Privacy Policy
How we care for your personal information
This is the Privacy Policy of Emma English ABN: 545 6747 7854 trading as Thriving Naturally.
We are committed to protecting your privacy, whether you are a contact, client, supplier or employee of mine. We are also committed to complying with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act).
In this policy we will describe how we manage your personal information.
We use the SimpleClinic Online software for all clinic related services.
SimpleClinic Online is a Software as a Service provider of practice management software for Naturopathic Practitioners and Complementary Health Care Providers in the Australia / New Zealand region. This document provides details on how we store, use, and collect Personal Information and Sensitive Information your practitioner, or you, provide us. This document is for patients.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of the Personal Information you provide us.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
1. What is Personal Information and why do we collect it?
1.1 Personal Information is information or an opinion that identifies an individual. Examples of Personal Information you may provide us while using Thriving Naturally include:
your name, address, email address, phone numbers.
1.2 This Personal Information is obtained when you as a patient access our public pages and provides personal information to us as part of an online booking, form submission, or invoice payment.
1.3 The Personal Information we collect from you is collected as part of us providing our services to your healthcare practitioner, our registered user, and is used purely in the provision of services to your healthcare practitioner. Personal Information you provide us is not used for our own marketing, or advertising purposes.
1.4 Personal Information you provide using public elements of our platform, such as online booking, form submission, or invoice payment, may be used for capacity planning purposes. The information used for this purpose is restricted to technical information and includes: the method of connection to the internet, device type, screen dimensions, operating system, and browser details. This information is anonymised and not linked directly to your patient record in Thriving Naturally.
2. Sensitive Information
2.1 Sensitive Information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
​
2.3 Sensitive Information you may provide us with while using the SimpleClinic platform include:
a) your health history information.
b) Your healthcare practitioner may also provide Sensitive Information about you while providing their services to you.
c) The Sensitive Information provided by you, or your healthcare practitioner, is used only for the provision of our services to your healthcare practitioner.
3. Third Parties
3.1 Personal Information and Sensitive Information stored within SimpleClinic is collected from you as a patient or your healthcare practitioner.
3.2 We do not collect Personal Information or Sensitive Information about your patients from third parties.
​
4. Disclosure of Personal Information and Sensitive Information
4.1 The Personal Information you store within SimpleClinic may be disclosed in a number of circumstances including the following:
4.2 Third parties where your healthcare practitioner has chosen to integration with third party services. These include: payment gateway providers, email service provides, financial and accounting providers (Xero), our upstream communications providers (Mailgun, Twilio, and FoneDynamics), and external calendar providers (Cronofy, Google, Apple, Microsoft).
Your healthcare practitioner controls which services your Personal Information is disclosed to and which information is disclosed.
4.3 In certain circumstances we may also be required by law to disclose the Personal Information you have provided to us.
5. Security of Personal Information and Sensitive Information
5.1 The Personal Information you provide while using SimpleClinic is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. We utilise a number of safeguards to protect Personal Information including:
Username and password access to the SimpleClinic platform.
a) Encryption of all Sensitive Information at rest using AES-256 bit encryption.
b) Encryption of all Sensitive Information in transit using 256 bit SSL encryption.
c) Encryption of all Personal Information in transit using 256 bit SSL encryption.
d) Access logging and auditing of requests to access and modify Personal Information and Sensitive Information.
e) Firewall and IP traffic monitoring for suspicious or malicious traffic.
​
5.2 When the Personal Information and Sensitive Information you, or your healthcare practitioner, provided us with is no longer needed for our provision of services to our registered user, we will take reasonable steps to destroy or permanently de-identify your Personal Information and Sensitive Information.
​
6. Access to your Personal Information and Sensitive Information
6.1 To access the Personal Information and Sensitive Information you, or your healthcare practitioner, have provided us with contact your healthcare practitioner.
7. Disposal of your Personal Information and Sensitive Information
7.1 When the Personal Information and Sensitive Information you provided us with is no longer needed for our provision of services to your healthcare practitioner, we will take reasonable steps to destroy or permanently de-identify your Personal Information and Sensitive Information.
7.2 After termination of your healthcare practitioners services with SimpleClinic the Personal Information and Sensitive Information you have provided us is removed from our production environment within 90 days. Personal Information and Sensitive Information may still be stored in secured and encrypted backups until a full backup rotation has occurred. This may take up to 12 months after your account termination.
8. Use of Cookies
8.1 SimpleClinic utilises cookies on our public pages. When you consent to cookies we use these to do the following:
a) Deliver our core services to you including online booking, forms, invoice payments etc.
b) Monitor page performance and network capacity.
c) We do not utilise cookies for marketing or advertising purposes.
9. Policy Updates
9.1 Due to changing business circumstances or legislative changes, we may need to change our privacy policy from time to time. If we change our privacy policy the changes to the policy will comply with the Act and we will endeavour to ensure that your overall level of privacy protection is not diminished and we will publish those changes on our website. You are encouraged to check our website regularly to consider, and act on, any changes to our privacy policy. We reserve the right to change our privacy policy without notice to you.
10. Privacy Policy Complaints and Enquiries
10.1 If you have any queries or complaints about our Privacy Policy please contact us at:
Thriving Naturally
hello@thrivingnaturally.com.au
​
10.2 We will endeavour to respond to any complaint within 30 days. If you are not satisfied with my response to your complaint you may seek a review by contacting the Office of the Australian Information Commissioner using the information available at http://www.oaic.gov.au/privacy/privacy-complaints.