(also referred to as “we”, “us” or “our”)
Effective Date: 16 September 2022
Under the Australian Privacy Act 1988, personal information is information about a living person which can be used (by itself or together with other information) to reasonably identify that person. In the Health Sector, we take additional precautions with privacy and are governed by the Australian Privacy Principles. We are committed to protecting your privacy and do not sell or rent your details to any third parties.
When and how we collect information
At all times we try to only collect the minimum information we need to provide our services and to keep our records up to date.
We collect personal information about you:
– when you contact us (via email, phone and instant messenger services)
– when you book an appointment (online, in person or over the phone)
– when you fill out a form (online or in person)
– when you subscribe to our newsletter
– when you set up an account on our website
– when you make a purchase on our website
– when you interact with us on social media
– when you participate in events, promotions and giveaways
– when you participate in a customer survey
– when you accept our cookies and other tracking technologies on your device
– when you voluntarily submit your data to us for any reason
– when you talk with us in person
– when you ask for access to information we hold about you
Collecting information from third parties
We may also collect personal information that is given to us or made available to us by a third party such as a referring specialist, general practitioner or another health professional. If someone calls on your behalf or provides us with information about you, we may collect the caller’s name and contact details as well.
We may collect information from your insurer or your solicitor.
When you use our website, we may receive data from third parties such as analytics from providers and advertising networks like Google and Facebook.
What information we collect
To enable us to safely deliver our health services to you, it is necessary for us to collect and store basic and health information about you. It is important that we keep your records up to date and we have processes in place to help with this.
We will collect (as appropriate to your circumstances) the following types of information:
– Your name, address, telephone, email
– You date of birth
– Information relevant to your health (current and historical) including medications
– Family medical history
– Your work history and/or current position
– Medical reports, referral letters, test results
– Financial Information (credit card details when you are making a purchase)
– Data about the products or services you purchase
– Data about your experience with our website and our products and services
– Data relating to your circumstances and such other information that is relevant to the products or services we provide to you
– Data relating to your attendance at seminars or other events held by us (including webinars and podcasts)
– Data that identifies you (your IP address, login, browser type, time zone, browser plugins, geolocation, what operating system and version) – we do not link this with any personal data
– Data on how you use our website (URL clicks, products and services views, how long you are on our pages and other actions)
– Any other information you provide or we receive from third parties
How we use your personal information and who we share it with
We collect and use your personal information primarily to provide you with services, products and information.
Additionally, we use your information as follows:
– for administrative, billing and other purposes involved in the running of our practice
– for operating and improving our website and your experience on our website
– for customer support
– for tracking your purchase history
– for detecting and preventing fraud
– for market research (e.g. we may contact you for feedback about our products and services)
– to provide you with information about events, products, services, or opportunities that may be of interest
– for marketing (with your consent)
– for monitoring your compliance with our website Terms and Conditions
We may disclose your information under the following conditions:
– we will share your information with your carer or representative if you have authorised us to do so or they have provided us with your authority (for example under a Power of Attorney for health decisions)
– if you are under the age of 18, we will share your information with your legal guardian.
– we will share your health information with authorised health practitioners in our practice
– we will share your health information when we are required to do so by law (e.g. if we receive a valid court subpoena to disclose information)
– we will share your information with Medicare or your private health fund to validate your rebate or claim
– we will share your information with Government bodies that require us to report processing activities
– if we refer you to a third party for additional therapy, we will share your information with the third party (with your consent)
– we will use your information for recalls or follow up visits with us
– we will disclose your health information if there is an emergency which we feel warrants disclosing your health or other information
We reserve the right to fully co-operate with any law enforcement authorities or court order requiring or requesting us to disclose the identity or other usage details of any user of our services, or in accordance with a properly executed court order, or as otherwise required to do so by law.
Choosing not to provide personal data
You can choose not to provide us with any personal data. If you do this, we will not be able to provide you with any products or services. However, you are welcome to continue to browse the pages of our website.
We will always let you know before we collect any data from you, what the intended use is, if we intend to use it for marketing, and if third parties are involved we will obtain your consent (which you can withdraw at any time). You can change your mind about marketing material by opting out by:
– completing the Contact Us form on our Contact page; or
– unsubscribing, if you have previously subscribed to our newsletter.
Opting out of marketing will have your details removed from our marketing list but will not change the way we use other personal information we hold about you. For example, you will still receive reminders about upcoming appointments.
Accessing and correcting your personal information – Your legal rights
You have the right to know what information we hold about you and to ensure the information is accurate and up to date. You will not have to pay a fee to access your personal data. We will provide you with the information within 30 days of your request, unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). We will tell you if we can’t comply with your request and why.
