General policy and compliance

Privacy policy

Beyond Blue is committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) (Privacy Act) and other relevant laws in relation to the management of personal information.

This Privacy Policy (Policy) describes how we collect, hold, use and disclose your personal information and should be read together with our Terms of Use.

 

What is personal information?

When used in this Policy, "personal information" has the meaning given in the Privacy Act. Generally, it means any information or an opinion that could be used to identify you.

 

How do we collect personal information?

We may collect your personal information if you engage with us or use our services. Your personal information may be required for us to provide those services to you and may include:

Support services

When we collect
We may collect if you:
  • Use our support services:
    • phone support*
    • live webchat*
    • online forums
  • Use our coaching services:
    • Be You*
    • New Access*
    • NASBO*
    • Before Blue 

*provided by third parties

Enabling you
So you can:
  • Receive mental health support
  • Be referred to other mental health and support services
  • Register to use online forums
  • Register and receive our coaching services
Enabling us
So we can:
  • Provide support and coaching services to you
  • Provide information, resources or merchandise you have requested
  • Conduct research and benchmarking to improve our services
  • Update our records and keep your details up to date

 

Training and events

When we collect
We may collect if you:
  • Request or attend training
Enabling you
So you can:
  • Participate in training or professional learning
Enabling us
So we can:
  • Provide you with training and educational resources

 

Face to face and digital interactions

When we collect
We may collect if you:
  • Contact us over the phone, in person, email, webchat or social media
  • Participate in surveys, consultations, questionnaires or conference events
  • Register for in-person or digital events (such as webinars)
  • interact with our websites, mobile applications and social network accounts
Enabling you
So you can:
  • Make a general enquiry, request or complaint
  • Use our websites and mobile applications or join as a registered user
  • Subscribe to our publications or receive information from us
  • Receive information about or become involved in our programs, campaigns or other initiatives
Enabling us
So we can:
  • Respond to your enquiry, request or complaint
  • Provide access to interactive elements of our mobile applications and websites
  • Send you communications about programs, events, campaigns or activities
  • Personalise services, programs, content, resources and advertising
  • Help you recover your password
  • Collect statistics about how our website is accessed
  • Monitor the effectiveness of marketing campaigns

 

Donations and fundraising

When we collect
We may collect if you:
  • Gift, grant or bequest a donation to us
  • Participate in fundraising activities or partner with us
    donate to another
  • Organisation and consent to receive information from like-minded organisations
Enabling you
So you can:
  • Make a gift, grant or bequest a donation
  • Apply to hold a fundraising event
Enabling us
So we can:
  • Process your donation, gift, grant, or bequest
  • Show your name and the amount of any donation or sponsorship you make on our website
  • Enable like-minded organisations to contact you
  • Involve you in programs, campaigns, research, fundraising, activities or other initiatives
  • Understand how you interact with us

 

Employment and volunteering

When we collect
We may collect if you:
  • Apply for a position to work with us or volunteer with us
Enabling you
So you can:
  • Work with us as an employee, contractor or volunteer
  • Register as an Ambassador or Blue Voices Speaker
Enabling us
So we can:
  • Assess and contact you about your application
  • Set up or “on-board” you to our systems

 

What kind of information might I be asked to share?

We may ask you to share your personal, sensitive or financial details so we can provide services to you, and may include:

Everyday details
  • Your name
  • Age / date of birth
  • Demographics i.e. gender, location
  • Postal or email address
  • Phone number
  • Job title or role
  • Organisation you work for
  • Donation amounts
  • Communication preferences
  • Information to verify your identity for security purposes
Sensitive details
  • Health information, including mental health information
  • Racial or ethnic information, to ensure our services are culturally safe and appropriate
Financial details
  • Credit or debit card details (to process donations and payments)
  • Banking and tax information (i.e. employees and contractors)

 

Sharing another person’s experience with us or the public

If you want to share a story that includes another person’s experience of anxiety, depression or suicide in which that person will be identifiable, you must seek permission from the individual or next of kin first and let them know about our Privacy Policy. Some people may not want their experience made public. It is important to consider the impact and respect the wishes of others affected by the same story as you.

 

Unique identifiers

A unique identifier is a number, letter or symbol, or a combination of any or all of those things, that is used to identify you, but does not include your name, Australian Business Number (ABN) or anything else prescribed by regulations under the Privacy Act.

 

Unique identifiers assigned by us

Where it is practical to do so, we will not assign unique identifiers to you unless they are needed for us to efficiently manage your information.

We may assign our own unique identifier to you for the following purposes:

  • Effectively manage records about you by streamlining storage, retrieval, and management of individual records across systems;
  • Ensure you are correctly identified, especially in large datasets or systems where names alone may be ambiguous;
  • Securely manage access to sensitive or personal information;
  • Assist in system integration across multiple systems or services without relying on personal identifiers like names or addresses;
  • Help us comply with regulatory or operational requirements;
  • Minimise our use of and reliance on personal information.

 

Government related identifiers

A government related unique identifier is one that is assigned to you by a government agency for a related government purpose or service. Examples include your driver’s licence number, Working With Children or Vulnerable People Check number or your Tax File Number (TFN).

