Privacy policy.

Emba Wellness understands that your privacy is important to you and that you care about how your information is used and shared online. This document sets out our Privacy Policy. It describes how we collect and manage your personal information when you interact with this site. We take this responsibility very seriously. We will, by fair and lawful means, only collect sufficient personal and sensitive information which is considered necessary to carry out our business activities and functions. When we collect personal information about you through third parties, we will manage such information in accordance with the Australian Privacy Principles set out in the Privacy Act 1998 (Cth) (Privacy Act).  

This Policy applies to our use of all personal data collected in relation to your use of our Site. Please ensure you read the Privacy Policy carefully and understand it. Your acceptance of Our Privacy Policy is deemed to occur upon your first use of this Website. If you do not accept and agree with this Privacy Policy ( https://www.oaic.gov.au/privacy/the-privacy-act/ ) you must stop the use of this Website immediately.

Personal Information

If you engage with me via this website (embawellness.com), or choose to work with me in any capacity, I may ask to collect the following types of personal information from you, including but not limited to:

  • Contact details such as your name, email address, phone number

  • Sensitive information such as your date of birth / age, medical history, health status

  • Your interests and preferences, including your opinion about future topics, products or services that may interest you.

  • Analytics –Data gathered by Google Analytics such as pages browsed to improve the usability and appeal of the website. This can be opted out of using a browser extension such as https://tools.google.com/dlpage/gaoptout

  • Any information which allows me to curate content which is tailored for your preferences when you agree to sign up for any of my events, courses, or services

  • Any other information you disclose via email or contact forms.

Collection & Use of Your Personal Information  ​

I may collect your personal information in a variety of ways including contact forms, direct emails, opt-in forms for my mailing list or freebies, automatically via website analytics and directly when you become a client.

I may use this information to:

  • Provide you with the service or product you request

  • Provide you with relevant news, resources, and updates about my services and products

  • Improve this website as well as the products and services I offer

In addition, certain administrative processes may involve sharing your personal information with third-party service providers, including our designated medical scribe, Heidi (heidihealth.com). Heidi assists with accurate record-keeping and documentation related to your treatment.

I will only collect your personal information:

  • With your full awareness and consent, such as when you communicate directly with me, email me, purchase a product, opt in to my mailing list or freebie, tick a checkbox or fill in a form to provide me with information

  • If I need it to provide you with information or services that you request

  • For any administrative processes which take place if you decide to work with me in some capacity

  • If I am legally required to collect it.

Please be assured that I take the protection and privacy of your personal information very seriously. You will always have the option to opt-out of any email or marketing material.

Australian Disclosure

I will also disclose your information if required by law to do so or in circumstances permitted by the Privacy Act. This may include if I have reasonable grounds to suspect that unlawful activity or misconduct of a serious nature relating to my functions or activities has taken place, and in response to a subpoena, discovery request or a court order.

I encourage you to get in contact with me if you have any concerns regarding the disclosure of your personal information.

Sensitive Information

I understand that some personal information, such as your personal health information, is particularly sensitive. I will only collect sensitive information by methods that are reasonably secure, such as:

  • Through my intake form in Cliniko when you book an appointment.

  • In a Cliniko telehealth consultation or similar online consultation.

  • When you send me information in an email.

The reason I collect this information is to provide you with the services you request such as naturopathic consultations and treatment plans. In order to provide you with the most appropriate treatment that is both safe and effective, I require a comprehensive understanding of your health & medical history, past & present medication, symptoms and family health history. Other sensitive information that I ask you to provide may include your birth date and business details.

I am committed to securely storing and handling your sensitive information through my online client file system, Cliniko, on my password-protected computer. As the therapist responsible for your treatment, I am the only person who has access to your information. I do not collect sensitive information from children under the age of 18 without the presence of their parents/guardians or without their parent/guardian’s full consent. All information collected from minors is securely stored in accordance with this privacy policy.

All archived sensitive information is securely destroyed/deleted after 7 years.

Sharing Your Personal Information

I will use all reasonable means to protect the confidentiality of your personal information while in my possession or control. In order for me to provide you with the products and services I offer, it is necessary that I share your information.

I may share your personal information:

  • with third parties whose services I use, including but not limited to web-hosts, client management systems, pathology and functional testing providers, payment system providers, online course providers, email marketing providers, postal delivery services, online prescription services, website professionals and legal professionals;

  • our designated medical scribe, Heidi (heidihealth.com), who assists in the documentation and management of your medical information solely for the purposes of accurate record-keeping and facilitating your treatment. Heidi is obligated to adhere to all applicable data protection standards and maintain strict confidentiality;

  • anyone you agree for me to correspond with while working with me in a professional capacity, including other practitioners, functional testing companies, product distribution companies who dispense prescribed remedies;

  • with third parties for the purpose of collecting and processing data such as Facebook or Google Analytics, who may store data outside of Australia;

  • if and when the need arises to prevent serious threat to health, safety, or life of yourself or the public;

  • with any emergency contacts or care providers in the event you cannot act on your own behalf due to serious illness

The Emba Wellness website (embawellness.com) is hosted on the Squarespace platform, which may process personal data in accordance with its own privacy policies. For more information on how Squarespace handles your data, please review their privacy policy at https://www.squarespace.com/privacy.

