As a health service provider, we are bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
Personal Information We Collect
The types of personal information we collect may include:
- Name, date of birth, address(es), contact numbers, email address and other contact details;
- Demographic data such as age and location;
- Transaction data (including details about payments to and from you and other details of products you have purchased from us);
- Technical data (including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website);
- Profile data (including your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses);
- Usage data (including information about how you use our website, products and services); and
- Marketing and communications data (including your preferences in receiving marketing from us and our third parties and your communication preferences).
We may collect the above types of personal information from people including website visitors, email subscribers, social media fans, employment applicants, potential clients and service providers.
We may also collect the following sensitive information:
- Health information, including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors;
- Details of other health service providers involved in your care (e.g. referring doctor’s name, phone and address), and copies of any referral letters and/or medical reports and test results (e.g. pathology results, imaging reports);
- Health information contained in your digital health record including an individual’s healthcare identifier (if you participate and only with your consent); and
- Healthcare identifiers and health fund details.
We usually will only collect sensitive information from clients we are providing services to, or potential clients who have requested our services.
How We Collect Personal Information
We are committed to using lawful and fair means to collect personal information and collecting it from others only when it is unreasonable or impracticable to obtain certain information from our clients directly.
We may collect personal information in a number of ways:
- When someone visits our website;
- When someone makes an enquiry with us (for example, by telephone or email);
- When someone purchases a product or service from us;
- When someone signs up to a marketing subscription, such as a newsletter sign-up form;
- When someone contacts us via email, our website or via social media such as Facebook or Instagram;
- When someone completes a new client sign-up form; and
- When someone participates in one of our programs or services.
We collect sensitive information in more limited circumstances, such as:
- When someone makes an enquiry with us and the sensitive information is disclosed to us to facilitate referral to an appropriate service provider; and
- When someone participates in one of our programs or services and the sensitive information is disclosed to us to facilitate the delivery of the program or service.
We limit the circumstances in which we collect personal and sensitive information indirectly. This may be where a person has authorized us to collect information from other health service providers they have disclosed information to (for example, information provided via referral or medical reports).
How We Hold and Protect Personal Information
We store all personal information we collect electronically, including on or within:
- Dedicated information storage software, such as client relationship management (CRM) software (e.g Halaxy)
- The backend of our website
- The backend of our social media accounts, such as Facebook and Instagram
We are committed to ensuring that the personal information we hold is secure and protected from misuse, interference, loss and unauthorised access, modification or disclosure. We undertake the following precautions to protect personal information we hold:
- our website contains pages encrypted with SSL (Secure Sockets Layer) to ensure the safety of any data that is submitted through use of this website;
- we limit access to personal information to a “need-to-know” basis;
- the backend of our website and social media accounts is password protected;
- we protect devices we use to collect, hold, use and disclose personal information with industry-standard anti-virus software;
- our devices are protected by passwords and are stored in secure premises;
- data is securely stored on cloud servers;
- all conversations involving the discussion of personal information take place in private, where conversations are unable to be overheard by unauthorised personnel; and
- if we no longer need personal information, we take reasonable steps to delete or deidentify the information.
We take extra precautions to protect sensitive information, including:
- all sensitive information is held in secure storage systems protected by passwords;
- we limit access to sensitive information to a “need-to-know” basis;
- we protect devices we use to collect, hold, use and disclose sensitive information with industry-standard anti-virus software;
- our devices are protected by passwords and are stored in secure premises
- data is securely stored on cloud servers;
- all hard copies of sensitive information are kept in secure storage with access by authorised personnel only; and
- all conversations involving the discussion of sensitive information take place in private, where conversations are unable to be overheard by unauthorised personnel.
If a data breach occurs involving personal information and the breach is likely to cause harm, we will notify the individual as soon as possible after the occurrence in accordance with our obligations under the Privacy Act and related legislation.
Why We Collect, Hold, Use and Disclose Personal Information
We collect, hold, use and disclose personal information as is reasonably necessary for us to operate our business and provide our services, including for the following purposes:
- to contact and communicate with clients and potential clients;
- for the purpose of booking and delivering women’s health, fertility and pregnancy related services and products;
- to deliver digital and physical products;
- to ensure we are the right fit for clients
- to ensure the accurate and safe provision of services;
- to communicate with other healthcare providers involved in a person’s care;
- to conduct activities relating to research, quality assurance and improvement processes, accreditation, audits, risk and claims management, client satisfaction surveys and staff education and training;
- to market to you and others, including remarketing (this may involve the use of a Facebook pixel or similar technology to allow us to display our advertising to you elsewhere on the internet, for example, on Google or Facebook);
- when required for administrative and internal record keeping for a minimum of 7 years after our last contact;
- for statistical purposes; and
- as required by law.
We only collect, hold, use and disclose sensitive information where it is necessary for us to provide a service we have been engaged to perform, and not for any unrelated purposes (for example, for research or marketing), unless we have received the person’s prior informed consent.
We do not disclose personal information to overseas recipients.
We never sell or rent personal or sensitive information we collect.
Requests to Access, Correct or Delete Information
You can request details of personal information that we hold about you in certain circumstances set out in the Privacy Act 1988 (Cth) (the Act). We may refuse to provide you with information that we hold in certain circumstances set out in the Act. Otherwise, we will provide access to the information if it is reasonable and practicable to do so. In most cases we will do this free of charge, but if your request
requires significant effort or expense on our part, we might ask for compensation for that.
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details set out below.
We will endeavour to promptly correct any information found to be inaccurate, incomplete, or out of date and to notify of the correction, unless it is impracticable or unlawful to do so.
