Introduction

Hello there! This website, www.karenhumphries.net.au, is owned and operated by me, Karen Humphries, trading as Blooming From Within (ABN 61 279 914 229). If you have any questions or need further information, please do feel free to contact me!

This document sets out my Privacy Policy. It describes how I collect and manage your personal information when you interact with this site. I take this responsibility very seriously. If you have any questions or concerns about how your personal information is being handled, please do not hesitate to contact me.

All information is collected and stored within GDPR and CAN-SPAM compliant customer management systems. When providing me with your information you are consenting to:

1. The collection and storage of the information you choose to provide; and
2. The receipt of emails related to my products and services you have opted in to receive, my regular newsletter, and other promotional messages related to Blooming From Within.

If at any time you wish to withdraw this consent you can unsubscribe using the link provided on every single email I send via the customer management system. You can also contact me at any time using the contact form on my website to withdraw your consent.

I comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act).

I understand that visitors from the EU may access this site, so I also aim to comply with the General Data Protection Regulations (GDPR). I also have legislative compliance requirements to meet for various industry associations such as:

• Australian Kinesiology Association, and
• Massage & Myotherapy Association (Australia).

If you engage with me via this website, or choose to become my client, I will ask to collect the following kinds of personal information from you, including:

• your contact details when:
  ➡️ you fill out my intake / client history form in Acuity;
  ➡️ you book an appointment or a zoom consultation;
  ➡️ you send me information in an email; and/or
  ➡️ you telephone me and request an appointment.
• your name and email address and the country that you live in through the form that you fill out when you opt into my mailing list;
• your interests & preferences in relation to my services and the content I provide;
• your opinion about future topics, products or services that may interest you;
• information relevant to our interaction;
• information that allows me to tailor my content to your needs when you sign up for one of my webinars or promotional events;
• information about your internet connection (see my cookies policy below); and/or
• with your consent, I may collect your IP address, and information about your browsing history to help me improve the usability and appeal of my website.

I use this information to:

• provide you with relevant news and updates about my services;
• improve this website and the services I provide

I will only collect your personal information:

• with your full awareness and consent, such as when you email me, tick a checkbox or fill in a form to provide me with information;
• if I need it to provide you with information or services that you request;
• if I am legally required to collect it;
• for necessary administrative processes if you become my client; and
• if I believe that I can demonstrate a legitimate interest in using your data for marketing purposes, although I will always give you a choice to opt out.

I understand that some personal information is particularly sensitive. Please note that information collated from any/all enquiries, individual clinic sessions and/or corporate group sessions are treated equally, as private and confidential.

Your information is never shared without your express consent and approval. Your information is never shared with third parties for the purpose of marketing.

I may ask you to provide me with sensitive information including:

• Your full name and identifiable details such as date of birth, mobile phone number and email address. (This is to verify your identity and ensure your privacy by helping me access the correct file. I also need to be able to confirm appointments with you, and, send you electronic summaries of sessions).
• Limited medical history and a broad exploration of areas of stress in your life through my Client History form. (This assists me in providing relevant services to you).
• Your goals and intentions for the sessions, through discussion at the commencement of each session.

I will only collect sensitive information by the specified means and for the specified purposes, which are:

• providing you as an individual with either kinesiology, wellness coaching or massage services; and/or
• providing you with corporate business coaching services; and/or
• providing you with a monthly newsletter or personalised invitation to one of my programs.

My policy with regard to sensitive information obtained from minors is:

• Parents / guardians / carers of minors are requested to book appointments on behalf of person(s) under the age of 18.
• Consent for the provision of information within the Client History form is at discretion of adult parent or guardian, rather than the minor.
• Unless a prior agreed arrangement has been made, a minor is not expected to be left unattended at a clinical session.
• However, the supervising adult may be asked to wait outside during the clinical appointment session, if requested by the minor, and if I feel it will benefit the session outcomes.
• Consent will be sought from the minor, to share details of the session (where appropriate) with the supervising adult, but the minor’s right to privacy will be respected, meaning that information for which consent is not given will not be shared.
• Information pertaining to the minor is not shared with third parties unless required to do so by law.

All information collected from minors is securely stored in accordance with this privacy policy.

My policy with regard to securely storing and handling your personal and sensitive information is as follows:

• All information shared with me is treated as private and confidential.
• All information pertaining to you, including your case history, your session notes and summaries, are collectively stored in a secure file, within a locked cabinet and on a password protected computer.
• Your sensitive information is not provided to third parties without discussing with you the reason for providing that information and not without your written consent. (This may occur, for example, if you request a referral to another practitioner, such as a naturopath, physiotherapist or counsellor).
• Only I, as the therapist responsible for your treatment, will have access to your sensitive material, although some sensitive information may be stored securely online, or in the cloud. You can find out more about the relevant security provisions later in this policy, under the heading of “Third Party Storage.”