Please contact me if you have any concerns about the potential disclosure of your information.

​I will use all reasonable means to protect the confidentiality of your personal information while in my possession or control. I will not knowingly share any of your personal information with any third party other than the service providers who assist me in providing the information and/or services I am providing to you. Please contact me if you have any concerns about the potential disclosure of your information.

Security of Personal Information

Thank you for trusting me with your personal and sensitive information. I take the responsibility of protecting your personal information from misuse, interference, loss, unauthorised access, modification and disclosure very seriously.
I manage risks to your personal information by storing online records securely in a password-protected computer that only I have access to. As mentioned above, your personal information may also be stored with a third-party provider, where it will be managed under their security policy. Please see the security policies of the Cliniko, Heidi (heidihealth.com) and Mailchimp https://mailchimp.com/about/security/

 

Access to your Personal Information

You can contact me to access, correct or update your personal information at any time. Unless I am subject to a confidentiality obligation or some other restriction on giving access to the information which permits me to refuse you access under the Privacy Act, and I believe there is a valid reason for doing so, I will endeavour to make your information available to you within 30 days.

Please begin the process by sending an email to jess@embawellness.com requesting access to your information and I will endeavour to respond within 7 days

Privacy Policy Complaints or Enquires

If a breach of this Privacy Policy occurs, or if you wish to a request a change to your personal information, you may contact me by sending an email at jess@embawellness.com outlining your concerns and I will endeavour to respond within 48  hours.

If you are not satisfied with my response to your complaint you may seek a review by contacting The Office of the Australian Information Commissioner using the information available at https://www.oaic.gov.au/privacy/privacy-complaints

Notification of Change

I decide I need to make any changes to this Privacy Policy, the most recent copy will be available on my website.

 

Notification of Breach

If I have reason to suspect that a serious data breach has occurred and that this may result in harm or loss to you, I will immediately assess the situation and take appropriate corrective action. If I still believe that you are at risk, I will notify the Office of the Information Commissioner and either notify you directly or if that is not possible, publicise a notification of the breach on this website.

 

Contact

Please do not hesitate to contact me if you have any questions or concerns about the privacy policy, email me directly at: jess@embawellness.com

GDPR Compliance

Emba Wellness is committed to protecting the personal data of all our customers, including those residing in the European Economic Area (EEA). This section outlines how we comply with the General Data Protection Regulation (GDPR) and describes your rights regarding the processing of your personal data.

Lawful Basis for Processing

For data subjects in the EEA, we process your personal data only on one or more of the following legal bases:

  • Consent: Where you have provided explicit consent for one or more specific purposes.

  • Contractual Necessity: When processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

  • Legal Obligation: When processing is necessary for compliance with a legal obligation to which Emba Wellness is subject.

  • Legitimate Interests: Where processing is necessary for the purposes of the legitimate interests pursued by Emba Wellness or a third party, provided such interests are not overridden by your rights and freedoms.

Your Rights as a Data Subject

If you are an EU resident, you have the following rights under the GDPR:

  • Right of Access: You may request confirmation as to whether or not we are processing your personal data and, if so, request a copy of the information we hold.

  • Right to Rectification: You have the right to request the correction of any inaccurate or incomplete personal data we hold about you.

  • Right to Erasure ("Right to be Forgotten"): You may request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

  • Right to Restriction of Processing: In certain circumstances, you can ask us to restrict the processing of your personal data.

  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have that data transferred to another controller where technically feasible.

  • Right to Object: You may object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.

  • Right to Withdraw Consent: Where processing is based on your consent, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

How to Exercise Your Rights

If you wish to exercise any of the rights listed above, please contact us at [jess@embawellness.com] with your request. We will respond to your inquiry within one month, as required by the GDPR.

International Data Transfers

Your personal data may be transferred to, and maintained on, systems located outside the EEA. In such cases, Emba Wellness will ensure that appropriate safeguards are in place to comply with the GDPR requirements, such as utilizing standard contractual clauses or ensuring the receiving country has an adequacy decision by the European Commission.

Data Retention

Emba Wellness will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law or contractual obligations. When your data is no longer required, it will be securely deleted or anonymized.

Data Security

We take appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. Our security practices are reviewed and updated regularly to ensure compliance with GDPR standards.

Contact and Data Protection Officer

For any questions, concerns, or further information regarding our processing of your personal data in accordance with the GDPR, please contact us at:

Email: jess@embawellness.com

By using our services or visiting this website (embawellness.com), you acknowledge that you have read and understood this GDPR Compliance section as well as our entire Privacy Policy, and you consent to the collection, processing, and use of your personal data as described herein.