Core Dietetics - Privacy Policy

This document describes the privacy policy of Isabella Rose Stuart Boccalatte trading as Core Dietetics (ABN: 99 488 226 657) (“Core Dietetics”, “we”, “us”) for protecting the privacy of personal information we collect about you, including through our website, located at as well as through the provision of dietetics products and/or services or directly from you.

As a health service provider, we are bound by the legal requirements of the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).

If you do not wish for your personal information to be collected in a way anticipated by this Privacy Policy, we may not be in a position to provide our services to you. In some circumstances, you may request to be anonymous or to use a pseudonym, unless it is impracticable for us to deal with you, or if we are required or authorised by law to deal with identified individuals.

Personal Information We Collect  

The types of personal information we collect include:

·       Name, date of birth, address(es), contact numbers, email address and other contact details;

·       Demographic data such as age and gender;

·       Medicare and NDIS details;

·       Transaction data (including details about payments to and from you and other details of products you have purchased from us);

·       Technical data (including your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website);

·       Profile data (including your username, purchases or orders made by you, your interests, preferences, feedback and survey responses);

·       Usage data (including information about how you use our website, products and services); and

·       Marketing and communications data (including your preferences in receiving marketing from us and our third parties and your communication preferences).

We may collect the above types of personal information from people including website visitors, email subscribers, social media, employment applicants, potential clients and service providers.

Sensitive Information

 We also collect the following sensitive information:

·       Health information, including medical history, medications, allergies, adverse events, immunisations, social history, family history and risk factors;

·       Details of other health service providers involved in your care (e.g. referring doctor's name, phone and address), and copies of any referral letters and/or medical reports and test results (e.g. pathology results, imaging reports); and

·       Healthcare identifiers and health fund details.

We usually will only collect sensitive information from clients we are providing services to, or potential clients who have requested our services.

How We Collect Personal Information

We are committed to using lawful and fair means to collect personal information and collecting it from others only when it is unreasonable or impracticable to obtain certain information from our clients directly.

We collect personal information in a number of ways:

·       When someone visits our website;

·       When someone makes an enquiry with us (for example, by telephone or email);

·       When someone purchases a product (including digital products or online courses) or service from us;

·       When someone signs up to a marketing subscription, such as a newsletter sign-up form;

·       When someone contacts us via email or our website;

·       When someone completes a client intake questionnaire; and

·       When someone participates in one of our programs or services.

We collect sensitive information in more limited circumstances, such as:         

·       When someone makes an enquiry with us and the sensitive information is disclosed to us to facilitate referral to an appropriate service provider (such as to Pelviology);

·       When someone is referred to us by another service provider through a referral (such as Pelviology); and

·       When someone participates in one of our programs, online courses or services and the sensitive information is disclosed to us to facilitate the delivery of the program or service.

We limit the circumstances in which we collect personal and sensitive information indirectly. This may be where a person has authorized us to collect information from other health service providers they have disclosed information to (for example, information provided via referral or medical reports).

How We Hold and Protect Personal and Sensitive Information

We store all personal information we collect electronically, including on or within:

·       Dedicated information storage software, such as client relationship management (CRM) software (such as Cliniko);

·       The backend of our website; and

·       The backend of our social media accounts, such as Facebook and Instagram.

Security

We are committed to ensuring that the personal information we hold is secure and protected from misuse, interference, loss and unauthorised access, modification or disclosure. We undertake the following precautions to protect personal information we hold:

·       our website contains pages encrypted with SSL (Secure Sockets Layer) to ensure the safety of any data that is submitted through use of this website;

·       we limit access to personal information to a “need-to-know” basis;

·       the backend of our website and social media accounts is password protected;

·       we protect devices we use to collect, hold, use and disclose personal information with industry-standard anti-virus software;

·       our devices are protected by passwords and are stored in secure premises;

·       data is securely stored on cloud servers within Cliniko;

·       conversations involving the discussion of personal information take place in private, where conversations are unable to be overheard by unauthorised personnel. Where administrative staff are required to discuss your personal information at reception, including where they collect such information from you in person, they speak quietly and respectfully, having regard to whether others are present; and

·       if we no longer need personal information, we take reasonable steps to delete or de-identify the information.

We take extra precautions to protect sensitive information, including:

·       all sensitive information is held in secure storage systems protected by passwords;

·       we limit access to sensitive information to a “need-to-know” basis;

·       we password protect client documents;

·       we protect devices we use to collect, hold, use and disclose sensitive information with industry-standard anti-virus software;

·       our devices are protected by passwords and are stored in secure premises;

·       data is securely stored on cloud servers;

·       all hard copies of sensitive information are actioned as soon as possible and securely shredded in a timely manner; and

·       all conversations involving the discussion of sensitive information take place in private, where conversations are unable to be overheard by unauthorised personnel.

If a data breach occurs involving personal information and the breach is likely to cause harm, we will notify the individual as soon as possible after the occurrence in accordance with our obligations under the Privacy Act and related legislation.

