corrected by your therapist before itenters your record.
What we never use Pickle for:• To make final decisions about your care, eligibility, funding, or service provision. AI isnever a decision maker. The treating occupational therapist remains 100%accountable for all clinical decisions and documentation.• To create clinical observations or content that did not actually occur.• To process information using public or third party AI products that we have notassessed and approved.• To train external, public, or third party AI models. Your data is never used for modeltraining outside our environment.
Your choices about AI:• Where AI may be used in your care, your written consent is recorded in your serviceagreement.• You can refuse AI assisted tools at any time without disadvantage. We will provide afully human led alternative.• You can withdraw consent at any time. Future use of AI in your care will stopimmediately, although we may not be able to remove AI assisted drafts that havealready been reviewed, corrected, and saved into your clinical record.• You can ask us how Pickle has been used in your care and we will tell you in clear,plain language.
AI GovernancePickle and any other AI tool we use are governed by our internal AI Governance and RiskFramework, AI Acceptable Use Policy, AI Specific Privacy Policy, AI Risk and ImpactAssessment Procedure, AI Informed Consent Procedure, AI Transcription andDocumentation Protocol, Bias Detection and Mitigation Protocol, Human Oversight andReview Procedure, AI Incident Management and Reporting Procedure, Staff AI Training andCompetency Protocol, and Disciplinary Policy for AI Misuse. These policies follow Australia’sAI Ethics Principles, the Safe and Responsible AI in Australia framework, and the OAIC’sguidance on the use of commercially available AI products. They are reviewed at leastannually.
Cookies and Tracking TechnologiesCookies are small text files placed on your device when you visit a website. We use cookiesand similar technologies on our website to keep it secure, to remember your preferences,and to understand how visitors use our pages so that we can keep improving them.Types of cookies we use• Strictly necessary cookies: required for our website to operate, including security,authentication, and basic functionality. Without these, parts of the site will not work.• Functionality cookies: remember your preferences, such as accessibility settings,so you do not need to re enter them every time you visit.• Performance and analytics cookies: help us understand which pages are visited,how long visitors spend on them, and where any errors occur. This information isaggregated and does not identify you personally.• Consent cookies: record whether you have accepted or declined non essentialcookies on our website.
Your choices about cookies• You can accept or decline non essential cookies through any cookie banner shownwhen you visit our website.• You can change your browser settings at any time to refuse, restrict, or deletecookies. Some parts of our website may not function correctly if you do.• You can opt out of analytics cookies through the relevant analytics provider, or byusing browser based opt out tools. How Long We Keep Your InformationWe keep your information for as long as we need it for the purposes set out in this policy,and for as long as we are legally required to keep it. Under the Health Records Act 2001(Vic), health service providers must keep health records for at least seven years from thedate of last service for adults, or until a child reaches 25 years of age. Our RecordsManagement and Retention Policy sets out the detail. In summary:• Adult clinical records are kept for a minimum of seven years from the date of lastservice.• Clinical records for children are kept until the participant turns 25 years old.• Personnel and contractor records are kept for seven years after the end ofengagement.• Financial and tax records are kept for at least seven years (Australian Taxation Officerequirements).• Governance records, including approved policies, insurance, and key decisions, arekept permanently.• AI governance records, AI risk assessments, and AI assisted clinical drafts that haveentered the clinical record are kept for seven years.• Backups follow our standard retention cycle, with routine restore points kept for 90days and overall retention aligned with the categories above.When information is no longer required and we are not legally obliged to keep it, digitalrecords are securely overwritten or deleted, and physical records are shredded by acontractor with a destruction certificate kept on file. Your Privacy RightsUnder the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic), you haveimportant rights about your information. Recovery in Mind respects and supports theserights. They include:• Right to be informed: you have the right to know what we collect, why, how it isused, and who it is shared with. This policy is part of how we meet that right.• Right of access: you can request a copy of your personal and health information.We will respond within 30 days, with a possible extension to 60 days for complexrequests, and provide records securely. We do not charge for access, although asmall copying fee may apply for very large requests.• Right to correction: if your information is inaccurate, out of date, incomplete,irrelevant, or misleading, you can ask us to correct it. We will assess your requestwithin 14 days. If we do not agree to a correction, you can ask us to attach astatement of dispute (up to one page) to your record.