Privacy Policy

Introduction

This is the Privacy Policy of Di Hill Wellness (ABN: 40709488903). If you have any questions or need further information, please email Dianne Hill at admin@dihillwellness.com.au

I am committed to protecting your privacy, whether you are a contact, customer, supplier or contractor of mine.

This document describes how I collect and manage your personal and sensitive information when you interact with my business. I take this responsibility very seriously. If you have any questions or concerns about how your personal or sensitive information is being handled, please do not hesitate to contact me.

I comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act).

I choose to voluntarily comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act).

I understand that visitors from the EU may access this site, so I also aim to comply with the General Data Protection Regulations (GDPR).

Personal Information

If you engage with me via this website, or choose to become my client I may ask to collect the following kinds of personal information from you, including:

• Your name, email address and phone number

• The country that you live in or your home address

• Your health concerns

• Your opinion about future topics, products or services that may interest you

• Information that allows me to tailor my content to your needs when you sign up for one of my services, webinars or promotional events

• your IP address, and information about your browsing history to help me improve the usability and appeal of my website (more information about this is found in the section on Cookies below)

EMPLOYEE/CONTRACTORS

• If you are an employee or contractor, or propose working with me in that capacity, information about your qualifications, skills and work experience such as in the form of a CV. 

SUPPLIERS

• If you are a supplier or prospective supplier, information about your business skills, services, products and prices. 

COLLECTION AND USE

I may collect and use your personal information to:

• respond to your enquiries

• provide you with my products or services at your request

• monitor or improve the use of and satisfaction with my website, products or services

• share the latest news and developments relevant to my work

• let you know about my expertise, and products or services that may be of interest to you

REQUIRED INFORMATION 

If you do not provide me with information when requested to do so, I may not be able to carry out your instructions or achieve the purpose for which the information has been sought.

UNSUBSCRIBE

I may, from time to time, send you emails, e-newsletters, invitations and updates about my services. I will only do so if you have requested to receive such communications through a double opt-in process (for example, when you sign up to my newsletter, you would have to confirm subscription by clicking on a link in an email). You can opt out of receiving any further such communications by replying to the message you received, or by clicking the “unsubscribe” option at the bottom of any marketing e-mail received from me. 

Collection of Personal Information

Where practicable I will only collect personal information about you directly from you or sources managed by you. However, in some circumstances I may obtain personal information from a third party. If this information is obtained contrary to this Privacy Policy and the Privacy Act, I will destroy or de-identify such information within a reasonable period.

I may collect your personal information by various means including when:

PERSONAL INFO COLLECTION

• you contact me with a question, comment or inquiry

• you subscribe to my email newsletter

• you opt in to receive a free resource from me or sign up for my newsletter

• you attend a webinar, seminar or event where I am hosting or presenting

• you correspond with me on a social media platform such as Facebook, LinkedIn, Instagram or similar sites

• you book a consultation or purchase a product or service from me

• you book a consultation, package or purchase a product or service from me

• you share general information relating to your business or personal life

• you provide me with a testimonial (only first name and first initial of last name will be used with your testimonial and no specific personal medical information will be used) 

• I visit your website or social media profiles in preparation for working with you

• My website automatically collects information about you and your activities on my site (including analytics and cookies – more information on this is set out below)

• a third party supplies information to ne, such as when you are referred or introduced to me by a mutual acquaintance

I will only collect your information under the following grounds:

• with your full awareness and consent, such as when you email me, tick a checkbox or fill in a form to provide me with information

• if I need it to provide you with information or services that you request

• if I am legally required to collect it

• if collecting the information is necessary to preserve life or keep someone safe from harm

• for necessary administrative processes if you become my client

• if I believe that I can demonstrate a legitimate interest in using your data for marketing purposes, although I will always give you a choice to opt out

Sensitive Information 

I understand that some information is particularly sensitive, and that you are trusting me to keep this information confidential.

