ACON Health Limited trading as ACON

Background and Policy Statement

Client confidentiality has been an underpinning philosophy and foundation of ACON’s work since its inception in 1985. ACON is subject to the Privacy Act 1988 (‘the Privacy Act’) and the Australian Privacy Principles (APPs) contained in the Privacy Act. The APPs set out the way organisations such as ACON can collect, use, disclose and provide access to personal and sensitive information.

ACON is committed to the protection of your privacy. This Privacy Policy describes how we handle your personal and sensitive information and ensures we manage this information consistently with the APPs. The policy also explains how a client can have information changed or altered if it is incorrect or out of date.

This policy applies to the whole of ACON, the Board, staff (including all levels of management), volunteers and contracted service partners.


Privacy Act 1988

The Privacy Act 1988 sets out a client’s rights and ACON’s responsibility relating to any personal information held about them. The Act provides clients with the right to know why ACON holds their personal information, what information is held about them, how ACON will use that information and under what circumstances their personal information may be divulged to others.

Privacy Amendment (Enhancing Privacy Protection) Act 2012

The Act put in place the APPs which regulate how organisations such as ACON should collect, keep, use and disclose personal information. ACON complies with and, wherever possible, strives to exceed the requirements of the Act. ACON complies with all of APPs.

The thirteen APP’s allow for individuals to exercise rights and choices about how their personal and health information is handled in the private health sector. The Act also gives people these rights over personal information held by other private sector organisations.

In addition, the National Health and Medical Research Council (NHMRC) has issued guidelines (s.95 and s.95A), approved by the Privacy Commissioner. These guidelines balance the protection of an individual’s health information with the need for ethically approved research using individuals’ health data without consent.

Clients have the right to request access to their personal information and for it to be changed or altered if incorrect or out of date. Under special circumstances outlined in AAP 12, ACON may refuse to allow a client to see information held about them, but is required under the Act to explain why. The Act provides that a client may make a complaint to ACON or the Privacy Commissioner if they think their information is not used or held appropriately and in accordance with the Act.

Further Information on Federal Privacy Laws

The Office of the Australian Information Commissioner’s website contains detailed information on privacy

New South Wales Privacy Laws

The Privacy and Personal Information Protection Act 1998 deals with how all New South Wales public sector agencies manage personal information. It also sets out the role of the NSW Information and Privacy Commission.

While the PPIP Act applies primarily to the New South Wale public sector, when private sector organisations contract with NSW government agencies to provide services to them, the terms of the contract will sometimes require the organisation to follow the Information Protection Principles (IPPs) in how it delivers those services.

The Health Records and Information Privacy Act 2002 (HRIP Act) governs the handling of health information in the public sector, and it also regulates the handling of health information in the private sector in New South Wales.

The 15 health privacy principles (HPPs) are the key to the Health Records and Information Privacy Act (HRIP Act). They are legal obligations describing what organisations (NSW public and private sector) must do when they collect, hold, use and disclose health information. These roughly parallel the Federal principles.

Other relevant New South Wales laws include, but are not limited to:



Personal Information

The Act provides that personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable. Personal information includes such things as a person’s full name, date of birth, gender, address and other contact details.

Sensitive Information

The Act recognises that information of a more sensitive nature may be collected by organisations such as ACON in order to provide clients with or refer them to particular services. Sensitive information is a subset of personal information. It means information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, gender identification, criminal record or health information about an individual.

Appendix A provides a short summary that sets out clearly expressed policies on the way ACON manages personal information. It must be made available to anyone who asks for it.

Enforcement related activity means:

  • the prevention, detection, investigation, prosecution or punishment of:
    (i) criminal offences; or
    (ii) breaches of a law imposing a penalty or sanction; or
  • the conduct of surveillance activities, intelligence gathering activities or monitoring activities; or
  • the conduct of protective or custodial activities; or
  • the enforcement of laws relating to the confiscation of the proceeds of crime; or
  • the protection of the public revenue; or
  • the prevention, detection, investigation or remedying of misconduct of a serious nature, or other conduct prescribed by the regulations; or
  • the preparation for, or conduct of, proceedings before any court or tribunal, or the implementation of court/tribunal orders.

Permitted Health Situations

Under section 16B of the Privacy Amendment Act, a permitted health situation may provide an exemption to the requirements of AAP6 in relation to the health information of an individual.


permitted health situation exists if collection of the information is necessary to provide a health service to the individual, and the collection is either required or authorised by or under an Australian law (other than this Act); or the information is collected in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind ACON.

permitted health situation may also exist in relation to the collection of health information about an individual if the collection is necessary for research relevant to public health or safety; the compilation or analysis of statistics relevant to public health or public safety; or the management, funding or monitoring of ACON as a health service.

However, the collection of personal information in these research-related circumstances are permitted only if the purposes above cannot be served by the collection of information about the individual that is de-identified information and it is impracticable for ACON to obtain the individual’s consent to the collection where:

  • the collection is required by or under an Australian law (other than this Act);
  • the information is collected in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the ACON;
  • the information is collected in accordance with guidelines approved under section 95A of the Privacy Act for these purposes.

Use or Disclosure (Research etc)

A permitted health situation may exist in relation to the use or disclosure by an organisation of health information about an individual if:

  • the use or disclosure is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety; and
  • it is impracticable for the organisation to obtain the individual’s consent to the use or disclosure; and
  • the use or disclosure is conducted in accordance with guidelines approved under section 95A of the Privacy Act for the purposes of this paragraph; and
  • in the case of disclosure—the organisation reasonably believes that the recipient of the information will not disclose the information, or personal information derived from that information.

Disclosure – Responsible Person for An Individual

permitted health situation may exist in relation to the disclosure by ACON of health information about an individual if the organisation provides a health service to the individual; and the recipient of the information is a responsible person for the individual; and the individual is physically or legally incapable of giving consent to the disclosure; or physically cannot communicate consent to the disclosure; and another individual (the carer) providing the health service for ACON is satisfied that either the disclosure is necessary to provide appropriate care or treatment of the individual; or the disclosure is made for compassionate reasons.

The disclosure cannot be contrary to any wish expressed by the individual before the individual became unable to give or communicate consent; and of which the ACON carer is aware, or of which the ACON carer could reasonably be expected to be aware; and is limited to the extent reasonable and necessary to provide appropriate care or treatment of the individual; or the disclosure is made for compassionate reasons.




ACON’s Privacy Policy and this FAQ Sheet are publicly available through ACON’s website. Copies of this FAQ may also be obtained through the contact details provided at the end of this document.

On request by an individual, ACON will take reasonable steps to let that individual know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.

ACON has a complaints procedure for anyone who believes their information is not being handled properly or in accordance with this policy. A copy of ACON’s complaints procedure may also be obtained through the contact details at the end of this FAQ.

Notification and Collection

When individuals engage with us, we may collect and hold some or all of the following personal

  • Contact information: We may collect information such as individual’s name, address, age or date of birth, contact number and email address;
  • Payment information: We may collect information from individuals in order for them to pay for services. This includes individual’s names, contact number and email address.
  • Health information: We may collect health information that is relevant to our services, which may include medical or health records.

If individuals choose not to provide the information ACON request from them, ACON may not be able to
provide them with the services, resources and other tools that they may require.

When collecting personal information, ACON will take reasonable steps to make an individual aware of:

  • What ACON is and how to contact us; and
  • The purpose(s) of the collection; and
  • Consequences (if any) to the individual of non-collection; and
  • How to gain access to the information; and
  • Why the information is collected; and
  • To whom (if anyone) ACON may disclose the information; and
  • Any law or court/tribunal order that requires the information to be collected; and
  • The consequences (if any) to the individual if all or part of the information is not provided; and
  • ACON’s complaint handling process; and
  • Any potential overseas disclosure and, if so, the countries to which the disclosure will be made.

ACON uses fair and lawful ways to collect personal information and only collects personal information that is necessary for our functions or activities. We collect personal information directly from the individual whenever it is reasonable and practicable to do so.

If ACON collects personal information about an individual from someone else, we will take reasonable steps to ensure that the individual is made aware of the matters listed below, except to the extent that making the individual aware of the matters would pose a serious threat to the life, health or safety of any individual or to public health and safety.

ACON always gets consent to collect sensitive information unless specified exemptions apply.

How ACON uses individual’s information

We may collect, hold, use and disclose individuals personal information for the following purposes:

  • Access: Enable individuals to access our website and services;
  • Support: Send individuals service, support and administrative messages, reminders, technical notices, updates, and information requested by individuals;
  • Marketing: Send individuals marketing and promotional messages and other information that may be of interest to individuals, including information sent by, or on behalf of, relevant business partners that individuals may find interesting; and
  • Law: Comply with laws, and assist government or law enforcement agencies where
    individuals are required and authorised to do so.

Use and Disclosure

Information about an individual will only be used or disclosed to others by ACON in ways which meet that individual’s expectations or are required by law.

