Introduction
This is the Privacy Policy of Avaana Pty Ltd ACN 610 520 600 (“Avaana”, “we”, “us” and “our”).
Avaana is committed to maintaining the privacy, accuracy and security of your personal information and complying with its obligations under the Privacy Act 1998 (Cth) (Privacy Act) (including the Australian Privacy Principles under the Privacy Act) and the Health Records Act 2001 (Vic) (Health Records Act) and equivalent laws related to health records in other States and Territories where applicable.
Our collection, use, disclosure and processing of your personal information may be, in some circumstances, regulated under the European Union General Data Protection Regulation (EU GDPR) in the European Union (EU) and the Data Protection Act 2018 (UK) and the United Kingdom General Data Protection Regulation (UK GDPR) in the United Kingdom (UK), (together, the GDPR).
We ask that you read our Privacy Policy carefully as it contains important information relating to:
who Avaana is and what we do;
how and why we collect, use, disclose, share, transfer, store and handle your personal information (including information we collect from you through your access to and use of our website www.avaana.com.au, the Avaana app and the Avaana online platform); and
how to contact us (and supervisory authorities) if you have a complaint.
By submitting your personal information to us, using our website, our app, our platform or accessing our services, you consent to the collection, use, disclosure, sharing, transferring, storing and handling of your personal information in accordance with this Privacy Policy.
The kinds of personal information we collect and hold
We may collect information about you when you visit or use our website, our app, our platform or our services (including, but not limited to, when you register or become a registered user of our website, our app, our platform or our services) or where you otherwise interact with us.
Personal information we collect and hold may include, but is not limited to:
your contact details, including your name, email address, postal address and phone number;
your payment details, such as your credit card details;
other information reasonably relevant to the provision of our services (such as details or history of preferences, interests and behaviour in relation to transactions, products, services and activities on our website, our app or our platform) including information relevant to the booking of your selected practitioner or class provider such as:
your gender and data of birth;
your medical history;
your current and past medications and treatments; and
your health and medical information;
information about your preferences and interests so that we can improve our service offering to you; and
any other personal information you provide to us in relation to your access to or use of our website, our app, our platform or our services (including where provided under any privacy collection statement).
When visiting our website, our app or our platform, we may also collect and store the following information:
your IP address;
your browser type;
the date and time you access our website, our app or our platform;
the third party website you were visiting before you came to our website, our app or our platform;
details of the parts within our website, our app or our platform that you visit;
the time spent on those parts and information searched on or accessed on our website, our app or our platform and other use statistics; and
other transactional information about your access to our website, our app, our platform or our services.
apply for, register your interest or enquire about our service offerings;
make online bookings through our website, our app or our platform in relation to your selected practitioner or class provider or your use of our services;
are browsing or otherwise interacting with our website, our app or our platform including registering an account;
subscribe to our updates, newsletters or other information such as blog posts;
communicate with us through written correspondence, telephone calls, chats, emails or when you share information with us through other social applications, services or sites; or
interact with us, our services, content or advertising.
We may also obtain your personal information from other sources or third parties, such as your selected practitioner or class provider, where you have consented to the disclosure of your personal information in connection with your use of our website, our app, our platform or to access our services.
Data security and how we hold and store personal information
We hold personal information in a number of ways, which may include:
as part of customer records and other electronic documents on which personal information is contained;
on our information technology systems and servers, including those operated by third parties who provide services to us in connection with our business; and
by securely storing hard copy documents, at our various premises and using third party document management and archiving services.
We will take reasonable steps to protect all personal information which we hold from misuse, interference, loss and from unauthorised access, modification or disclosure. In particular:
we use regular anti-virus and malware scanning; and
our website is secured by a trusted SSL certificate.
You should be aware that, when using our website, our app, our platform or our services, no data transmission over the internet can be guaranteed as completely secure. We do not warrant the security of any information you transmit to us over the internet and you do so at your own risk.
We will continue to store and hold your personal information indefinitely, until such time as we no longer need it for any purpose for which the information may be used or disclosed under this Privacy Policy or under applicable privacy or data protection laws or a reasonable time after you ask us to delete it.
