TMRG Pty Ltd (ACN 697 921 574) trading as The Modern Recovery Group

Privacy Policy

Version 9.0 | Effective Date: June 2026

Governed by the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs)

1. About This Policy

TMRG Pty Ltd (ACN 697 921 574), trading as The Modern Recovery Group (TMRG, we, us, our), is committed to protecting your privacy and handling your personal and sensitive information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and applicable professional and ethical standards of the Australian Counselling Association (ACA).

This Privacy Policy explains how we collect, use, store, disclose and protect your information when you access our website, enquire about our services, or engage with us as a client.

Our Founder and Director, Jodi Lee Gordon, is an ACA Level 2 Registered Counsellor and Qualified Peer Support Practitioner and is bound by the ACA Code of Ethics and Practice in all client interactions.

2. Information We Collect

2.1 Personal Information

We collect personal information necessary to provide our services, including:

  • Full name, date of birth and contact details

  • Emergency contact details

  • General practitioner (GP) name and contact information

  • How you heard about TMRG

  • Service enquiries and correspondence

2.2 Sensitive Information (Health Information)

As a health service provider, we collect sensitive information including:

  • Mental health history and current presentation

  • Substance use history where relevant to counselling

  • Current medications

  • Previous counselling or therapeutic history

  • Session notes and clinical records

  • Goals, progress and outcomes within your program

We only collect the minimum amount of sensitive information reasonably necessary to provide our services with your express written consent. You will be asked to provide this consent through your intake form prior to your first appointment.

2.3 Website and Technical Information

When you visit our website, we may collect:

  • IP address and browser type

  • Pages visited and time spent on the website

  • Device and operating system information

  • Referral source (how you arrived at our website)

This information is collected via cookies and analytics tools. See Section 10 (Cookies) for full details.

3. How We Collect Your Information

We collect your information through the following means:

  • Website enquiry forms

  • Client intake forms (provided to you following initial assessment of your enquiry)

  • Direct correspondence via email or telephone

  • Cliniko, our practice management platform, through which appointments are booked and clinical records are maintained

  • Session notes created by your practitioner during or following appointments

4. Express Consent for Sensitive Health Information

In accordance with APP 3 and APP 6, we are required to obtain your express consent before collecting, using or disclosing sensitive information, including health information.

By completing and signing your intake form, you expressly consent to:

  • The collection of your sensitive health information for the purpose of providing counselling, peer support and related services

  • The storage of your information within Cliniko, a secure, healthcare-compliant practice management platform

  • The use of your information by your TMRG practitioner to plan, deliver and review your care

  • Disclosure of your information to third parties where required by law or where necessary to protect your safety or the safety of others

You have the right to withdraw consent at any time. Requests to withdraw consent should be made in writing. Withdrawal of consent may affect our ability to continue providing services to you.

5. Purpose of Collection

We collect and use your information to:

  • Assess your suitability for our services

  • Provide counselling, peer support and related services

  • Maintain accurate clinical records

  • Manage appointments and billing

  • Meet our legal, ethical and professional obligations

  • Contact you regarding your appointments or care

  • Respond to complaints or enquiries

6. Consequence of Non-Disclosure

If you choose not to provide the personal or health information requested by TMRG, we may be unable to:

  • Provide services to you

  • Assess your suitability for counselling or peer support

  • Manage risk appropriately

  • Meet our legal and ethical obligations as a registered health service provider

We will inform you if non-disclosure prevents us from providing all or part of our services.

7. Storage and Security

Your information is stored securely within Cliniko, a healthcare-compliant practice management platform. Cliniko maintains industry-standard security measures including encryption, access controls and regular security audits. In the event of a data breach involving personal information, TMRG will respond in accordance with the Notifiable Data Breaches scheme under the Privacy Act where applicable.

Clinical records and associated documentation are retained for a minimum of seven (7) years from the date of last service, in accordance with applicable health records legislation. Records relating to clients who were minors at the time of service are retained until the client turns 25, or for seven years from the date of last service, whichever is longer.

Access to your records is restricted to your TMRG practitioner and, where applicable, authorised personnel directly involved in your care.

