Privacy Policy: Sari Amia Naturopathy & Exuberant Health Online
Effective Date: 30/10/2024
At Sari Amia Naturopathy (referred to as “I”, “me,” or “my”), I am dedicated to safeguarding your privacy and ensuring that your personal information is handled securely and responsibly. This Privacy Policy outlines how I gather, manage, share, and protect your personal information in compliance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), the Spam Act 2003 (Cth).
Collection of Personal Information
I collect personal information necessary for providing naturopathic consultations and health-related services. The types of information I collect may include:
- Contact Information: Including your name, address, email, and phone number.
- Health Information: Medical history, symptoms, treatment preferences, and health records (considered sensitive information under the Privacy Act).
- Payment Information: Credit card details or bank account information for processing payments.
I collect this information directly from you when you:
- Book an appointment through my Halaxy via the Website, which serves as a platform for booking consultations but does not facilitate the consultations themselves.
- Complete health assessment forms or questionnaires.
- Participate in consultations conducted via online platforms such as Microsoft Teams, which I use to conduct online consultations independently of my website.
- Contact me via phone, email, or my website.
- Make payments or purchase products.
Use of Personal Information
I will only use your personal information for the following purposes:
- Providing Naturopathic Consultations: To assess your health and provide personalised naturopathic advice and treatment.
- Managing Appointments: Scheduling, rescheduling, or confirming appointments and sending reminders through Halaxy, which are delivered via SMS or email.
- Payment Processing: Payments are processed securely through Halaxy online booking platform where card capture may be in use to confirm the validity of bookings and to secure payment transactions.
- Communication: I will use your contact details to stay in touch about your appointments including information related to consultations such as following up with you or gathering further relevant information, provide updates, and to share relevant information regarding my services.
- Marketing: With your permission, I may send you promotional content about my services and products. You can opt out of receiving these messages anytime (refer to the “Marketing Communications” section).
Third Party Service Providers
Halaxy, secure online booking platform:
I use Halaxy, a secure health practice management platform, to manage appointments, client records, and payments. Halaxy is committed to data security and privacy protection.
Key Points:
- Data Storage: Halaxy securely stores personal, health, and payment information with multiple backups, employing industry-leading security protocols, including 256-bit bank-grade encryption.
- Encryption: All data, both at rest and in transit, is protected by 256-bit bank-grade encryption using TLS/SSL for robust security.
- Access Control: Halaxy offers tiered access levels—four for practitioners and three for administrative staff—ensuring sensitive information is accessible only to authorised personnel.
- Two-Factor Authentication: Optional two-factor authentication enhances login security for users.
- Tokenisation: Card details used for payments are tokenised, preventing retrieval or viewing after entry.
- Compliance: Halaxy complies with the Australian Privacy Principles and all relevant health information regulations.
- Security Audits: Regular audits and security testing are conducted to maintain and uphold the highest security standards.
For more detailed information on how Halaxy manages your data, please review: Halaxy Privacy Policy, Halaxy Security Information
If you have any questions or concerns about the use of Halaxy in my practice, please don’t hesitate to contact me directly via email sari@exuberanthealthonline.com
Simple Mail Tranfer Protocol (SMTP): Website and Email Communication Service Provider
I use SMTP2GO, a third-party email service provider, to manage email communications from the website. SMTP2GO prioritises email security and privacy, employing various measures to protect your data:
- Encryption: Emails are transmitted using TLS (Transport Layer Security) encryption.
- Data Storage: By default, email content is not stored long-term, only headers and basic information are retained for 35 days.
- Server Location: Data is processed in Australia (Sydney) on ISO/IEC 27001:2013 certified servers.
- Compliance: SMTP2GO is GDPR compliant and ISO27001 certified.
For more detailed information about SMTP2GO’s security and privacy practices, please visit: SMTP2GO Security and Privacy, SMTP2GO Privacy Policy
If you have any questions or concerns about how we handle your data in relation to email communications, please contact me: sari@exuberanthealthonline.com
Disclosure of Personal Information
I do not sell or share your personal information with third parties for their marketing purposes. However, I may disclose your personal information in the following circumstances: –
Service Providers: I may share your information with third-party providers, such as Halaxy, who assist me in delivering my services. These providers must comply with applicable privacy laws and protect your data. –
Legal Requirements: I may be required to disclose your information to comply with legal obligations.