If you want us to delete personal information we hold about you or to not collect information from you for a specific purpose, please contact us using the details set out below.
Please note that if we agree to delete information, because of backups and records of deletions, it may be impossible to completely delete the information without retaining some residual information.
We will respond to any request to access, correct or delete information within a reasonable time.
We like to keep our customers and website visitors up to date, so from time to time we will send you newsletters, invitations and updates. Not to worry: our emails will always come with an “Unsubscribe” button, so you can opt out at any time. To unsubscribe from our email database, or opt out of communications, use the “Unsubscribe” button in our communication or contact us using the details
set out below.
Do you live in the EU?
The Dietologist is committed to looking after our customers in the EU and we make every effort to comply with the European General Data Protection Regulation (GDPR), including by processing your personal data in accordance with the principles of data processing set out in the GDPR.
You have the following rights under the GDPR:
- the right of access (the right to access personal information we process)
- the right of rectification (the right to require us to rectify inaccurate personal information or complete our records)
- the right to be forgotten (the right to require us to erase all your personal information in certain circumstances)
- the right to restriction of processing (the right to restrict how or why we process your personal information)
- the right to data portability (the right to receive a copy of your personal information)
- the right to object (the right to object to us processing your personal information)
- the right of review (the right to request a human review of automated decision making or profiling)
You can exercise any of these rights by emailing us at [email protected].
What is personal data?
Any information relating to you.
What is processing?
Any operation on personal data like recording, structuring, storing etc.
Who is a Controller?
The person or body who determines how and why personal data is processed. In this case that’s us – The Dietologist.
The Dietologist’s Commitment
The personal data we collect is:
- processed lawfully, fairly and transparently;
- collected for the specified, explicit and legitimate purposes including creating our mailing list, direct marketing, taking payments and delivering goods or services to you;
- adequate, relevant and limited to what is necessary for our purposes;
- accurate, and where necessary, kept up to date (we will take every reasonable step to ensure that inaccurate personal data is erased or rectified without delay);
- not stored than for longer than is necessary; and
- processed in a manner that ensures appropriate security of the personal data.
The Dietologist requests your consent to the processing of your personal data for the purpose of creating our mailing list, marketing, taking payment and distribution/deliveries. You give us consent to process your personal data. You can withdraw that consent at any time by sending an email to [email protected]. If you ask us to, we will stop using your personal data as soon as possible.
How The Dietologist will work with your personal data
To help you to understand how The Dietologist will work with your personal data we set out some key information below. As always if you have any questions just ask – we are here to help!
The Dietologist Data Processing Information
- Who is the controller of the data?
Stefanie Valakas trading as The Dietologist. Privacy contact: [email protected].
- What are the purposes for processing the personal data?
a. To contact and communicate with clients and potential clients;
b. to book clients in and deliver women’s health, fertility and pregnancy related services and products;
c. to deliver digital and physical products; to ensure we are the right fit for clients and to ensure the accurate and safe provision of services;
d. to access, update and transfer of electronic client records, including those contained in My Health Record (if participating);
e. to communicate with other healthcare providers involved in a person’s care;
f. to conduct activities relating to research, quality assurance and improvement processes, accreditation, audits, risk and claims management, client satisfaction surveys and staff education and training;
g. to market to you and others, including remarketing (this may involve the use of a Facebook pixel or similar technology to allow us to display our advertising to you elsewhere on the internet, for example, on Google or Facebook);
h. when required for administrative and internal record keeping for a minimum of 7 years after our last contact;
i. for statistical purposes; and
j. as required by law.
- What is the legal basis for processing the personal data?
- Who receives your personal data?
Your data is received by us, Stefanie Valakas trading as The Dietologist, and by our marketing platforms like Facebook and Instagram.
- Will we transfer data to a third country?
No, all data is stored in Australia.
- How long will your personal data be stored?
We store all personal data indefinitely. This is necessary for our legitimate business purposes and to fulfil the purpose for which we collected the data, for example, to deliver our services to you, to contact you for marketing purposes and to facilitate your easy and convenient use of our website.
- You may request access to, rectification or erasure of your personal data, restriction of processing or object to processing for automated decision-making. You also have the right to data portability. We may request a reasonable fee to process a data portability request that is manifestly unfounded or excessive, based on the administrative costs of complying with the request. We will contact you promptly and inform you if we require payment of a fee. We will not be obliged to comply with the request until we have received the fee. Just contact us by phone or email at [email protected] if you have a request like this.
- You have the right to lodge a complaint with a supervisory authority. The Dietologist hopes that you will not have complaints but if you do, please raise them with us. You also have a right to lodge a complaint with the supervisory authority in the EU Member state where you live or work.
- Where we have collected data from you where you have ‘opted in’ for direct marketing purposes pursuant to an offer, the provision of your personal data is a contractual requirement for the delivery of an opt in material. Similarly, if you are arranging a delivery, it is a contractual requirement to take the payment/billing details and delivery information. If you do not provide personal data, we will not be able to provide our products to you.
- Is there automated decision making (including profiling)?
We utilise Facebook, Instagram and Google advertising services, which may utilise automated decision making. Please refer to their privacy statements, available at https://www.facebook.com/policy.php for more information. Please note that we are not affiliated with nor sponsored by Facebook, Instagram or Google.
If you have a concern about management of your personal information, please contact Stefanie Valakas at [email protected]. We can also provide you with a copy of the Australian Privacy Principles, which describe your rights and how your personal information should be handled, on request.
If unsatisfied with our response, you may lodge a formal complaint about the use of, disclosure of, or access to, your personal information, with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a-privacy-complaint or by post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.
Changes to this policy