Privacy policy
Effective date: Friday, 19 January 2024
General
Elevate Nutrition & Dietetics ABN: 86 890 254 876 (referred to in this document as we, us or our) recognises that your privacy is very important and is committed to providing quality services to you and protecting the ‘Personal Information' and ‘Sensitive Information’ we collect from you. This policy outlines the privacy terms of our website, located at www.elevatend.com, and the products and services we provide you (the ‘User Services’).
By visiting our website, utilising User Services or providing us with your Personal or Sensitive Information, you consent to the terms of this policy. You may also accept the terms of this policy by clicking to accept or agree to the Privacy Policy terms where this option is made available to you.
Australian Privacy Principals
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the APPs may be obtained from the website of The Office of the Australian Information Commissioner here.
What is Personal Information?
Personal Information is information or an opinion about an identified individual or an individual who is reasonably identifiable. Personal information we may collect includes but is not limited to, first and last name, a physical street address, an email address, a telephone number, or any other information that permits a specific individual to be contacted physically or online.
What is Sensitive information?
Sensitive information is a subset of personal information or an opinion about your, racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation and practices, criminal record, health or genetic information or some aspects of biometric information.
Consent
Only with your consent can we collect health information from you for the purpose of providing the services you are seeking.
Your consent must be:
informed: in that it is only valid if you are aware of the consequences of giving or not giving your consent at the time you make the decision.
voluntary: in that you are not forced or pressured to give your consent.
current and specific: in that giving your consent at a particular time and for specific circumstances, we can not assume your consent continues indefinitely.
You must also have capacity to give consent, this means you:
understand you’re being asked to decide to give or not give your consent;
understand the consequences of giving or not giving your consent;
based your decision on reason; and
can communicate your decision.
Further information on consent may be obtained from the website of the Office of the Australian Information Commissioner here.
Personal Information we collect
Personal Information collected from you
Personal information will generally be collected directly from you through the use of any of our standard forms, via our website, via email, via social media platforms, through purchase of User Services, or through a telephone or Telehealth conversation with you.
The Personal Information we collect and hold about you depends on your interaction with us. The kinds of information we typically collect include: name, address, email address, phone number, disclosed health information and/or other information relevant to providing you with the services you are seeking either on your own behalf or on behalf of someone else.
If you provide Personal Information about another person to us, you must tell that person that you are providing their Personal Information to us, obtain their consent, direct them to our current privacy policy, and inform them that we can be contacted for further information.
If the Personal Information you provide to us is incomplete or inaccurate, we may be unable to provide the services you are seeking.
Personal Information collected through other sources
We may collect information automatically through technology to enhance our ability to serve you.
Internet Protocol (IP) address
When you visit our website, we collect your IP address. An IP address is often associated with the portal you used to enter the internet, like your internet service provider (ISP), company, association, or university. While an IP address may reveal your ISP or geographic area, we cannot determine your identity solely based upon your IP address. We do not link IP addresses to Personal Information.
Cookies & tracking
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser that enables the site’s or service provider’s systems to recognise your browser and capture and remember certain information. Tracking technologies are beacons, tags, and scripts to collect and track information and to improve and analyse our website and/or User Services. We use cookies and similar tracking technologies to help us understand and save your preferences for future visits to our website. If you prefer, you can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies by adjusting your browser settings. Like most websites, if you turn your cookies off, some of the features on the site may not function properly. If you do not wish to receive cookies you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. You can access more information on cookies here.
Google Analytics
We may use cookies provided by Google Analytics, a Third Party service provider, to assist us in better understanding our website visitors. These cookies collect data tied to a user’s IP address such as the length of time a user spends on a page, the pages a user visits, and the websites a user visits before and after visiting the site. Based on this information, Google Analytics compiles aggregate data about site traffic and site interactions, which we use to offer better site experiences and tools in the future. Google Analytics does not collect any personal information. You can obtain more information about Google Analytics here.
Third Parties
In some circumstances we may be provided with your Personal Information by Third Parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the Third Party. Further personal information or sensitive information may also be collected through multidisciplinary team arrangements, for instance via your general practitioner or allied health professionals.
