Growing Strong Ideas P/L trading as Steps to Change is committed to complying with the Privacy Act 1988, the Australian Privacy Principles 2014 and the privacy provisions of all applicable legislation.
When we collect personal information from an individual, we will ensure that we do so in a fair manner and that we let the individual know where and how to contact our organisation. We will only collect information that is necessary for one or more of our functions or activities.
The personal information that we collect will depend on your relationship with us and the service you have requested. It may include:
- your identity and contact details including; name, address, email address, phone number, date of birth
- IP address or MAC address when using our website or mobile applications (and other associated details, including the city associated with your IP or MAC address, the date and time of your visit to our website, pages viewed, the URL of the website that you viewed before our website and the type of browser you use);
- if you use social media, any information that you allow the social media site to share with us;
- your feedback and opinions about our products and services; and
- information relating to your dealings with us, including insights about you so that we can better understand your preferences and interests
If we collect sensitive information (as defined under the Act), we will treat it with the utmost security and confidentiality. We will ensure that it is not collected for any purposes, other than those for which we have obtained the individual’s consent, unless the law requires otherwise, or other exceptional circumstances prevail as described under the Act.
We may collect information about you which is considered sensitive under applicable privacy and data protection laws. This information may include:
- information in relation to your health
- religious and cultural beliefs where your religious or cultural influence your food choices or type of dietary intervention possible.
Where an individual chooses not to provide requested information, we will advise that individual of what consequences this non-disclosure may have. For example, withholding certain information may limit our ability to provide relevant offers or services to individuals in a safe manner, or tailored to their individual needs.
We will not use your health or other sensitive information for marketing purposes.
How we collect your personal information
We collect your personal information in a number of ways. We may collect your personal information directly from you or in the course of our dealings with you, for example when you:
- provide personal information to us, for example, when you make or update a booking, subscribe to our email or other communications, enter a competition, provide feedback to us or otherwise interact with us;
- visit our website, social media channels or mobile applications;
- apply for a position with us;
- complete a form for us;
- engage in an Food Intolerance Breakthrough Call; Online Nutrition Consultation; Online EFT Consultation. We record all online consultations;
- a person who makes, changes or enquires about a booking, program or activity on your behalf or who otherwise interacts with us on your behalf (such as a family member, Clinic Nurse, Doctor Receptionist);
- recruitment agencies and previous employers, if you have applied for a position with us and with your consent;
- our service providers and contractors (third parties that provide us with services under a white label arrangement, client records provider, marketing agencies, data analytics and market research providers and sales agencies, payment fulfilment and fraud protection providers and organisations that issue)
- third parties who run competitions and other promotions on our behalf or for which we are the sponsor; and
- government agencies and regulatory authorities, including Department of Human Services - Medicare
Why we collect personal information
We collect your personal information for a variety of purposes and on different legal grounds. Most of the time, we collect your personal information so that we can provide you with our services and any products that you may have requested and to enter into and perform our contract with you. This may include:
- Booking for consultations, ordering on your behalf, and with permission products or external services as described in our programs or offers during the booking process;
- communicating with you before and after your booked consultations, or programs.
- identifying and arranging benefits for you with our supplements, books, and other services, where you have asked us to do this;
- contacting you with marketing and promotional material about our offers or promotions,
- collecting your health or other sensitive information.
- to develop insights about you so that we can better understand your preferences and interests. We do this to identify products, services that may be of interest to you, personalise your experience and enhance the products and services offered by us. In these cases, both we and these third parties have an interest in researching and analysing the services our customers want and personalising our offers so we're better able to provide products and services that are relevant to you. We may also use trusted service providers to undertake the process of creating these insights; and
- to help us continuously improve the services and products we offer and respond to your feedback, queries and complaints.
We will only disclose personal information in accordance with the Privacy Act.
This means that personal information may be disclosed:
- For the purposes for which we have advised that we are collecting it, and for related purposes that the individual would reasonably expect;
- Where we have your consent to do so;
- The other person is your nominated carer or support person, and you give consent for information to be disclosed to them;
- Your GP or Medical specialist to optimise your health outcomes, and you agree;
- As required by law, or
- Under other circumstances where permitted under the Act.
What would happen if we did not collect your personal information?
If we cannot collect your personal information as described above, we may not be able to process your booking, organise support products or persons or other requests made by you. We also may not be able to fully investigate an incident, complaint or claim, or provide you with all or some of our other products and services.
You may not need to provide some of the information that we use on the basis of our legitimate interests. For example, you can disable cookies in your browser.
How long do we keep your personal information?
We will keep your personal information for as long as we reasonably require your personal information for any valid and lawful purpose. These purposes include to provide you with our services and any products that you have requested, exercise our rights and perform our obligations under a contract, investigate and defend actual or potential claims, comply with our legal obligations and other purposes permitted by law.
When it is no longer reasonably necessary for us to keep your personal information, your information will be destroyed or put beyond use. However, we may de-identify data and retain such data for statistical purposes only.
