Privacy Policy

Second Sunrise Studio
Effective Date: 19 April 2026

Second Sunrise Studio is committed to protecting your privacy and handling your personal information with care, respect and transparency. We understand that the information you share with us is often sensitive and personal, and we are committed to maintaining your trust.

This Privacy Policy explains how we collect, use, store and disclose your personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and where relevant, the National Disability Insurance Scheme Act 2013 (Cth) and NDIS Practice Standards.

1. Who We Are

Second Sunrise Studio provides psychosocial recovery coaching, mentoring, disability advocacy, NDIS support and related wellbeing services for women and gender-diverse people, including NDIS participants.

2. What Information We Collect

We may collect personal information that is reasonably necessary to provide our services. This may include:

  • Your full name, date of birth, address, phone number and email address

  • Emergency contact details

  • NDIS number, plan details, funding information and support categories

  • Information about your goals, support needs, medical history, disabilities, diagnoses, medications and wellbeing

  • Information about your family, carers, support coordinators or other service providers

  • Appointment history, progress notes, assessments, reports and correspondence

  • Payment information and invoices

  • Website enquiries, intake forms and feedback

We may also collect sensitive information, including health information, where it is reasonably necessary to provide services and you have given consent.

3. How We Collect Information

We may collect information directly from you through:

  • Intake forms and consent forms

  • Service agreements

  • Phone calls, emails and messages

  • Appointments and sessions

  • Website enquiries

  • Referrals from family members, carers, support coordinators, allied health professionals or other providers

  • NDIS plans, reports and supporting documents you provide

In some cases, we may collect information from another person or provider with your consent.

4. Why We Collect Your Information

We collect, use and hold your information to:

  • Provide psychosocial recovery coaching, mentoring and support services

  • Understand your needs, goals and preferences

  • Manage appointments, service delivery and communication

  • Prepare reports, letters of support and NDIS-related documentation

  • Process invoices and payments

  • Communicate with your support network, if you have given permission

  • Meet legal, insurance, safeguarding and compliance obligations

  • Improve our services and business operations

We will only collect information that is reasonably necessary for these purposes.

5. How We Store and Protect Your Information

Second Sunrise Studio takes reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

Your information may be stored:

  • Electronically through secure practice management systems such as Cliniko

  • In password-protected email and cloud-based storage systems

  • In secure digital files and folders with restricted access

  • In limited hard-copy records where necessary

We use safeguards such as:

  • Strong passwords

  • Two-factor authentication

  • Secure and encrypted systems where available

  • Restricted access to records

  • Regular review of privacy and security practices

Only information that is necessary for providing services is collected and stored.

6. Disclosure of Information

We will not share your personal information without your consent unless:

  • It is necessary to provide services you have requested

  • It is required by law

  • There is a serious threat to your safety or the safety of another person

  • It is required for insurance, complaints handling, audits or legal proceedings

  • It is required by the NDIS Commission or another regulatory body

With your permission, we may share information with:

  • Family members, carers or nominated support people

  • Support coordinators

  • Allied health professionals

  • General practitioners or specialists

  • NDIS planners, Local Area Coordinators or the NDIA

  • Other service providers involved in your care

We will only share the minimum amount of information necessary.

7. Consent

Where appropriate, we will ask for your consent before collecting, using or sharing your information.

You can withdraw your consent at any time by contacting us in writing. Please note that if you withdraw consent for certain uses of your information, this may affect our ability to provide services safely and effectively.

8. Accessing and Correcting Your Information

You may request access to the personal information we hold about you at any time.

You may also request that we correct information if you believe it is inaccurate, incomplete or out of date.

Requests can be made in writing and we will respond within a reasonable timeframe.

In some situations, access may be refused where permitted by law, including where providing access may pose a serious threat to the health or safety of another person or would unreasonably impact another person's privacy.

9. Data Retention

We retain records for as long as required by law, insurance obligations and good professional practice.

For most client records, this will generally be at least seven years from the last date of service. For records relating to children, records may be retained until the child reaches adulthood plus the required retention period.

When information is no longer required, it will be securely destroyed or de-identified.

10. Website and Online Services

Our website may collect limited information such as:

  • Your IP address

  • Browser type

  • Device information

  • Website usage data

  • Contact form submissions

This information may be collected through cookies or analytics tools to improve website performance and user experience.

You can choose to disable cookies through your browser settings.

11. Overseas Storage and Third-Party Providers

Some of the systems we use, such as email, cloud storage or practice management software, may store information on servers located outside Australia.

Where this occurs, we take reasonable steps to ensure these providers handle your information in a way that is consistent with Australian privacy laws.

12. Data Breaches

If a privacy breach occurs that is likely to result in serious harm, we will take steps to contain the breach, assess the risks and notify affected individuals and relevant authorities where required under the Notifiable Data Breaches scheme.

13. Complaints

If you have concerns about how your information has been handled, please contact us first so we can try to resolve the issue.

You may contact:

Second Sunrise Studio
Email: hello@secondsunrise.com.au
Phone: 04 87427017

If you are not satisfied with our response, you may make a complaint to the:

Office of the Australian Information Commissioner

or, if relevant to NDIS supports:

NDIS Quality and Safeguards Commission

14. Updates to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in legislation, business practices or services.

The most current version will always be available through Second Sunrise Studio.