Privacy & Cookies Policy

 

Privacy Policy

ABOUT US

Melanie Thorpe (“I, We/Us”) is a Sole Proprietorship operating under Australian Business Number (ABN) 67 982 497 456. Melanie Thorpe operates the website healinghuman.com.au and provides the Services as defined below. 

Services means all and parts of the following: 

  • Healing Services (individual and group) delivered both in-person and live via distance

  • Spinal Flow Technique® Services delivered in-person

We are committed to providing quality services to you and in the course of providing you with our services we will collect and process information that is commonly known as “Personal Data”. 

THE PURPOSE OF THIS POLICY

Your personal data is protected by law and we want you to know your individual rights, which include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.

This Privacy Policy does the following:

  1. describes how we collect, use, share, retain and safeguard Personal Data,

  2. Policy sets out your individual rights; we explain these later in the Policy but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data,

  3. outlines our ongoing obligations to you in respect of how we manage your Personal Data, and

  4. explains what kind of information we collect in connection with our services, the purposes for which we use the information and how we may share this information.

This Policy applies when you may share personal data in contact with us via our website, online forms, email, social media accounts, the telephone, when writing to us directly, providing photographic or video content, or where we provide you with paper based forms for completion or we complete a form in conjunction with you. 

To provide a high standard to our client’s personal data and privacy, we aim to comply with the:

Privacy Act 1988 (Cth, Australia); Australian Privacy Principles (APPs), the Privacy Act 1993 (New Zealand); the Personal Data Protection and Electronic Documents Act, SC 2000, c5 (federal, Canada); the Personal Data Protection and Electronic Documents Act, SC 2000, c5 (federal, Canada); the Personal Data Protection Act (Alberta, Canada); the Personal Data Protection Act (British Columbia, Canada); all applicable United States federal and state privacy laws, including, but not limited to, the California Online Privacy Protection Act (CalOPPA), Early Learning Personal Data Protection Act (ALPIPA); the General Data Protection Regulation (EU) or (“GDPR); the Data Protection Act 2018 (UK); Brazilian General Data Protection Law ( Lei Geral de Protecão de Dados Pessoais) (Law No. 13, 709 / 2018) (“LGPD); any other applicable privacy legislation (collectively the “Data Acts”).

The Data Acts govern the way that we collect, use, disclose, store, secure and dispose of your Personal Data. 

We are the controller of any personal data gathered by your use of our website and services. Where we use third parties to process your data.  We have a contract with these third parties for the provision of these services. 

A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.

A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.

Sydney, NSW, Australia is identified as the named territory where the processing of personal data takes place. You can learn more about your privacy rights at the Office of the Australian Information Commissioner (OAIC) at URL: https://www.oaic.gov.au/

WHAT IS PERSONAL DATA?

Personal Data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.

Sensitive Personal Data may contain information which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation. 

We are legally required to comply with specific data processing requirements for Personal and Sensitive Data

WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?

As a provider of Healing Services and Spinal Flow Technique© Services, we will process the following categories of data:

(a) Personal Data, such as:

  • Your name

  • Date of birth

  • Gender

  • Contact details including address, email, telephone, next of kin name and telephone

(b) Sensitive Personal Data:

  • Current health and details of historic health states, injuries or illnesses (physical and psychological)

  • Photographs, audio and visual

  • Associations, beliefs and memberships

  • Aspects of your health that may be required for, or affect your participation or our provision of services to you

If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.

Recording Sessions online or in-person: We may record your communications with us. This may be for instances such as playback to you, in consultation for professional development, or for teaching or demonstration purposes. 

This will only ever be conducted if discussed with you prior, and only with your express permission. 

If permission is given, you may rescind this permission at any time.

We may collect information about your visits to us to help us personalise your experience with us. By providing this information to us you are consenting our use in the manner set out in this policy. 

Minors in Services: If you are under 18 years of age you will need your parent or guardian to agree to this Privacy Policy and terms for you. They are responsible to ensure that you fully understand what you are sharing with us and why. All sessions will be conducted with a parent or guardian present at all times.


WHY DO WE COLLECT YOUR PERSONAL DATA? 

Our Services:

Our primary purpose for collecting and processing this Personal Data about you is to provide, administer and personalise our services to you, our clients and marketing.

We will also collect your Personal Data where you request information about our services, via our website, provide information in communications with us via in person, telephone, texts, social media, events, promotions, campaigns, from cookies and third parties. We may collect information about your visits to us to help us personalise your experience with us. We may also ask for feedback from our sessions and may use your feedback for publication on our website and social media.

By providing this information to us you are consenting our use in the manner set out in this Policy.  

When we collect Personal Data we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it. Please ask if you do not understand.

If you object to the collection, sharing and use of your personal data we may be unable to provide you with our services.

Sensitive Data will be used by us only:

  • For the primary use for which is was obtained

  • For a secondary purpose that is directly related to the primary purpose

  • With your consent, or where required or authorised by law.

We do not sell or pass your personal information onto third parties.

Third Party Suppliers:

Where reasonable and practicable to do so, we will collect your Personal Data only from you. 