ACON will only use or disclose personal information for a purpose other than the primary purpose for which it was collected if:

  • the other purpose of collection is directly related to the stated purpose; and
  • the client would reasonably expect ACON to use or disclose information for the related purpose; or
  • the client gave permission for its use or disclosure.

ACON will only use or disclose personal information without the individual’s consent, when:

  • it is in the interest of an individual’s health, life or safety;
  • in the interest of public health or safety; or
  • ACON is required or authorised to do so by law.

ACON may disclose health information about an individual to a person responsible for that individual such as a legally appointed guardian.

Under limited exceptions, ACON may permit the collection, use or disclosure of information for secondary purposes of:

  • locating a missing person;
  • establishing, exercising or defending a legal equitable claim;
  • confidential alternative dispute resolution;
  • ACON prohibits the use or disclosure of your personal information for direct marketing purposes, except where you would reasonably expect ACON to use or disclose the information for this purpose (e.g., service promotion); and you were given the option not to receive direct marketing communications from ACON and you chose not to make such a request.

‘Opt Out’ option for ACON Direct Marketing Communications

Where we use personal information to send an individual marketing and promotional information by post, email or telephone, ACON will provide them with an opportunity to opt-out of receiving such information. If an individual does not wish to receive direct marketing communications from ACON, they can also contact ACON at, 414 Elizabeth Street, Surry Hills 2010 NSW, Tel: + 61 2 92062000 and email:

Data Quality

ACON will take all reasonable steps to ensure that personal information collected, used or disclosed about a client is as appropriate, accurate and current as possible.

Data Security

ACON undertakes to ensure that all personal information is kept in a secure place or manner. We will take all reasonable steps to protect client information from misuse, loss, unauthorised or unnecessary access, interference, alteration or disclosure. ACON undertakes to destroy or de-identify personal information when it is no longer required for any purpose or by law.

Access and Correction

Access to an individual’s information is limited to those ACON personnel (staff or volunteers) who require the information for the effective provision of a service to that individual or those specifically authorised at the individual’s request. ACON personnel may not divulge any identifying information about a client to others except where necessary to provide appropriate service to that individual.

ACON will provide individuals with access to their personal information upon request. The individual may arrange an appointment to view their personal information or they may request a written copy. To obtain access to, or copies of, or to correct or up-date their personal information a client will need to complete a ‘Personal Information Inquiry’ form.

Access and Correction of Personal Information

Under some circumstances, it may be inappropriate for ACON to provide an individual access to their personal information (e.g., providing access would pose a serious threat to the life or health of any individual; or would have an unreasonable impact upon the privacy of other individuals). ACON will provide reasons for any denial of access or a refusal to correct personal information.

At an individual’s request ACON will correct any out-of-date or inaccurate information. ACON will do this either over the phone or face-to-face. An individual may arrange an appointment to view their personal information or they may request a written copy.

To obtain access to, or copies of, or to correct or up-date personal, sensitive, information a client will need to complete the ‘Personal Information Inquiry’ form. To change just their contact details a client will need to complete the ‘Change of Address’ form. Copies of both of these online forms are available here.

ACON contact details are at the end of this document.


ACON does not use identifiers or reference numbers assigned by other organisations or government departments or services (e.g., tax file number).

ACON does not release its own membership or client case file numbers to other organisations. Nor do we divulge any information that may in any way identify a particular individual to other organisations, or to ACON staff or volunteers.


Wherever practicable and lawful, ACON will provide a client with the option of interacting with ACON anonymously or through use of a pseudonym.

Transborder Data Flows

ACON will only send client information to a third-party interstate or in a foreign country with that client’s prior consent or where required by law.

Sensitive Information

ACON will not collect sensitive information about a client without their consent unless, the collection is necessary to prevent or lessen a serious threat to health or life, or the collection is required by law.

ACON in some instances may collect information without an individual’s consent if the person concerned is physically or legally incapable of giving consent.

ACON may also collect sensitive information without consent in accordance with rules established by competent health or medical bodies that deal with the obligations of professional confidentiality (e.g., client case notes kept about counselling sessions with professionally recognised psychotherapists or session case notes kept by counsellors).

Complaints Management

ACON has a Complaints Management Policy. A copy of this policy is available by emailing or telephoning ACON Reception on (02) 9206 2000.

ACON is committed to supporting, and applying the key principles of an effective complaints procedure, and ensures that:

  • Complaints are carefully considered to ensure procedural fairness and natural justice and are resolved as quickly as possible.
  • The confidentiality of the complainant and related parties are respected throughout the complaint resolution process.

