FOLLOW YOUR FLOW
OUR PRIVACY ASSURANCE TO YOU
Follow Your Flow is dedicated to the wellbeing of people. Our services are in the provision of information, through courses and private sessions, in relation to women’s cycles.
If you choose to interact with us, by using our website, signing up for a newsletter, subscribing to a course, or attending a session or group, then we will require the collection of information from you in order to provide that service. We hold that information in the highest possible regard, and your rights at law are fully respected by us.
In this policy, we refer to Follow Your Flow as ‘we’, ‘us’ and ‘our’. We refer to you, our customer or client, or visitor to our website, as ‘you’.
We also use two technical terms that we want to explain:
a) Personal Information; and
b) Sensitive Information.
“Personal information” means information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
“Sensitive information” means a subset of personal information and includes your health information, as well as information pertaining to racial or ethnic origin, political opinions or membership of a political organisation, religious belief or affiliations, membership of a professional or trade association, sexual preferences or a criminal record. Sensitive information attracts additional privacy protections compared with other types of personal information.
3. Who we are
Follow Your Flow is the host of the Follow Your Flow website at https://www.followyourflow.com.au/.
We collect, use and are responsible for certain personal information about you.
We are an Australian business located in Melbourne, Australia. As an Australian business, we are regulated by Australian laws, including the Privacy Act 1988 (Cth). We are also responsible as an ‘organisation’ for the handling of your personal information under those laws. Also, if you are located in the European Economic Area (EEA) and we offer goods or services to you, how we handle your personal information is regulated under the European Union General Data Protection Regulation (GDPR).
The GDPR establishes a uniform data protection law across the European Economic Area and aims to protect the privacy and use of EEA residents’ personal information. We are responsible as ‘controller’ of your personal information for the purposes of the GDPR.
We are bound by, and committed to supporting, Australia’s Privacy Act 1988 and Spam Act 2003 in relation to electronic direct marketing.
This policy applies to the collection and processing of your personal information by us or on our behalf and tells you how we collect, store and process your personal information, the legal basis for processing it, what we use it for, and who we share it with. It also explains particular rights you have in relation to the processing of your personal information. In particular, it explains how you can access or change your information. Your personal information is readily available should you need to make any amendments.
5. Children and minors
Our website is not intended for use by children under the age of 13. If you are under the age of 13, you should not use this website.
Follow Your Flow services, events, groups and sessions are available to clients under the age of 18, subject to parental/guardian consent. If you are under the age of 18 and want to engage our services, we will require personal information to be collected via a consent form which your parent/guardian consents to.
6. Contact us
Please contact us if you have any questions or comments about this notice, our privacy policies and procedures, or you wish to exercise the rights you have under applicable privacy laws, which are explained further below. We welcome your feedback.
You can contact us by using the Contact page of this website.
COLLECTION OF INFORMATION
7. How and what personal information do we collect and use?
We collect personal information in a variety of ways, such as:
a) from you directly, including when you interact with us in writing, electronically and when you visit our website, webpages or use our applications (including when you submit a contact request form via the Contact page on our website);
b) when you complete a consent form before attending a treatment session with a Follow Your Flow practitioner or attending a Follow Your Flow course or event;
c) when you participate in our courses, events or promotions; and
d) when we supply or you access our products or services.
It is your responsibility to advise us if either your health situation or your personal details change so that your record is kept up to date (see sections 23, 24 and 25, below, on access to and correcting your personal information).
8. Consent forms
If you visit our clinic for a session with a Follow Your Flow practitioner or attend a Follow Your Flow course, group or event, you will be asked to complete a consent form.
Our consent forms are specific to the kind of service that you ask to receive. This means that you may be asked to complete a number of different consent forms depending on the kinds of services you wish to receive. We do not ‘bundle’ consents to different things in the one consent form. Consents for events, for example, are confined to consent to participate in events. Likewise, consent to a treatment at a Follow Your Flow clinic relates to the various types of treatment you may consent to at our clinic by a practitioner. In each case, you select what you are consenting to, by checking boxes.
