Privacy Policy

Welcome! In this Privacy Policy we, us or our means SOULADVISOR PTY LTD (ACN 631 566 393).

We are a community that creates an easier way of connecting clients with traditional and complementary practitioners around the corner or around the world. We also provide resources to keep our community informed about all things wellness. To provide the best services, we may collect some information about you.

We understand that protecting your Personal Information is important. This Privacy Policy sets out our commitment to protecting the privacy of Personal Information provided to us, or otherwise collected by us, offline or online, including through our website.

We comply with relevant privacy laws in the places we operate. These include the Privacy Act, the EU GDPR, and the UK GDPR. If you are located in Australia, you only need to read the body of this Privacy Policy. If you are located in the EEA or the UK, you should also read the Schedule to this Privacy Policy, which gives additional information about our GDPR compliance.

Definitions

When we use the following words in this Privacy Policy, they have the meaning provided in this section:

  • Australian Privacy Principles means the principles set out in Schedule 1 of the Privacy Act.
  • Customer means a person who uses our Site to find information about traditional and complementary medicine, to search for and book sessions with traditional and complementary medicine practitioners, or for any related reason. If you are a user of our Site and are not a Practitioner, then you are a Customer.
  • EEA means the European Economic Area.
  • EU GDPR means the European Union’s General Data Protection Regulation 2016/679.
  • GDPR means the EU GDPR and the UK GDPR.
  • Personal Information has the meaning given to it in the Privacy Act. For example, personal information includes your name and contact details.
  • Practitioner means a user of our Site who has registered to connect with people seeking to undertake traditional and complementary therapies.
  • Privacy Act means the Privacy Act 1988 (Cth).
  • Sensitive Information has the meaning given to it in the Privacy Act. Sensitive information is a subset of Personal Information that is given a higher level of protection under the Australian Privacy Principles. For example, sensitive information includes information relating to your health and membership of professional associations.
  • Site means the website, available at souladvisor.com, that we provide to Customers and Practitioners.
  • UK means the United Kingdom of Great Britain and Northern Ireland.
  • UK GDPR has the meaning given to it in the Data Protection Act 2018 (UK).

Personal information we collect about all users

The types of Personal Information we may collect about you include:

  • your name;
  • your contact details, including email address, and/or telephone number;
  • your age;
  • your credit card or payment details (through our third party payment processor, currently Stripe);
  • your Sensitive Information as set out below;
  • details of products and services we have provided to you and/or that you have enquired about, and our response to you;
  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • information about your access and use of our Site, including through the use of Internet cookies, your communications with our Site, the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider;
  • information about your interaction with email messages we send you (or our subcontractors send you on our behalf), including whether you opened or clicked a link in that email message;
  • additional Personal Information that you provide to us (such as reviews that Customers submit or information that Practitioners submit on their practitioner profile page, including information about that Practitioner’s availability for appointments), directly or indirectly, through your use of our Site, email messages, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
  • any other Personal Information requested by us and/or provided by you or a third party.
  • any communications between you and other users on our platform.

We will usually collect these types of Personal Information directly from you, but sometimes we need to collect it from third parties. For example, Practitioners can choose to link their availability for appointments to a third party calendar such as Google Calendar. When Practitioners do this, we will collect information about their availability for appointments from the relevant third party (such as Google Calendar).

We may also combine or link the Personal Information we collect about you, for example by linking user account data with email interaction data to understand the effectiveness of our marketing activities and improve our service.

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

Additional Personal Information we collect about Practitioners

In addition to the Personal Information described above, we may also collect the following Personal Information about you if you are a Practitioner:

  • your Australian Business Number or Australian Company Number (or equivalent business details), address and website;
  • your qualifications and professional experience;
  • your driver’s licence, passport, or other government identifier you provide to us;
  • your current Medical Malpractice and Liability insurance policy;
  • any relevant police and/or working with children’s check; and
  • your association membership details (if appropriate).

Our purposes in collecting and using Personal Information

We may collect, hold, use and disclose Personal Information for the following purposes:

  • to enable you to access and use our Site, associated applications and associated social media platforms, including to connect with other Customers and Practitioners;
  • to contact and communicate with you;
  • for internal record keeping, administrative purposes, invoicing and billing purposes;
  • for analytics, market research and business development, including to measure the effectiveness of our advertising and to improve our Site, associated applications and associated social media platforms;
  • to run competitions and/or to offer additional benefits to you;
  • for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you;
  • to comply with our legal obligations and resolve any disputes.

 

Additional purposes in collecting and using Personal Information about Practitioners

In addition to the purposes listed above, we may also collect, hold, use and disclose additional Personal Information collected from Practitioners in order to:

  • verify that Practitioner’s identity;
  • verify that Practitioner’s qualifications, memberships and affiliations;
  • display that Practitioner’s qualifications, memberships and affiliations to Customers;
  • ensure that relevant and current Medical Malpractice and Liability insurance is held; and
  • assess that Practitioner’s suitability to be displayed on our Site.