Promotions and giveaways
We may partner with Third Parties on social media and online channels to sponsor giveaways and promotions. Terms and conditions will accompany each giveaway and promotion, and it is the responsibility of all entrants to read the terms and conditions and privacy policies carefully. If you choose to share your information in order to participate in a giveaway or promotion, your entry information may be shared with such Third Parties.
Social media platforms
We may also collect Personal Information about you from social media platforms on which you have an account, such as Instagram and LinkedIn.
Purposes of collecting Personal Information
Generally, we will collect, use and hold your Personal Information for the following purposes and for other purposes where you would reasonably expect us to. The specific purpose of collecting and using Personal Information may be related to any of the below:
providing the services you are seeking;
managing individual information and accounts;
responding to questions, comments and other requests;
for payment processing, financial claims and invoicing;
providing you with information that may be of interest to you from time to time, such as marketing communications related to professional events, User Services, promotions and other topics relevant to the functions of our website, or job opportunities;
facilitating our internal business operations, including the fulfilment of any legal requirements or customer support;
providing, maintaining, improving and developing our User Services; and
analysing our services and customer needs with a view to developing new or improved User Services.
You may opt out of receiving any, or all, communications from us by following the unsubscribe link / instructions provided in any email we send or contacting us via email.
Disclosure of Personal Information
We will not sell or rent your Personal Information. We generally disclose your Personal Information only for the purposes for which it was collected. We may disclose Personal Information about you in the following ways:
Third Party Service Providers: service providers, who assist us in operating our business. When we disclose your data to Third Party Service Providers (such as Cliniko or Squarespace), we do so on the basis that your data is treated with confidence, and only used for the limited purpose of providing support to our User Services, and in manner consistent with this Privacy Policy.
For Law Enforcement: as reasonably necessary to comply with law, legal process (including a court or government order or subpoena), and to meet our insurance obligations, to detect, prevent, or otherwise address fraud, security or technical issues, to enforce this Privacy Policy, and to protect the rights, property or safety of Elevate Nutrition and Dietetics, our clients and users, and/or the public.
During A Corporate Transaction: If we are involved in a merger, acquisition, financing, or sale of business or assets, information collected from and about users may be transferred to one or more Third Parties involved in such transaction and, upon such transfer, the relevant Third Party privacy policy or policies may govern further use of the information.
At Your Direction: share your information with Third Parties if and when you direct us to. For example, you may ask us to share your Personal Information when you wish to interact with other users or post certain information on social media.
In some circumstances, we may use or disclose Personal Information for other purposes (for instance, where you would reasonably expect us to and the purpose is related to the purpose of collection).
Purposes of collecting and disclosing Sensitive Information
The sensitive information you provide is confidential and will only be used by Elevate Nutrition & Dietetics:
for the primary purpose for which it was obtained;
for a secondary purpose that is directly related to the primary purpose;
with your consent;
if there is a serious and imminent threat to the life, health or safety of yourself or another person, a serious threat to public health or public safety; or
where required or authorised by law.
Security of Personal and Sensitive Information
We are committed to protecting the security of your Personal Information. We use a variety of industry-standard security technologies and procedures to help protect your Personal Information from misuse and loss and from unauthorised access, use, modification or disclosure. Despite these measures, you should know that we cannot fully eliminate security risks associated with Personal Information. If you have any questions about the security of your Personal Information please contact us.
Health information
Cliniko is the practice management software used to manage aspects of our business such as treatment records, invoices and payments. Cliniko follows and complies with each of the 13 principles outlined in the Australian Privacy Principles (APPs). Cliniko encrypts data using HTTPS (end-to-end encryption) and they use a 2048-bit SSL certification for encryption in transit. All data is also encrypted at rest and backed up daily, using the industry-standard AES-256 encryption algorithm. All data shared between Elevate Nutrition and Dietetics and Cliniko is transmitted and stored securely. Clinko’s privacy policy can be viewed at here and their security measures can be viewed here.
Payments
We provide paid products and/or services within the website. We use Third Party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our Third Party payment processors whose use of your Personal Information is governed by their Privacy Policy. These payment processors adhere to the standards set by the Payment Card Industry Data Security Standard (PCI-DSS) as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information. The payment processors we work with are:
Stripe, Inc. - their Privacy Policy can be viewed here.
Tyro Health - their Privacy Policy can be viewed here.
Retention of data
We will retain your Personal Information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies. We will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our User Services, or we are legally obligated to retain this data for longer time periods.
