Collection and Use

We may collect your personal information by various means including when:

• you subscribe to our newsletter,

• you contact us with a question, comment, or inquiry,

• you attend a webinar, seminar, or event where we are hosting or presenting,

• you correspond with us on a social media platform such as Facebook, LinkedIn, Instagram or similar sites,

• you opt-in to receive a free resource from us,

• you book a consultation or purchase a product or service from us,

• you choose to share general information relating to your business or personal life,

• you provide us with a testimonial,

• we search your website or social media in preparation for working with you,

• our website automatically collects information about you and your activities on our site (including analytics and cookies), or

• a third party supplies information to us, such as when you are referred or introduced to us, or if a competition is run and you supply the prize. We live in such a small world we are sure there are only 5 degrees of separation.

Where practicable we will only collect personal information about you directly from you or sources provided by you. However, in some circumstances, we may obtain personal information from a third party. If this information is obtained contrary to this Privacy Policy and the Privacy Act, we will destroy or de-identify such information within a reasonable period.

If you do not provide us with information when requested to do so, we may not be able to carry out your instructions or fully perform our role as a Naturopath or Marma Therapist. Our work relies on preliminary information to support you on your journey, so it is important that you supply us with correct and up to date information.

We use your information to:

• respond to your enquiries,

• provide you with our products or services at your request,

1. Monitor or improve the use of and satisfaction with our website, products or services,

2. Share the latest news and developments relevant to our work,

3. Let you know about our expertise, and products or services that may be of interest to you, and

4. When relevant, order pathology, other reports, and supplements or herbs on your behalf.

We will only collect your information:

• with your full awareness and consent, such as when you email us, tick a checkbox, or fill in a form to provide us with information,

• if we need it to provide you with the information or services that you request,

• if we are legally required to collect it,

• if collecting the information is necessary to preserve life or keep someone safe from harm, or

• for necessary administrative processes if you become our client.

From time to time, we may combine information provided by you with publicly available information gathered from:

• your website,

• Facebook,

• Instagram, and

• LinkedIn.

Sensitive Information

We understand that some information is particularly sensitive and that you are trusting us to keep this information confidential. we take this obligation seriously and will do all that we reasonably can to respect your privacy and ensure the security of your sensitive information.

The sensitive information we collect from you may include:

• your birth date,

• your medical history, including family medical history and mental health,

• information about your lifestyle and diet,

• information about your relationships and family situation,

1. your occupation,

2. your test results, including pathology, and

3. your goals and life purpose.

We will only collect sensitive information by methods that are reasonably secure, such as:

• through our intake form when you book an appointment,

• in an online or face-to-face consultation,

• when you send us information in an email or upload the document directly to our portal, or

• if you hand us documentation (we may scan the information directly to our clinic management system and will shred the original if not necessary).

The reason why we collect your sensitive information is:

• so that we can provide you with the services you have requested from us,

• to ensure that we are providing you with the most appropriate services, and

• to tailor our work together so you get the most out of our services.

Secure Storage of Sensitive Information

We are committed to securely storing and handling your sensitive information.

• Sensitive information is stored in our locked clinic and on our password-protected computer.

• Only we have access to your sensitive information. we use this information to put together treatment plans or to update prescriptions and to ensure we give you personalised treatment that takes into account all relevant details.

• Some sensitive information may be stored securely online, or in the cloud through HeathBank. You can find out more about their security provisions in the section on Security below.

Collection of Information from Minors

Sensitive information may be collected from children under the age of 18 in the presence of their parents or with their parent or guardian’s full consent.

All information collected from minors is securely stored in accordance with this privacy policy.

We have a current Working with Children Check.

Destruction of Sensitive information

All sensitive information is stored in a safe location for 7 years, and in the case of minors, for 7 years after they turn 18 (which means when they turn 25). We keep our business records for 5 years and any accounting and financial information for 7 years from the date of the transaction. Information that is no longer required after this time is securely destroyed.

Disclosure  of  Information

We may disclose your information if required under the following circumstances:

• to provide you with the services you have requested,

• to send you products that you have purchased,

• where disclosure is necessary to carry out your instructions, such as corresponding with someone else on your behalf, requesting pathology or other tests, or ordering supplements,

• where we use support services to assist us in our business,

• to engage in professional supervision, although any information we share under these circumstances is de-identified to preserve client confidentiality, and

• to refer you to other service providers at your request.

Who disclosures are made to

You consent to us sharing relevant information, on a strictly need-to-know basis, with:

• people you authorise us to correspond with, as reasonably required to carry out your instructions,

• our employees or subcontractors, and

• third-party providers who assist us with:

• accounting,

• administration,

• archiving,

• auditing,

• business consulting,

• email marketing,

• legal or financial advice,

• professional supervision,

• website maintenance,

• technological services, and

• the supply of products or testing.

We will also disclose your information if required by law in response to a subpoena, discovery request, or court order, in compliance with mandatory reporting obligations, or in circumstances permitted by the Privacy Act – for example, where we have reasonable grounds to suspect that someone is engaging in unlawful activity or misconduct of a serious nature that relates to our work with you. we may also make a disclosure to an appropriate authority if we have serious concerns about your health, safety, or well-being.

We will use all reasonable means to protect the confidentiality of your information while in our possession or control. We will not knowingly share any of your information with any third party other than the service providers who assist us with necessary business activities or the services We are providing to you. To the extent that we do share your information with third-party service providers, We will only do so if we are satisfied that the service provider has a suitably protective privacy policy of their own, or they have signed a confidentiality agreement with us. Some of our service providers may be overseas and may not be subject to Australian Privacy Laws. You can find further information about the service providers we use under the security section below.

If you have any concerns regarding the disclosure of your information, please do not hesitate to get in touch with us to discuss your needs personally. We are only human and there may be some aspects of privacy protection that we haven’t thought of, but you can be sure that we only have good intentions.

Security

We take reasonable physical, technical, and administrative safeguards to protect your personal and sensitive information from misuse, interference, loss, and unauthorised access, modification, and disclosure.

We manage risks to your information by:

• securely storing files,

• ensuring that only we have access to sensitive information,

• releasing information to service providers on a strictly need-to-know basis, and

• conducting regular audits of our security systems.

As mentioned above, your information may also be stored with a third-party provider, where it will be managed under their security policy. The following security policies may apply during our work together:

• HeathBank - https://www.healthbank.io/privacy

• Facebook ads - https://www.facebook.com/business/m/privacy-and-data

• Instagram Meta - https://privacycenter.instagram.com/policy

• Google Workspace - https://workspace.google.com/intl/en_au/security/

• Squarespace - https://www.squarespace.com/privacy

• Stripe - https://stripe.com/docs/security

• Dropbox - https://www.dropbox.com/security

• Xero - https://www.xero.com/au/security/

• Zoom - https://zoom.us/docs/en-us/privacy-and-security.html

Cookies and Google Analytics

Cookies are small text files that are commonly used by websites to improve a user’s experience, collect statistics or marketing information and provide access to secure areas.

Our website may use cookies from Squarespace analytics, and the Facebook Pixel.

We also currently use Google Analytics to collect information about your use of our website so that we can get strategic information about how our website is being used and improve its functionality. You can find out more about the information Google collects and how it is used here:

https://support.google.com/analytics/answer/6004245.

Google also provides an add-on for your browser that you can use to opt out and prevent your data from being used by Google Analytics. You can access that add-on here:

https://tools.google.com/dlpage/gaoptout.

Notification of Breach

If we have reason to suspect that a serious data breach has occurred and that this may result in harm or loss to you, We will immediately assess the situation and take appropriate remedial action. If we still believe that you are at risk, We will notify the Office of the Information Commissioner and either notify you directly, or if that is not possible, publicise a notification of the breach on this website.

Access to Information

You can contact us to access, correct or update your personal information at any time. Unless we are subject to a confidentiality obligation or some other restriction on giving access to the information which permits us to refuse you access under the Privacy Act, and we believe there is a valid reason for doing so, we will endeavour to make your information available you within 30 days.

Complaints

If a breach of this Privacy Policy occurs, or if you wish to request a change to your personal information, you may contact us by sending an email outlining your concerns to us at hello@pranay.au

If you are not satisfied with our response to your complaint you may seek a review by contacting:

• the Office of the Australian Information Commissioner using the information available at

http://www.oaic.gov.au/privacy/privacy-complaints, or

• the health ombudsman in NSW.

Notification of Change

When we update our Privacy Policy, we will post a copy of the revised policy on our website.