Opt-out and consent to our use of your Personal Information for marketing purposes

As noted above, we collect, hold, use or disclose Personal Information for the purposes of advertising and marketing. By providing us your contact details, you consent to receiving marketing material from us. We do not provide your Personal Information to other organisations for the purpose of direct marketing unless expressly authorised by you.

You may opt out of receiving this marketing material from us at any time by contacting us using the details below or using the opt-out facilities provided in the material (e.g. an unsubscribe link or notification settings in your dashboard). We will then ensure that your name is removed from our mailing list.

Disclosure of Personal information

Analysing your communications

We may review, scan, or analyse your communication sent or received using SoulAdvisor communication tools, (including communications with other Users) for fraud prevention, risk assessment, regulatory compliance, investigation, product development, research, analytics and customer support purposes.

For example, as part of fraud prevention reports, we may scan and analyse messages to mask contact information and references to other websites. In some cases, we may also scan, review, or analyse messages to debug, improve, and expand product offerings. We may use automated methods where whenever reasonably possible, however, we may need to manually review some communications occasionally, such as for fraud investigations and customer support, or to assess and improve the functionality of these automated tools. We will not review, scan, or analyse your messaging communications to send third party marketing messages to you, and we will not sell reviews or analyses of these communications.

These activities are carried out based on SoulAdvisor’s legitimate interest in ensuring compliance with applicable laws and our Terms, preventing fraud, promoting safety, and improving and ensuring the adequate performance of our services.

We reserve the right to block the delivery of or review communications that we, at our sole discretion, believe may contain malicious content, spam, or that may pose a risk to you, our Users, SoulAdvisor, or others.

These communications and their contents may be disclosed in response to lawful government requests or legal process, in other circumstances in which we have a good faith belief that a crime has been committed by a use of our services, that an emergency exists that poses a threat to the safety of our users or another person, if necessary to protect our rights or property, or for us to render the service you have requested.

Disclosure of Personal Information to third parties

We may disclose Personal Information to:

  • third party service providers for the purpose of enabling them to assist us in providing our services to you, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators;
  • our employees, contractors and/or related entities (including providing anonymous aggregated data to SoulAdvisor Foundation Limited);
  • other users of our Site (such as providing a Practitioner’s name and address to Customers who search for a Practitioner or visit that Practitioner’s profile page);
  • sponsors or promoters of any competition we run;
  • anyone to whom our business, assets or shares (or any part of them) are, or may (in good faith) be, transferred or issued;
  • credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia, the UK, or the EEA; and
  • third parties to collect and process data, such as Google Analytics and Ontraport. This may include parties located, or that store data, outside of Australia, the UK, or the EEA.

Disclosure of Personal Information from the UK / EEA to third parties based outside of the UK / EEA

For information we collect in the UK, we do not disclose your Personal Information to third parties that are based, or store data, outside of the UK except as described in the section of the Schedule to this Privacy Policy headed “transfers from the UK”.

For information we collect in the EEA, we do not disclose your Personal Information to third parties that are based, or store data, outside of the EEA except as described in the section of the Schedule to this Privacy Policy headed “transfers from the EEA”.

Disclosure of Personal Information from Australia to third parties based outside of Australia

In general, for information we collect in Australia, we do not disclose your Personal Information to third parties that are based, or store data, outside of Australia.

However, as set out in the section of this Privacy Policy titled “Disclosure of Personal Information”, we do disclose your personal information to other users of our Site, including users based outside of Australia.

If we disclose your Personal Information to third parties based overseas, we are required to take reasonable steps to ensure that the third party does not breach the Australian Privacy Principles unless:

  • you have given us your consent to disclose Personal Information to that third party without ensuring their compliance with the Australian Privacy Principles;
  • we believe that:
    • the overseas recipient is subject to a law or binding scheme that is, overall, substantially similar to the Australian Privacy Principles; and
    • we can enforce the law or binding scheme; or
  • the disclosure is required or authorised by an Australian law or court/tribunal order.

You acknowledge that overseas third parties may not be regulated by the Privacy Act and the Australian Privacy Principles. If any third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act and you will not be able to seek redress under the Privacy Act.

How we treat Personal Information that is also Sensitive Information

The type of Sensitive Information we may collect about you includes:

  • If you are a Customer:
    • information relating to your health – for example, information relating to the Practitioners with whom you have booked a session, or the search queries you have submitted to us;
  • If you are a Practitioner:
    • professional associations or memberships including where you provide your qualifications and professional experience; and
    • your identification, qualifications and professional experience.

