We are a community that creates an easier way of connecting clients with traditional and complementary practitioners around the corner or around the world. We also provide resources to keep our community informed about all things wellness. To provide the best services, we may collect some information about you.
- Australian Privacy Principles means the principles set out in Schedule 1 of the Privacy Act.
- Customer means a person who uses our Site to find information about traditional and complementary medicine, to search for and book sessions with traditional and complementary medicine practitioners, or for any related reason. If you are a user of our Site and are not a Practitioner, then you are a Customer.
- EEA means the European Economic Area.
- EU GDPR means the European Union’s General Data Protection Regulation 2016/679.
- GDPR means the EU GDPR and the UK GDPR.
- Personal Information has the meaning given to it in the Privacy Act. For example, personal information includes your name and contact details.
- Practitioner means a user of our Site who has registered to connect with people seeking to undertake traditional and complementary therapies.
- Privacy Act means the Privacy Act 1988 (Cth).
- Sensitive Information has the meaning given to it in the Privacy Act. Sensitive information is a subset of Personal Information that is given a higher level of protection under the Australian Privacy Principles. For example, sensitive information includes information relating to your health and membership of professional associations.
- Site means the website, available at souladvisor.com, that we provide to Customers and Practitioners.
- UK means the United Kingdom of Great Britain and Northern Ireland.
- UK GDPR has the meaning given to it in the Data Protection Act 2018 (UK).
Personal information we collect about all users
The types of Personal Information we may collect about you include:
- your name;
- your contact details, including email address, and/or telephone number;
- your age;
- your credit card or payment details (through our third party payment processor, currently Stripe);
- your Sensitive Information as set out below;
- details of products and services we have provided to you and/or that you have enquired about, and our response to you;
- your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
- information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
- information about your interaction with email messages we send you (or our subcontractors send you on our behalf), including whether you opened or clicked a link in that email message;
- additional Personal Information that you provide to us (such as reviews that Customers submit or information that Practitioners submit on their practitioner profile page, including information about that Practitioner’s availability for appointments), directly or indirectly, through your use of our Site, email messages, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
- any other Personal Information requested by us and/or provided by you or a third party.
We will usually collect these types of Personal Information directly from you, but sometimes we need to collect it from third parties. For example, Practitioners can choose to link their availability for appointments to a third party calendar such as Google Calendar. When Practitioners do this, we will collect information about their availability for appointments from the relevant third party (such as Google Calendar).
We may also combine or link the Personal Information we collect about you, for example by linking user account data with email interaction data to understand the effectiveness of our marketing activities and improve our service.
Additional Personal Information we collect about Practitioners
In addition to the Personal Information described above, we may also collect the following Personal Information about you if you are a Practitioner:
- your Australian Business Number or Australian Company Number (or equivalent business details), address and website;
- your qualifications and professional experience;
- your driver’s licence, passport, or other government identifier you provide to us;
- your current Medical Malpractice and Liability insurance policy;
- any relevant police and/or working with children’s check; and
- your association membership details (if appropriate).
Our purposes in collecting and using Personal Information
We may collect, hold, use and disclose Personal Information for the following purposes:
- to enable you to access and use our Site, associated applications and associated social media platforms, including to connect with other Customers and Practitioners;
- to contact and communicate with you;
- for internal record keeping, administrative purposes, invoicing and billing purposes;
- for analytics, market research and business development, including to measure the effectiveness of our advertising and to improve our Site, associated applications and associated social media platforms;
- to run competitions and/or to offer additional benefits to you;
- for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you;
- to comply with our legal obligations and resolve any disputes.
Additional purposes in collecting and using Personal Information about Practitioners
In addition to the purposes listed above, we may also collect, hold, use and disclose additional Personal Information collected from Practitioners in order to:
- verify that Practitioner’s identity;
- verify that Practitioner’s qualifications, memberships and affiliations;
- display that Practitioner’s qualifications, memberships and affiliations to Customers;
- ensure that relevant and current Medical Malpractice and Liability insurance is held; and
- assess that Practitioner’s suitability to be displayed on our Site.
Opt-out and consent to our use of your Personal Information for marketing purposes
As noted above, we collect, hold, use or disclose Personal Information for the purposes of advertising and marketing. By providing us your contact details, you consent to receiving marketing material from us. We do not provide your Personal Information to other organisations for the purpose of direct marketing unless expressly authorised by you.