However, in some circumstances we may be provided with information by third parties. We may use third party suppliers for management of specific services e.g. payment processing, and they may store some of your Personal Data to provide such service to you. In such a case, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party or that you can access your account to check this information directly yourself.

We use third party software to securely store your data to perform specific functions to support our services (“third party suppliers”). Third party suppliers have access to personal information needed to perform their functions but may not use it for other purposes. Their privacy policy is linked below as to how they handle data as part of the service we use. With all the third-party suppliers, you can ask us to review your stored data to ensure that it is accurate and best serves you.

Squarespace Privacy Policy

Zoom Privacy Policy

Google Privacy Policy (Gmail + Google Drive + Google Calendar)

Splose Privacy Policy

Posture Screen Privacy Policy

We do not sell or pass your personal information onto third parties.

Data Management:

We use the following third-party providers for our service to you. Their privacy policy is linked within as to how they handle data as part of the service we use. With all the below suppliers, you can ask us to review your stored data to ensure that it is accurate and best serves you.  

Squarespace, Zoom, Google (Gmail, Google Drive, Google Calendar), Splose, Posture Screen.

Client Notes and Sessions:

We take and keep notes on paper and online that contain Personal Data and may include Sensitive Data during your appointments. We may also take photographs and video recordings of our sessions. These are scanned and stored in Google Drive and Splose to ensure that it is safe and secure. All electronic files are encrypted, and password protected for security.

Google Drive provide TLS standard encryption to protect your Personal Data and a two-step authentication process.

Splose Data is encrypted via SSL in transit and encrypted at rest using industry-standard AES-256 encryption. You can see additional security measures by Splose here.

Storage of these notes and files is a legal requirement by our insurer bms group (IICT).

Bookings:

We use Splose to manage our client bookings. This software requires you to complete information such as your account: name, contact email and telephone number. You may update the details at any time by logging into the account or emailing us at mel@healinghuman.com.au

Payments Online:

If you pay using an online transaction such as credit card we use PayPal and Stripe. These third-party payment facilitators are compliant to ensure your financial data is secure and we can never access your full payment details. You can learn more about PayPal security measures here, and Stripe security here

Marketing:

We may promote our services to you using the information you provide to us, including email or text. If you wish to receive promotional offers, please opt in by completing the form on our website, or by emailing mel@healinghuman.com.au to request to be added.

Mailing List: If you opt in to receive our emails, SMS, social media you will receive a monthly email with updates and offers from us. You can unsubscribe from this at any time from within one of these emails or contacting us at mel@healinghuman.com.au. Our emails are sent from Splose which may store information that you have submitted.

Social Media: If you follow us on any social media platforms, your privacy settings in your social media account control what you share with others. Please check this if you are concerned about your privacy on any social media platform. Please let us know if you do not wish to be tagged in any of our posts.

Photos / Videos of Sessions: Where appropriate, during our sessions, on retreats, and in other services we may take photographs and/or videos of you which may be used on social media and for the marketing of our services. 

Please contact us at any time should you wish to change or amend any posts on social media by us or be removed from recordings.  

Quotes for Services: If you contact us for a quote or request services we provide, we consider ourselves as having a legitimate business interest to provide you with further information about our services. You may request that we stop this at any time via email at mel@healinghuman.com.au.

Development: We will also use your Personal Data to manage your account, perform statistical analysis on the data we collect, for business forecasting purposes, and to develop new and market existing services.

Website:

Our website is hosted by Squarespace.  Squarespace uses cookies to provide the website and ensure necessary function of our services. You can view their policy at URL: https://www.squarespace.com/cookie-policy/

If you contact us via our website, you may provide us with personal data when completing online health or contact forms. These forms are hosted by Splose.

We use Google Analytics to give us an idea of where our website traffic data comes from and how people use our website. We link this use to Google Ads which allows us to understand those interested in our services and how we can design adverts that will interest that audience and encourage them to purchase our services. We also use Google Signals that tracks your use across devices and platforms to better target your interests if you have a Google account. Google Analytics may have cookies used to track traffic to and around our website.  See above for how to change your settings in Google. You can opt out of seeing personalised ads here.  

LINKS TO OTHER WEBSITES

Our services may include links to third party websites. When you click on this link you have left our website and services. We do not have control over what cookies or beacons or other technology these sites may use to track activity into their website, and do not have control over what data they may collect or their privacy policy. Use of their websites and clicking on those links is at your sole risk. We are not responsible for the protection and privacy of any information that you provide whilst visiting such sites and these sites are not governed by this Privacy Policy. We suggest that you read their privacy statement before using the website. 

We do not provide any personally identifiable customer information to these sites.

DATA RETENTION / DISCLOSURE OF DATA

We may release personal data where we believe that it is appropriate in a number of circumstances, including the following:

  1. Third parties where you consent to the use or disclosure;

  2. Where required or authorised by law;

  3. To enforce or apply our agreements with you;

  4. To protect the rights, property or safety of us, our clients or others; and

  5. With your consent following specific notice or request from us.

This includes fraud protection, but not selling, sharing or otherwise disclosing personally identifiable information from clients for commercial purposes in a way that is contrary to this Privacy Policy.