We will not collect Sensitive Information about you without first obtaining your consent. By providing Sensitive Information to us, you consent to our use of your Sensitive Information as described in this section of our Privacy Policy.

Provided you consent, your Sensitive Information may only be used and disclosed for purposes relating to the primary purpose for which the Sensitive Information was collected, including:

  • If you are a Customer:
    • providing our service to you, for example by identifying relevant Practitioners in search results based on health information you have provided to us in your search query; and
    • providing anonymised and aggregated health information to our Practitioners and to SoulAdvisor Foundation Limited, to assist them with identifying trends in therapy preferences;
  • If you are a Practitioner:
    • verifying your identity, qualifications, professional associations and memberships, and other details relevant to confirming that you are suitable to be displayed on the Site; and
    • displaying your relevant qualifications, professional associations and memberships to other users of the Site (for example, on your profile page and in search results);
  • providing services for a purpose that is directly related to the primary purpose for which the Sensitive Information was collected; and
  • referring you to medical or health service providers in circumstances where it is impractical for us to obtain your consent.

As a booking marketplace, SoulAdvisor will only have access to users’ Google calendars in order to sync the data inside (meeting title and description) and to improve the overall user experience. We don’t store the attendee’s email addresses or names. The data will be securely synced to your SoulAdvisor Calendar to be able to see all your events from Google Calendar in SoulAdvisor Calendar and all the events from SoulAdvisor Calendar will be synced to Google Calendar. This will allow users to see all the events and configure availability check in only one platform

Sensitive information may also be used or disclosed if required or authorised by law.

Your rights and controlling your Personal Information

Choice and consent: Please read this Privacy Policy carefully. By providing Personal Information to us, you consent to us collecting, holding, using and disclosing your Personal Information in accordance with this Privacy Policy. You do not have to provide Personal Information to us; however, if you do not, it may affect your use of this Site or the products and/or services offered on or through it.

Information from third parties: If we receive Personal Information about you from a third party, we will protect it as set out in this Privacy Policy. If you are a third party providing Personal Information about somebody else, you represent and warrant that you have such person’s consent to provide the Personal Information to us.

Anonymity: Where practicable we will give you the option of not identifying yourself or using a pseudonym in your dealings with us.

Restrict: If you have previously agreed to us using your Personal Information for direct marketing purposes, you may change your mind at any time by contacting us as set out in the section of this Privacy Policy titled “Opt-out and consent to our use of your Personal Information for marketing purposes”.

Access: You may request access to the Personal Information that we hold about you by contacting us using the details below. An administrative fee may be payable for the provision of such information.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.

Complaints: If you wish to make a complaint about how we have handled your Personal Information, including a complaint that we have not complied with this Privacy Policy or relevant privacy laws, please contact us using the details below and provide us with full details of the complaint. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint.

If you are not satisfied with our handling of your complaint, you can also complain to the regulator in your jurisdiction, being:

Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us as set out in the section of this Privacy Policy titled “Opt-out and consent to our use of your Personal Information for marketing purposes”.

Storage and security

We are committed to ensuring that the Personal Information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures, such as encryption of data at rest using AES encryption, encryption of data in transit, and monitoring of internal staff access to data, to safeguard and secure the Personal Information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

The Personal Information we collect is stored with reputable and secure cloud hosting providers such as Amazon Web Services and reputable and secure cloud service providers such as Dropbox.

We are doing our best to make any information that is transmitted to or by us are secure. The transmission and exchange of information are carried out at your own risk, but to minimize the risk, we apply end-to-end encryption to data transmission with TLS SHA-256. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the Personal Information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Cookies and web beacons

We may use cookies on our Site from time to time. Cookies are text files placed in your computer's browser to store your preferences, such as whether you are logged in to our Site, which Site pages you have visited, and which search filters you have applied. Cookies, by themselves, do not tell us your email address or other personally identifiable information. However, they do allow third parties, such as Google and Facebook, to cause our advertisements to appear on your social media and online media feeds as part of our retargeting campaigns. If you choose to provide us with Personal Information, we may also link this information to data stored in cookies.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all or some cookies (including essential cookies) you may not be able to access all or parts of our site.

We may also use web beacons on our Site from time to time. Web beacons (also known as Clear GIFs) are small pieces of code placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

We may use third parties such as Google Analytics and Ontraport to collect and process cookie and web beacon data. To find out how Google and Ontraport use data when you use third party websites or applications, please see https://policies.google.com/technologies/partner-sites and https://ontraport.com/legal or any other URL Google or Ontraport may use from time to time.

Links to other websites

Our Site may contain links to other websites. We do not have any control over those websites and we are not responsible for the protection and privacy of any Personal Information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.