• Right to withdraw consent: you can withdraw your consent for us to shareinformation with referrers, family, or other parties at any time. We will record yourwithdrawal and act on it from that point forward.• Right to refuse AI: you can refuse the use of AI assisted tools in your care withoutdisadvantage. A human led alternative will always be available.• Right to opt out of marketing: you can opt out of any non essentialcommunications at any time using the unsubscribe link in our emails or by contactingus.• Right to complain: you can raise a concern with us at any time. You can alsocomplain to external regulators (see Contact and Complaints below) at no cost.To exercise any of these rights, please contact our Privacy Officer using the details at theend of this policy. We may need to verify your identity before we act on your request. Data Breach NotificationA data breach is the unauthorised access, loss, or disclosure of personal information that islikely to result in serious harm. We take suspected and actual breaches very seriously. We will:• Contain the breach as quickly as possible, including, where needed,disconnecting affected systems and revoking compromised access.• We will assess what information was involved and who is affected, supported by ourIT providers and Privacy Officer. The Notifiable Data Breach assessment will becompleted expeditiously, ideally within 48 hours and within 30 days at the latest.• Where a breach meets the threshold of an eligible data breach under the NotifiableData Breaches scheme, we will notify the Office of the Australian InformationCommissioner (OAIC) and the affected individuals as soon as practicable.• Where a breach is also a reportable incident under the NDIS (Incident Managementand Reportable Incidents) Rules 2018, we will notify the NDIS Quality andSafeguards Commission within 24 hours and submit a comprehensive report withinfive business days, in line with section 73Z of the NDIS Act 2013 (Cth).• We will tell you what happened, what information was involved, what we are doingabout it, and what you can do to protect yourself.• After every incident we review our systems and policies, update our Risk Register,and adjust our controls to reduce the chance of recurrence. Children’s Privacy and SafetyRecovery in Mind provides services to young people, and adults (typically ages 16+). Where we workwith children we collect and handle information with their parents or legal guardians underthe Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic). We follow the VictorianChild Safe Standards under the Child Wellbeing and Safety Act 2005 (Vic), and we complywith mandatory reporting obligations under the Children, Youth and Families Act 2005 (Vic).Where it is lawful and appropriate to do so, we share information through the ChildInformation Sharing Scheme and the Family Violence Information Sharing Scheme topromote the safety and wellbeing of children, young people, and people at risk of familyviolence. Information shared in this way is limited to what is necessary, proportionate, andpermitted by these schemes. Where information about a child is collected through our website (for example, when a parent fills in a referral form), it is handled by their parent or guardian. We do not invite or encourage children to submit their own personal information directly through this website. Equal Access and Non-DiscriminationRecovery in Mind provides services to all participants without unlawful discrimination, in linewith the Disability Discrimination Act 1992 (Cth) and the Equal Opportunity Act 2010 (Vic).We aim to keep our website and our services accessible, with reasonable adjustmentsavailable on request. We welcome feedback at any time about adjustments that would help you engage withour care. Links to Other WebsitesOur website may contain links to other websites that we do not operate, including socialmedia platforms, NDIS resources, professional associations, and government information.We are not responsible for the content or privacy practices of these third party sites. Weencourage you to read their own privacy policies before sharing personal information. Changes to This PolicyWe review this Privacy and Cookie Policy at least annually, and whenever there is asignificant change to our services, our technology, or relevant law. The current version isalways available on our website. The Last Updated date at the top of this policy shows whenit was most recently revised. Significant changes will be highlighted on our website and,where appropriate, communicated to existing participants by email. Contact and ComplaintsIf you have any questions about this policy, want to access or correct your information, wantto withdraw consent, or want to raise a concern about how your information has beenhandled, please contact our Privacy Officer:• Privacy Officer: Bianca Parsons, Director.• Email: info@recoveryinmind.com.au• Address: Recovery in Mind Occupational Therapy, 495 Princes Highway, NarreWarren, Victoria 3805.We will acknowledge your contact within two business days and aim to resolve anycomplaint within 30 days, with a possible extension to 60 days for complex matters.If you are not satisfied with our response, you can contact an external body at no cost toyou:• Office of the Australian Information Commissioner (OAIC): for privacy concernsunder the Privacy Act 1988 (Cth). Visit www.oaic.gov.au or call 1300 363 992.• Health Complaints Commissioner Victoria: for concerns about a health service orhealth information. Visit hcc.vic.gov.au or call 1300 582 113.• NDIS Quality and Safeguards Commission: for concerns about NDIS supports orservices, including AI assisted services. Visit www.ndiscommission.gov.au or call1800 035 544.
Your choices about cookies• You can accept or decline non essential cookies through any cookie banner shownwhen you visit our website.• You can change your browser settings at any time to refuse, restrict, or deletecookies. Some parts of our website may not function correctly if you do.• You can opt out of analytics cookies through the relevant analytics provider, or byusing browser based opt out tools. How Long We Keep Your InformationWe keep your information for as long as we need it for the purposes set out in this policy,and for as long as we are legally required to keep it. Under the Health Records Act 2001(Vic), health service providers must keep health records for at least seven years from thedate of last service for adults, or until a child reaches 25 years of age. Our RecordsManagement and Retention Policy sets out the detail. In summary:• Adult clinical records are kept for a minimum of seven years from the date of lastservice.• Clinical records for children are kept until the participant turns 25 years old.• Personnel and contractor records are kept for seven years after the end ofengagement.• Financial and tax records are kept for at least seven years (Australian Taxation Officerequirements).• Governance records, including approved policies, insurance, and key decisions, arekept permanently.• AI governance records, AI risk assessments, and AI assisted clinical drafts that haveentered the clinical record are kept for seven years.• Backups follow our standard retention cycle, with routine restore points kept for 90days and overall retention aligned with the categories above.When information is no longer required and we are not legally obliged to keep it, digitalrecords are securely overwritten or deleted, and physical records are shredded by acontractor with a destruction certificate kept on file. Your Privacy RightsUnder the Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic), you haveimportant rights about your information. Recovery in Mind respects and supports theserights. They include:• Right to be informed: you have the right to know what we collect, why, how it isused, and who it is shared with. This policy is part of how we meet that right.• Right of access: you can request a copy of your personal and health information.We will respond within 30 days, with a possible extension to 60 days for complexrequests, and provide records securely. We do not charge for access, although asmall copying fee may apply for very large requests.• Right to correction: if your information is inaccurate, out of date, incomplete,irrelevant, or misleading, you can ask us to correct it. We will assess your requestwithin 14 days. If we do not agree to a correction, you can ask us to attach astatement of dispute (up to one page) to your record.• Right to withdraw consent: you can withdraw your consent for us to shareinformation with referrers, family, or other parties at any time. We will record yourwithdrawal and act on it from that point forward.• Right to refuse AI: you can refuse the use of AI assisted tools in your care withoutdisadvantage. A human led alternative will always be available.• Right to opt out of marketing: you can opt out of any non essentialcommunications at any time using the unsubscribe link in our emails or by contactingus.• Right to complain: you can raise a concern with us at any time. You can alsocomplain to external regulators (see Contact and Complaints below) at no cost.To exercise any of these rights, please contact our Privacy Officer using the details at theend of this policy. We may need to verify your identity before we act on your request. Data Breach NotificationA data breach is the unauthorised access, loss, or disclosure of personal information that islikely to result in serious harm. We take suspected and actual breaches very seriously. We will:• Contain the breach as quickly as possible, including, where needed,disconnecting affected systems and revoking compromised access.• We will assess what information was involved and who is affected, supported by ourIT providers and Privacy Officer. The Notifiable Data Breach assessment will becompleted expeditiously, ideally within 48 hours and within 30 days at the latest.