Privacy Policy
At Alasana Pty Ltd (ACN 655 758 562) (referred to in this policy as we, us or our) we are committed to respecting and protecting the privacy of all our clients and visitors. This Privacy Policy applies to any information supplied to us whilst using our services, whether that be in person, by phone, over email or through our website located at https://www.alasana.com/ (Website) (we will refer to these collectively as the Services).
The Privacy Act (1988) (Cth) (Privacy Act) and the Australian Privacy Principles (Privacy Principles) set out in Schedule 1 of the Privacy Act govern the collection, storage, use, and disclosure of information by which individuals may be identified. Further, we comply with EU General Data Protection Regulation 2016/679 (GDPR).
This Privacy Policy details how we comply with the above laws regarding the collection, use, storage, sharing and protection of your information and data. We may update this Privacy Policy from time to time at our sole discretion. Any variations become effective on posting the updated Privacy Policy on the Website and we shall have no obligation to provide you with individual notice of such changes. Your continued use of the Services following the publication of any amended Privacy Policy shall signify your acceptance of that amended Privacy Policy, except where we are otherwise required by law to seek your direct consent.
Please read this Privacy Policy carefully before using any part or whole of the Services. If you do not agree with any part of this Privacy Policy, please do not use our Services.
Special note on Confidential Information
Our therapists practice ethically and will treat your confidential information which is disclosed by you to the therapist as confidential. Please note this does not prohibit us from sharing confidential information with:
any third party with your express approval;
internally between employees and contractors;
to external counsel for the purpose of obtaining professional advice, provided such information is disclosed in a confidential setting; and
where we are required to disclose such information by law or to otherwise prevent harm.
Our observance of confidentiality is separate and independent to our obligations under Australian privacy laws. If you have any queries about how we handle confidential information, please do not hesitate to contact us at alison@alasana.com
Special Note on Sensitive Information
We will handle Sensitive Information (as defined below) with extra care in line with this Privacy Policy. Any Sensitive Information will be kept strictly confidential and only accessed by authorised staff, agents, contractors or service providers. We will not disclose Sensitive Information unless required by law or with your prior written consent. You hereby agree that in the case of an emergency we may disclose Sensitive Information to Commonwealth and State emergency and rescue services including but not limited to paramedics and other medical practitioners, as well as police, fire and other emergency workers.
Our Policy
What Information Do We Collect
‘Personal Information’ means information that can be used to personally identify you such as your name, residential address, email address, contact number, or payment details. To be clear, we will not collect or process Personal Information of any person under the age of 18 without the consent of a parent or guardian.
‘Sensitive Information’ is a special type of Personal Information that relates to health, biometrics, and other medical information. This may include but is not limited to information regarding your past or present health conditions, health care services (including details of any medical practitioners), allergies, medications, dosages, blood group, contemplated medical or other procedures, and other special needs and preferences.
‘Usage Information’ means anonymous aggregate data that is automatically collected through your use of the Website. This includes information that identifies your device, your operating system, your IP address and dates and times that you access and use the Website. This information is used to aid us in resolving any technical issues that may arise, or for statistical analysis to help us to improve the Services.
The GDPR recognises that Usage Information, whilst for the most part anonymous, can be cumulatively used to directly or indirectly identify you. Usage Information that can be used to identify you in any way, together with your Personal Information, shall collectively be referred to in this Privacy Policy as ‘Personal Data’.
How Do We Collect Your Information
Personal Information is collected directly from you when you:
fill out a new patient form when you sign up for a session;
book an appointment;
verbally or otherwise provide information to us during a session;
provide your email to opt in to our mailing list; or
contact us via email or otherwise about the Services.
It is your choice to provide Personal Information to us. Wherever it is lawful and practicable, you have the option not to identify yourself when interacting with us. Please be aware that it may be necessary for us to collect your Personal Information to enable us to provide the Services to you. As such, if you do not wish to provide your Personal Information, we may not be able to provide the Services to you.
Cookies
We collect anonymous Usage Data on our Website through cookies, pixel tags and other tracking technologies (collectively Cookies). Cookies are small packets of data that are downloaded onto your device when you access a website. Cookies hold specific information that helps a website ‘remember’ your actions and preferences over time. These are the types of Cookies that we may use to operate our Services:
Strictly Necessary Cookies – these Cookies are essential to ensure the Website works correctly, and record information that allows you to move around the Website and navigate its features.
Performance Cookies – these Cookies collect information about how you use the Website, such as how often you access the Website and if you encounter any errors.
Functionality Cookies – these Cookies allow our Website to remember the choices you make to provide a more personalised experience.
Cookies can stay on your device temporarily (Session Cookies) or until you manually delete them (Persistent Cookies). You can adjust your browser settings at any time to block Cookies, however please note that doing so may limit our ability to provide the Services to you.
