Privacy and Confidentiality Policy
Effective date: 7 November 2025
Who I am: I’m Donald van Eupen, a Psychologist based in Queensland, Australia.
Contact: hello@donaldvaneupen.com
I care about your privacy. I follow the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), the Information Privacy Act 2009 (Qld), and my professional duties under the Psychology Board of Australia. This page explains how I handle information in two simple contexts:
Part A - Website visitors (when you’re just browsing)
Part B - Clients (when you book, use the Zanda portal, or receive therapy)
I’ve tried to keep this clear and kind. If anything here is confusing, please email me.
Part A - Website visitors
Can I be anonymous?
You can browse my website anonymously. If you email me, you can use a pseudonym, though I’ll need your real details to provide clinical services.
What I collect on the website
Basic technical data via my host (Squarespace): IP address, browser/device type, pages viewed. This helps run and secure the site.
Email: if you write to hello@donaldvaneupen.com
Cookies: I use essential cookies so the site works. I don’t currently use analytics or ad pixels. If I add tools like Google Analytics, Facebook Pixel, or a newsletter signup later, I’ll update this page and ask for consent where needed.
There are no contact forms on the site, and I don’t collect health information here.
How I use website information
To operate, secure, and improve the site.
To reply to your emails.
Sharing (website)
With providers who help me run the site: Squarespace (hosting) and Microsoft 365 (email).
If I’m legally required to (for example, by a court).
I don’t sell your information.
External links
Sometimes I link to other sites. Their privacy practices are their own.
Part B - Clinical Clients (including bookings & the Zanda portal)
When you book, become a client, or create an account through my Zanda portal, you’re in the clinical context below.
What I collect
Identity & contact: name, date of birth, address, email, phone.
Clinical: what brings you to therapy, relevant background, session notes, treatment plans, outcome measures (if used), referrer/GP details if relevant.
Billing: invoices and payments (not your full card number).
Communications: admin emails/messages related to your care.
How I collect it
From you (intake, sessions, email/phone).
Via the Zanda online portal if you book or create an account.
From referrers/other providers with your consent.
Using digital outcome measures (e.g., through clinical platforms such as NovoPsych)
Where authorised by law (e.g. a subpoena or mandatory reporting).
Why I use it
To provide and plan therapy, keep accurate records, manage bookings, and process payments.
To coordinate care with your GP or other providers with your consent.
To meet legal and professional obligations (for example, record‑keeping).
Where your information is stored
Zanda (records, bookings, billing): hosted in Australia.
Stripe (online payments via Zanda): I don’t see or store your full card details.
Microsoft 365 (email/docs): secure cloud email and files.
NovoPsych: clinical outcome measures
Zoom (telehealth): secure video; I don’t record sessions unless we both agree in writing.
Tyro/HealthPoint (future, in‑person terminal): Australian card processing if I add a physical room.
Overseas handling: Some trusted providers may process information on servers outside Australia (for example Stripe, Microsoft 365, Zoom). I take reasonable steps to ensure they protect your information to Australian standards. By using these services with me, you consent to this overseas handling.
Sharing (clients)
I keep your information confidential. I will only share it:
With your permission (for example, a letter to your GP or a support letter for an insurer at your request).
When the law requires or authorises it, including:
to lessen or prevent a serious risk to life, health, or safety,
mandatory reporting, or
a court/tribunal order.
For professional supervision with senior colleagues. My supervisors are bound by confidentiality.
I don’t use client information for marketing, and I don’t sell data.
The Zanda client portal (bookings + accounts)
If you use the Zanda portal to book or manage appointments, anything you enter there becomes part of your clinical record in Zanda and is covered by this policy. Zanda stores data on Australian servers and uses strong security.
Your choices and rights
Access: You can ask for a copy of your information.
Correction: You can ask me to fix anything that’s wrong or incomplete.
Consent: You can withdraw consent to sharing (unless the law requires disclosure).
I may need to verify your identity before providing access or making corrections. If a request is complex, I’ll discuss timeframes with you and any reasonable copy/admin fees.
Retention
For adults, I keep clinical records for 7 years after your last appointment, then securely delete or destroy them. I also review what I hold and securely delete or de‑identify information when it’s no longer needed and I’m not legally required to keep it.
Data security
I take reasonable steps to protect your information (encryption, MFA, secure systems, least‑access). No system is perfect, but I work to reduce risk and keep your information safe.
If something goes wrong (data breach)
If a data breach occurs that’s likely to result in serious harm, I’ll contact you as soon as practicable and notify the OAIC in line with the Notifiable Data Breaches scheme. I’ll also explain steps you can take and what I’m doing to reduce any risk.
Contact & complaints
If you’re worried about privacy or have a question, please write to me at hello@donaldvaneupen.com. I’ll aim to respond within 30 days. If you’re not satisfied, you can contact the Office of the Australian Information Commissioner (OAIC) (oaic.gov.au, 1300 363 992) or the Psychology Board of Australia/AHPRA (psychologyboard.gov.au, 1300 419 495).
Changes to this policy
If this policy changes, I’ll post the new version here and update the date at the top.