We are based in Australia, so your personal information will be processed in Australia. However, we may disclose your personal information to organisations or persons located outside of Australia. The countries in which these organisations or persons are located will depend on the circumstances, but in the course of our ordinary operations, we generally disclose personal information to third parties located in the countries where:
- our third party service providers are located, including, United States of America;
Cookies are tiny files sent to your browser and stored by your browser on your computer or other device that you're using to access our website or use our mobile applications. Our cookies collect your IP address or MAC address, the city associated with your IP or MAC address, the date and time of your visit to our website, pages or advertisements viewed, the URL of the website that you viewed before our website and the type of browser you use.
We also use web tracking/analytic tools that generate detailed statistics about traffic to our websites, traffic sources and how you interact with advertisements on our websites and third party websites. These tools can also measure and record conversions and sales.
The cookies and web-tracking tools allow our websites and mobile applications to interact more efficiently with the device you are using and to help us improve the content and functioning of our websites and mobile applications.
Our marketing and your personal information
We use personal information that we hold about you to identify services and products that may be of interest to you.
We may contact you by email, text message or other digital service (such as through our applications that you install on your device such as mobile or iPad), phone or post to let you know about services, offers and promotions, for new or existing products or services that may be of interest to you.
You can contact us at any time if you no longer wish to receive marketing materials from us. If you receive a marketing email from us, you can opt-out from that particular category of marketing email by clicking on the "Manage Preferences" link or the “Unsubscribe” link at the bottom of the email.
Storage and security of your personal information
- We mostly hold personal information electronically in Healthkit.com and Email Marketing databases - Mailchimp and Activecampaign. We also hold personal information in online recordings and in hard copy paper files. We use third party service providers to store some personal information.
- We take reasonable steps to protect the information that we hold about you from misuse, interference and loss, and from unauthorised access, modification or disclosure. We do this by having physical and electronic security systems and by limiting who can access your personal information. We also have online and network security systems in place for our websites, so that the information you provide us online is protected and secure. However, because of the nature of the internet, we cannot guarantee the security of your personal information.
- Please contact us if you become aware of any breach of security.
Rights in respect of your personal information
General – access to and correction of personal data
- You have a right to request access to or correction of your personal information held by us.
- If you wish to access, correct or update any personal information that we hold about you, please contact us on the details below. We will need to verify your identity before we can process your request.
- We will respond to your request within a reasonable time of you making the request and give you access in the manner you requested, unless it is unreasonable or impracticable for us to do so.
- Sometimes we will be able to respond to your query over the phone, but sometimes we may need your request in writing and we might need some time to gather the requested information and get back to you. These more complex requests usually take us between 14 and 30 days. We might need to send a copy of the information to you by post or we might ask you to come and see us to have a look at the information.
- Making a request is free. But depending on what information you request access to, we may need to charge you for giving you access to the information. The charges will not be excessive and we'll let you know if a charge will apply before we proceed with giving you access. There is no charge for correcting your personal information. Please note that if you are making a request from the European Union, your request will be completely free apart from in a very limited number of circumstances. This might include if your request is repetitive or if you have requested further copies of the same information. The fee will be based on the administrative cost of providing the information.
- If we refuse to correct your personal information that we hold, you can ask us to associate with that information a statement that the information is inaccurate, out-of-date, irrelevant or misleading.
11.2 Specific rights for EU residents only
If you are located in the European Union, then you may have additional rights. Some of these rights will only apply in very limited circumstances.
- You can withdraw your consent, where we rely on it for processing your personal information, at any time.
- You can ask us to confirm if we are using your personal information.
- You can ask us to delete your personal information. This right only applies in limited circumstances and will not usually apply where it remains necessary for us to process your information for the purposes for which it was collected, we are required by law to retain your information or your information is relevant to a legal dispute.
- You can ask us to stop or restrict how we process your personal information. These rights will apply in limited circumstances and will not usually apply when we need to process your information to carry out our day-to-day business functions or where we have compelling legitimate grounds for processing your information.
- You can ask us to help you move your personal information to other companies, where this is technically possible and only if we have collected and used your data via automatic means. Other conditions apply.
- You have the right to be informed and know about any protections that we have put in place when we are transferring your data overseas.
If you have a complaint about how we have handled your personal information, you can make a complaint by contacting us using the details below.
Once we have received your complaint, we will investigate and respond to you within a reasonable period of time.
We take any privacy complaint seriously and will deal with your complaint fairly and promptly. However if you are not satisfied with our response or how we handled your complaint, you may complain to the Office of the Australian Information Commissioner at:
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
TTY: 1800 620 241
If you are located in the European Union, you have the right to complain to the local data protection authority within the EU. You can find the details of your local DPA here.
We will post all updates to our privacy page.
Unauthorised disclosure or access
As Growing Strong Ideas P/L trading as Steps to Change s is committed to protecting the privacy of individuals, we will view unauthorised disclosure of, or access to, personal information by our employees or contractors, as a serious breach of this policy. Appropriate action (which may include disciplinary or legal action) will be taken in such cases.