To The Moon & Back
Version 1.1
Date: Oct 2025
Next Review Date: Oct 2026
1.1 Purpose:
To the Moon & Back (TMB) respects every person’s right to privacy and confidentiality. We are committed to protecting the privacy of the personal information we collect and hold about individuals.To the Moon & Back ensures that appropriate standards are maintained to protect the privacy of the data it holds. To allow us to provide you and your family with the best possible services, we need to collect and store personal and health information about you and your child.
To the Moon & Back complies with:
The Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth)
Other privacy laws that govern how private sector health service providers like To the Moon & Back handle personal and health information
The NDIS Code of Conduct
The NDIS Practice Standards
The Association for Behaviour Analysis Australia (ABAA) Code of Ethics and Professional Conduct
The Behaviour Analyst Certification Board (BACB) Professional and Ethical Compliance Code
The Behaviour Support Practitioners Australia (BSPA) Code of Conduct
2.1 To the Moon & Back’s Legal Obligations
To provide you with the health care services that you have requested, To the Moon & Back will need to collect and use your personal information. If you provide incomplete or inaccurate information to us or withhold personal and health information from us we may not be able to provide you with the services you are seeking.
2.2 What information does To the Moon & Back collect?
We will only collect the information we need for the particular function or activity we are carrying out.
We collect information from you that is necessary to provide you with speech pathology services and to manage our relationship with you. The information we collect includes: your name, date of birth, address, health fund details and information about your health history and family history. We require this information to assist the speech pathologist to diagnose and treat you.
2.3 How does To the Moon & Back collect health information?
We will usually collect your health information directly from you. We collect information from a few sources, including:
• Forms (paper/online)
• Electronically, via emails, contact forms or web surveys
• Phone calls and SMS messages
• Directly from you during sessions.
Sometimes, we may need to collect information about you from a third party (such as a relative or another health service provider).
2.4 How does To the Moon & Back use your information?
To the Moon & Back uses your personal information for the purpose you have given the information to us. We will use your information to provide speech pathology/behaviour support services to you, to manage our relationship with you and to contact you in relation to matters concerning your care. We may also use your information for other purposes permitted under the Privacy Act 1988.
Who might we disclose your information to?
Other Health Professionals:
Your personal information will generally only be used by the speech pathologist involved in your care, however on occasion your care may be provided by several health professionals (for example., speech pathologist, occupational therapist and/or psychologist) working or consulting together. We may disclose your information to these health professionals as part of the process of providing your care and to other health professionals involved in your care.
The Referring Practitioner
To the Moon & Back will usually send a discharge summary to the referrer (i.e., your medical practitioner) following discharge from To the Moon & Back or at other times, as required for your care.
If you do not wish us to provide a copy of your discharge summary to the referrer you must let us know. Also, if the referrer’s details have changed please let us know.
Parents, guardians, or legal representatives
We may provide information about your condition to any persons your authorise us to share with.
Government agencies
Keeping children safe is an important role of our service. If concerns are held about a child’s safety, welfare or wellbeing, we may be legally obligated to disclose information without parental consent under Chapter 16A of the Children and Young Persons (Care and Protection) Act 1998.
NDIS and External Auditors
TMB, as a registered NDIS provider, must undergo regular audits to ensure compliance with the NDIS Practice Standards. All NDIS participants of TMB are automatically enrolled in this audit process, which means you may be contacted by the external audit team for an interview, and/or may have your files, records or plans reviewed by an external auditor.
As a client, you have the right to opt out of the client sampling process included in our audit. If you do not wish to participate in the client sampling process, meaning you do not wish to interviewed, or do not wish to have your records be provided as a sample to the auditors, you must complete our Audit Opt Out form available by contacting info@tothemoonandback.net.au or calling 0431 200 085.
Other uses with your consent
To provide the best possible environment in which to treat you, we may also use or disclose your personal and health information where necessary for:
activities such as quality assurance processes, accreditation, audits, risk and claims management, patient satisfaction surveys and staff education and training;
invoicing, billing and account management;
to liaise with your health fund, Medicare or the Department of Veteran’s Affairs and where required provide information to your health fund, Medicare or the Department of Veteran’s Affairs to verify treatment provided to you;
the purpose of sending you standard reminders, for example for appointments and follow-up care, by text message or email to the number or address which you have provided to us.
Other uses and disclosures
With your consent, we may also use your information for other purposes such as including you on a marketing mail list, or research. Please note, however, that unless you provide us with your express consent for this purpose, we will not use your information in this way.
2.5 Access to and correction of your health information
You have a right to access the personal and health information that we hold about you. You can also request an amendment to your personal and health information should you believe that it is inaccurate.
If we do not agree to change your medical record/personal information in accordance with your request, we will permit you to make a statement of the requested changes and we will enclose this with your record.
Should you wish to obtain access to or request changes to your health record you can ask for our Privacy Officer (see details below) who can give you more detailed information about To the Moon & Back’s access and correction procedure.