• Where a breach meets the threshold of an eligible data breach under the NotifiableData Breaches scheme, we will notify the Office of the Australian InformationCommissioner (OAIC) and the affected individuals as soon as practicable.• Where a breach is also a reportable incident under the NDIS (Incident Managementand Reportable Incidents) Rules 2018, we will notify the NDIS Quality andSafeguards Commission within 24 hours and submit a comprehensive report withinfive business days, in line with section 73Z of the NDIS Act 2013 (Cth).• We will tell you what happened, what information was involved, what we are doingabout it, and what you can do to protect yourself.• After every incident we review our systems and policies, update our Risk Register,and adjust our controls to reduce the chance of recurrence. Children’s Privacy and SafetyRecovery in Mind provides services to young people, and adults (typically ages 16+). Where we workwith children we collect and handle information with their parents or legal guardians underthe Privacy Act 1988 (Cth) and the Health Records Act 2001 (Vic). We follow the VictorianChild Safe Standards under the Child Wellbeing and Safety Act 2005 (Vic), and we complywith mandatory reporting obligations under the Children, Youth and Families Act 2005 (Vic).Where it is lawful and appropriate to do so, we share information through the ChildInformation Sharing Scheme and the Family Violence Information Sharing Scheme topromote the safety and wellbeing of children, young people, and people at risk of familyviolence. Information shared in this way is limited to what is necessary, proportionate, andpermitted by these schemes. Where information about a child is collected through our website (for example, when a parent fills in a referral form), it is handled by their parent or guardian. We do not invite or encourage children to submit their own personal information directly through this website. Equal Access and Non-DiscriminationRecovery in Mind provides services to all participants without unlawful discrimination, in linewith the Disability Discrimination Act 1992 (Cth) and the Equal Opportunity Act 2010 (Vic).We aim to keep our website and our services accessible, with reasonable adjustmentsavailable on request. We welcome feedback at any time about adjustments that would help you engage withour care. Links to Other WebsitesOur website may contain links to other websites that we do not operate, including socialmedia platforms, NDIS resources, professional associations, and government information.We are not responsible for the content or privacy practices of these third party sites. Weencourage you to read their own privacy policies before sharing personal information. Changes to This PolicyWe review this Privacy and Cookie Policy at least annually, and whenever there is asignificant change to our services, our technology, or relevant law. The current version isalways available on our website. The Last Updated date at the top of this policy shows whenit was most recently revised. Significant changes will be highlighted on our website and,where appropriate, communicated to existing participants by email. Contact and ComplaintsIf you have any questions about this policy, want to access or correct your information, wantto withdraw consent, or want to raise a concern about how your information has beenhandled, please contact our Privacy Officer:• Privacy Officer: Bianca Parsons, Director.• Email: info@recoveryinmind.com.au• Address: Recovery in Mind Occupational Therapy, 495 Princes Highway, NarreWarren, Victoria 3805.We will acknowledge your contact within two business days and aim to resolve anycomplaint within 30 days, with a possible extension to 60 days for complex matters.If you are not satisfied with our response, you can contact an external body at no cost toyou:• Office of the Australian Information Commissioner (OAIC): for privacy concernsunder the Privacy Act 1988 (Cth). Visit www.oaic.gov.au or call 1300 363 992.• Health Complaints Commissioner Victoria: for concerns about a health service orhealth information. Visit hcc.vic.gov.au or call 1300 582 113.• NDIS Quality and Safeguards Commission: for concerns about NDIS supports orservices, including AI assisted services. Visit www.ndiscommission.gov.au or call1800 035 544.