8. Disclosure of Your Information

8.1 When We May Disclose

We may disclose your personal or health information in the following circumstances:

  • Where you have provided express written consent

  • Where disclosure is required by law (including mandatory reporting obligations)

  • Where there is a serious and imminent threat to your life or safety, or the life or safety of another person

  • To your nominated emergency contact or GP where clinically necessary and appropriate

  • To our clinical supervisor for the purposes of professional supervision (de-identified where possible)

8.2 Third-Party Platforms

We use third-party platforms in the delivery of our services, including:

  • Cliniko (practice management and secure client communications) cliniko.com

  • Zoom Workplace Pro (secure telehealth session delivery) zoom.us

  • Stripe (payment processing) stripe.com

  • Ventra IP (email and domain hosting) ventraip.com.au

  • Microsoft 365 (business email and document management) microsoft.com

  • Flodesk (email marketing and Community subscriber list management) flodesk.com

  • Squarespace (website and landing page hosting) squarespace.com

We may disclose your personal information to third-party platforms.

Email communication is not end-to-end encrypted. All sensitive clinical communications should be conducted through the Cliniko client portal. By engaging our services, you acknowledge the inherent security limitations of general email correspondence.

9. Cross-Border Disclosure

Some of the third-party platforms we use may store or process data on servers located outside Australia. By engaging our services, you expressly consent to the collection, use, storage and cross-border disclosure of your personal and sensitive health information in accordance with this Privacy Policy. By consenting, you acknowledge that the protections under APP 8.1 of the Privacy Act will not apply to those overseas recipients, and that you will not be able to seek redress under the Privacy Act in relation to the handling of your information by those recipients.

We take reasonable steps to ensure that any overseas recipients handle your information in a manner consistent with the Australian Privacy Principles.

10. Cookie Policy

10.1 What Are Cookies

Cookies are small text files placed on your device when you visit our website. They allow us to recognise your browser and collect information about how you use our website.

10.2 What Cookies We Use

We use the following types of cookies on our website:

  • Essential cookies required for the website to function

  • Analytics cookies to understand how visitors use our website

  • Functional cookies to remember your preferences and improve your experience

  • Marketing cookies if and when we run advertising campaigns (you will be notified if this changes)

10.3 Who Collects This Data

TMRG Pty Ltd collects cookie data. Analytics data may be processed by third-party tools. This data is used to improve our website and services and is not used to identify you personally without your consent.

10.4 Your Cookie Consent

When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or decline non-essential cookies. Essential cookies cannot be disabled as they are required for the website to function. You may withdraw or change your cookie consent at any time through your browser settings.

11. Direct Marketing

We do not use your health information for direct marketing purposes.

We may use your personal information to send you direct marketing communications from time to time where you have given express consent to receive such communications. Direct marketing means promotional or advertising content about our services, offers or any other health-related content which is sent electronically to you. Any such direct marketing communications will be sent by email, SMS, push notification, or other electronic means. You may withdraw your consent to receive direct marketing at any time by following the unsubscribe instructions in the relevant communication. Your choice to opt in or out of direct marketing will not affect the provision of our services or any transactional communications you receive.

TMRG operates The Modern Recovery Community, a free subscriber list through which we send updates, news and communications to people who have opted in through our website. By subscribing to The Modern Recovery Community, you expressly consent to receiving email communications from TMRG. You may unsubscribe at any time using the unsubscribe link provided in any communication. Subscriber information is managed through Flodesk and is kept separate from clinical client records. Subscribing to The Modern Recovery Community does not constitute a service enquiry, establish a therapeutic relationship or create a duty of care.

12. Access and Correction

You have the right to access personal information we hold about you and to request correction of any information that is inaccurate, incomplete or out of date.

To make an access or correction request, please contact us using the details in Section 15. We will respond to your request within 30 days. In some circumstances, we may be unable to provide access to certain information. We will explain any such refusal in writing.

13. Privacy Complaints

13.1 Internal Complaints

If you have a concern or complaint about the way we have handled your personal information, please contact us in writing at privacy@themodernrecoverygroup.com. We will acknowledge your complaint within five (5) business days and respond substantively within 30 days.

13.2 External Complaints OAIC

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: oaic.gov.au

  • Phone: 1300 363 992

  • Post: GPO Box 5218, Sydney NSW 2001

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal obligations. The current version will always be available at www.themodernrecoverygroup.com/privacy-policy. We encourage you to review this policy periodically.

15. Contact Us

For all privacy-related enquiries, access requests or complaints, please contact:

Privacy Officer

TMRG Pty Ltd, trading as The Modern Recovery Group

Email: privacy@themodernrecoverygroup.com

General enquiries: info@themodernrecoverygroup.com

Website: www.themodernrecoverygroup.com

This Privacy Policy is governed by the laws of New South Wales, Australia.

TMRG Pty Ltd | ACN 697 921 574 | info@themodernrecoverygroup.com | www.themodernrecoverygroup.com