Complaints can be made via telephone, face to face, by email or letter and email it to You can also complete the electronic Complaint Registration Form here.


For any questions about ACON’s Privacy Policy contact our media officer by telephone 02 9206 2000, e-mail, fax Attn ACON Media Officer (02) 9206 2069.

ACON Sydney – (02) 9206 2000

Northern Rivers – (02) 6622 1555

Hunter/Mid North Coast – (02) 4962 7700

The Privacy Commissioner’s website contains detailed information on privacy obligations including a copy of the Privacy Act

Privacy guidelines for health service providers at set out the standards for collecting, storing, using and disclosing personal information.



ACON materials may be reproduced in part or in full with acknowledgment to ACON. Commonwealth and NSW government information and materials on this website, including data, pages, documents, graphics, images and webpages, audio and video are protected by copyright, unless specifically notified to the contrary.

Use of material and information

You may download, store in cache, display, print and copy a single copy or part of a single copy of information or material from this site only for your personal, non-commercial use and only in an unaltered form.

Information or material from this site may be used for the purposes of private study, research, criticism or review, as permitted under the Copyright Act 1968 and may only be reproduced as permitted under the Copyright Act 1968 (a copy of the Act is available at SCALEplus the legal information retrieval system owned by the Australian Attorney General’s Department, at

Any permitted reproduction made must acknowledge ACON source of any selected passage, extract, diagram or other information or material reproduced. Any reproduction made of the information or material must include a copy of the original copyright and disclaimer notices as set out here.

Commercial and other use

You are not permitted to re-transmit, distribute or commercialise the information or material without full acknowledgement to ACON or by seeking prior written approval from ACON. For written permission to use the information or material from this site, please contact the ACON Online + New Media Producer 02 9206 2000. You may not use this website to sell a product or service, or to increase traffic to your website for commercial reasons, such as advertising sales.

Please contact the ACON Online + New Media Producer 02 9206 2000 with any questions you may have about our website programs or policies, or to provide feedback on this website.

Linking the site

You may link to this site. Permission is not granted to reproduce, frame or reformat the files, pages, images, information and materials from this site on any other site unless express written permission has been obtained from the ACON Online + New Media Producer on 02 9206 2000.

Disclaimer Provision

This website is presented by ACON for the purpose of disseminating health information. This website is not a substitute for independent professional advice. Nothing contained in this site is intended to be used as medical advice and it is not intended to be used to diagnose, treat, cure or prevent any sexually transmitted infection (STI), HIV or hepatitis A, B or C or mental health conditions, nor should it be used for therapeutic purposes or as a substitute for your own health professional’s advice. ACON does not accept any liability for any illness, loss or damage incurred by use of or reliance on the information contained in this website.

Quality of Information

ACON makes every effort to ensure the quality of the information available on this website and updates the information regularly. Before relying on the information on this site, however, users should carefully evaluate its accuracy, currency, completeness and relevance for their purposes, and should obtain any appropriate professional advice relevant to their particular circumstances. ACON cannot guarantee and assumes no legal liability or responsibility for the accuracy, currency or completeness of the information.

Links to other Websites

This website contains links to external websites. ACON takes due care in selecting linked websites. It is the responsibility of the user to make their own decisions about the accuracy, currency, reliability and correctness of information contained in linked external websites.
Linkage to external websites should not be taken to be an endorsement or a recommendation of any third party products or services offered by virtue of any information, material or content linked from or to this site. Users of links provided by this site are responsible for being aware of which organisation is hosting the site they visit.

Views or recommendations provided in linked sites do not necessarily reflect those of ACON.


Every endeavour is made to ensure that this site is secure. However, users should be aware that the World Wide Web is an insecure public network that gives rise to a potential risk that a user’s transactions are being viewed, intercepted or modified by third parties or that files which the user downloads may contain computer viruses or other defects.

ACON accepts no liability for any interference with or damage to a user’s computer system, software or data occurring in connection with this website. Users are encouraged to take appropriate and adequate precautions to ensure that whatever is selected from this site is free of viruses or other contamination that may interfere with or damage the user’s computer system, software or data.

ACON makes every effort to comply with the Information Privacy Principles (1 –3, and 10 and 11) contained within the Commonwealth Privacy Act 1988 in the collection and privacy protection of its website users. A copy of the Act is available at SCALEplus the legal information retrieval system owned by the Australian Attorney General’s Department at

If you have any privacy concerns, you should direct them to the ACON Online + New Media Producer: 02 9206 2000.