Health Professionals: With your consent, I may share relevant health information with other healthcare professionals involved in your care.
Security of Personal Information
I take reasonable steps to protect your data from misuse, interference, loss, unauthorised access, and disclosure. This includes secure storage of health records through Halaxy. Although I make every effort to safeguard your personal information, I cannot ensure the absolute security of data transmitted over the internet.
Accessing and Correcting Your Personal Information
You have the right to access the personal information I hold about you and request corrections if the information is inaccurate, out-of-date, or incomplete. If you wish to access or correct your information, please contact me at sari@exuberanthealthonline.com. I will respond to your request within a reasonable timeframe.
Marketing Communications
In compliance with the Spam Act 2003 (Cth), I will only send you marketing communications if you have opted in to receive them. If you no longer wish to receive marketing materials, you may unsubscribe by clicking the “unsubscribe” link in my emails or contacting me directly.
Cross-Border Disclosure of Personal Information
In accordance with APP 8 under the Privacy Act 1988 (Cth), if I need to disclose your personal information to a third party located outside of Australia (e.g., cloud storage providers), I will take steps to ensure that your information is protected to the same standard required under Australian law.
Changes to This Privacy Policy
I may update this Privacy Policy from time to time to reflect changes in my practices or legal obligations. The most current version will always be available on my website, and significant changes will be communicated to you via email or a website notification.
Contact Me
If you have any questions or concerns about this Privacy Policy or how I handle your personal information, please contact me at:
Email: sari@exuberanthealthonline.com
Phone: 0416927613
I am committed to resolving any privacy issues in a timely and transparent manner.
Client Privacy Policy for Online Consulting Policy
I am dedicated to protecting the privacy of my clients. All client information is treated as confidential and will only be disclosed to third parties with the client’s explicit consent, except as required by law.
Procedure
- Information is collected only for purposes necessary for providing my services.
- All client health information is stored securely.
- Privacy practices are regularly reviewed to ensure they comply with current legal standards.
Combined and Expanded Policies
User Responsibility and Cybersecurity
Policy: Users are responsible for their actions on the Website and during online consultations, including safeguarding their own cybersecurity. This includes protecting against cybersecurity threats and attacks.
Procedure:
- Ensure secure, password-protected devices and platforms for accessing the Website, email communication and participating in online consultations.
- Keep up-to-date software and security measures to protect against data breaches.
- Users and clients are encouraged to familiarise themselves with and apply best data security practices.
Data Security for Online Services
Policy: My online platform for consulting with clients uses secure systems and protocols to protect your personal information. I implement encryption, strong passwords, and secure communication channels.
Procedure:
- Use secure, password-protected devices and platforms for online consultations.
- Use email services that are secured with strong passwords and two-factor authentication (2FA) for enhanced protection.
- Keep up-to-date software and security measures to protect against data breaches.
- Educate clients on maintaining their own data security during online consultations.
Informed Consent
Policy: I obtain your explicit consent before collecting, using, or disclosing your personal information. You will be informed about how your information will be managed and used.
Procedure:
- Provide clear information about how personal information will be collected, used, and disclosed.
- Obtain consent from clients before proceeding with services.
- Maintain secure records of consent forms.
Open and Transparent Management of Personal Information
Policy: I uphold a clearly expressed and current privacy policy that details how personal information is managed. This policy is available on my Website and can be provided upon request. Procedure:
- Ensure the privacy policy is readily available and easy to comprehend.
- Regularly review and update the privacy policy so that it is in alignment with current practices and legal requirements.
- Inform clients about their rights concerning their personal information and how it is handled.
Confidentiality in Online Consultations
Policy: I ensure that all online consultations are carried out in a private and secure setting to safeguard your confidentiality.
Procedure:
- Perform online consultations in a location that ensures privacy and security.
- Utilise communication platforms that incorporate encryption and strong password protection.
Products and Services:
Sari Amia Naturopathy will take great care to ensure that products and services provided are safe and appropriate for each client, taking into consideration the information shared during and provided in the consultation process, including client intake forms, and will not be held liable for any damages or adverse events that may arise from the use or misuse of products, services, and / or information.
Contact Me
If you have any questions or concerns about this Privacy Policy or how I handle your personal information, please contact me at:
Email: sari@exuberanthealthonline.com
Phone: 0416927613 I am committed to resolving any privacy issues in a timely and transparent manner.