When your Personal Information is no longer required for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. Most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.
Transfer of data
Your information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Information will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other Personal Information. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
Legal compliance provisions
Links to, and plug-ins from, other web sites or media
The site may include links from the site to and plug-ins (such as Twitter buttons) from sites or applications operated by “Third Party Sites”. Links to Third Party Sites of not constitute sponsorship or endorsement or approval of these sites. We do not control any Third Party Sites and are not responsible for any information they may collect. The information collection practices of a Third Party Site are governed by its privacy policy. It is your choice to enter any Third Party Site. We recommend that you read its privacy policy if you choose to do so.
Direct marketing and opting out
We will not sell your Personal Information to, or share it with, Third Party companies for their direct marketing purposes without your consent. As a requirement of the California Online Privacy Protection Act (CalOPPA), California consumers desiring to request further information about our compliance with these laws or who have questions or concerns about our privacy practices and policies are welcome to contact us using the contact information below.
You may be able to limit certain interest-based mobile advertising through the settings on your mobile device by selecting "limit ad tracking" (iOS) or "opt-out of interest based ads" (Android).
As previously mentioned you may opt out of receiving any, or all, communications from us by following the unsubscribe link / instructions provided in any email we send or contacting us via email.
Do Not Track (DNT) signals
DNT is a preference you can set in your browser’s settings to let the websites you visit know that you do not want the sites collecting your Personal Information. We do not currently respond to or honour DNT signals or other mechanisms transmitted by web browsers that indicate your preference for not having information collected over time and across different sites following your visit to one of our sites. If we do so in the future, we will describe how we do so in this Privacy Policy. You can also visit https://allaboutdnt.com/ to learn more.
Children’s Online Privacy Protection Act
Our site and User Services are all directed to people who are at least 18 years old or older. If you are under the age of 18, you are not authorised to use this website. While individuals under the age of 18 may use any product, they may do so only with the involvement, supervision, and approval of their parent or legal guardian. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from children without verification of parental consent, we take steps to remove that information from our servers.
General Data Protection Regulation (GDPR) for residents of the European Union (EU)
As an EU resident you have certain rights with respect to your Personal Information, the we comply with under the GDPR, including those set forth below.
access: you can request more information about the Personal Information we hold about you and how that information is being used, and request a copy of such Personal Information by emailing us at info@elevatend.com.
rectification: if you believe that any Personal information we are holding about you is incorrect or incomplete, you can request that we correct or supplement Personal Information by emailing us at info@elevatend.com.
erasure: you can request that we erase some or all of your Personal Data from our systems.
withdrawal of consent: if we are processing your Personal Information based on your consent (as indicated at the time of collection of such information), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Information, if such use or disclosure is necessary to enable you to utilise some or all of our User Services.
portability: you can ask for a copy of your Personal Information in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
objection: you can contact us to let us know that your object to the. Further use or disclosure of your Personal Information for certain purposes, such as for direct marketing purposes.
restriction of processing: you can ask us to restrict further processing of your Personal Information.
right to file complaint: you have the right to lodge a complaint about our practices with respect to your Personal Information with the supervisory authority of your country or EU Member State
Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardises the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision.
In some cases, we may need to you to provide us with additional information, which may include Personal Information, if necessary to verify your identity and the nature of your request. For more information about these rights, or to submit a request, please email info@elevatend.com.
Privacy Policy updates
We may update this policy from time to time. If we make any material changes we will notify you via email or other communication, prior to the changes becoming effective, and by posting the new Privacy Policy on this page with the updated “effective date” at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically for any updates we make to it.
Accessing and correcting Personal Information
If you believe the Personal Information we hold about you is inaccurate, incomplete or out of date; or your wish to access Personal Information we hold about you, subject to certain exceptions, please contact us using the details below.
We will take reasonable steps to correct your information so that it is accurate, complete and up to date. In order to protect your Personal Information we will require identification from you before releasing any requested information. An administrative fee for providing a copy of your Personal Information may be charged.
How to contact us or provide feedback
If you have any questions, comments or requests about our privacy policy or the way we handle your personal information, please contact us at:
via email at: info@elevatend.com
More information
For more information about privacy in general, you can visit the Australian Information Commissioner’s here.