Introduction & Purpose
Mammoth Health (ABN: 4801 3917 633) is committed to protecting your privacy. We are also committed to complying with the Australian Privacy Act 1988 (Cth) and the Australian privacy principles (the Privacy Act and Principles).
This policy explains how your personal information (which may include sensitive information such as your health information) is collected and used by our business or through our website and mobile applications (Site).
Please read this policy carefully. By providing your personal information to us, you consent to us collecting, holding, using and sharing your personal information in accordance with this policy.
What is personal information?
In this policy, ‘personal information’ has the meaning given in the Privacy Act and Principles. Generally, it is information or an opinion that can be used to personally identify you. This may include things like your name, address, telephone number, email address, occupation, and health information.
What personal information do we collect and hold?
The types of personal information we may collect about you include:
- personal details such as your name, date of birth/age, gender, martial status, occupation or job title;
- contact details such as your addresses, postcode, email addresses, mobile and landline phone numbers and fax numbers;
- your health and lifestyle information including previous and current health and medical history, allergies, medications or current treatments, social history, family history and risk factors;
- your payment information (e.g. your credit card details) if you purchase products and or services from us;
- details of the products and services you have enquired about or purchased from us, together with any additional information needed to respond to your enquiries and deliver those products and services;
- information you provide to us through customer surveys;
- if you are an employee or prospective employee, information about your qualifications, skills and work experience; and
- if you are a supplier or prospective supplier, information about your business skills, services, products and prices.
- your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
- information regarding your access and use of the Site, including through the use of Internet cookies, the type of browser you are using, your communications with the Site, the type of operating system you are using and the domain name of your Internet service provider;
- additional personal information that you provide to us, directly or indirectly, through your use of our Site, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
- any other personal information requested by us and/or provided by you or a third party during our communications.
How do we collect your personal information?
We collect your personal information in several different ways including:
- when you purchase a product or service from us, including without limitation via our Site, while attending our clinic, our store or over the phone or internet;
- when you make a booking for a consultation or other service we provide including in person, online or over the phone;
- before, after and during consultations (including express consultations if offered);
- when you subscribe to our newsletter, mailing list or updates service;
- when you attend a workshop, course, seminar, retreat or other event we host or present from time to time;
- when you correspond with us on a social media platforms such as Facebook, LinkedIn, Instagram or similar sites;
- when you contact us with a question, comment or inquiry;
- when you apply for a job or internship with us;
- when you provide information relating to your business; or
- when you visit our website.
Where reasonable and practicable to do so, we will collect your Personal Information directly from you. However, in some circumstances we may be provided with information by third parties. For example, personal information may also be collected from other sources, such as:
- your guardian or responsible person (if under 18); and
- other involved healthcare providers, such as specialists, allied health professionals, hospitals, community health services and pathology and diagnostic imaging services.
In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
If you do not provide us with personal information when requested to do so, we may not be able to provide our products and/or services to you, carry out your instructions, or otherwise achieve the purpose for which the information has been sought.
Wherever lawful and practical, you will have the option of not identifying yourself when dealing with us.
Why do we collect, use, hold and share your personal information?
We may collect, hold, use and disclose personal information for the following purposes:
- to provide you with our products and services, including orders placed through our Site (including processing your payment information, arranging shipping, and providing you with invoices and/or order confirmation; also including to provide personalised treatment plans and recommendations to you;
- to contact and communicate with you;
- for internal record keeping and administrative purposes;
- to employ competent and diligent personnel;
- for analytics, market research and business development, including to operate and improve our Site, associated applications and associated social media platforms;
- to evaluate, modify and enhance our products and services, including to develop new products and services;
- to enable you to access and use the Site, associated applications and associated social media platforms; and
- to run competitions and/or offer additional benefits to you;
- for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you;
- to comply with our legal obligations and resolve any disputes that we may have; and
- to consider your employment application; and
- to otherwise operate and administer our business.
When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
As notes above, due to the nature of our business, we may collect sensitive personal information from you such as your health information. This sensitive information will be used by us only:
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
- With your consent; or where required or authorised by law.