The sensitive information I collect from you may include:

• your birth date

• your medical history

• your financial data

• information about your lifestyle and relationships

I will only collect sensitive information by methods that are reasonably secure, such as:

• through my intake form in Practice Better when you book an appointment

• in a Zoom consultation. You can read Zoom’s security overview on their website. 

• when you send me information in an email or via Practice Better. 

The reason why I collect your sensitive information is:

• so that I can provide you with the services you have requested from me

• to ensure that I am providing you with the most appropriate service

Secure Storage of Sensitive Information 

I am committed to securely storing and handling your sensitive information.

• STORAGE: Sensitive information is stored securely within Practice Better software on a password protected computer with a high level of cybersecurity. Practice Better are fully compliant with HIPAA< PIPEDA< PHIDA and GDPR regulations. You can read more about their security mechanism on their website.   

• ACCESS: Only I, the practitioner responsible for your treatment and authorised team members have access to your sensitive information, and only on a need-to-know basis.

• CLOUD STORAGE: I do not store sensitive information online or in the cloud. There are instances where I host online group webinars via Zoom,  sometimes there will be the option of communicating with me and your information then the recording is stored within Zoom’s cloud storage. The Zoom recordings will not be shared to anyone that did not sign up, however the other participants may listen/read the information provided so it is up to the participant to be selective about what information is shared. 

Collection of Information from Minors

All information collected from children under the age of 18 is classified as sensitive information. Sensitive information may be collected from children under the age of 18 under the following circumstances:

• in the presence of their parents

• with their parent or guardian’s full consent

All information collected from minors is securely stored in accordance with this privacy policy.

Disclosure of Information

I may disclose your information if required under the following circumstances:

• to provide you with the services you have requested

• To prescribe you products through a supplement distributor such as Oborne Health, Vital.ly, Ariya, Rener Health, MyIntegria, Natural Scripts and similar Australian Distributors. 

• To register a functional test or pathology test through RNlabs, Nutripath, FxMed and similar. I will ask for consent before writing a referral for such tests. 

• where disclosure is necessary to carry out your instructions, such as corresponding with someone else on your behalf, requesting pathology tests, ordering supplements etc.

• where I use support services to assist me in  me] business

• to engage in professional supervision or mentorship, although any information I share under these circumstances is de-identified to preserve client confidentiality

• to refer you to other service providers at your request

Who disclosures are made to

You consent to me sharing relevant information, on a strictly needs-to-know basis, with:

• People you authorise me to correspond with, as reasonably required to carry out your instructions

• My employees or subcontractors

• Third party providers who assist with

-   accounting

-   administration

-   archiving

-   auditing

-   business consulting

-   email marketing

-   legal or financial advice

-   professional supervision

-   website maintenance

-   technological services 

LEGAL DISCLOSURE

I will also disclose your information if required by law in response to a subpoena, discovery request or a court order, in compliance with mandatory reporting obligations, or in circumstances permitted by the Privacy Act – for example, where I have reasonable grounds to suspect that someone is engaging in unlawful activity, or misconduct of a serious nature, that relates to my work with you. I may also make a disclosure to an appropriate authority if I have serious concerns about your health, safety or wellbeing.

DISCLOSURE OVERSEAS

I will use all reasonable means to protect the confidentiality of your information while in my possession or control. I will not knowingly share any of your information with any third party other than the service providers who assist me with necessary business activities or the services I am providing to you. To the extent that I do share your information with third-party service providers, I only do so if I am satisfied that the service provider has a suitably protective privacy policy of their own, or they have signed a confidentiality agreement with me. Some of my service providers may be overseas and may not be subject to Australian Privacy Laws. You can find further information under the Security section below.

INVITATION TO DISCUSS

If you have any concerns regarding the disclosure of your information, please do not hesitate to get in touch with me to discuss this personally.

Security

POLICY STATEMENT

I take reasonable physical, technical and administrative safeguards to protect your personal and sensitive information from misuse, interference, loss, and unauthorised access, modification and disclosure.