Your email address

ACON will only record your email address in the event that you send us a message by email or if you register requesting notifications. Registration for notifications may be made initially by email, postal mail or fax. Your email address will only be used for the purpose for which you have provided it and will not be added to any mailing lists without your prior consent by way of a specific request in writing. We will not use or disclose your email address for any other purpose, without your prior written consent.

Cookies and clickstream

When you visit, access, or use the website, mobile site, application, electronic newsletter or widget that links to this Cookie Policy (collectively “Site”) ACON entities (“us,” or “we”) use cookies and other tracking technologies to deliver and improve the Site, and to display relevant content, products, services and advertising.

This Cookie Policy explains these technologies, including cookies, local storage, pixels, web beacons, and flash cookies, and how you can control them. In this policy, we will refer to all these technologies as “Cookies”.

We hope that this Cookie Policy helps you understand, and feel more confident about our use of Cookies. If you have any further queries or requests, please contact us at
By using the Site, you agree that we can use these Cookies as described in this Cookie Policy. We may change this Cookie Policy at any time. Please take a look at the Last Updated date at the start of this policy to see when this Cookie Policy was last updated. Any changes in this Cookie Policy will become effective when we make the revised Cookie Policy available on or through the Site.

What is a cookie?

Cookies and other tracking technologies (such as browser cookies and local storage, pixel beacons, and Adobe Flash technology including cookies) are comprised of small bits of data or code that often include a de-identified or anonymous unique identifier. Websites, apps and other services send this data to your browser (on your computer or mobile device) when you first request a web page and then store the data on your computer so that such websites, apps and other services can access information when you make subsequent requests for pages from that service. They are widely used in order to make websites work, or work in a better, more efficient way. For example, they can recognise you and remember important information that will make your use of a website more convenient (e.g., by remembering your user preferences).

What Cookie do we use?

We use a variety of different types of Cookies on our Sites. Different Cookies have different specific purposes but in general they are all used so that we can improve your experience in using our Sites and interacting with us. Some of the purposes of different Cookies we use are described below.

  • (A) Some Cookies are essential to the Site in order to facilitate our log-in process and enable you to move around it and to use its features. Without these Cookies, we may not be able to provide certain services or features, and the Site will not perform as smoothly for you as we would like.
  • (B) We may use Cookies to allow us to remember the choices you make while browsing the Site, and to provide enhanced and more personalised content and features, such as customising a certain webpage, providing relevant advertising or editorial content, remembering if we have asked you to participate in a promotion and for other services you request, like watching a video or commenting on a blog.
  • (C) We may use Cookies to receive and record information about your computer, device, and browser, potentially including your IP address, browser type, and other software or hardware information. If you access the Site from a mobile or other device, we may collect a unique device identifier assigned to that device (“UDID”), geolocation data, or other transactional information for that device.
  • (D) We may use analytics Cookies, which are sometimes called performance cookies, to collect information about your use of the Site and enable us to improve the way it works. Analytics Cookies collect information about how you use the Site, for instance, which pages you go to most. The information allows us to see the overall patterns of usage on the Site, help us record any difficulties you have with the Site and show us whether our advertising is effective or not.

Personal Information

Information provided through the ACON website will comply with Australian Privacy Principles (see Glossary below), and particularly principles 1 to 3 and 10 and 11. Stated simply these principles are:

  • Principle 1 – Open and transparent management of personal information
  • Principle 2 – Anonymity and pseudonymity
  • Principle 3 – Collection of solicited personal information
  • Principle 4 – Dealing with unsolicited personal information
  • Principle 5 – Notification of the collection of personal information
  • Principle 6 – Use or disclosure of personal information
  • Principle 7 – Direct marketing
  • Principle 8 – Cross-border disclosure of personal information
  • Principle 9 – Adoption, use or disclosure of government related identifiers
  • Principle 10 – Quality of personal information
  • Principle 11 – Security of personal information
  • Principle 12 – Access to personal information
  • Principle 13 – Correction of personal information

If you have any queries, concerns or require further information relating to privacy and ACON’s website, contact the ACON Online + New Media Producer 02 9206 2000.

How can you opt out of cookie setting?

Most browsers are initially set to accept cookies, but you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the “Help” section of your browser for more information. Please note that by blocking any or all cookies you may not have access to certain features, content or personalisation available through the website.

For more information about targeting and advertising cookies, please visit Your Online Choices.

Who we are

Suggested text: Our website address is:


Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.