You always have the opportunity to ask a question about our consent forms. Importantly, you are in no way obliged to give the information sought or sign a consent form. However, you will not be permitted to attend a Follow Your Flow course, group or event or have a session with a Follow Your Flow practitioner without completing the relevant consent form.
A. Consent forms for treatment at our clinic
On your first visit for a session at our clinic, your practitioner will ask you to sign a Client Consent form and to provide certain personal information including:
a) Your name;
b) Your address, phone number and email contact details;
c) Your gender, date of birth and marital status;
d) Contact details for your of next of kin and your doctor; and
e) Optional information about your health and any medication you may be taking.
At the end of a session, your practitioner will, as a matter of best practice, make a few notes about any symptoms you may have exhibited and the treatment given. These notes are made by your practitioner as a record of your visit and for the sake of continuity should you have a subsequent visit. Should you have a further session with a different practitioner they will make their own notes about your consultation. Practitioners will not share their notes or your personal information without your written consent.
B.Consent forms for courses, groups or events
When you attend a Follow Your Flow course, group or other event, you will be asked to sign a consent form and provide personal information similar to that outlined above.
C. Other consent forms
In addition, you may register to receive and consent on our website to use of certain services such as receipt of newsletters, mail-outs or other updates, in which case we will use your personal information in order to communicate with you and as specified on the page of our site on which you sign up to such communications.
If you want to ask a question about our consent forms, please use the Contact page, or see our staff at our clinic or an event.
9. Other sources of information that we collect
We will try to collect your personal information only directly from you.
However, there may be instances where we will need to collect your information from other sources. Whenever possible if collecting your information from another person or entity, we will request this other person or entity to hold your signed consent or email us giving your permission for them to provide us with your personal information. Exceptions may be if you suddenly take ill and are incapable of providing certain information which may be important for your treatment, such as if you have had a recent operation, illness or an implant, or if collection of information from anyone other than you is required by law.
If you have provided us with information about another person, then you will need to tell that person that you have done so, that they have the rights as set out in this policy, including a right to access their information, and that they can refer to this policy for information on how we will handle their personal information.
10. Collecting information in relation to your use of our website
We collect information in relation to your use of our website, as described below.
When you visit our website, or interact with us through our webpages and applications, or otherwise, we may collect personal information about you as follows:
a) your contact details, including your name, email address, mailing address, phone number and mobile phone number;
b) your country and state or territory;
c) data collected through your use of our services;
d) technical data associated with web-browsing, ‘cookie’ data and the date and time of website visits, plus other data for analytical purposes;
e) any third-party website from which you linked to our website or accessed our services; and
f) any other personal information you provide us in relation to the website or our services.
Our online registration form (via the login page on our website) requires visitors to our site who elect to become members, to give us contact information, like their name and email address. You can choose whether to register with us online, or not.
If you complete our online registration form, we use your contact information from the registration form to send you information about our services and products. The contact information is also used to contact you when necessary if you have subscribed to a mail list or indicated that you wish to engage any other services we provide.
Our site uses an order form for customers to request information, products, and services. We collect visitors’ contact information and unique identifiers. Contact information from the order form is used to send orders and information about our company to our customers. Your contact information is also used to get in touch with you when necessary. You may opt-out of receiving future mailings. Unique identifiers are collected from website visitors to verify the user's identity and for use as account numbers in our record system.
After subscribing to any of our services, you may opt-out of receiving future mailings by choosing to un-subscribe by sending us an email stating so. Unique identifiers are collected to verify the user's identity and for use in our record system.
We use your IP address to help diagnose problems with our server, and to administer our website. Your IP address is used to help identify you and to gather broad demographic information.
We may also collect other information relating to your use of our website, as detailed in section 28, below.