Please note that To the Moon & Back may recover reasonable costs associated with supplying this information to you.
2.6 Data Quality
To the Moon & Back will take reasonable steps to ensure that your personal information which we may collect, use or disclose is accurate, complete and up-to-date.
2.7 Data Security
To the Moon & Back will take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. We use a combination of access controls, network security measures, encryption, and secure physical storage to safeguard your information.
We destroy or permanently de-identify any personal information that is no longer required for the purpose for which it was collected, unless we are required by Australian law, a court, or a tribunal to retain it.
In line with the Health Records and Information Privacy Act 2002 (NSW), records for children are retained securely until the child turns 25 years of age. Records for adults are retained for seven (7) years after the last occasion of service. After this period, records are securely destroyed.
Information collected from you is stored in locked filing cabinets or in password-protected, secure on-site servers. In addition, To the Moon & Back uses trusted, web-based services for operational purposes:
Splose – scheduling, clinical communication, and invoicing
Microsoft Exchange – secure email communication
Mailchimp – distribution of newsletters and updates
Xero Accounting – financial reconciliation and reporting
Where electronic data is transmitted or stored on overseas servers, To the Moon & Back ensures that these arrangements meet or exceed the standards set out in the Privacy Act 1988 and Australian Privacy Principle 8 (APP 8).
We take contractual and technical measures to ensure that any overseas service providers:
-handle personal information only for the agreed purposes;
-apply privacy and security safeguards equivalent to those required under Australian law; and
-allow To the Moon & Back to retain effective control over how personal information is accessed, used, and deleted.
These arrangements mean that data stored overseas is handled as a controlled use, not an unauthorised disclosure. To the Moon & Back remains responsible for ensuring that all such information is managed in accordance with Australian privacy legislation and the NDIS Practice Standards.
2.8 Withdrawal or limitation of consent at any time.
However, if you do withdraw or limit your consent, it may make it difficult for appropriate services to be provided to you and your child. Without the right information or not enough information, we will not be able to tell what your child and your family needs. If families would like to withdraw their consent, we require this to be completed formally in writing, either via letter or email.
2.9 What to do if you have a complaint about privacy issues
If:
(a) you have questions or comments about this Privacy Policy;
(b) To the Moon & Back does not agree to provide you with access to your personal information; or
(c) you have or a complaint about our information handling practices,
You can lodge a complaint with or contact our Privacy Officer on the details below. We will promptly review your complaint and provide a response to you.
2.10 How to contact us if you have a complaint about privacy issues
Privacy Officer, Kristin Bayley
By email: info@tothemoonandback.net.au
By telephone: 0431 200 085
This section of our Privacy Policy explains how we handle your personal information which is collected from our website: www. To the Moon & Back.com.au.
This Privacy Policy applies to your use of our website and the use of any of the facilities on our website.
3.1 Collection
When you use our website, we do not attempt to identify you as an individual user and we will not collect personal information about you unless you specifically provide this to us.
Sometimes, we may collect your personal information if you choose to provide this to us via an online form or by email, for example, if you:
submit a general enquiry via our contacts page;
register to receive eNewsletters; or
send a written complaint or enquiry to our Privacy Officer.
When you use our website, our Internet Service Provider (ISP) may record and log for statistical purposes the following information about your visit:
-your computer address;
-your top level name (for example, .com.,gov., .org, .au etc.);
–the date and time of your visit;
-the pages and documents you access during your visit; and
-the browser you are using.
Our web-site management agent may use statistical data collected by our ISP to evaluate the effectiveness of our web-site.
3.2 Cookies
A “cookie” is a device that allows our server to identify and interact more effectively with your computer. Cookies do not identify individual users, but they do identify your ISP and your browser type.
This website uses temporary cookies. This means that upon closing your browser, the temporary cookie assigned to you will be destroyed and no personal information is maintained which will identify you at a later date.
Personal information such as your email address is not collected unless you provide it to us. We do not disclose domain names or aggregate information to third parties other than agents who assist us with this website and who are under obligations of confidentiality. You may be able to configure your browser to accept or reject all cookies and to notify you when a cookie is used. We suggest that you refer to your browser instructions or help screens to learn more about these functions. However, please note that if you configure your browser so as not to receive any cookies, a certain level of functionality of the To the Moon & Back website and other websites may be lost.
3.3 Links to third party websites
We may create links to third party websites. We are not responsible for the content or privacy practices employed by websites that are linked from our website.
3.4 Use and disclosure
We will use any personal information collected via our website in accordance with our privacy policy.
Can I withdraw or limit my consent?
Yes, you can. However, if you do withdraw or limit your consent, it may make it difficult for appropriate services to be provided to you and your child. Without the right information or not enough information, we will not be able to tell what your child and your family needs. If families would like to withdraw their consent, we require this to be completed formally in writing, either via letter or email.
Further information
If you need any further information or have any questions or concerns about the collection and use of your personal information you can discuss this with the clinical director, Kristin Bayley, at any time.