Protecting your privacy – My assurance to you
The confidentiality and privacy of your personal information will be treated with the utmost care and diligence.
In this policy, Fiona Lotherington will be referred to as ‘I’ or ‘me’. Visitors to this website or participants of a program will be referred to as ‘you’.
I respect the fact that people who choose my services entrust data to me, as a necessary part of providing that service. I take the responsibility seriously that comes with receipt of client data, and the use of that data is in accordance with all laws and regulations that apply.
How I obtain information about you
I obtain information about participants in various ways. For instance, if you decide to attend an Esoteric Yoga program, you will be asked to complete a consent form. I also collect information in relation to your use of the website, as described below. If you visit me for a face to face session/program, I will ask you to complete a consent form as part of the service to you.
The information handling processes outlined in this policy also relate to any personal information collected online via this website.
I take seriously the trust you place in me and at all times I will make every effort to ensure that your personal information is secure, protected from interference, misuse, loss and unauthorised access, modification and disclosure.
Collection of your personal information
Personal and sensitive information
Personal Information refers to information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive Information is a subset of personal information and includes your health information as well as information pertaining to racial or ethnic origin, political opinions or membership of a political organisation, religious belief or affiliations, membership of a professional or trade association, sexual preferences or a criminal record. Sensitive information attracts additional privacy protections compared with other types of personal information.
You always have an opportunity to ask questions about any of my consent forms and are in no way obliged to sign a consent form or to agree with all aspects asked on the form. If you want to ask a question about my consents, please use the ‘Contact’ tab on my website. A completed consent form is needed in order to attend a program, but you are free to ask whatever questions you like.
If you visit me, you will be visiting a practitioner who conducts their own business. I will ask you to complete a consent form in order to provide my services to you. I may ask you to provide certain personal information including:
- Your name, address, phone number and email contact details;
- Your gender, date of birth and marital status;
- Contact details for your next of kin and your doctor;
- Information about your past and current health and any medications you may be taking.
I am a recognised practitioner with the Esoteric Practitioners Association. I am assessed yearly against the standards of professionalism and integrity enshrined in the EPA Code of Ethics and Conduct.
When you sign up for an Esoteric Yoga program, you will be asked to sign a consent form and provide your personal information similar to that outlined above.
In addition, you may consent on my website to the use of certain services such as receipt of newsletters, mail outs or other updates, in which case I will use your personal information in order to communicate with you and as specified on the page of the site on which you sign up to such communications.
Withdrawal of consent
You may withdraw your consent at any time. Consent may be withdrawn by using the ‘Contact’ tab on the website.
If consent is withdrawn, this information is kept on a database with details of the person who has withdrawn their consent. I retain this information to ensure I do not send you emails again.
If you consent to your personal information being shared for research purposes, your information will be de-identified by yourself or by me unless you have given consent to your personal information remaining identified.
When you access my website, anonymous technical information may be collected about your activities on the website. This may include information such as the type of browser used to access the website and the pages visited. This information could be used by me to make decisions about maintaining and improving the website and online services. This information remains anonymous and is not linked in any way to personal identification details.
I do not store financial information such as credit card numbers.
How I store your personal information
I will take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss, from unauthorised access, modification or disclosure. This includes a range of systems and communications security measures, as well as the secure storage of hard copy documents. In addition, access to your personal information will be restricted to myself only.
When you complete a consent form either online or a hard copy, the information on the form is entered into my database and the original document (if in hard copy) is then filed in secure storage. Only I may see your personal information unless you have consented to me sharing your information with another professional such as a GP.
When you enter your details online, they may only be viewed by myself who has access to the database.
I will keep your personal information for as long as it is required to provide you with the services you requested from me and to comply with legal requirements.
If I no longer require your personal information for any purpose, including legal purposes, I will take reasonable steps to securely destroy or de-identify your personal information.
It is your responsibility to advise me should either your health situation or your personal details change so that your record is kept up to date (see ‘Correcting your personal information’).
How I use your personal information
Personal information is used:
- to contact you about your participation in an Esoteric Yoga program or any other matter in relation to the service provided to you;
- to contact your next of kin or GP in an emergency;
- to better understand your health history and thus check that I am able to offer the best possible care for you at the event you are consenting to attend;
- to allow you to purchase products and/or services and for me to deliver them;
- to answer your enquiries, resolve complaints and communicate the same to you;
- to provide you with information about any product or service you may have purchased or registered for, such as attendance on an Esoteric Yoga program.
Credit card information is used only for payment processing and fraud prevention. This information is not used for other purposes and not retained by me after processing any payment.
I may use your personal information (provided via any consent form you sign) to tailor the treatment to your needs.
Anonymous data may be aggregated for reporting statistics for the Esoteric Yoga modality and to improve my customer service and support. If you complete a questionnaire, you may do this anonymously and you will have an option to contact me if you have questions or are seeking further information.
When you register on-line for a newsletter, program or product, you consent to me using your personal information to send you further information relevant to that product (for an indefinite period), unless you have contacted me to withdraw your consent. You may withdraw your consent at any time. Please see the section on withdrawal of consent, above.
With whom I share your personal information
I take seriously the trust you place in me and on no account will I sell, rent or lease your personal information to others. I will not share your personal information with any third party without your permission unless required by law enforcement action or subpoena. For example, I may be required to provide your personal information to the appointed case managers of insurance companies managing compensation cases or a third party case in the treatment of injury or illness.
In addition, I may be required to disclose your personal information to third parties in the course of providing, managing and administering services, which may include disclosure to the following:
- Government and regulatory agencies;
- Lawyers, auditors and/or other advisors engaged by me
- Where disclosure is required by law;
- Where disclosure is reasonably necessary to prevent a threat to the life or health of any individual or prevent the commission of a serious crime.
Personal information may also be disclosed to anyone to whom you have given written and signed consent to have access to this information e.g. a medical doctor
Personal data given in relation to an Esoteric Yoga program may be transferred across state borders for the purposes of data consolidation, storage and simplified management.
Rights relating to personal information
You have rights in relation to your information, which are important to me. These include the right to be informed, right of access, right to rectification, right to be forgotten, right to restrict processing, right to data portability, right to object, and right to not be subject to automated decision-making including profiling.
If a request is received to erase data, this request will be processed within 14 days of receipt of the request. On completion of your request, I will issue confirmation to you that the data has been erased.
Access to your personal information
If you have completed a consent form for a program online or face to face, you can request access to your personal information at any time by using the ‘Contact’ tab on my website. If you believe that any information is incorrect or outdated, you may ask for a correction to be made and I will do so. A request for access will be processed within a reasonable time, usually less than a week for a straightforward request. More time may be needed, depending on the nature of the request but it will not take longer than one month. There is no fee for requesting access to your information.
In a very few cases I may be unable to give you access to certain information for example where:
- I no longer hold or use the information;
- providing access would have an unreasonable impact on the privacy of others;
- I consider the request to be vexatious;
- providing access would be unlawful;
- the information relates to existing or anticipated legal proceedings;
- providing access would prejudice or be likely to prejudice the prevention, detection, investigation and prosecution of unlawful activity;
- disclosure would pose a threat to the life or health of any individual.
If I refuse your request, I will tell you the reason why. If I am not required to provide you with access to the information requested, I will consider, if reasonable, whether the use of a mutually agreed intermediary would allow sufficient access to meet your needs and mine.
Correcting your personal information
I strive to keep your personal information accurate, however, it is your responsibility to notify me if or when your details change. If you believe any information that I hold about you is inaccurate, incomplete or out-of-date, you should contact me and I will provide you with a copy of your information to view and following your authorisation I will change your information. If you have any questions in relation to this, please contact me via the ‘Contact’ tab on the website.
In circumstances where you contact me to request access to or a change to your personal information, in order to protect your privacy and security, I will take reasonable steps to verify your identity, before granting access to your data. In some cases, I may ask you to put your request in writing.
The most effective way to view and change your personal information submitted on a consent form, is to request a new consent form from myself via the ‘Contact’ tab on the website.
Making a complaint
You can contact me at any time if you have any questions or concerns about this document or about how your personal information has been or will be handled.
I value your comments and opinions. I will answer any questions you may have, correct any error on my part or use my best endeavours to resolve any complaint that you may have about my information handling practices.
Once you have contacted me in relation to your concerns, if you are not satisfied with my response, or if you do not feel your complaint has been resolved, you are able to seek advice from the Office of the Australian Information Commissioner by calling 1300 363 992.
If you want to make a complaint in NSW about a health related service you can contact the NSW Health Care Complaints Commission by calling the toll free number 1800 043 159 or emailing firstname.lastname@example.org
If you are located outside of Australia and wish to find out about your regulator for privacy purposes, you are welcome to contact me via the ‘Contact’ tab on the website and I will do my best to assist you.
Online data collection and use
The following discloses my information gathering and dissemination practices.
If you use an online registration form for any program or online service (e.g. mail-outs, e-newsletters), you will be asked to give contact information, such as your name and email address. You can choose whether to register with me online for any event or service, or not. If you complete an online registration form, I will use contact information to send you information about my services and products. The contact information can also be used to contact you when necessary if you have subscribed to a mailing list. After subscribing to any of my services, you may opt-out of receiving future mailings by choosing to un-subscribe or using the ‘Contact’ tab on the website stating so.
I may use your IP address to help diagnose problems with my server, and to administer my website. Your IP address is used to help identify you and to gather broad demographic information.
Security of your personal information
I will take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss and from unauthorised access, modification or disclosure. I limit access to personal information to myself and properly authorised persons and ensure that those who do have access respect the privacy of personal information that they are handling. Authorised access to personal and sensitive information is conducted within a ‘need to know’ principle. Personal/sensitive information is only accessed by those who need it to carry out their duties.
In line with my policy of ensuring a high level of care and protection for any personal information I may hold about you, I have an ongoing commitment to periodically review my obligations and responsibilities with digital security and to ensure that I am aware of the best practices for use of common technologies like email and video conferencing.
I keep your personal information for as long as it is required to provide you with the products and services you requested from me and to comply with legal requirements. If I no longer require your personal information for any purpose, including legal purposes, I will take reasonable steps to securely destroy or de-identify your personal information.
Fiona Lotherington is based in Australia but has clients and participants internationally as well as in Australia.
Amendment of this policy
I may amend this policy from time to time. Any amended form of this policy will be updated on my website, and I will include the date at which the policy was updated at the top of the policy page. I encourage you to check back to this page to see amendments.