We typically retain personal information for as long as we are providing products or services to you and for a period of up to six (6) years after we stop providing services to you (or longer if the legal limitation period is greater).
Where the GDPR applies to you, your personal information will be stored for a period of up to twelve (12) months after you cease using our services. After this period, your personal information will be disposed of securely.
The purposes for which we collect, hold, use and disclose personal information
We will collect, hold, use and disclose your personal information for the purpose of delivering, administering and improving the services that we offer to you or otherwise to interact with you. This includes, without limitation:
to communicate with you, including about our services and other matters which might interest you;
to verify your identity, answer your questions, respond to your complaints and provide you with customer support services;
delivering, administering and improving the services that we offer to you, including to undertake service development, quality control and research to improve our website, our app, our platform and our services;
business development and marketing purposes;
to perform administrative and operational tasks (including account management, systems development and testing) and other internal management purposes;
as set out in an applicable collection statement; and
as otherwise permitted or required by law (such as to comply with obligations under the Privacy Act in relation to mandatory data breach notification).
We may also disclose your personal information to:
third parties that assist us in providing services to you;
third parties which you instruct or authorise us to disclose your personal information, including to your selected practitioner or class provider from use of our website, our app or our platform or other practitioners or providers where you have expressed an interest in their services more generally;
third parties as part of a sale, acquisition or disposal or potential sale, acquisition or disposal of the whole or part of Avaana or its business;
government and regulatory authorities, as required or authorised by law;
our professional advisors; or
other third parties permitted by law.
Third parties to whom we disclose personal information may from time to time be located overseas, including, but not limited to, our partners and affiliates in the United Kingdom and European Union. You consent to any such overseas disclosure and acknowledge APP 8.1 will not apply to such disclosure.
Where the GDPR applies to you, we rely on the following lawful basis to collect and use your personal information and, on occasion, more than one lawful basis set out below may apply to the processing of such personal information:
our legitimate interests in marketing and providing our services, including:
improving the delivery of our services;
to provide you with the services that you have requested, enquired about or otherwise expressed an interest in; and
to communicate with you in relation to the services we offer;
to perform or enter into any contract we may have with you;
to comply with our legal obligations;
to protect your vital interests or that of another person (such as in an emergency); or
where you have consented to the processing (such as for certain types of marketing or other processing where the law either requires this or where it is our policy from time to time to seek consent for such processing).
Where the GDPR applies to any transfer of your personal information, either by us or by a third party to whom we provide your personal information, such transfer will be subject to appropriate or suitable safeguards (such as a legally binding contract containing approved model clauses or terms consistent with them for the purposes of the GDPR).
Avaana is based in Australia and if you are accessing our website, our app, our platform or our services from outside Australia, including the UK and EU or other regions with laws governing collection and use of personal information, please note that. In connection with our business, administrative, management and legal purposes, we may transfer your personal information from the country you are accessing our website, our app, our platform or our services to Avaana (or its third party service providers) located in Australia. Where this is the case, we will ensure such transfer is subject to and in accordance with appropriate or suitable safeguards in accordance with the relevant privacy laws governing collection and use of personal information.
Access to and correction of your personal information
We encourage you to update us regularly with your personal information to ensure we hold information about you (or where you are providing information on behalf of others, their information) that is up-to-date, accurate and complete.
You may make a request for access to, or correction of, any personal information about you that we hold by contacting us using the contact details set out below. We may request you to verify your identity before processing your request.
An access fee may be charged to cover our costs of providing the requested personal information to you. In certain circumstances, we may refuse to provide you with access or to correct your personal information including, but not limited to, where:
giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
giving access would have an unreasonable impact on the privacy of other individuals;
the information relates to existing or anticipated legal proceedings and the information would not be discoverable in those proceedings;
the request for access is frivolous or vexatious;
giving access would be unlawful; or
denying access is otherwise required or authorised by law.
If we refuse to provide you with access to or correct your personal information, we will provide you with an explanation in writing. In some circumstances where we correct a record, we may still require the retention of the original record.