I manage risks to your information by:

RISK MANAGEMENT

• storing files securely

• ensuring that only [I / key personnel] have access to sensitive information

• releasing information to service providers on a strictly needs-to-know basis

• conducting regular audits of [my/our] security systems

As mentioned above, your information may also be stored with a third-party provider, where it will be managed under their security policy. The following security policies may apply during our work together:

THIRD PARTY STORAGE

• Asana - https://asana.com/trust

• Dropbox - https://www.dropbox.com/security

• Facebook ads - https://www.facebook.com/business/m/privacy-and-data

• Google Workspace - https://workspace.google.com/intl/en_au/security/

• Jotforms - https://www.jotform.com/security/

• Mailchimp - https://mailchimp.com/about/security/

• MailerLite - https://www.mailerlite.com/legal/security-statement

• Paypal - https://www.paypal.com/re/webapps/mpp/paypal-safety-and-security

• Practice Better https://help.practicebetter.io/hc/en-us/articles/234814027-Privacy-and-Security-on-Practice-Better 

• Slack https://slack.com/intl/en-au/security-practices 

• Squarespace - https://www.squarespace.com/privacy

• Stripe - https://stripe.com/docs/security

• Wordpress -  https://wordpress.com/support/security  

• Xero - https://www.xero.com/au/security/

• Zoom - https://zoom.us/docs/en-us/privacy-and-security.html

If you are communicating with me via electronic means such as email, Zoom, contact forms, Instagram or Facebook, I may not have full control over the transmission or storage of any personal information disclosed (although I try to employ best practice cybersecurity standards at all times). You agree that by participating in such forms of communication you understand and accept that there is an inherent risk of disclosure or loss of your personal information for which I cannot be held responsible. If you are concerned about transferring particularly sensitive information, please ask me about alternative options that may be more secure (eg private phone call, meeting in person, sending documents by post or similar). 

Cookies and Google Analytics

Cookies are small text files that are commonly used by websites to improve a user’s experience, collect statistics or marketing information and provide access to secure areas.

You can choose to configure your browser settings not to accept cookies but this may interfere with the functioning of this website.

My website uses the following cookies:

• Analytical cookies from Squarespace to track how visitors navigate and use key features on my site. 

• non-essential analytics and performance cookies that collect information about how visitors interact with my site. 

Please refer to the Squarespace cookie policy for more information.

GOOGLE ANALYTICS 

I use Google Analytics to collect information about your use of my website so that I can get strategic information about how my website is being used and improve its functionality. You can find out more about the information Google collects and how it is used here:

https://support.google.com/analytics/answer/6004245.

Google also provides an add-on for your browser that you can use to opt-out and prevent your data being used by Google Analytics. You can access that add-on here:

https://tools.google.com/dlpage/gaoptout.

Access to Information

ACCESS PROCEDURE 

You can contact me to access, correct or update your personal information at any time. Unless I am subject to a confidentiality obligation or some other restriction on giving access to the information which permits me to refuse you access under the Privacy Act, and I believe there is a valid reason for doing so, I will endeavour to make your information available to you within 30 days.

Complaints

COMPLAINT PROCEDURE

If a breach of this Privacy Policy occurs, or if you wish to request a change to your personal information, you may contact me by sending an email outlining your concerns to me at admin@dihillwellness.com.au 

If you are not satisfied with my response to your complaint you may seek a review by contacting:

COMPLAINT TO EXTERNAL BODY

• the Office of the Australian Information Commissioner using the information available at http://www.oaic.gov.au/privacy/privacy-complaints

• the health ombudsman in your state or territory

Notification of Privacy Policy Change

When I update my Privacy Policy, I will post a copy of the revised policy on my website.

Notification of Breach

If I have reason to suspect that a serious data breach has occurred and that this may result in harm or loss to you, I will immediately assess the situation and take appropriate remedial action. If I still believe that you are at risk, I will notify the Office of the Information Commissioner and either notify you directly, or if that is not possible, publicise a notification of the breach on this website.

This Privacy Policy was created with the support of Carefree Counsel. Copying it without permission is an infringement of my copyright and Carefree Counsel’s. 

Privacy Policy updated August 2024