Connections between Practitioners and Customers

Our Site assists with creating connections between Practitioners and Customers. We do not have control over these Practitioners and Customers, and we are not responsible for the protection and privacy of any Personal Information that you provide to them.

Amendments

We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our Site. We recommend you check our Site regularly to ensure you are aware of our current Privacy Policy.

Contacting us

For any questions or notices, please contact us at:

  • SOULADVISOR PTY LTD ACN 631 566 393
    Email: [email protected]

    Last update: 16 August 2022

 

Schedule ​​​​​ - UK and European Economic Area

When we process the personal data of people located in the EEA or UK, the GDPR applies. This Schedule describes how we comply with the GDPR in relation to users located in the EEA or the UK.

What personal data do we collect?

Please refer to sections of our Privacy Policy headed

  • “Personal information we collect about all users”;
  • “Additional personal information we collect about Practitioners”; and
  • “Cookies and web beacons”,

for detail on the personal data we collect from users and Practitioners.

As described in those sections, we may collect and process special categories of personal data in order to provide our service. For example, when you book a session with a Practitioner, we need to collect and process data relating to the Practitioner with whom you have booked a session. Where we collect or process sensitive personal data, we will do so with your explicit consent or otherwise as permitted by law.

How do we use the personal data we collect?

Please refer to the sections of our Privacy Policy headed:

  • “Our purposes in collecting and using personal information”;
  • “Additional purposes in collecting and using Personal Information about Practitioners”; and
  • “Disclosure of Personal Information”

for details about how we use the personal data we collect from you.

We process your personal data only where we have a legal basis, including where:

  • we need to process your personal data to provide our services to you under your contract with us;
  • you give us consent to process your personal data for specific purposes;
  • we need to process your personal data to comply with a legal obligation; or
  • we need to process your personal data to satisfy our legitimate interests, such as:
    • developing and providing our platform to you and other users;
    • managing competitions and promotions that we run;
    • supporting our internal business processes; and
    • protecting our platform from being used for improper purposes, including fraud.

 

If you have consented to our processing of your personal data about you for a specific purpose, you can change your mind at any time. However, this won’t affect previously processed data and it might mean you are no longer able to access our services.

How we store and secure personal information

Please refer to the sections of our Privacy Policy headed “storage and security" for details on how we store personal data you provide to us.

We will only keep your personal data for as long as we need it to provide our services to you, except where we need to retain personal data for longer periods for the purposes of fraud prevention, to resolve legal claims, or for our internal record-keeping.

Your GDPR rights as a data subject

As a data subject under the GDPR, you have the right to:

  • be informed as to how your personal information is being collected and used;
  • access your personal information;
  • have your data deleted or corrected where it is inaccurate;
  • ask us to delete your personal information if there is no need for us to keep it;
  • object to your data being processed and to restrict processing;
  • withdraw consent to having your data processed;
  • have your data provided in a standard format so that it can be transferred elsewhere;
  • not be subject to a decision based solely on automated processing; and
  • lodge a complaint with a data protection authority if you are not happy with how we handle a complaint.

If you want to exercise any of these rights, please contact us as described in the section of our Privacy Policy headed “Contacting us”. If you wish to complain about our treatment of your personal data, you can also contact the data protection regulator in your location, as described in the section of our Privacy Policy headed “Your rights and controlling your Personal Information”.

Our use of cookies

We use cookies as described in the section of this Privacy Policy headed “cookies and web beacons”.

As described in that section, we use cookies:

  • to support the functionality of our Site, for example by allowing you to log in to our site;
  • to improve the performance of our site, for example through analysing page usage data; and
  • for marketing purposes, for example by targeting and measuring the effect of our advertisements.

Transfers from the UK

If you are located in the UK, we may transfer the personal data we collect about you:

  • so that it can be stored securely in Australia (which is where we manage our Site from and host personal data we collect); and
  • to third parties and subcontractors based outside of the UK, as set out in the section of this Privacy Policy headed “Disclosure of Personal Information”.

When we transfer your personal data outside of the UK, we will ensure there are relevant protections in place in accordance with legally recognised mechanisms for overseas data transfer such as binding contractual obligations.

Transfers from the EEA

If you are located in the EEA, we may transfer the personal data we collect about you:

  • so that it can be stored securely in Australia (which is where we operate our Site from and host personal data we collect); and
  • to third parties and subcontractors based outside of the EEA, as set out in the section of this Privacy Policy headed “Disclosure of Personal Information”.

When we transfer your personal data outside of the EEA, we will ensure there are relevant protections in place in accordance with legally recognised mechanisms for overseas data transfer such as binding contractual obligations.

Contacting us

Our contact details are set out in the section of our Privacy Policy headed “Contacting us”.

Last updated: 27 Mar 2024

Find in