Why We Collect, Hold, Use and Disclose Personal and Sensitive Information

We collect, hold, use and disclose personal information as is reasonably necessary for us to operate our business and provide our services, including for the following purposes:

·       to contact and communicate with clients and potential clients;

·       for the purpose of booking and delivering our services and products;

·       to verify transactions to ensure that we are not subject to any potential risk or fraudulent activity;

·       to deliver digital and physical products;

·       to ensure we are the right fit for clients;

·       to ensure the accurate and safe provision of services;

·       to communicate with other healthcare providers involved in a person’s care;

·       to facilitate referrals with other practitioners (such as Pelviology);

·       to conduct activities relating to research, quality assurance and improvement processes, accreditation, audits, risk and claims management, client satisfaction surveys and staff education and training;

·       to market to you and others, including remarketing (this may involve the use of a Facebook pixel, Google Ads or similar technology to allow us to display our advertising to you elsewhere on the internet, for example, on Google or Facebook);

·       when required for administrative and internal record keeping for a minimum of 7 years after our last contact;

·       for statistical purposes; and

·       as required by law.

We may disclose personal and sensitive information about you to a relevant authority or medical professional if we reasonably form the view that you are a danger to yourself or others. This may include disclosure to your medical team, emergency department, general practitioner, relative or other nominated next of kin. We are also required by our professional obligations to prepare a formal report which will be communicated to your general practitioner or other appropriate medical professional.

We only collect, hold, use and disclose sensitive information where it is necessary for us to provide a service we have been engaged to perform, and not for any unrelated purposes (for example, for research or marketing), unless we have received the person’s prior informed consent.

We do not disclose information to overseas third parties.

We never sell or rent personal or sensitive information we collect.

Shared Access to Cliniko

Please be aware that we maintain a shared Cliniko account (practice/ client relationship management software) with our trusted colleagues at Pelviology. We do this because a high percentage of our clients are also clients of Pelviology and this allows us to facilitate a smoother collaboration between members of your potential treatment team.

By becoming a client of ours, you consent to this policy, which includes consenting to your information being accessible by the team at Pelviology.

The team at Pelviology will have access to your client file which will contain your personal and sensitive information. While we prevent access by the Pelviology admin team to your treatment notes, they will still be able to view your client file.

Pelviology physiotherapists and practitioners will also have access to your client file and treatment notes irrespective of whether a referral has been facilitated.

If you do not want your information to be shared with Pelviology, please let us know as soon as possible by emailing info@coredietetics.com.au.

 Your Consent

We request your consent to the processing of your personal data (including sensitive information) for the purposes set out in the above clause.

You give us consent to process your personal data. You can withdraw that consent at any time by sending an email to info@coredietetics.com.au. If you ask us to, we will stop using your personal data as soon as possible.

Cookies

As you probably know, a cookie is a small text file that’s placed on your computer to help us remember your preferences, like your login information or location. Cookies are used for a variety of reasons. We use cookies to make it easier and faster for you to use our website.

We also use cookies for security purposes to protect you online. We and our third-party vendors may also use cookies to display advertisements to you elsewhere on the internet.

You can block the use of cookies by selecting the appropriate settings on your browser. You can opt out of third-party vendor cookies by visiting your Google Ad settings or http://www.networkadvertising.org/managing/opt_out.asp.

Please note that the website may not work as well for you if you disable cookies.

Links

To help you find more information, we sometimes include links to other helpful websites from our website. Please note that this privacy policy only applies to information that we collect on our website (not any other site).

As we aren’t responsible for data collection on those other sites, our privacy policy won’t apply. We can’t guarantee any of the privacy practices of other websites, so please be safe and make sure you read their privacy policy before giving them your personal details.

Access, Concerns, Correction and Deletion

 Access:

You can request details of personal information that we hold about you in certain circumstances set out in the Privacy Act 1988 (Cth) (the Act). We may refuse to provide you with information that we hold in certain circumstances set out in the Act. Otherwise, we will provide access to the information if it is reasonable and practicable to do so. In most cases we will do this free of charge, but if your request requires significant effort or expense on our part, we might ask for compensation for that.

Correction:

If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us at info@coredietetics.com.au.

We will endeavour to promptly correct any information found to be inaccurate, incomplete, or out of date and to notify of the correction, unless it is impracticable or unlawful to do so.

Deletion:

If you want us to delete personal information we hold about you or to not collect information from you for a specific purpose, please contact us at info@coredietetics.com.au.

Please note that if we agree to delete information, because of backups and records of deletions, it may be impossible to completely delete the information without retaining some residual information.

We will respond to any request to access, correct or delete information within a reasonable time.

Unsubscribe
We like to keep our customers and website visitors up to date, so from time to time we will send you newsletters, invitations and updates. Not to worry: our emails will always come with an "Unsubscribe" button, so you can opt out at any time. To unsubscribe from our email database, or opt out of communications, use the “Unsubscribe” button in our communication or contact us using the details set out below.

Concerns

If you have a concern about the management of your personal information, please contact Isabella Boccalatte at info@coredietetics.com.au. We can also provide you with a copy of the Australian Privacy Principles, which describe your rights and how your personal information should be handled, on request.

If unsatisfied with our response, you may lodge a formal complaint about the use of, disclosure of, or access to, your personal information, with the Office of the Australian Information Commissioner by phone on 1300 363 992, online at http://www.oaic.gov.au/privacy/making-a-privacy-complaint or by post to: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001.

Changes to this policy

If we decide to change our Privacy Policy, we will let you know by posting an updated version on our website.

 Contacting us

For any questions or notice, please contact us by emailing info@coredietetics.com.au.

This privacy policy was last updated: 13 November 2024.