Cookies
We may utilise "cookies" and other tracking software which enable us to monitor traffic patterns and to serve you more efficiently if you revisit the website and to assist with your use of our services as well as for our general analytics purposes.
A cookie does not identify you personally but it does identify your computer. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance. If you turn cookies off, some features that may make your experience of our website more efficient may not function properly.
If you have registered with us and have an account on our website, our software may identify you personally based on the information you have provided on your account. Otherwise, non-registered users will not be personally identified by our software.
Where the GDPR applies to you, we will ask for consent to set any cookies (and to process any personal information collected by these cookies). Where cookies are strictly necessary, we consider that we have a legitimate interest in processing the personal information they collect to ensure our services can be delivered appropriately and sufficiently to you. You can always withdraw your consent by clearing cookies from the cache in your computer and rejecting them next time you visit our website.
We use Google AdSense Advertising on our website.
Google, as a third-party vendor, uses cookies to serve advertisements on our website. Google's use of the DART cookie enables it to serve advertisements to you based on previous visits to our website and other websites on the internet. You may opt-out of the use of the DART cookie by the means set out in the Google Ad and Content Network privacy policy.
Opting out of promotional and marketing content
You may elect to opt-out of receiving direct marketing and promotional communications by contacting us using the contact details provided below, or by any other simple means to opt-out that we provide you. However, some of our services may include a direct marketing and promotional communications feature as part of the service which cannot be removed and, as such, you may not be able to access or use part of our website, our app, our platform or services if you elect to opt-out of all direct promotional and marketing communications.
Third Party Sites
Our website, our app and our platform may contain links and pointers to other websites maintained by third party providers. These links are provided for your convenience only.
These third party websites are not under our control and we are not responsible for such sites (including the suitability for your intended use of those sites). We do not endorse or recommend any third party website or any associated provider organisation or third party products or services. You are responsible for reading the privacy policies or statements of those third party websites.
Your rights under the GDPR (if applicable)
Please note that if the GDPR applies to you, then you will have additional rights and, where your GDPR rights are different from what is stated here, then, we will respect your GDPR rights in preference to the rights stated in this Privacy Policy.
Under the GDPR (where it applies to you), you have a number of important rights. In summary, those include rights to:
fair processing of information and transparency over how we use your personal information that this Privacy Policy is designed to address;
access to your personal information and to certain other supplementary information;
require us to correct any mistakes in your personal information which we hold;
require the erasure of personal information concerning you in certain situations;
receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to a third party in certain situations;
object at any time to processing of personal information concerning you for direct marketing;
object to decisions being taken by automated means which produce legal effects concerning you or that significantly affect you;
object in certain other situations to our continued processing of your personal information;
where the processing of your personal information is based on your consent, you may withdraw your consent at any time; and
otherwise restrict our processing of your personal information in certain circumstances.
For further information on each of those rights, including the circumstances in which they apply, see, for example, the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the UK GDPR and the Guidelines from the European Data Protection Board on individual’s rights under the EU GDPR. If you would like to exercise any of those rights, please email, call or write to us (using the contact details below) with sufficient information to identify you and the information to which your request relates.
Contact Details
If you have any queries in relation to this Privacy Policy, wish to exercise any of your rights under this Privacy Policy, have any questions, comments or complaints regarding our privacy practices, you can contact us by email at [email protected].
We ask that any complaint should be made first in writing to us. We will then respond to your complaint in writing and in accordance with any timeframes required by law. We may request that you provide us with further information about your complaint to duly assess your complaint.
For information about privacy generally, or if your concerns are not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au and on 1300 363 992.
Where you reside in the UK, the supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113. Where you reside in the EU, the supervisory authority in the EU is the European Data Protection Supervisor who may be contacted at [email protected] or telephone: 32 2 283 19 00.
Changes to this Privacy Policy
We reserve the right to change, modify or update this Privacy Policy at any time, without liability to you, by publication on our website or as otherwise notified to you. You will be bound by the changes immediately upon notification or publication, unless otherwise set out in this Privacy Policy or the notice
This Privacy Policy was last updated on 1st February 2024.
Avaana Pty Ltd ACN 610 520 600