We may collect the following government related unique identifiers about you for the following reasons:

Government identifier
Why we collect this
Driver’s licence or passport numberTo verify who you are
Working with Children Check numberTo verify your suitability to work or volunteer for us
Tax File Number (TFN)For payroll tax purposes

However, we do not adopt, use or re-assign government related unique identifiers as our own for any reason.

 

How does Beyond Blue collect my information?

Collecting information from you directly

Wherever possible, we will try to collect personal information from you directly, rather than from another person or source, unless it is unreasonable or impractical to do so.

 

Collecting information from third parties

There may be occasions when we collect personal information about you from a third party, for example, from our Support Service provider, IT or telecommunications provider or our delivery partners. These third parties also have their own privacy policies.

For example:

  • If you call our Support Service, we may collect call information and/or telecommunications data from our telecommunications provider and disclose it to our Support Service provider so they can effectively manage the service.
  • If you have previously donated to us or another Australian charity and this information was required to be made public in an annual report, we may collect this data for philanthropy and advocacy purposes.

 

How does Beyond Blue use my information?

We only use or disclose your personal information for the purposes for which you gave it to us, or for a secondary purpose if permitted by law, which includes:

  • Where you have consented to that purpose;
  • Where you would reasonably expect us to use or disclose your information for that purpose, and where that purpose related to the primary purpose of collection (or, in the case of sensitive information, directly related to the primary purpose);
  • Where required or authorised by or under an Australian law or a court/tribunal order; and
  • Where a permitted situation exists under the Privacy Act, such as lessening or preventing a serious threat to the life, health or safety of an individual, or to public health or safety, or locating a person reported as missing.

 

Who else might see my information, and why?

We may disclose your personal information to third parties who assist us to provide services or to whom we outsource services, for the purpose of providing services to you. For example, we may disclose your personal information to:

Trusted delivery partners
  • Our Support Service provider, Remedy Healthcare, which is a subsidiary of Australian Unity Limited
  • Delivery and fundraising partners
  • Event organisers and venues
  • In the case of Be You professional learning, the funder of Be You, the Australian Government Department of Health
Operational partners
  • Administrative service providers, such as:
    • IT services
    • telecommunications
    • analytics services
    • payment processors
  • Marketing service providers, such as:
    • email automation
    • mailing houses
Personal advisors
  • Professional advisors, such as:
    • accountants
    • auditors
    • lawyers
    • insurers

 

Cross-border disclosure of personal information

We take every effort to not directly disclose personal information to recipients located overseas without your consent.
Some of our third-party service providers may store personal information overseas when providing support or other services. For example:

  • traffic information is disclosed to Google when you visit our websites and mobile applications - Google stores information across multiple countries; and
  • when you communicate with us through a social network service such as Facebook, Instagram or Twitter - the social network provider and its partners may collect and hold your personal information overseas across multiple countries.

 

Security of your personal information

We take reasonable steps to ensure the security of all information we collect, including that the information is protected from misuse and loss and from unauthorised access, modification or disclosure. For example, your personal information is maintained in a secure environment, which can be accessed only by authorised personnel. However, no data transmission over the internet or information stored on servers accessible through the internet can be guaranteed to be fully secure.

In addition, we take reasonable steps to destroy or de-identify your personal information once we no longer need it or have been directly instructed by you to permanently remove or suppress your personal information.

 

Our websites and mobile applications

Like most websites, we use cookies and analytics to understand how people use our sites and to improve your experience. In most cases you can choose to opt out by adjusting your browser, application or device settings.

 

Mobile Applications

Beyond Blue’s digital applications may include features such as mood tracking, check-ins, and other in-app behavioural tools. Any data entered or generated through these features is stored locally on the user’s device and is not collected, transmitted, or stored by Beyond Blue. This ensures that your personal reflections and activity remain private and under your control.

 

Cookies

In some cases, we may also collect your personal information through the use of “cookies”. When you access one of our websites, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer or internet enabled device. 

This allows us to: 

  • recognise your computer or device and whether you have already registered
  • personally greet you each time you visit our websites
  • keep track of services you view so if you consent, we can send you news about
  • measure website traffic and user engagement patterns
  • research these patterns so we can continually improve our services

If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

 

Website and Mobile Application Analytics (including remarketing tools)

Google Analytics

Our websites and mobile applications use Google Analytics, a product provided by Google, to help us understand traffic and usage in order to help improve our services, programs, content and resources. Our websites and mobile applications also use the following Google Analytics Advertising Features:

  • Remarketing, Retargeting and Impression Reporting
  • Demographics and Interest Reporting
  • Government (Commonwealth, State, Territory and Department) reporting

Google Analytics does not identify individual users or associate your device’s Internet Protocol address (IP address) with any other data held by Google.

By using our websites and mobile applications, you consent to the processing of information about you by Google in the manner described in Google's Privacy Policy and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the Google cookie, disable JavaScript, or use the opt-out service provided by Google.

 

Marketing Tools

Our websites use marketing tools (including Meta, Google and LinkedIn, Pixel), which track your actions on our websites and collect information about your device and actions, whether or not you have a Meta, Google and/or LinkedIn account or are logged into your account.