If you have any questions about how we collect Usage Information via Cookies, please email your enquiry to us at alison@alasana.com.
How Do We Use Your Personal Data
Legitimate purposes that you agree we may use your Personal Data for include but are not limited to the following:
to confirm your identity;
to provide the Services to you;
to send you emails/text messages about appointments;
to respond to requests submitted by you;
to ensure technical functioning of the Website;
to prevent, detect and investigate potential illegal activities, security breaches and fraud; and
to contact you via email to provide you with information about the Services, only where you have opted in to receiving such communication and until you withdraw such consents.
For the avoidance of doubt, we will only use your Personal Data for purposes that you would reasonably expect us to use your Personal Data for in connection with providing the Services to you, or where we are required by law to collect your Personal Data. We will not sell, rent, or licence your email address or any of your Personal Data unless we have otherwise obtained your express consent to do so.
We recognise your right under the Spam Act 2003 (Cth) and the GDPR to opt out from direct marketing communications, and as such these consents can be modified at any time by emailing us at alison@alasana.com, or by clicking ‘unsubscribe’ on any direct marketing communications.
Please note certain non-marketing related correspondence from us, including messages relating to your account and payment, will be automatically sent to you by virtue of your use of the Services and you may not have the option to unsubscribe from receiving this correspondence.
Who Do We Disclose Your Personal Data To
You agree and consent for us to disclose your Personal Data:
any third party with your express approval;
internally between employees and contractors;
to external counsel for the purpose of obtaining professional advice;
to other service providers with whom we have entered into an agreement with to help us provide the Services, including marketing agencies, financial service providers and technical support; and
where we are required to disclose such information by law or to otherwise prevent harm.
For the avoidance of doubt, this Privacy Policy applies to all employees, consultants, contractors and agents of ours and covers all Personal Data collected via your use of the Services, as well as information supplied to us in person, by phone, by writing (including email) or in any other way.
You can withdraw your consent for us to share your Personal Data with third parties at any time by emailing us at alison@alasana.com, however withdrawal of such consents may affect your ability to access and use the Services.
Please note that the above does not apply to any Sensitive Information provided to us during the course of the Services. Please refer to our special note on Sensitive Information at the start of this Privacy Policy, or email us at alison@alasana.com for more details on who we can disclose Sensitive Information to.
What are your rights to your Personal Data
In accordance with the GDPR, we acknowledge the right of EU citizens to:
have their data erased that is no longer being used for a legitimate purpose;
request a copy of all Personal Data held about them by us in a readable format; and
request restricted processing of their Personal Data whilst any complaints or concerns are being resolved.
To erase, request or restrict processing of your Personal Data, please email us at alison@alasana.com.
Accessing, Reviewing and Changing your Personal Information
We cannot modify your Personal Information. You can modify your own information by requesting a change of details form at any time by emailing alison@alasana.com. You acknowledge that it is your responsibility to maintain the truth, accuracy, and completeness of your information and your failure to do so may inhibit our ability to provide the Services. You acknowledge and agree that we shall have no liability to you or any third party arising from your failure to keep your information up to date.
Security
We protect your Personal Data through technical security measures i.e. firewalls, encryption that limit the risk of loss, disclosure, unauthorised access and modification. No security measures are, however, 100% secure so we cannot guarantee the security of your information or data at any time. To the extent permitted by law, we accept no liability for any breach of security, or direct hacking of our security measures, or any unintentional disclosure, loss or misuse of any information or data or for the actions of any third parties that may obtain any information or data.
Notwithstanding the above, we acknowledge our obligation to report any data breach that is likely to risk the rights and freedoms of natural persons to the Australian Information Commissioner and, where our data breach involves the information of EU citizens, report to the European Data Protection Supervisor. We will also inform you, where possible, if your data has been breached in the circumstance where it poses a risk of serious harm to your rights and freedoms.
We also warrant that our personnel who may have access to your Personal Data are trained and educated about this Privacy Policy and our obligations under the Privacy Act, Privacy Principles, and GDPR. For more information on our internal policies, email us alison@alasana.com.
Contact
Thank you for taking the time to read our Privacy Policy. If you have any questions regarding our Privacy Policy, you can reach our privacy officer at
Alasana Pty Ltd
Att: Privacy Officer
Level 1, 13-17 Gymea Bay Road
Gymea, NSW 2226 Australia
If you are not satisfied with our handling of your Personal Data, or have any other concern about our Privacy Policy, then you may lodge a formal complaint with the Office of the Australian Information Commissioner (for more information, please see www.oaic.gov.au) or with the European Data Protection Supervisor (for more information, please see https://edps.europa.eu).