Note that when you use our website and applications, we are not responsible for any data that you input which is not mandatory for the purpose of the website, webpage or application.
STORAGE AND USE
11. Direct marketing and your privacy
On occasions, we may use the personal information that we collect from you to identify particular products and services which we believe may be of interest to you.
With your consent where required by law, we may communicate with you (through the preferred communication channel(s) you have selected, which may include by email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums) to tell you about products, services and offers that may be of interest to you.
If you have provided your consent to receive direct marketing, you can withdraw it at any time, and we will process your request as quickly as we can. We will give you a choice to ‘opt out’ (unsubscribe) from receiving such information in the future.
12. With your consent
If any information that you provide us is sensitive information and therefore falls within a special category of personal information, such as health information, we will collect and process this information only with your express consent.
13. How do we store your personal information?
When you complete a consent form either at a Follow Your Flow clinic or at an event, the information on the form is entered into our database and the original document (if in hard copy) is then filed in secure storage.
Only your practitioner and our staff who are authorised access to our database for a legitimate purpose may see your personal information unless you have consented to your practitioner sharing your information with another professional such as a GP.
When you enter your details online, they may only be viewed by the staff who have authorised access to the database.
14. How do we use personal information we collect?
Your privacy is respected, and we do not sell, rent or trade your personal information.
We use or may later use your personal information for a variety of purposes, including to:
a) contact you about your appointment at a Follow Your Flow clinic, participation in a Follow Your Flow course or event or any other matter in relation to the services provided to you;
b) contact your next of kin or GP in an emergency;
c) gain a better understanding of your health history to provide the best possible care at a Follow Your Flow clinic session;
d) in relation to treatment at a Follow Your Flow clinic:
a. discuss your case with other practitioners and / or medical professionals if you have consented to this and only if it is felt necessary to do so in support of your case and in your best interest;
b. for research purposes if you have consented to this, in which case your personal information will be ‘de-identified’, that is made anonymous, unless you advise us otherwise;
e) allow you to purchase products and services and for us to deliver them;
f) provide you with information about any product or service you may have purchased or registered for, such as attendance at a workshop or other event.
g) administer and manage our services;
i) assist you to subscribe to or use our services, including to respond to your requests, and to contact you when necessary;
j) gain an understanding of your information and communication needs in order for us to provide you with a better service;
k) conduct research, surveys, and opinion polls;
l) provide you with news, information and material in relation to our services or direct marketing and promotional content of us;
m) monitor who is accessing our website or using our services;
n) profile the type of people using our website or services solely for the purposes of improving our website or services;
o) improve our website or services;
p) comply with our legal obligations; or
q) respond to your requests.
Credit card information is used only for processing payments as authorised by you and fraud prevention. This information is not used for other purposes and is not retained by us after processing any payment.
Anonymous data may be aggregated for reporting client statistics for the clinic and business and to improve our customer service and support. From time to time, we may issue a questionnaire or survey to people on our mailing list. Such questionnaire or survey may be used to gain particular information from you so that we can provide a particular service to you. Responding to such a questionnaire or survey is entirely optional, and you can request to be removed from our mailing list at any time. If you complete a questionnaire, you may do this anonymously and you will have the option of providing your name if you have questions or are seeking further information.
When you register online for a newsletter, course, event or other product, you consent to us using your personal information to send you further information relevant to that service, course, event or product (for an indefinite period), unless you have contacted us to withdraw your consent. You may withdraw your consent at any time. Please see section 17, below, on withdrawal of consent.
Where the GDPR applies, we rely on the following lawful reasons to collect and use your personal data:
a) our legitimate interests in marketing and providing our services;
b) to perform or enter into any contract we may have with you;
c) to comply with our legal obligations;
d) to protect your vital interests or that of another person (e.g. in an emergency); or
e) where you consent to the processing (e.g. for certain sorts of marketing or other processing where the law either requires this or where it is our policy from time to time to seek consent for such processing).