You may opt out of receiving this marketing material from us at any time by contacting us using the details below or using the opt-out facilities provided in the material (e.g. an unsubscribe link or notification settings in your dashboard). We will then ensure that your name is removed from our mailing list.
Disclosure of Personal Information to third parties
We may disclose Personal Information to:
- third party service providers for the purpose of enabling them to assist us in providing our services to you, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
- our employees, contractors and/or related entities (including providing anonymous aggregated data to SoulAdvisor Foundation Limited);
- other users of our Site (such as providing a Practitioner’s name and address to Customers who search for a Practitioner or visit that Practitioner’s profile page);
- sponsors or promoters of any competition we run;
- anyone to whom our business, assets or shares (or any part of them) are, or may (in good faith) be, transferred or issued;
- credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
- third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia, the UK, or the EEA; and
- third parties to collect and process data, such as Google Analytics and Ontraport. This may include parties located, or that store data, outside of Australia, the UK, or the EEA.
Disclosure of Personal Information from the UK / EEA to third parties based outside of the UK / EEA
Disclosure of Personal Information from Australia to third parties based outside of Australia
In general, for information we collect in Australia, we do not disclose your Personal Information to third parties that are based, or store data, outside of Australia.
If we disclose your Personal Information to third parties based overseas, we are required to take reasonable steps to ensure that the third party does not breach the Australian Privacy Principles unless:
- you have given us your consent to disclose Personal Information to that third party without ensuring their compliance with the Australian Privacy Principles;
- we believe that:
- the overseas recipient is subject to a law or binding scheme that is, overall, substantially similar to the Australian Privacy Principles; and
- we can enforce the law or binding scheme; or
- the disclosure is required or authorised by an Australian law or court/tribunal order.
You acknowledge that overseas third parties may not be regulated by the Privacy Act and the Australian Privacy Principles. If any third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act and you will not be able to seek redress under the Privacy Act.
How we treat Personal Information that is also Sensitive Information
The type of Sensitive Information we may collect about you includes:
- If you are a Customer:
- information relating to your health – for example, information relating to the Practitioners with whom you have booked a session, or the search queries you have submitted to us;
- If you are a Practitioner:
- professional associations or memberships including where you provide your qualifications and professional experience; and
- your identification, qualifications and professional experience.
Provided you consent, your Sensitive Information may only be used and disclosed for purposes relating to the primary purpose for which the Sensitive Information was collected, including:
- If you are a Customer:
- providing our service to you, for example by identifying relevant Practitioners in search results based on health information you have provided to us in your search query; and
- providing anonymised and aggregated health information to our Practitioners and to SoulAdvisor Foundation Limited, to assist them with identifying trends in therapy preferences;
- If you are a Practitioner:
- verifying your identity, qualifications, professional associations and memberships, and other details relevant to confirming that you are suitable to be displayed on the Site; and
- displaying your relevant qualifications, professional associations and memberships to other users of the Site (for example, on your profile page and in search results);
- providing services for a purpose that is directly related to the primary purpose for which the Sensitive Information was collected; and
- referring you to medical or health service providers in circumstances where it is impractical for us to obtain your consent.
As a booking marketplace, SoulAdvisor will only have access to users’ Google calendars in order to sync the data inside (meeting title and description) and to improve the overall user experience. We don’t store the attendee’s email addresses or names. The data will be securely synced to your SoulAdvisor Calendar to be able to see all your events from Google Calendar in SoulAdvisor Calendar and all the events from SoulAdvisor Calendar will be synced to Google Calendar. This will allow users to see all the events and configure availability check in only one platform
Sensitive information may also be used or disclosed if required or authorised by law.
Your rights and controlling your Personal Information
Anonymity: Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us.
Access: You may request access to the Personal Information that we hold about you by contacting us using the details below. An administrative fee may be payable for the provision of such information.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
If you are not satisfied with our handling of your complaint, you can also complain to the regulator in your jurisdiction, being:
- in Australia, the Office of the Australian Information Commissioner through their website available at https://www.oaic.gov.au/privacy/privacy-complaints/
- in the UK, the Information Commissioner’s Office through their website available at https://ico.org.uk/global/contact-us/
- in the EEA, the relevant data protection authority as described on the European Commission’s website available at https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Storage and security
We are committed to ensuring that the Personal Information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, such as encryption of data at rest using AES encryption, encryption of data in transit, and monitoring of internal staff access to data, to safeguard and secure the Personal Information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
The Personal Information we collect is stored with reputable and secure cloud hosting providers such as Amazon Web Services and reputable and secure cloud service providers such as Dropbox.
