Privacy Policy

Step Nutrition (By Benjamin David) Site and Services: Privacy Policy

Updated: 15th November, 2023

​

Step Nutrition (we, us or our) recognises the importance of our patients (you, your) privacy and is committed to ensuring your personal information is professionally managed in accordance with all Australian Privacy Principles (APP’s) contained in the Privacy Act 1988 (Commonwealth). The APPs provide standards for how we collect, use, disclose, store, secure and dispose of your personal and sensitive information and a copy can be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au.

​

This Privacy Policy provides information to you about how your personal and sensitive information (including your health information) is collected and used within our clinic when providing our healthcare services (Service, services), and the circumstances in which we share it with third parties. We may update this Policy over time by changing the information contained in this page. Please check this page from time to time to ensure you agree to any changes. This Policy is effective from 15th November, 2023.

​

How we collect information 

We collect personal and sensitive information from you for the primary purpose of providing healthcare services. We collect this information  

• when you complete a ‘Patient Registration, Consent and Authorisation’ form via email or through our website via Halaxy (our practice management software platform)

• when you complete a ‘Contact us’ form on our website,

• when you enquire about our services over the telephone

• during discussions with you in face-to-face consultations, telehealth consultations or online (via zoom) consultations

​

We also collect personal and sensitive information from referring health practitioners involved in your care for the primary purpose of providing our services. We expect that these third parties have advised you and obtained your consent prior to releasing your personal information to us. We will take reasonable steps to notify you of such collection. 

​

We do not guarantee website links or policy of third parties.

​

What we collect 

When you register as a patient of our clinic, we may collect the following personal and sensitive information:

• name, address, email address, date of birth, telephone contact details

• name and telephone number of an emergency contact

• your medical history and your family’s medical history

• medical test results and records including doctor/health professional referrals &/or Chronic Disease Management Plan

• credit card information

• bank account information

• Medicare details

• Health Insurance details

• Employment details

• Demographic information

Details about your health, care plan, and progress with treatment are recorded following each consultation and form part of your personal and sensitive information. 

​

You do not have to share personal and sensitive information with us, but it does make it more difficult to provide our service to you, and in some circumstances, it may result in us being unable to provide our services to you.

​

Why we collect this information

We collect this personal and sensitive information to ensure we use and disclose accurate, complete and up to date details about your individual circumstances and needs, so we care for you in the best possible way. 

We use the information collected to provide progress reports to your other health care practitioners including doctors, specialists, and other health care professionals, in accordance with legislative and industry standards, to ensure a holistic approach to your health care. 

We also use the information for related business activities including:

• providing you with information about our services and relevant information material to support your health

• managing appointments

• billings, financial payments, rebates, claims and debt recovery

• auditing and business planning

• reaching your emergency contact in the case of an emergency

​

Who we share your personal information with and when

• Healthcare providers including doctors, specialists, and other health care professionals in your care team, if you have consented for us to do so 

• Services Australia (provider of Medicare) if they request your personal information

• Private Health Funds if they request access to your file for proof of consultation

• Affiliate practices or clinics where we conduct our in-person appointments, for the sole purpose of informing the reception staff of your name, appointment details and contact telephone number for consultation management purposes

• Third parties who work with our clinic for business purposes, including but not limited to IT, website, and practice software service providers, debt collectors, and auditors

• Other parties when required or authorised by law

​

We will only disclose your personal information if:

• You have given us permission to do so by signing our Patient Registration, Consent and Authorisation form 

• It is unreasonable to seek consent and the disclosure is necessary to lessen or prevent a serious threat to life, health, or safety of an individual or the public

• You are physically or legally incapable of giving consent, and the health information is disclosed to a responsible person (which may include parents, adult siblings, spouses, adult relatives, guardians, or attorneys granted power concerning health decisions), for compassionate reasons or to enable appropriate care or treatment

• It is within Australia

• It is required or authorised by or under law

​

How we store and protect your personal information

Your personal information is protected in Halaxy, our practice management software platform. We do not store any credit card or bank account details and all payment information is collected and stored through Halaxy in Australia. Halaxy is protected by 256-bit bank grade security and encryption, meaning that your information is protected to the same level required for banks. Your data is secure at rest and in transit. All electronic data is encrypted, and password protected. Any hard copy records and information are stored in secure locked cabinets. We take reasonable steps to protect personal and sensitive information from misuse, interference and loss, unauthorised access, modification, or disclosure.

Most information will be stored for a minimum of seven years. Any personal or sensitive information that is no longer practically or legally needed is destroyed or de-identified according to legislative requirements.

​

Accessing and correcting your personal information

You can access your personal information recorded at any time by writing to us at benjamin@stepnutrition.com.au. We will need to identify you to provide access to information and we will respond to your requests for access within 30 days. We may be legally permitted to withhold access to your personal information in some circumstances. In this instance, we will provide you with an explanation/reason in writing and detail the process for lodging a complaint.

If you believe the personal or sensitive information we hold about you is inaccurate, you have the right to ask for it to be corrected. Correction requests will be responded to within 30 days and if corrections made, we take reasonable steps to notify affected third parties of the corrected information. Legislative or legal requirements may prevent us from correcting your personal information in some circumstances and if so, we will advise you in writing with reasons and the process for lodging a complaint.

​

Feedback and Complaints

If you wish to find out additional information regarding our Privacy Policy, or if you wish to make a complaint please contact us in writing at benjamin@stepnutrition.com.au.

We will investigate complaints and attempt to resolve any issues in writing as soon as possible. If you do not believe the issue is resolved, you can refer the complaint to:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney, NSW 2001
Email: enquiries@oaic.gov.au