On occasions, more than one of the foregoing reasons may apply.
15. How long do we keep your personal information?
DESTRUCTION OR ARCHIVING OF INFORMATION
16. What do we do with personal information when it is no longer needed?
We will destroy or archive personal information that is no longer needed for the purposes for which it was collected, or if we are no longer permitted or required by law to retain it.
We may need to retain certain personal information after we cease providing you with products or services to enforce our terms, to identify, issue or resolve any legal claim and/or for proper record keeping, and ensure we respect your wishes and not contact you further.
We use secure methods to destroy information that is no longer to be retained.
WITHDRAWAL OF CONSENT AND OPTING OUT
17. Withdrawal of consent
If consent is withdrawn, we have a database which records details of anyone who has withdrawn their consent. We retain this information to ensure we do not send you emails.
18. Can you opt out of providing personal information?
If you do not want us to collect or use your personal information for a specific purpose, you should let us know accordingly via the Contact page and we will use reasonable measures to observe your request. However, if you were to do so, this may result in you not being able to access, or use, all or part of our website or our services.
If personal information has been collected, we may still use or disclose that information:
a) if we subsequently notify you of the intended disclosure and you do not object to that use or disclosure;
b) if we believe that the use or disclosure is reasonably necessary to assist a law enforcement agency or an agency responsible for government or public security in the performance of their functions;
c) to enforce our terms and conditions or to protect our rights;
d) to protect the safety of members of the public and users of our website and services; or
e) if we are required by law to disclose the information.
19. How can you ‘opt out’ from promotional and marketing material
You can opt out of receiving promotional and marketing information by any one of the following methods:
a) unsubscribing via the electronic means provided;
b) by using the Contact page.
20. Electronic Direct Mail policy
Your ability to ‘opt out’ by unsubscribing via the electronic means provided will remain functional for at least 30 days after we send our original communication to you. If you wish to ‘opt out’ using the electronic means provided, you will need to do so within 30 days after the relevant communication is sent to you. After this time, if you have not opted out and wish to do so, another ‘opt out’ method should be used (e.g., using the Contact page).
We will use all reasonable endeavours to process your request as quickly as we can, but, in any event, in a fair and reasonable timeframe: we will aim to complete your ‘unsubscribe’ request within five working days of receipt if the request is received electronically.
DISCLOSURE OF YOUR INFORMATION
21. To whom do we disclose personal information?
From time to time we may disclose your personal information to third parties, including:
a) parties to whom you authorise us to disclose your personal information, either directly or pursuant to the terms and conditions of our services;
b) companies and consultants who perform services for us, such as specialist information technology or outsourcing companies, or other contractors of ours. In such cases, we require those companies and consultants to protect your personal information;
c) government and regulatory authorities (as required or authorised by law);
d) our professional advisors (such as accountants and lawyers);
e) our related organisations;
f) organisations that assist us to conduct research/surveys or analyse data. In this case we require those companies to protect your personal information;
g) service providers to enhance your user experience including some who may store your personal information on servers in a country outside Australia. To the fullest extent possible, we will require those companies to protect your information; or
h) other third parties as permitted by law.
The third parties with whom we share personal information may be located overseas. Please note that some countries outside the UK or EU (including Australia) do not have the same data protection laws as the UK or EU.
Some of your data may be stored on servers in the United States.
If you are a resident of the European Economic Area and do not wish your data to be stored in the United States, then you should not use this site or our services.
If you have any queries about the basis upon which we may transfer or store your personal information outside of Australia, please contact us using the Contact page.
22. Your rights under the GDPR (if applicable)
Under the GDPR and the Australian privacy laws, you have a number of important rights free of charge. In summary, those include rights to:
a) fair processing of information and transparency over how we use your personal information (which this Privacy Notice is designed to address);
b) access to your personal information and to certain other supplementary information;
c) require us to correct any mistakes in your information which we hold;
d) require the erasure of personal information concerning you in certain situations;
e) receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format;
f) transmit your personal information to a third party in certain situations;
g) object at any time to our processing of personal information concerning you for direct marketing;
h) object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
i) object in certain other situations to our continued processing of your personal information;
j) where the processing is based on your consent, withdraw your consent at any time;
k) otherwise restrict our processing of your personal information in certain circumstances.
