PRIVACY POLICY

Privacy Act

  1. Emma Katherine Adderley ABN 12 717 143 579 trading as Em Adderley Nutrition (“we/us”) is bound by the Privacy Act 1988 (the Act) and the Australian Privacy Principles (APP). 

  2. We are an APP entity as defined in s 6(1) of the Act.  

  3. We are required to have a Privacy Policy about how we manage personal information and health information, as defined in the Privacy Act.

  4. We are committed to providing quality nutrition services, this policy outlines our ongoing obligations to you in respect of how we manage, collect, and use your personal and health information. It also outlines the circumstances in which we may share this information with third parties. 

  5. We collect and hold personal information relating to our clients and to other people and entities associated with our clients as may be provided or disclosed to us in the course of providing our services. 

Personal Information 

  1. Personal Information is information or an opinion about an identified individual or an individual who is reasonably identifiable.  The Personal Information we collect may include, but is not limited to: -

    a) names

    b) addresses

    c) gender

    d) date of birth 

    e) telephone numbers

    f) social media details

    g) email address

Sensitive Information is a subset of Personal Information and includes information or an opinion about your: -

a) health information

b) genetic information

c) social history

d) family medical history

e) Medicare number for identification and claiming purposes

f) healthcare identifiers

g) health fund details

h) racial or ethnic origin

i) political opinions

j) religious beliefs or affiliations

k) philosophical beliefs

l) sexual orientation

m) criminal record

Why Personal Information is Collected, Held, Used and Disclosed

  1. The purposes for which we collect, hold, use and disclose Personal Information are: -

    a) Our primary purpose for collecting, using, holding, and sharing your Personal Information is to provide you nutrition support and one on one nutrition services.

    b) To offer our products and services to our clients. In doing so we may disclose personal information to other people or entities involved in the provision of the product or service, such as government departments and individuals. Unless compelled by law, we will never disclose personal information without your knowledge and consent.

    c) Our online bookings and SMS reminders are facilitated through Acuity Scheduling. If you subscribe to this service, it’s necessary for Acuity Scheduling to access your personal details. For more information on their privacy and security policy please visit their website (www.acuityscheduling.com).

    d) Telehealth consultations are facilitated with Zoom. For more information on their privacy and security policy please visit their website (https://zoom.us).

    e) To facilitate our internal and external administrative processes including business operations, reporting requirements and payments.

    f) To obtain, maintain and comply with the terms of our professional indemnity and other insurance policies.

    g) To comply with applicable laws.

  2. Sensitive Information will be used by us only: -

    a) For the primary purpose for which it was obtained

    b) For a secondary purpose that is directly related to the primary purpose

    c) With your consent, or where required or authorised by law.

  3. All data is processed by us on a lawful basis.

  1. How Personal Information is Collected 

Personal Information is collected in the following ways: -

a) during in person consultations.

b) during telehealth consultations.

c) via telephone, email or SMS message.

d) via our website or social media.

e) via your registration form prior to your first consultation.

f) During the course of providing nutrition services, we may collect further Personal Information. Information can also be collected through multidisciplinary team arrangements (GP or Psychologist).

g) In some circumstances, Personal Information may also be collected from other sources as it may not be practical or reasonable to collect it from you directly. This may include information from: -

(i) Your guardian or responsible person.

(ii) Other involved healthcare providers, such as general practitioners, specialists, psychologists, allied health professionals, hospitals, community health services, and pathology and diagnostic imaging services.

(iii) Your health fund, Medicare, or the Department of Veteran’s Affairs (as necessary).

How Personal Information is Stored/Held

  1. Personal Information may be stored and held either as a hard copy, paper, or a soft copy being electronic data, in any available form.  Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification, or disclosure.

  2. We take the security of Personal Information very seriously. We secure hard copy documents carefully and securely. We use cyber-security systems to protect soft copy documents. 

  3. When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

Why and When Your Consent is Necessary

  1. When you register as a client, you provide consent for us to access and use your Personal Information. This is enables us to provide the best possible healthcare. 

  2. Only employees who need to see your Personal Information will have access to it. 

  3. If we need to use your Personal Information for any other purpose, we will seek additional consent from you to do this.

How can Personal Information be Accessed or Corrected? 

  1. Clients may seek access to their Personal Information and/or the correction of it at any time by contacting our office at support@emadderleynutrition.com. We will respond within 30 days and you may be charged administrative fees. 

  2. Clients will be formally identified before releasing or amending any Personal Information. 

  3. We will take reasonable steps to correct your Personal Information where the information is not accurate or up to date. From time to time, we may ask you to verify that your Personal Information held by us is correct and current.

Disclosure of Personal Information 

  1. Your Personal Information may be disclosed in a number of circumstances including the following: -

    a) Third parties where you consent to the use or disclosure (e.g., agreed-upon healthcare providers). 

    b) Where required or authorised by law (e.g., court subpoenas)

    c) When it is necessary to lessen or prevent a serious threat to a clients life, health or safety, or public health or safety, or it is impractical to obtain the patient’s consent.

    d) To assist in locating a missing person.

    e) To establish or defend an equitable claim.

    f) For the purpose of a confidential dispute resolution process.

  2. Other than in the course of providing nutrition services or as otherwise described in this policy, we will not share Personal Information with any third party without your consent.

  3. We will not use your Personal Information for marketing any of our goods or services directly to you without your express consent. If you do not consent, you may opt-out of direct marketing at any time by notifying us in writing.

Disclosure Outside of Australia

Where necessary we may disclose Personal Information to overseas recipients. However, it is unlikely that Personal Information will be sent overseas. 

What is the Complaints Process Relating to Personal Information? 

If there is a breach of this privacy policy, either of the Act or the Australian Privacy Principles (APP), a complaint may be made by the client to: -

a) our office in writing at support@emadderleynutrition.com; or

b) the Office of the Australian Privacy Commissioner. 

Data Breaches 

We are responsible for protecting the confidentiality of Personal Information and business information. We will investigate any data breach, or suspected data breach, as soon as possible. 

What is an Eligible Data Breach? 

An Eligible Data Breach, defined in s 26WE(2) of the Act, is when: -

a) both of the following conditions are satisfied: -

(i)there is unauthorised access to, or unauthorised disclosure of, the information;

(ii) a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or 

b) the information is lost in circumstances where: 

(i) unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and

(ii) assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates;… 

If there is a suspicion of a breach

  1. If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment will be conducted within 30 days. 

  2. If we believe or have reasonable grounds to believe there has been a breach then a statement will be prepared setting out: -

    a) the business’s details; 

    b) a description of the breach;

    c) the kind or kinds of information concerned; and

    d) recommendations about the steps that we will take in response to it. 

  3. If practicable, we will advise the contents of the statement to each of the affected clients who may be at risk from the breach. If this is not practicable we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method. 

  4. The statement will be submitted to the Privacy Commissioner. 

Exception to reporting 

Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals.