Privacy Policy
Introduction
This is the private policy of Ali Crampton trading as Salūs by Ali Crampton, operated by Alison Crampton (ABN: 92867484885). If you have any questions or need further information please email salusbyalicrampton@gmail.com.
Current as 24/10/23
Registered with NHAA
Membership Number: 158842
Salūs by Ali Crampton acts in accordance with key legislation and regulatory requirements for respecting and maintaining client information and their privacy. Personal information is required to provide professional health services. This document describes how I collect and manage your personal and sensitive information when you interact with my business. If you have any questions or concerns about how your personal or sensitive information is being handled, please do not hesitate to contact me. I comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act). I understand that visitors from the EU may access this site, so I also aim to comply with the General Data Protection Regulations (GDPR).
PERSONAL INFORMATION
If you engage with me via this website, or choose to become my client I may ask to collect the following kinds of personal information from you, including:
Your name, email address, phone number, postal address, DOB and occupation
Country of residence
I may collect and use your personal information in order to:
Respond to your enquiries.
Provide you with my products or services at your request.
Monitor or improve the use of and satisfaction with my website, products, or services.
Share the latest clinic news and developments relevant to my work.
Let you know about my expertise, and services/products that may be of interest to you.
COLLECTION OF PERSONAL INFORMATION
This practice will need to collect your personal information to provide quality health care services to you and manage your health needs. Where practicable, I will only collect personal information about you directly from you or sources managed by you. However, in some circumstances I may obtain personal information from a guardian or third party. If this information is obtained contrary to this Privacy Policy and the Privacy Act, I will destroy or de-identify such information within a reasonable period.
I may collect your personal information by various means including:
You contact me with a question, comment, or inquiry.
You attend a webinar, seminar, or event where I am hosting or presenting.
You correspond with me on a social media platform such as Facebook, LinkedIn, Instagram, or similar platforms.
You book a consultation or purchase a product or service from me.
When you make your first appointment I will collect your personal and demographic information via the discovery form. During the appointment, I may gather additional personal information.
You share general information relating to your business or personal life.
You provide me with a testimonial.
You book a consultation or purchase a product or service from me.
You share general information relating to your business or personal life.
A third-party supplies information to me such as when you are referred, allied health professional, hospitals, pathology lab, diagnostic imaging services or introduced to me by a mutual acquaintance.
I will only collect your information:
With your full awareness and consent, such as when you email me, tick a checkbox, or fill in a intake form to provide me with information.
If I need it to provide you with information or services that you request.
If I am legally required to collect it.
If collecting the information is necessary to preserve life or keep someone safe from harm.
For administrative processes if you become a client of mine.
If I believe that I can demonstrate a legitimate interest in using your data for marketing purposes, although I will always give you a choice to opt out.
If you do not provide me with information when requested, I may not be able to carry out your instructions or achieve the purpose for which the information has been sought.
I may, from time to time, send you updates about the services I provide if you have requested to receive such communications through opt-in process. You can opt out of receiving any further such communications or “unsubscribe” option at the bottom of any marketing e-mail sent from me.
SENSITIVE INFORMATION
I understand that some information is particularly sensitive, and that you are trusting me to keep this information confidential. This sensitive information I collect from you may include BOB, medical history, current and previous medications, family history, previous pathology tests or investigation results, allergies and allergic reactions, diet and lifestyle history.
I will only collect sensitive information by methods that are reasonably secure, such as:
through my intake form in Simple Clinic when you book an appointment. Please refer to Simple Clinic’s privacy policy for more information https://docs.simpleclinic.net/patient-privacy-policy/.
in a secure Zoom consultation or face to face.
in a secure payment method such as Stripe.
when you send me information in an email (please note that email may not be sufficiently secure – if the information is extremely sensitive, please feel free to ask me about alternative ways to share it with me).
The reason why I collect your sensitive information is:
so that I can provide you with the services you have requested from me and have an overall picture of your health.
to ensure that I am providing you with the most appropriate services.
I am committed to securely storing and handling your sensitive information.
Sensitive information is stored in a on a password protected computer/smart phone
I will only have access to your sensitive information.
Some sensitive information may be stored securely online, or in the cloud through Simple Clinic. You can find out more about their security provisions in the section on Security below.
COLLECTION OF INFORMATION FROM MINORS
All information collected from children under the age of 18 is classified as sensitive information.
Sensitive information may be collected from children under the age of 18 under the following circumstances:
in the presence of their parents.
with their parent or guardian’s full consent.
All information collected from minors is securely stored in accordance with this privacy policy.
DISCLOSURE OF INFORMATION
I may disclose your information if required under the following circumstances:
to provide you with the services you have requested
to refer you to other service providers at your request.
to send you products that you have purchased.
where disclosure is necessary to carry out your instructions, such as corresponding with someone on your behalf (with your authorisation), requesting pathology testing and/or ordering supplements.
where I use support services to assist me with my business.
to engage in professional supervision, although any information I share under these circumstances is de-identified to preserve client confidentiality.
WHO DISCLOSURES ARE MADE TO:
You consent to me sharing relevant information when required with:
People you authorise me to correspond with, as reasonably required to carry out your instructions.
My employees / subcontractors
Third party providers who assist with
- accounting
- administration
- archiving
- auditing
- business consulting
- email marketing
- legal or financial advice
- professional supervision
- website maintenance
- technological services
I will also disclose your information if required by law in response to a subpoena, discovery request or a court order, in compliance with mandatory reporting obligations, or in circumstances permitted by the Privacy Act – for example, where I have reasonable grounds to suspect that someone is engaging in unlawful activity, or misconduct of a serious nature, that relates to my work with you. I may also make a disclosure to an appropriate authority if I have serious concerns about your health, safety, or wellbeing.
I will use all reasonable means to protect the confidentiality of your information while in my possession or control. I will not knowingly share any of your information with any third party other than the service providers who assist me with necessary business activities or the services I am providing to you. To the extent that I do share your information with third-party service providers, I only do so if I am satisfied that the service provider has a suitably protective privacy policy of their own, or they have signed a confidentiality agreement with me. Some of my service providers may be overseas and may not be subject to Australian Privacy Laws. You can find further information under the Security section below.
If you have any concerns regarding the disclosure of your information, please do not hesitate to get in touch with me via email to discuss this personally.
SECURITY
I take reasonable physical, technical, and administrative safeguards to protect your personal and sensitive information from misuse, interference, loss, and unauthorised access, modification, and disclosure.
I manage risks to your information by:
storing files securely.
ensuring that only I have access to sensitive information.
releasing information to service providers on a strictly need-to-know basis.
conducting regular audits of my security systems.
As mentioned above, your information may also be stored with a third-party provider, where it will be managed under their security policy. The following security policies may apply during our work together:
· Calendly - https://calendly.com/security
· Facebook ads - https://www.facebook.com/business/m/privacy-and-data
· Google Workspace - https://workspace.google.com/intl/en_au/security/
· Mailchimp - https://mailchimp.com/about/security/
· Paypal - https://www.paypal.com/re/webapps/mpp/paypal-safety-and-security
· Simple Clinic - http://docs.simpleclinic.net/patient-privacy-policy/
· Squarespace - https://www.squarespace.com/privacy
· Stripe - https://stripe.com/docs/security
· Xero - https://www.xero.com/au/security/
· Zoom - https://zoom.us/docs/en-us/privacy-and-security.html
If you are communicating with me via electronic means such as email, Zoom, contact forms, Instagram, or Facebook, I may not have full control over the transmission or storage, or any personal information disclosed. You agree that by participating in such forms of communication you understand and accept that there is an inherent risk of disclosure or loss of your personal information for which I cannot be held responsible. If you are concerned about transferring particularly sensitive information, please ask me about alternative options that may be more secure.
COOKIES AND GOOGLE ANALYTICS
Cookies are small text files that are commonly used by websites to improve a user’s experience, collect statistics or marketing information, and provide access to secure areas. Our website may from time-to-time use cookies to analyses website traffic and help us provide a better website visitor experience.
You can choose to configure your browser settings not to accept cookies, but this may interfere with the functioning of this website.
My website uses the following cookies:
· Analytical cookies from Squarespace tracking how my website is used.
I use Google Analytics to collect information about your use of my website so that I can get strategic information about how my website is being used and improve its functionality. You can find out more about the information Google collects and how it is used here:
https://support.google.com/analytics/answer/6004245.
Google also provides an add-on for your browser that you can use to opt-out and prevent your data being used by Google Analytics. You can access that add-on here:
https://tools.google.com/dlpage/gaoptout.
ACCESS TO INFORMATION
You can contact me to access, correct or update your personal information at any time. Unless I am subject to a confidentiality obligation other restrictions on giving access to the information which permits me to refuse you access under the Privacy Act, and I believe there is a valid reason for doing so, I will endeavour to make your information available to you within 30 days.
COMPLAINTS
If a breach of this Privacy Policy occurs, or if you want to a request a change to your personal information, you may contact me by sending an email outlining your concerns to me at xyz I will aim to respond within 30 days.
Complaints and concerns regarding privacy very are taken very seriously. Please express any privacy concerns you may have in writing. I will then attempt to resolve it in accordance with our resolution procedure.
If you are not satisfied with my response to your complaint, you may seek a review by contacting:
· the Office of the Australian Information Commissioner using the information available at http://www.oaic.gov.au/privacy/privacy-complaints
· the Health Care Complaints Commission (HCCC) using the information available at https://ecomplaints.hccc.nsw.gov.au
NOTIFICATION OF CHANGE
When I update my Privacy Policy, I will post a copy of the revised policy on my website and notify all patients of amendments to this policy.
NOTIFICATION OF BREACH
If I have reason to suspect that a serious data breach has occurred and that this may result in harm or loss to you, I will immediately assess the situation and take appropriate remedial action. If I still believe that you are at risk, I will notify the Office of the Information Commissioner and either notify you directly, or if that is not possible, publicise a notification of the breach on this website.
THANK YOU
This Privacy Policy was created with the support of Carefree Counsel. Copying it without permission is an infringement of my copyright and Carefree Counsel’s.