We use these tools to:

  • deliver personalised and relevant advertising to you;
  • collect statistics about how our website is accessed;
  • monitor the effectiveness of marketing campaigns; and
  • measure conversions.

By using our websites, you consent to Beyond Blue disclosing this information to marketing platforms – for example to Meta or LinkedIn who may use information about you in the manner described in their Data or Privacy Policies.

You can find out more on opting out of Meta, Google and LinkedIn analytics by visiting:

 

Siteimprove analytics

We also use Siteimprove to identify audience habits and behaviours so that content and user experience-related issues can be resolved, enhancing the overall website experience for users.

 

Marketing automation tools

Our websites use marketing automation tools that send communications (such as email or SMS) using several different services. Each service uses tracking technologies primarily to understand what subjects are interesting to you by monitoring whether your emails are opened, and links are followed. This information is then used to deliver more personalized and relevant communications to you.

 

Registered users IP address stored on website profile 

We also collect your device’s last known IP address and, if you are a registered user, store it against your website profile.

 

Your choices and controls

Remaining anonymous

The choice of how much information you provide to us is yours, however, we require by law certain information from you to provide some of those services.

Where possible, you have the option of interacting with us anonymously. For example:

  • When you visit our website.
  • You can use a pseudonym (fake name) when interacting with us.
  • You can contact us directly by telephone with a general question and we will not ask for your full name unless we need it to answer your question.

Some services will require us to confirm who you are to ensure public safety and prevent fraudulent or criminal activity. For example:

  • If you wish to donate to us, your real name and other identifying information will be required so we can process your payment.
  • If you want to register for an event or volunteer with us, your real name and other identifying information will be required so we can keep you and other participants safe.

 

Opting out of communications

You can unsubscribe from our communications and marketing material at any time. 

For email communications, you can click the unsubscribe link provided in our email. If you have subscribed to multiple mailing lists, you may need to unsubscribe more than once to ensure your details are removed from all mailing lists.

For postal or telephone communications, you can write to us or email us and request your details be removed from those lists.

 

Adjusting cookie settings

If you do not wish to receive cookies or want to opt out of Google Analytics, you can change your browser settings to disable or refuse cookies and JavaScript or use the opt-out service provided by Google. Refer to the “Help” section of your browser if you are unsure how to do this.

 

Accessing and correcting your information

You may request access to your personal information collected by us and ask we correct that personal information. You can ask for access or correction by contacting us and we will usually respond within 30 days. If we refuse to give you access to, or correct, your personal information, we will notify you in writing setting out the reasons.

 

Deleting your information

You may request we delete or de-identify your personal information held in our records, systems, or databases. We will do so provided it is practical and lawful.

Some information must be kept for a period before it can be permanently destroyed. For example, if you’ve engaged with any of our support services, we are required to retain your records for at least seven years from the date of your last engagement.

If we are not yet permitted to destroy your information, we may archive it securely. This means we remove it from active systems and store it safely offline until it can be destroyed.

In some cases, we may be able to de-identify your information. This means we remove any details that could identify you, and non-identifying information is kept for reporting or compliance purposes. Where possible, deidentification is done alongside secure archival unless full deletion is permitted.

 

Notifiable Data Breaches Scheme

In the event of any unauthorised access or unauthorised disclosure or loss of your personal information that is likely to result in serious harm to you, and where remedial action has not been able to prevent the likely risk of serious harm, we will investigate and notify you and the Office of the Australian Information Commissioner in accordance with the Privacy Act.

 

Complaints about your privacy

If you believe your privacy has been breached or you have a complaint about how we have handled your personal information, please contact us.

 

How to make a complaint

You can make a complaint by:

 

What we do when we receive a complaint 

We take your complaints very seriously. All complaints are treated the same and follow the same process in line with our complaints procedure. They will be investigated and escalated as necessary to internal departments. 

Complaint management is important so that we as an organisation can address the specific needs of service users and their supporters, using deidentified information to improve services for everyone.

 

What you can expect after the complaint is investigated 

If you have provided details to be contacted, you can expect an acknowledgement of receipt between 24 and 72 hours. Following this, the complaint is investigated, and you will be notified of an outcome on completion of the investigation if you have requested to be contacted.

 

Where to go if you are not happy with how we have handled your complaint 

If you are unhappy with how Beyond Blue has handled your complaint or the outcome, you can contact the Office of the Australian Information Commissioner for a formal review (www.oaic.gov.au).

 

Changes to this policy

This Policy may change from time to time. Any updated versions of this Policy will be posted on our websites and will be effective from the date of posting.

This Policy was last reviewed and updated on 16 September 2025.

 

Meanings

References to “Beyond Blue”, "we", "us" and "our" are references to Beyond Blue Limited ACN 093 865 840.
 

How to contact us

Email

privacy@beyondblue.org.au

Post

Attention: The Privacy Officer, Beyond Blue

Suite 501, 278 Flinders Lane Melbourne, Victoria 3000

 

Illustration of two people in a hot air balloon

Subscribe to receive info about mental health, keeping well and stories from our community.

Subscribe to newsletter