Hi there! This website, new-leaf.com.au is owned and operated by New Leaf Naturopathic Health / Hannah Boyd, ABN: 89 080 901 879. If you have any questions or need further information, please contact:
- Hannah Boyd PO Box 161, Alexandria, NSW 1435. firstname.lastname@example.org.
We comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act).
We understand that visitors from the EU may access this site, so we also aim to comply with the General Data Protection Regulations (GDPR).
If you engage with us via this website or choose to become our client we may collect the following kinds of personal information from you, including:
- CONTACT DETAILS: including your name and email address and the country that you live in
- INTERESTS & PREFERENCES: your opinion about future topics, products or services that may interest you
- INTERACTION: information that allows us to tailor our content to your needs when you sign up for one of our webinars or promotional events
- INTERNET: with your consent, we may collect your IP address, and information about your browsing history to help us improve the usability and appeal of our website
Collection and Use
We may collect your personal information by various means including:
- an opt-in form for our mailing list
- when you email us
- when you have a consultation with us when you purchase products from us
- When you fill out a New Client or Change of Address Form
We use this information to:
- respond to your enquiries
- to provide you with relevant news and updates about our services
- improve this website and the services we provide
- to monitor visitor and / or client satisfaction
- to help other people understand your services better
- to provide news about your products and services
We will only collect your personal information:
- with your full awareness and consent, such as when you email us, tick a checkbox or fill in a form to provide us with information
- if we need it to provide you with information or services that you request
- if we are legally required to collect it
- for necessary administrative processes if you become our client
- if we believe that we can demonstrate a legitimate interest in using your data for marketing purposes, although we will always give you a choice to opt out
We understand that some personal information is particularly sensitive and that you are trusting us to keep this information confidential.
We will only collect sensitive information by methods that are reasonably secure, such as:
- through our New Patient or Change of Address Form
- when you book an appointment through our online booking system or via phone call.
- in a telehealth consultation or face to face or phone call
- when you send us information in an email or letter.
The reason I collect sensitive information is to explore my patients’ health and well-being. This information is used to support ongoing physical and mental health conditions and is a key part of a naturopathic treatment strategy.
The sensitive information we ask you to provide for this purpose may include:
- your medical history
- your birth date
- Medical history and family medical history.
- Elements of your lifestyle including diet, ways of eating, social support networks,
- Your other medical health practitioners
- Current and past medications and supplements
- Pathology and medical reports.
- This information is encrypted using HTTPS (end-to-end encryption). We use a 2048-bit SSL certification for encryption in transit on our booking system. Our computer systems are frequently reviewed and updated.
- Only the therapist responsible for your treatment and authorised team members may access sensitive material.
- Some sensitive information may be stored securely online, or in the cloud through Cliniko You can find out more about their security provisions here: https://www.cliniko.com/security/
Sensitive information may be collected from children under the age of 18 under the following circumstances:
- in the presence of their parents with their parent or guardian’s full consent
All archived sensitive information is securely destroyed after at least 7 years.
You may choose not to provide us with your sensitive information. However, it is important for you to provide the most accurate and truthful information regarding your current and previous health status for me to help you as best I can. As a health professional, I require you to provide me with all your contact details and full medical history.
- If you choose not to be completely honest with us, I may not be able to provide you with the services that you request.
Disclosure of Information
Reasons, why we may disclose your information, include:
- to provide you with the services you have requested
- to send you products that you have purchased
- In communicating with your other health professionals and for referrals
- When using support services, such as virtual assistants
In order to do this, we may share some relevant information - on a strictly need-to-know basis - with:
- our virtual assistant (VA)
- Australia Post or courier companies
- Online third-party dispensaries
- Our accountant and business consultants
- Our CRM management software
- Third-party technology we utilise for our business, including MailChimp, Front App, Xero, Google.
We will also disclose your information if required by law to do so or in circumstances permitted by the Privacy Act – for example, where we have reasonable grounds to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in, and in response to a subpoena, discovery request or a court order.
If you have any concerns regarding the disclosure of your information in this context, please do not hesitate to get in touch with us to discuss this personally.
We will use all reasonable means to protect the confidentiality of your information while in our possession or control. We will not knowingly share any of your information with any third party other than the service providers who assist us in providing the information and/or services we are providing to you. To the extent that we do share your information with a service provider, we would only do so if that party has agreed to comply with our privacy standards or we are satisfied that the service provider has a suitably protective policy of their own. Some of our service providers may be overseas and may not be subject to Australian Privacy Laws or compliant with GDPR. Please contact us if you have any concerns about the potential disclosure of your information. Please also see the section on Security below.
We take reasonable physical, technical and administrative safeguards to protect your information from misuse, interference, loss, and unauthorised access, modification and disclosure.
We manage risks to your information by:
- storing files securely
- ensuring that only key personnel have access to sensitive information
- releasing information to service providers on a strictly need-to-know basis
- conducting regular audits of our security systems
As mentioned above, your information may also be stored with a third-party provider, where it will be managed under their security policy:
- Dropbox - https://www.dropbox.com/security
- GSuite - https://storage.googleapis.com/gfw-touched-accounts-pdfs/google-cloud-security-and-compliance-whitepaper.pdf
- Mailchimp - https://mailchimp.com/about/security/
- Zoom - https://zoom.us/docs/en-us/privacy-and-security.html
- Cliniko https://www.cliniko.com/security/
- Front App https://front.com/security
- Xero https://www.xero.com/au/about/security/
From time to time we may combine information provided by you with information gathered from:
- Google analytics
- personal contact
If you do not wish this to occur, please contact us.
Cookies and Google Analytics
Cookies are small text files that are commonly used by websites to improve a user’s experience, collect statistics or marketing information and provide access to secure areas.
You can choose to configure your browser settings not to accept cookies but this may interfere with the functioning of this website.
Our website uses the following cookies:
- We use Google Analytics to collect information about your use of our website so that we can get strategic information about how our website is being used, and improve its functionality. You can find out more about the information Google collects and how it is used here: https://support.google.com/analytics/answer/6004245.
Google also provides an add-on for your browser that you can use to opt-out and prevent your data being used by Google Analytics. You can access that add-on here: https://tools.google.com/dlpage/gaoptout
Access to Information
You can contact us to access, correct or update your personal information at any time. Unless we are subject to a confidentiality obligation or some other restriction on giving access to the information which permits us to refuse you access under the Privacy Act, and we believe there is a valid reason for doing so, we will endeavour to make your information available you within 30 days.
If you are not satisfied with our response to your complaint you may seek a review by contacting:
- the Office of the Australian Information Commissioner using the information available at http://www.oaic.gov.au/privacy/privacy-complaints.
- The NSW Health Care Complaints Commission https://www.hccc.nsw.gov.au/home
Notification of Change
Notification of Breach
If we have reason to suspect that a serious data breach has occurred and that this may result in harm or loss to you, we will immediately assess the situation and take appropriate remedial action. If we still believe that you are at risk, we will notify the Office of the Information Commissioner and either notify you directly, or if that is not possible, publicise a notification of the breach on this website.
Version history Last updated: 28 Sept 2022