You can ask us to correct any information we hold about you that you believe is inaccurate.
You can request for your data to be erased. This means we have to delete all information that we hold about you, except to the extent of any information we are required to hold due to our legal obligations.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you wish to exercise any of the rights or make a complaint regarding how your data is handled, please contact us in writing using our contact details below. If you are not satisfied with our response to your complaint, you may seek a review by contacting the Office of the Australian Information Commissioner, available at http://www.oaic.gov.au.
Security of the information we collect
We realise that our customers trust us to protect their data and whilst we cannot guarantee the security of any information you transmit to us, or receive from us, we take that task seriously and maintain reasonable and appropriate physical, electronic and procedural safeguards to help protect your data. This includes the following:
– Password access to accounts
– Storing electronic data with reputable third party storage providers who have appropriate security protections
– Limit access to personal information to individuals who need to know.
– Using payment providers who are PCI DSS compliant
– We do not store your payment details
We use an electronic web-based software called Cliniko to make appointments, write treatment notes and store client information. We use Cliniko because it has a very high level of security and encryption to protect you details both at the clinic, while making bookings online and from outside threats on the internet.
We use service providers based in Australia. If we transfer personal data outside of Australia, we will ensure that your privacy rights are adequately protected by ensuring these service providers have the same or similar measures in place to protect data shared.
We will keep your data for as long as we need it, and this period will also depend on your interactions with us. If you have made a purchase with us, we will keep a record of your purchase for the period necessary for invoicing and tax purposes. When we no longer need to keep your information, we will delete it permanently or anonymise data which is no longer necessary.
Third parties who access your data
We share data with third parties in the following circumstances:
– Other companies in our group of companies, as necessary to operate our Site
– Our suppliers and service providers working for us e.g. payment processors
– Our professional and legal advisors
– Third parties engaged in fraud prevention and detection
– Law enforcement or other government authorities
– Share with third parties who enable us to provide our products and services which may include:
– payment processors such as Stripe, PayPal, Xero, Shopify who may process your payment for any products and services bought from us;
– Social media and analytics such as Facebook, Instagram and Google Adwords for purpose of custom audience generation and the development of targeting criteria;
– Other third parties such as Leadpages, LeadQuizzes, Teachable, Zoom, Active Campaign, MailChimp for processing and holding Data that enables us to ensure you are kept informed of all course information, logins and marketing material, offers, promotions, newsletters, blogs and video training.
– Where we have your consent to do so or otherwise where we are legally permitted to do so.
All of our real-time credit card authorisations are handled by secure third party gateway providers and these are secured by the highest level of security. The following measures are taken to protect your data:
- Payments are fully automated with an immediate response.
- Your complete credit card number cannot be viewed by us or any outside party.
- All transaction data is encrypted for storage within our third party gateway suppliers bank-grade data centre, further protecting your credit card data.
- Our third party gateway provider is an authorised third party processor for all the major Australian banks.
- Our third party gateway provider will at no time touch your funds, all monies are directly transferred from your credit card to the merchant account held by us.
We use third-party gateway providers that are widely respected for providing secure and reliable online payment solutions. We have chosen to deal with the best so you can feel safe that your personal information is kept safe and secure at all times. While we attempt to protect the information in our possession, no security system is perfect, and we cannot promise that information about you will remain secure in all circumstances.
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for all organisations that handle branded credit cards from major card schemes. PCI DSS is a standard mandated by the card brands like Visa, Mastercard, American Express and Discover and is managed by the PCI Security Standards Council.
PCI-DSS requirements help ensure the secure handling of credit card information through our Site and the service providers.
Age of consent
By using this website, you warrant that you are at least the age of majority in your State or Territory of residence. Our website should not be used by anyone under the age of majority, and we do not knowingly collect data from anyone under the age of majority.
Cookies and how to block them
We may use web beacons (or clear gifs) on our website and in our emails. So basically when we send emails, we can track behaviour such as who opened the emails, who clicked the links and collect information such as your IP address, your browser or email type, we then put this information together to improve the performance of our email campaigns and provide you with better and/or services specific to your needs. You will always have the ability to opt out of any emails we send just click the link in the email that says “unsubscribe”.
Our details if you need to contact us
Business Name: Alina Zamoshnikova ABN: 21507863277
Trading Name: Inner Smile Nutrition & Wellbeing
Address: Bardon Counselling and Natural Therapies Centre
151 Boundary Rd, Bardon. QLD 4065
Phone: (07) 3368 1300
Fax: (07) 3512 9333