Introduction
Hi there! The following websites are owned and operated by Geraldine Headley, trading as “Highgate Proactive Health” and “Mentoring with Geraldine” ABN: 66586022324:
• https://proactivhealth.com.au
• https://mentoringwithgeraldine.com, and
• https://mentoring-with-geraldine.teachable.com/
If you have any questions or need further information, please contact Geraldine:
Clinic Address: 25 Yeo Avenue, Highgate, South Australia 5063
Email: geraldinehealth@gmail.com
Phone: 0410148503
This document sets out my Privacy Policy. It describes how I collect and manage your personal information when you interact with this site, undertake training or mentoring with me, or become my client. I take this responsibility very seriously. If you have any questions or concerns about how your personal information is being handled, please do not hesitate to contact me.
I comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act).
I understand that visitors from the EU may access this site, so I also aim to comply with the General Data Protection Regulations (GDPR).
Personal Information
If you engage with me via this website, or choose to work with me, I may ask to collect the following kinds of personal information from you, including:
• your name and email address when you opt into my email,
• information about your interests & preferences, such as your opinion about future topics, products or services that may interest you,
• information that allows me to tailor my content to your needs when you sign up for one of my webinars or promotional events, or otherwise interact with me, and
• basic information about your interaction with my website.
Collection and Use
I may collect your personal information by various means including:
• through the contact form on my website,
• when you email me,
• when you subscribe to my newsletter,
• when you opt-in to receive a free resource,
• when you sign up to attend a seminar, webinar or event,
• in person at a seminar, webinar or event,
• when I request a testimonial after we have worked together,
• when you become my client or purchase from me,
• information automatically collected by my website such an analytics and cookies,
• if you are referred to me, or
• if you are working with me as a mentor.
I use this information to:
• respond to your enquiries,
• provide you with the services that you have requested,
• monitor your satisfaction with my website & my services,
• help other people to understand my services better,
• improve my products and services,
• provide you with more relevant information,
• provide you with relevant news and updates about my services, and
• provide news about developments in my areas of work.
I will only collect your personal information:
• with your full awareness and consent, such as when you email me, tick a checkbox or fill in a form to provide me with information,
• if I need it to provide you with information or services that you request,
• if I am legally required to collect it,
• for necessary administrative processes if you become my client, or
• if I believe that I can demonstrate a legitimate interest in using your data for marketing purposes, although I will always give you a choice to opt out.
Sensitive Information
I understand that some personal information is particularly sensitive.
I will only collect sensitive information by methods that are reasonably secure, such as:
• through my intake form in Acuity when you book an appointment,
• in a consultation, whether via Zoom or in person, and
• when you send me information in an email.
The reason why I collect this information is:
• so that I can provide you with the services you have contracted for, and
• to ensure that I am providing you with the most appropriate services.
The sensitive information I ask you to provide for this purpose may include:
• your date of birth and age,
• information about your health and medical history,
• your family medical history,
• your personal and sexual health, and
• your current symptoms,
I am committed to securely storing and handling your sensitive information.
Sensitive information is stored
• in Acuity if submitted through an intake form,
• in a password protected GSuite account,
• as handwritten notes in a locked filing cabinet, and
• on a password protected computer in a locked room.
Only I have access to sensitive material shared by my clients and those I mentor. Limited access may be provided to my VA or a team member, but only on a strictly need-to-know basis.
As mentioned above, some sensitive information may be stored securely online, or in the cloud through Acuity and GSuite. Deidentified information may also be stored on Teachable. You can find out more about their security provisions here:
• Acuity:
https://help.acuityscheduling.com/hc/en-us/articles/219149587-Security-Privacy-Compliance
• GSuite:
https://gsuite.google.com/security/?secure-by-design_activeEl=data-centers
• Teachable:
https://support.teachable.com/hc/en-us/sections/360000227471-User-Security
Sensitive information may be collected from children under the age of 18 but only with their parent or guardian’s full consent. All information collected from minors is securely stored in accordance with this privacy policy.
All archived sensitive information is securely destroyed after 7 years. Paper notes are shredded and mulched.
Professional Considerations
As a naturopath, I owe a duty of care and confidentiality to my clients, and I take this duty very seriously.
You may choose not to provide me with your personal information. However, if you choose not to be completely honest with me, it can cause problems. I may not be able to provide you with the services that you request, and any treatment I provide may be ineffective or have unintended consequences. As a result, I ask that you always provide me with accurate information.
Use of Personal Information
I will use all reasonable means to protect the confidentiality of your personal information while in my possession or control. I will not knowingly share any of your personal information with any third party other than the service providers who assist me in providing the information and/or services I am providing to you. To the extent that I do share your personal information with a service provider, I would only do so if that party has agreed to comply with our privacy standards as described in this privacy policy. However, some of my service providers may be overseas and may not be subject to Australian Privacy Laws or compliant with GDPR. Please contact me if you have any concerns about the potential disclosure of your information.
Reasons why I may disclose your personal information include:
• where disclosure is necessary to provide you with the information or services you have requested, or
• where the administration of my business requires disclosure to my VA or support services.
In order to do this, I may share some relevant personal information - on a strictly need to know basis - with:
• my email marketing provider,
• my virtual assistant (VA) and similar independent contractors,
• my accounting and legal team,
• my business consultant or coach,
• my website and technology team, and
• my CRM provider.
I will also disclose your information if required by law to do so or in circumstances permitted by the Privacy Act – for example, where I have reasonable grounds to suspect that unlawful activity, or misconduct of a serious nature, that relates to my functions or activities has been, is being or may be engaged in, and in response to a subpoena, discovery request or a court order.
If you have any concerns regarding the disclosure of your personal information, please do not hesitate to get in touch with me to discuss this personally.
Security
I take reasonable physical, technical and administrative safeguards to protect your personal information from misuse, interference, loss, and unauthorised access, modification and disclosure.
I manage risks to your personal information by:
• storing files securely,
• ensuring that only I have access to sensitive information,
• releasing information to service providers on a strictly need-to-know basis, and
• conducting regular audits of my security systems.
As mentioned above, your personal information may also be stored with a third-party provider, where it will be managed under their security policy. I have provided links to the appropriate policies. If you have any concerns, please contact the provider directly or let me know.
Access to Information
You can contact me to access, correct or update your personal information at any time. Unless I am subject to a confidentiality obligation or some other restriction on giving access to the information which permits me to refuse you access under the Privacy Act, and I believe there is a valid reason for doing so, I will endeavour to make your information available you within 30 days.
Please begin the process by sending an email requesting access to your information to me at geraldinehealth@gmail.com and I will endeavour to respond within 7 days].
Complaints
If a breach of this Privacy Policy occurs, or if you wish to a request a change to your personal information, you may contact me by sending an email outlining your concerns to me at geraldinehealth@gmail.com and I will endeavour to respond within 48 hours.
If you are not satisfied with my response to your complaint you may seek a review by contacting:
• Naturopaths & Herbalists Association of Australia, using the information available at https://www.nhaa.org.au/public/feedback-complaints, or
• the Office of the Australian Information Commissioner using the information available at http://www.oaic.gov.au/privacy/privacy-complaints.
Notification of Change
When I update my Privacy Policy, I will post a copy of the revised policy on my website.
Notification of Breach
If I have reason to suspect that a serious data breach has occurred and that this may result in harm or loss to you, I will immediately assess the situation and take appropriate remedial action. If I still believe that you are at risk, I will notify the Office of the Information Commissioner and either notify you directly, or if that is not possible, publicise a notification of the breach on this website.