For further information on each of the aforementioned rights, including the circumstances in which they apply, see, for example, the Guidance from the United Kingdom Information Commissioner's Office (ICO) on individuals’ rights under the General Data Protection Regulation. If you would like to exercise any of those rights, please:
a) contact us using the Contact page and let us have enough information to identify you (such as your name and country of residence);
b) let us have proof of your identity and address;
c) let us know the information to which your request relates.
ACCESS AND CORRECTION
23. How you can access and correct or ask us to delete or cease processing your personal information
We will, at your request and subject to applicable privacy laws, provide you with access to your personal information that is held by us.
If you have access to your personal information online, such as when you register and book for a course or event, then you may access your information using your username and password.
If you have completed a consent form at the Follow Your Flow clinic or at an event, you can request access to your personal information at any time by contacting us to make your request (via the Contact page).
We will endeavour to ensure that personal information that we hold about you is up to date, accurate and complete, but will generally assume that any information provided by you is free from errors and omissions unless you tell us it needs to be corrected. As such, it is important that you keep us informed if personal information that we have about you is inaccurate, incomplete or out of date.
We ask that all requests are made using the Contact page. We will take reasonable steps to action them quickly and promptly. See also section 24, below, in relation to correcting any information we hold about you.
There is no fee for requesting access to your information.
You may also instruct us to remove any previous consent that you provided to receive marketing communications from us.
24. Correcting your personal information
If you believe any information we hold about you is inaccurate, incomplete or out-of-date, you should contact us and following your authorisation we will change your information. If you are wanting to correct personal information in relation to your account on our website, you may do so by logging into your account using your username and password and making the changes to your account online. If you have any questions in relation to this, please contact us via the Contact page.
In circumstances where you contact us to request access to or a change to your personal information, in order to protect your privacy and security, we will take reasonable steps to verify your identity and (for access requests) specify what type(s) of information you require, before granting access to your data. In some cases we may ask you to put your request in writing. Where you have registered for an event online you may access and amend your details using your username and password.
A fee will not apply to making a request for access or update to or deletion of your personal information. A fee may apply and be charged for providing the information to you. The fee covers the cost to us in collating, copying and providing certain information to you. We will only charge this fee where it is lawful for us to do so.
In some circumstances where we correct a record, we may still require retention of the original record.
If you want to change your personal information submitted on a consent form at a Follow Your Flow clinic or at an event, you may request a new consent form from the Follow Your Flow reception staff either at the clinic or an event as this information is not currently available to view online.
25. Where we may refuse access
In some circumstances, we may refuse to provide you with access to or correct your personal information including, but not limited to, where:
a) we no longer hold or use the information;
b) giving access would have an unreasonable impact on the privacy of others;
c) the information relates to existing or anticipated legal proceedings;
d) we consider the request to be frivolous or vexatious;
e) giving access would be unlawful;
f) providing access would prejudice or be likely to prejudice the prevention, detection, investigation and prosecution of unlawful activity;
g) disclosure would pose a threat to the life or health of any individual; or
h) denying access is otherwise required or authorised by law.
Your right to access your personal information is not absolute.
If we refuse to provide you with access to or correct your personal information, we will provide you with an explanation in writing. If we are not required to provide you with access to the information requested, we will consider, if reasonable, whether the use of a mutually agreed intermediary would allow sufficient access to meet your needs and ours.
Please note that if the GDPR applies to you then you will have additional rights (see section 22, above) and, where your GDPR rights are different from what is stated here, then, we will respect your GDPR rights in preference to the rights in this section.