Videos of Clients: We may store videos and audio files for longer where relevant for business development, marketing and advertising of our services. These may also be used in instances such as playback to you, in consultation for professional development, or for teaching or demonstration purposes.

SECURITY OF PERSONAL DATA

Your Personal Data is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. 

We use commercially reasonable efforts to protect it from unauthorised access or disclosure. However, we are not insurers of the security of your Personal Information. Accordingly, we assume no liability for any disclosure of data due to errors in transmission, unauthorised third party access or other acts of third parties, or acts or omissions beyond our reasonable control.

DURATION PERIOD

If you have received services with us we will store your data for 7 years from your last appointment with us (“Duration Period”), as required by our insurers bms group (IICT) for any potential claims.

When your Personal Data is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Data. However, most of the Personal Data or will be stored in client files which will be kept by us for the Duration Period. 


YOUR RIGHTS

We want you to know you have legal rights about your personal data. You grant use of your data under the contract and terms herein through your active conduct and use of our services. At any time, you have the right to know what personal data relates to you that is held by us, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. 

You may request the following at any time about your data held by us with regards to the services that we provide:

  1. The right to be informed about the personal data being processed

  2. The right to rectification of your personal data

  3. The right to erasure of your personal data

  4. The right to restrict processing of your personal data

  5. The right to data portability (to receive an electronic copy of your personal data)

  6. The right to object to the processing of your personal data

  7. The right to access your personal data

You can also request the deletion of their personal data, but this may be denied on the exception for the establishment, exercise or defence of legal claims. Please see the Information Commissioners Office in Europe here for guidance on this exception.

In accordance with the General Data Protection Regulations (“GDPR), you may request a copy of all data that we store about you at no cost at mel@healinghuman.com.au. To protect your Personal Data, we may require identification from you before releasing the requested information. Repeated, unfounded or excessive requests may be challenged by us. 

There are some limited circumstances that may limit the information that we can provide to you in a request, for example, public interest, law enforcement, legal and or health related matters. 

Please also bear in mind that we rely on third parties for some of your information in the flow of data. It may take us the full calendar month permitted to provide a full response to your request.  

If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact mel@healinghuman.com.au

Maintaining the Quality of your Personal Data:

It is an important to us that your Personal Data is up to date. We will take reasonable steps to make sure that your Personal Data is accurate, complete and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

Our services are available internationally. We control and manage Personal Data in Australia. We may transfer data outside of Australia to our suppliers to provide the service to you.

If you are European, we transfer your data outside the European Economic Area to fulfil our services to you. We do so to those third-party processors as stated in accordance with this Privacy Policy and to comply with Data Acts. 

Any third parties used to help our administration of your data are required to safeguard your personal data through the use of appropriate technical and organisation data security measures and are prohibited from disclosing or sharing your data with other third parties without our prior authorisation, or unless as required by law. 

Please contact us at mel@healinghuman.com.au for further information on the measures undertaken to safeguard your data.

POLICY UPDATES

We reserve the right to update and amend this Privacy Policy at any time, effective upon posting an updated version on the Website. 

We will publish such updates on our website and may email notifications to you. Continued use of the Website after any such changes shall constitute your consent to such changes. 

DATA PRIVACY REPRESENTATIVE

To ensure data privacy and protection has appropriate focus within our organisation we have a Data Privacy Officer. The Data Privacy Officer is Melanie Thorpe who may be contacted at: mel@healinghuman.com.au

ENQUIRIES AND COMPLAINTS

If you have any queries or complaints about our Privacy Policy, please contact us first at:

Melanie Thorpe
Australian Business Number (ABN): 67 982 497 456 – see ABR website for further details here.
mel@healinghuman.com.au

If you are dissatisfied with how our Data Privacy Representative handles your matter you have the right to complain to the local data protection supervisory authority, the Office of Australia’s Information Commissioner (OAIC). The OAIC may be contacted via the website which is https://www.oaic.gov.au/, by live chat from their website, or by calling their helpline on +61 1300 363 992. 

VERSION DATE: 6 JANUARY 2022


Cookies Policy

What are cookies?

Cookies are simple text files that are stored on your computer or mobile device by a website’s server. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier, website’s domain name, and some digits and numbers.

What types of cookies do we use?

Necessary cookies

Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our website and using its features. For example, these cookies let us recognise that you have created an account and have logged into that account.

Functionality cookies

Functionality cookies let us operate the site in accordance with the choices you make. For example, we will recognise your username and remember how you customised the site during future visits.

Analytical cookies

These cookies enable us and third-party services to collect aggregated data for statistical purposes on how our visitors use the website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the website.

How to delete cookies?

If you want to restrict or block the cookies that are set by our website, you can do so through your browser setting. Alternatively, you can visit www.internetcookies.org, which contains comprehensive information on how to do this on a wide variety of browsers and devices. You will find general information about cookies and details on how to delete cookies from your device.

Contacting us

If you have any questions about this policy or our use of cookies, please contact me at mel@healinghuman.com.au