The majority of web browsers accept cookies automatically. You can disable cookies, but it might restrict your ability to access certain areas of the Site.
Who do we share your personal information with?
We may share your personal information:
- with third party service providers to enable them to provide their services, including (without limitation), IT service providers, data storage, web-hosting and server providers, debt collectors, marketing or advertising providers, our client management system, point of sale system, professional advisors and payment systems operators;
- people you authorize us to correspond with as reasonably required to carry out your instructions for testing, nutraceutical and supplement prescriptions;
- third party service providers who assist us with archival, auditing, accounting, legal, business consulting, website or technology services.
- with our employees, contractors and/or related entities on a ‘need to know’ basis in order to continue to provide our products and services to you and to otherwise administer our organisation;
- with our existing or potential agents or business partners;
- with sponsors or promoters of any competition we run;
- with anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
- with credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- with courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- with third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia, including USA. For example we use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: http://www.shopify.com/legal/privacy
- With third parties to collect and process data, such as Google Analytics. This may include parties that store data outside of Australia.
- when it is necessary to lessen or prevent a serious threat to a patient’s life, health or safety or public health or safety;
- when you are unable to act on your own behalf due to a health condition, we may need to discuss your health information with relatives or emergency contacts, in order that you are provided with appropriate care;
- when there is a statutory requirement to share certain personal information (e.g. some diseases require mandatory notification).
Communications and marketing
We may from time to time use your personal information in order to communicate and market our products and services to you via newsletters, email invitations and updates about our products and/or services, upcoming workshops and events. These communications may be sent in various forms, including without limitation mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. You may opt out of direct marketing at any time by notifying us in writing or by using the opt-out facilities provided in the communication.
We do not provide your personal information to other organisations for the purposes of direct marketing.
Disclosure of information outside the jurisdiction of collection
How do we store and protect your personal information?
We are committed to ensuring the safety and security of your personal information. We store your personal Information in a manner that reasonably protects it from misuse interference, loss and from unauthorized access, modification or disclosure. For example, we maintain some hardcopy client files in secure offices and limit access to personal information to individuals with a need to know. We do use cloud storage for personal information and client files with Cliniko, Vend, Office 365 Business. These companies are subject to encryption and protection policies that can be found on their websites.
If you communicate with us via electronic means such as email, Zoom, Skype, contact forms or social media platforms, we do not have full control over the transmission or storage of any personal information disclosed. By participating in such forms of communication you understand and accept that there is an inherent risk of disclosure or loss of your personal information for which we cannot be held responsible.
We will destroy or de-identify your personal information when it is no longer needed for the purpose for which it was obtained, except where we have a legal obligation to retain such information, such as your health information. We will never permanently store complete credit card details.
Privacy and our website
Please note given our website is linked to the internet, and the internet is inherently insecure, we cannot guarantee the secure transmission of information you communicate to us online. Because of this, any information you send to us online is at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this policy.
We may provide links on our Site to third party websites, for your information and convenience. Please note we do not have any control over such websites and are therefore not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. We note those websites are not governed by this policy.
How can you access and correct your personal information?
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions set out in Privacy Act 1988 (Cth). If you wish to access your Personal Information, please contact us in writing. While we will not charge any fee for your access request, we may at our discretion ,charge an administrative fee for providing a copy of your Personal Information. In order to protect your Personal Information we may require identification from you before releasing the requested information.
Maintaining the Quality of your Personal Information
It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
This Policy may change from time to time and is available on our website or upon request.
How can you lodge a privacy-related complaint, and how will the complaint be handled?
We take complaints and concerns regarding privacy seriously. You should express any privacy concerns you may have in writing. We will then attempt to resolve it within 30 days.
If you are not satisfied with our response, you may also contact the Office of the Australian Information Commissioner (OAIC). Generally, the OAIC will require you to give them time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 363 992.
For more information
If you have any questions about the content of this policy, please contact us at:
Mammoth Health (ABN: 4801 3917 633)
Shop 2, 89a Barrabool Road, Highton, Victoria