Cookies and web beacons
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all or some cookies (including essential cookies) you may not be able to access all or parts of our site.
We may also use web beacons on our Site from time to time. Web beacons (also known as Clear GIFs) are small pieces of code placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.
We may use third parties such as Google Analytics and Ontraport to collect and process cookie and web beacon data. To find out how Google and Ontraport use data when you use third party websites or applications, please see https://policies.google.com/technologies/partner-sites and https://ontraport.com/legal or any other URL Google or Ontraport may use from time to time.
Links to other websites
Connections between Practitioners and Customers
Our Site assists with creating connections between Practitioners and Customers. We do not have control over these Practitioners and Customers, and we are not responsible for the protection and privacy of any Personal Information that you provide to them.
For any questions or notices, please contact us at:
- SOULADVISOR PTY LTD ACN 631 566 393
Email: [email protected]
Last update: 17 March 2022
Schedule - UK and European Economic Area
When we process the personal data of people located in the EEA or UK, the GDPR applies. This Schedule describes how we comply with the GDPR in relation to users located in the EEA or the UK.
What personal data do we collect?
- “Personal information we collect about all users”;
- “Additional personal information we collect about Practitioners”; and
- “Cookies and web beacons”,
for detail on the personal data we collect from users and Practitioners.
As described in those sections, we may collect and process special categories of personal data in order to provide our service. For example, when you book a session with a Practitioner, we need to collect and process data relating to the Practitioner with whom you have booked a session. Where we collect or process sensitive personal data, we will do so with your explicit consent or otherwise as permitted by law.
How do we use the personal data we collect?
- “Our purposes in collecting and using personal information”;
- “Additional purposes in collecting and using Personal Information about Practitioners”; and
- “Disclosure of Personal Information to third parties”
for details about how we use the personal data we collect from you.
We process your personal data only where we have a legal basis, including where:
- we need to process your personal data to provide our services to you under your contract with us;
- you give us consent to process your personal data for specific purposes;
- we need to process your personal data to comply with a legal obligation; or
- we need to process your personal data to satisfy our legitimate interests, such as:
- developing and providing our platform to you and other users;
- managing competitions and promotions that we run;
- supporting our internal business processes; and
- protecting our platform from being used for improper purposes, including fraud.
If you have consented to our processing of your personal data about you for a specific purpose, you can change your mind at any time. However, this won’t affect previously processed data and it might mean you are no longer able to access our services.
How we store and secure personal information
We will only keep your personal data for as long as we need it to provide our services to you, except where we need to retain personal data for longer periods for the purposes of fraud prevention, to resolve legal claims, or for our internal record-keeping.
Your GDPR rights as a data subject
As a data subject under the GDPR, you have the right to:
- be informed as to how your personal information is being collected and used;
- access your personal information;
- have your data deleted or corrected where it is inaccurate;
- ask us to delete your personal information if there is no need for us to keep it;
- object to your data being processed and to restrict processing;
- withdraw consent to having your data processed;
- have your data provided in a standard format so that it can be transferred elsewhere;
- not be subject to a decision based solely on automated processing; and
- lodge a complaint with a data protection authority if you are not happy with how we handle a complaint.
- to support the functionality of our Site, for example by allowing you to log in to our site;
- to improve the performance of our site, for example through analysing page usage data; and
- for marketing purposes, for example by targeting and measuring the effect of our advertisements.
Transfers from the UK
If you are located in the UK, we may transfer the personal data we collect about you:
- so that it can be stored securely in Australia (which is where we manage our Site from and host personal data we collect); and
When we transfer your personal data outside of the UK, we will ensure there are relevant protections in place in accordance with legally recognised mechanisms for overseas data transfer such as binding contractual obligations.
Transfers from the EEA
If you are located in the EEA, we may transfer the personal data we collect about you:
- so that it can be stored securely in Australia (which is where we operate our Site from and host personal data we collect); and
When we transfer your personal data outside of the EEA, we will ensure there are relevant protections in place in accordance with legally recognised mechanisms for overseas data transfer such as binding contractual obligations.
Last update: 17 March 2022