SECURITY OF INFORMATION
26. Security of your personal information
We will take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss and from unauthorised access, modification or disclosure. We limit access to personal information to properly authorised staff within the organisation and ensure that those who do have access respect the privacy of personal information that they are handling. Authorised access to personal and sensitive information is conducted within a ‘need to know’ principle. Personal/sensitive information is only accessed by those staff members who need it to carry out their duties.
We have in place a range of systems and communication security measures designed to keep your personal information and sensitive information secure. Our security measures also include the secure storage of hard copy documents. These include:
an encrypted client database for collection of client information;
password secured digital client notes;
individual database user logins for effective auditing of data amendments;
a password protected server;
a closed office WiFi network strictly accessible to staff only; and
password locked screens on all office computers.
In line with our policy of ensuring a high level of care and protection for any personal information that we may hold about you, Follow Your Flow has an ongoing commitment to periodically brief staff on their obligations and responsibilities with digital security and to ensure they are made aware of current best practice and any developments in best practice for use of common technologies like email and video conferencing. We provide a copy of this policy to staff and keep them updated on changes.
27. Website ‘cookies’
Many websites, including our website, use ‘cookie’ technology.
Cookies are small text files that are used by a website to recognise repeat users (or their computers or mobile devices), store registration data, and facilitate the user's ongoing access to and use of the site. This allows a website to track usage behaviour and compile aggregate data for navigational or content improvement. Cookies are not programs that come onto your system or potentially damage files.
You can disable cookies or request that a warning be displayed when cookies are used to enable you to accept or reject them, by adjusting your internet browser settings. However, disabling or rejecting cookies may mean that you are not able to access parts of our website or take advantage of the improved user experience that cookies can help provide.
28. Use of our website
When visiting our website, a record of your visit may be recorded in Google analytics or similar services. This record may include the following types of information:
a) the date and time of visit;
b) the pages accessed, and documents downloaded; and
c) the address of any website that linked you directly to our site.
Your personal information is not recorded.
This information is NOT shared with any third party other than those assisting us to enhance your user experience or protect your information (as detailed in section 21, above).
We understand that you may be concerned about the security of the personal information that we collect from you. We will take reasonable steps to protect personal information which we hold from misuse, loss and from unauthorised access, modification or disclosure.
We have systems and processes in place to maximise the security of your personal information, including the use of the industry standard encryption on our website.
For site and service security purposes and to ensure that our services are available to all users, we employ software programs to monitor network traffic in order to identify unauthorised attempts to upload or change information, or cause damage to our site.
However, you should be aware that, when using our website or our services, no data transmission over the Internet can be guaranteed as completely secure.
CONTACT AND QUERIES
30. Feedback, queries and complaints
We wholly welcome your feedback at any time.
If you have a query regarding our privacy practices or wish to complain about a breach of privacy or data protection laws, you can contact us using the Contact page. We will respond in writing as quickly as possible, but in accordance with any timeframes required by law, and we will give you details about how we propose to deal with the complaint as soon as reasonably practicable. We may ask you to provide further information about your complaint in order to assist us to assess it.
If, for any reason you do not wish to complain to us initially or if you are unhappy with how we propose to resolve a complaint, then a complaint may also be made to the Office of the Australian Information Commissioner, by visiting the OAIC’s website and following the steps.
Please note that where it applies, the GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the EU (or European Economic Area) member state where you work, normally live or where any alleged infringement of data protection laws occurred.
Office of the Australian Information Commissioner
Phone: 1300 363 992
Office of the UK Information Commissioner
Phone: 0303 123 1113
Federal Commissioner for Data Protection, Germany
Online: Links to state offices at https://www.ldi.nrw.de/mainmenu_Service/submenu_Links/Inhalt2/Datenschutzbeauftragte/Datenschutzbeauftragte.php
France Data Protection authority: CNIL
Spanish Data Protection Agency: AEPD
Dutch Data Protection Authority: DPA