Join Now
Join Now

Privacy Policy

Who we are

Our website address is: https://embodiedsupervision.com.au. This website is owned and operated by Sophie Rak, contactable at sophie@embodiedsupervision.com.au or by phone on +61448547000.

DISCLOSURE OF INFORMATION

Your privacy and confidentiality is of utmost importance.  Our supervisors keep notes about themes and case issues discussed in group and individual supervision sessions.  Any client information is de-identified.  You are welcome to view these notes at any time (with notice).  Your details are kept private and secure, and cannot be viewed by anyone other than you or employees of Embodied Supervision.  

Embodied Supervision will not disclose any details of our contact or sessions to anyone unless we have your express permission, feel the safety of you or someone else is at risk, or are legally obligated to via subpoena.  Where possible, we will inform you before doing this.

Where individuals or children are at risk of serious harm, we will enact our ethical obligations to advise the appropriate bodies to ensure safety. 

What personal data we collect and why we collect it

Membership information

For membership/subscription purposes, we collect data such as your name, address and payment details, for the purpose of providing membership service, and knowing how to contact you. This data will be kept confidential unless there is a serious risk to safety to you or another person.

Contact information

We record your contact information for the purposes of use of the website, communication with you, and any safety concerns for you and your clients.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

If you submit a contact form we record data such as name and email address, for the purpose of contacting you in response to your request.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

who we share your data with 

Your data is kept confidential within Embodied Supervision and will not be shared with anyone.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

 

How we protect your data

The Privacy Act 1988 (Cth) and the Australian Privacy Principles protect personal information which belongs to individuals by placing restrictions on how that information can be collected, handled, used and disclosed.

Personal information must be managed in an open and transparent way. This requires us to:

  • Implement practices, procedures and systems to ensure compliance with privacy laws and appropriately handle any enquires or complaints about privacy;
  • Have a clear and up to date Privacy Policy that documents the way we manage personal information, including:
    • The kinds of information we collect;
    • How we collect and hold it;
    • The purposes for which we collect, hold, use and disclose it;
    • How people can access and correct the information we hold about them;
    • How people can make a privacy related complaint and how we deal with such complaints; and
    • Whether we are likely to disclose information to overseas recipients and if so, where they will be located;
  • Report an ‘eligible data breach’ to the Office of the Australian Information Commissioner (OAIC) and any affected individuals.

A privacy breach occurs if we hold personal information about an individual and breach:

  • Our legal obligations in relation to its collection, handling, use or disclosure; or
  • The provisions of our privacy policy and terms and conditions. When you identify an actual or possible privacy breach, report it to the Privacy Officer immediately.

What data breach procedures we have in place

Under the Notifiable Data Breaches scheme, an organisation or agency that must comply with Australian privacy law has to tell you if a data breach is likely to cause you serious harm.

Examples of serious harm include:

  • identity theft, which can affect your finances and credit report
  • financial loss through fraud
  • a likely risk of physical harm, such as by an abusive ex-partner
  • serious psychological harm
  • serious harm to an individual’s reputation

WHAT IS AN ELIGIBLE DATA BREACH?

When an ‘eligible data breach’ occurs, we must usually report it to the OAIC and affected individuals within strict timeframes. However, this may not be required if we act quickly to manage the breach and ensure that it will not cause any serious harm to an individual.

A privacy breach is an eligible data breach if it results in:

  • Unauthorised access to or disclosure of personal information; or
  • Information being lost in circumstances where unauthorised access to or disclosure of personal information is likely to occur, and this is reasonably likely to result in serious harm to an individual. Serious harm can include identity theft and serious physical, psychological, emotional, financial or reputational harm.

Data Breach Response Plan

Embodied Supervision will investigate and deal with privacy breaches in accordance with the following Data Breach Response Plan.

As soon as we become aware of a data breach we will

  1. Contain the breach and do a preliminary assessment within 24 hours of notification of the breach.
  2. If assessed as necessary and may cause serious harm, we will report it to affected individuals and the OAIC.

PROCEDURE

Contain

Contain suspected or known breach where possible. This means taking immediate steps to limit any further access or distribution of the affected personal information, or the possible compromise of other information.

Assess

Assess whether the data breach is likely to result in serious harm to any of the individuals whose information was involved. Within 30 days, we will:

  • Initiate: plan the assessment and assign a team or person
  • Investigate: gather relevant information about the incident to determine what has occurred
  • Evaluate: make an evidence-based decision about whether serious harm is likely, and document this.

Where possible, we will take steps to reduce any potential harm to individuals. This might involve taking action to recover lost information before it is accessed or changing access controls on compromised customer accounts before unauthorised transactions can occur. If remedial action is successful in making serious harm no longer likely, we will progress to the review stage.

Where serious harm is likely we will notify the Commissioner via a statement including the following information:

  • the entity’s identity and contact details
  • a description of the breach
  • the kind/s of information concerned
  • recommended steps for individuals

We will also notify affected individuals, and inform them of the contents of this statement, either by:

  • Notifying all individuals; or
  • Notifying only those individuals at risk of serious harm
  • If neither of these options are practicable, we will publish the statement on our website.

Review

Review the incident and take action to prevent future breaches. This may include:

  • Fully investigating the cause of the breach
  • Developing a prevention plan
  • Conducting audits to ensure the plan is implemented
  • Updating security/response plan
  • Considering changes to policies and procedures
  • Revising staff training practices

If appropriate, we will report the incident to other relevant bodies, such as:

• police or law enforcement
• ASIC, APRA or the ATO
• The Australian Cyber Security Centre • professional bodies
• our financial services provider

Marketing communications

We may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. You can opt out of receiving marketing emails from us at any time.

We do not and never have shared our email list with third parties.

You can ask us to stop sending you marketing messages at any time by following the opt-out links at the bottom of any marketing message sent to you OR by emailing us at sophie@embodiedsupervision.com.au at any time.

Record keeping

Supervision notes will be kept in a secure encrypted server, and are available for viewing at your written request and a time agreed with Embodied Supervision representative. The AASW advises, in the absence of legislation, that social work records should be kept for a period of 7 years following the last contact with the client.

Embodied Supervision adheres to AASW Supervision Standards 2014: https://www.aasw.asn.au/document/item/6027 and the AASW Code of Ethics 2020: https://www.aasw.asn.au/document/item/1201.

We welcome all people to this space: all gender identities, skin colours, cultural backgrounds, relationship preferences and sexual identities.  We embrace diversity of sexuality, relationship, body and neurology.  

We acknowledge the traditional custodians of the land we work and live upon, the Wurundjeri people of the Kulin nation, and recognise their continuing connection to land, water and community.  We pay respect to elders past, present and emerging.  Sovereignty was never ceded.

We are committed to transparency and embrace any and all feedback.

Facebook Instagram
Quick Links
Contact Info