Cookies
Let’s talk cookies and not the edible type! Similar to other commercial websites, this website uses cookies and server logs to collect information about how my site is used. Information gathered through cookies and server logs may include the date and time of visits, the pages viewed, time spent at my site as well as your IP address.

A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site’s computer asks your permission to store this file in a part of your hard drive designated for cookies. Your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. If you do not wish to allow cookies to be stored on your computer, you can change this in your browser settings.

IP Addresses
IP Addresses are used by your computer every time you are connected to the internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of a demographic and profile data collection known as “traffic data.” This allows data (such as the web pages you request) to be sent to you.

As a kinesiology & wellness coach, I am subject to regulations regarding the collection of personal and sensitive information. This means that I owe you a professional duty of confidentiality. I take this responsibility very seriously and will always strive to promote your best interests.

Limitations
You may choose not to provide me with your personal information. However,

• if you choose not to be completely honest with me, I may not be able to provide you with the services that you request.
• I am legally required to identify my clients by collecting their name and address, and failure to provide this information means I cannot offer my full services to you.

Reasons why I may disclose your personal information include:

• to provide you with the services you have requested; and
• to send you session summaries or products that you have purchased.

In order to do this, I may share some relevant personal information – on a strictly need to know basis – with:

• my virtual assistant (VA); and
• Australia Post or courier companies.

Legal disclosure
I will also disclose your information if required by law to do so or in circumstances permitted by the Privacy Act – for example, where I have reasonable grounds to suspect that unlawful activity, or misconduct of a serious nature, that relates to my functions or activities has been, is being or may be engaged in, and in response to a subpoena, discovery request or a court order.

If you have any concerns regarding the disclosure of your personal information, please do not hesitate to get in touch with me to discuss this personally.

Disclosure overseas
I will use all reasonable means to protect the confidentiality of your personal information while in my possession or control. I will not knowingly share any of your personal information with any third party other than the service providers who assist me in providing the information and/or services I am providing to you. To the extent that I do share your personal information with a service provider, I would only do so if that party has agreed to comply with my privacy standards as described in this privacy policy, or if their privacy policy is of an equivalent standard. However, some of my service providers may be overseas and may not be subject to Australian Privacy Laws or compliant with GDPR.

Please contact me if you have any concerns about the potential disclosure of your information.

I take reasonable physical, technical and administrative safeguards to protect your personal information from misuse, interference, loss, and unauthorised access, modification and disclosure.

I endeavour to manage risks to your personal information by:

• storing files securely;
• ensuring that only I or key personnel have access to sensitive information;
• releasing information to service providers on a strictly need-to-know basis; and conducting regular audits of my security systems.

Third Party Storage
As mentioned above, your personal information may also be stored with a third-party provider, where it will be managed under their security policy.

Acuity Scheduling
➡️ https://help.acuityscheduling.com/hc/en-us/articles/219149587-Security-Privacy-Compliance
Facebook
➡️ https://www.facebook.com/privacy/explanation
Mailchimp
➡️ https://mailchimp.com/about/security/
WordPress
➡️ https://automattic.com/privacy/
Paypal
➡️ https://www.paypal.com/webapps/mpp/ua/privacy-full
Gmail
➡️ https://policies.google.com/privacy?hl=en-GB
Zoom
➡️ https://zoom.us/privacy,
➡️ https://zoom.us/cookie-policy,
➡️ https://zoom.us/service-privacy, and
➡️ https://zoom.us/gdpr.

Combination of Information

From time to time I may combine information provided by you with information gathered from:

• Facebook
• Google Analytics
• personal contact
• Zoom meeting recordings
• Paypal, and
• Acuity-Scheduling appointment confirmation.

If you do not wish this to occur, please let me know.

You can contact me to access, correct or update your personal information at any time. Unless I am subject to a confidentiality obligation or some other restriction on giving access to the information which permits me to refuse you access under the Privacy Act, and I believe there is a valid reason for doing so, I will endeavour to make your information available you within 30 days.

To commence this process, begin by sending an email requesting access to your information to me at support@karenhumphries.net.au and I will endeavour to respond within 7 days.

If a breach of this Privacy Policy occurs, or if you wish to a request a change to your personal information, you may contact me by sending an email outlining your concerns to me at support@karenhumphries.net.au and I will endeavour to respond within 48 hours.

If you are not satisfied with my response to your complaint you may seek a review by contacting:

• the Office of the Australian Information Commissioner using the information available at http://www.oaic.gov.au/privacy/privacy-complaints, or
• the health ombudsman in your state or territory.

Please be advised that if I decide to change my Privacy Policy, I will post a copy of the revised policy on my website. There will be a corresponding update in my regular newsletter correspondence.

If I have reason to suspect that a serious data breach has occurred and that this may result in harm or loss to you, I will immediately assess the situation and take appropriate remedial action. If I still believe that you are at risk, I will notify the Office of the Information Commissioner and either notify you directly, or if that is not possible, publicise a notification of the breach on this website.