Privacy Policy

1. Types of Personal Information We Collect and Hold

1.1 The types of personal information that we may collect includes:

• (a) personal details such as name, age, gender, date of birth, and current employment status;
• (b) contact details such as home address, email address, telephone number and other contact details;
• (c) health and lifestyle information including previous and current health and medical history, allergies, medications or current treatments, social history, family history and risk factors, body composition data, dietary intake, and training history;
• (d) profile data including purchases or orders made by you, your interests, preferences, feedback, and survey responses;
• (e) transaction data which may include details about payments to and from you and other details of products and services you have purchased from us;
• (f) records of our interactions with you including any customer service and survey results;
• (g) marketing and communication preferences;
• (h) any other personal information that may be required to facilitate your dealings with us;
• (i) any other personal information you may volunteer;
• (j) information required for automated decision making processes, including where we use artificial intelligence (AI) or other software.

1.2 Wherever lawful and practical, you have the option of not identifying yourself (or using a pseudonym) when dealing with us.

2. How We Collect Personal Information

2.1 We collect your personal information in several different ways, including by way of:

• (a) when you voluntarily acquire our Services;
• (b) correspondence, social applications or services, mail, email, or telephone;
• (c) when you visit our Website;
• (d) when you complete intake forms, questionnaires, or booking forms prior to or during your consultations.

2.2 Where possible, we will collect your personal information directly from you. However, where it is not reasonable or practicable to do so, we may collect information about you from third parties. For example, personal information may be collected from:

• (a) your guardian or responsible person (if under 18);
• (b) other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services, and diagnostic imaging services (including DEXA scan providers);
• (c) public sources; or
• (d) our service providers.

2.3 In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

2.4 If we receive your personal information from third parties, we will protect it as set out in this Privacy Policy.

2.5 If you do not provide us with personal information when requested to do so, we may not be able to provide our Services to you, carry out your instructions, or otherwise achieve the purpose for which the information has been sought.

2.6 We may hold your personal information in hard copy files and/or electronic files.

2.7 We will destroy or de-identify information where we form the opinion that the information has been provided to us unlawfully or unfairly.

3. Why We Collect, Hold, Use and Disclose Your Personal Information

3.1 We will use and disclose your personal information only for the purpose (the "primary purpose") for which you provide it to us, which may include:

• (a) to provide you with any services that you may request, including nutrition consultations, body composition assessments, and associated reporting;
• (b) to contact and communicate with you and otherwise provide client support;
• (c) to maintain a database of clients and subscribers;
• (d) for internal administration and operational purposes such as preventing fraud and abuse of our systems;
• (e) to assist in providing better services to you by tailoring the Services to meet your needs;
• (f) to provide you with further information about us or services offered by us that we consider may be of interest to you;
• (g) to carry out marketing, promotional and publicity activities (including direct marketing), market research and surveys;
• (h) to keep our Website relevant and of interest to users;
• (i) to allow us to run our business and perform administrative and operational tasks;
• (j) to comply with legal and regulatory requirements; and
• (k) for any other purpose which is stated to you at the time of collection or that you otherwise authorise.

3.2 When we collect personal information, we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

3.3 Sensitive information: Due to the nature of our business as a dietetic practice, we will collect sensitive personal information from you including health information, body composition data, and dietary history. This sensitive information will be used by us only:

• For the primary purpose for which it was obtained;
• For a secondary purpose that is directly related to the primary purpose;
• With your consent; or where required or authorised by law.

4. Automated Decision Making & AI Transparency

If we use automated systems such as Artificial Intelligence (AI) or algorithms either now or at any time in the future, we will:

• Inform you when a decision affecting you has been made automatically;
• Provide transparency on the criteria used in the automated processes; and
• Allow you to request human review of an automated decision where legally required or where decisions significantly impact your rights.

5. Cookies, Web Beacons & Google Analytics

While we do not use browsing information to identify you personally, we may use cookies and tracking technologies to collect certain information about your use of our website and enhance user experience.

A cookie is a small file containing a string of characters that is sent to your computer or mobile device when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. Cookies may store unique identifiers, user preferences and other information. You can reset your browser to refuse or disable all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies. While cookies do not tell us your email address, they do allow third parties, like Google, to track you as part of re-targeting campaigns where they are used.

We also use Google Analytics to collect and process data from time to time.

6. Who Do We Share Your Personal Information With?

6.1 We may disclose your personal information to:

• (a) third party contractors engaged to perform functions or provide services relating to the purposes for which we collect personal information, including DEXA scan providers and imaging services. We will do our best to ensure that their privacy practices adhere to similar standards of protection;
• (b) third party service providers who work on behalf of or with us to provide administrative and other services, such as processing payments. We require such service providers to agree not to use such information except as necessary to provide the services to us;
• (c) our contractors and related entities on a need-to-know basis to continue to provide our services to you;
• (d) professional advisers, dealers, and agents;
• (e) any party to whom our assets or business may be transferred or with whom we are merged;
• (f) when it is necessary to lessen or prevent a serious threat to a client's life, health or safety or public health or safety;
• (g) when you are unable to act on your own behalf due to a health condition, we may need to discuss your health information with relatives or emergency contacts in order that you are provided with appropriate care;
• (h) when there is a statutory requirement to share certain personal information.

6.2 We are committed to ensuring that any personal information we share is complete, accurate, up-to-date and relevant.

6.3 We may also disclose your personal information if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.

6.4 At your request, we will share your personal information with your representative or any person acting on your behalf.

7. Doxxing

It is a criminal offence to publish personal information online with the intent to harass, threaten or cause harm. We comply with all laws relating to privacy and doxxing and take measures to prevent unauthorised disclosure of personal information online.

8. Communications and Marketing

8.1 We may from time to time use your personal information in order to communicate and market our services to you via newsletters, email updates, and information about our products and services. These communications may be sent in various forms including mail, SMS, and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). You may opt out of direct marketing at any time by notifying us in writing or by using the opt-out facilities provided in the communication.

8.2 We do not provide your personal information to other organisations for the purposes of direct marketing.

9. How We Store and Protect Your Personal Information

9.1 We are committed to ensuring the safety and security of your personal information. We will take reasonable technical and organisational precautions to protect your information from misuse, interference, loss, unauthorised access, modification, or disclosure. For example:

• We limit access to personal information to a need-to-know basis;
• We store data securely on cloud servers or other types of networked or electronic storage, with providers who are subject to encryption and data protection policies;
• Our devices are protected by password and stored in secure premises;
• All conversations involving the discussion of personal information take place in private, where they are unable to be overheard by unauthorised personnel.

9.2 Despite our best efforts to securely store your information, due to the nature of email and the internet, we cannot guarantee the privacy or confidentiality of your personal information.

9.3 If you communicate with us via electronic means such as email, Zoom, contact forms or social media platforms, we do not have full control over the transmission or storage of any personal information disclosed. By participating in such forms of communication you understand and accept that there is an inherent risk of disclosure or loss of your personal information for which we cannot be held responsible.

9.4 We will destroy or de-identify your personal information when it is no longer needed for the purpose for which it was obtained, except where we have a legal obligation to retain such information, such as your health information. We will never permanently store complete credit card details.

9.5 When you provide us with personal information, that information may be collected, stored, and processed on servers located outside of Australia. It is not always practicable to know in which country your information may be accessed or held.

10. Links to Other Sites

10.1 We may provide links on our Website to third party websites for your information and convenience. Please note we do not have any control over such websites and are therefore not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. We encourage you to read their privacy policy before giving them your personal information.

11. How You Can Access and Correct Your Personal Information

11.1 We will take reasonable steps to ensure that any personal information we collect is up-to-date, complete, relevant and not misleading.

11.2 You may contact us using the details set out below to seek any of the following:

• (a) Access: You can ask to be provided with full information about the personal information we hold about you.
• (b) Change or correct information: You can ask us to change or correct any information we hold about you.
• (c) Delete your personal information: You can ask us to delete or destroy your personal information. Please note that certain conditions may apply, and that if we agree to delete your information, it may be impossible to completely delete it due to backups and records of deletions. However, we will functionally delete the information and not sell, transfer, or use your personal information going forward.

11.3 We will respond to any request to access information within a reasonable time.

11.4 We will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal information.

11.5 To protect your personal information, we may require identification from you before releasing the requested information.

12. Complaints About a Privacy Breach

12.1 We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it within 30 days.

12.2 If you are not satisfied with our response, you may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require you to give us time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.

13. Overseas Transfer

We may disclose personal information to third parties and contracted service providers located outside Australia for processing, storage, administrative or back-up purposes.

If we transfer personal information overseas, we take reasonable steps to ensure that overseas recipients handle personal information in accordance with the Australian Privacy Principles (APPs) and applicable privacy laws. However, you acknowledge that by consenting to the disclosure of your personal information to overseas recipients, you accept that:

• We may not be able to monitor or control how those overseas recipients handle your personal information;
• We are not required to take further steps to ensure compliance beyond those prescribed by law; and
• We will not be liable for any breach of the APPs or the Privacy Act 1988 (Cth) by those overseas recipients.

Any changes to this Privacy Policy will be posted onto the Website. Unless stated otherwise, changes will be effective immediately upon being placed onto the Website. Your continued use of the Website means you agree to be bound by the amended Privacy Policy.