Privacy Policy

1. Introduction

Welcome! This Privacy Policy outlines how SOULADVISOR PTY LTD (ACN 631 566 393) ("we," "us," or "our") collects, uses, and protects your personal information.

We connect clients with traditional, complementary and integrative healthcare ("TCIH") practitioners globally and provide wellness-related resources. This policy explains how we handle personal information across our website and services.

2. Compliance with Privacy Laws

We comply with the relevant privacy laws in Australia, the UK, and the EU, including:

  • Privacy Act 1988 (Cth) and Australian Privacy Principles
  • General Data Protection Regulation (EU GDPR)
  • UK General Data Protection Regulation (UK GDPR)

If you are located in the EEA or UK, please refer to the additional information provided in the Schedule.

3. Definitions

When we use the following words in this Privacy Policy, they have the meaning provided in this section:

  • Personal Information: Includes your name, contact details, and other identifying details.
  • Sensitive Information: Includes health data and membership details that require extra protection.
  • Practitioner: A user registered to offer TCIH.
  • Customer: A user searching for or booking wellness services through our platform
  • Australian Privacy Principles means the principles set out in Schedule 1 of the Privacy Act.
  • EEA means the European Economic Area.
  • EU GDPR means the European Union’s General Data Protection Regulation 2016/679.
  • GDPR means the EU GDPR and the UK GDPR.
  • Privacy Act means the Privacy Act 1988 (Commonwealth of Australia).
  • Site means the website, available at souladvisor.com, that we provide to Customers and Practitioners.
  • UK means the United Kingdom of Great Britain and Northern Ireland.
  • UK GDPR has the meaning given to it in the Australian Data Protection Act 2018 (UK).

4. Personal Information We Collect

We collect personal information to provide and improve our services, including:

  • Name, email address, and contact details
  • Payment details (processed via Stripe)
  • Age and demographic data
  • Browsing behaviour and interactions with our platform
  • Communications with other users on our platform
  • Calendar availability when synced with third-party services (e.g., Google Calendar)
  • Interaction data with our emails and advertisements. 


    We will usually collect these types of Personal Information directly from you, but sometimes we need to collect it from third parties. For example, Practitioners can choose to link their availability for appointments to a third party calendar such as Google Calendar. When Practitioners do this, we will collect information about their availability for appointments from the relevant third party (such as Google Calendar).

    We may also combine or link the Personal Information we collect about you, for example by linking user account data with email interaction data to understand the effectiveness of our marketing activities and improve our service.

We also collect additional information from Practitioners, such as:

  • Business details (ABN, address, website)
  • Qualifications, professional experience, and memberships
  • Identification documents (e.g., passport, driver’s license) which are deleted from our system upon practitioner approval.
  • Medical Malpractice and Liability insurance details
  • Police and/or working with children’s check (where applicable)

5. How We Use Personal Information

We collect and use personal information for:

  • Facilitating connections between Customers and Practitioners
  • Contacting and communicating with users
  • Internal record-keeping, invoicing, and administrative purposes
  • Marketing, advertising, and promotional activities
  • Analytics, market research, and improving our services
  • Ensuring compliance with legal and regulatory obligations

For Practitioners, we also use personal information to:

  • Verify identity, qualifications, and insurance details
  • Display qualifications and credentials to Customers
  • Assess suitability for our platform

6. Marketing & Opt-Out

By providing your contact details, you consent to receive marketing communications from us. You may opt out at any time using the unsubscribe link or by contacting us directly.

7. Data Sharing & Disclosure

We may disclose information you have provided to us to:

  • Third-party service providers assisting with IT, payment processing, analytics, marketing, and legal compliance
  • Other users of our platform (e.g., displaying Practitioner profiles to Customers)
  • Regulatory authorities, if required by law
  • Third-party platforms like Google Analytics, Microsoft Clarity, and Brevo for analytics and marketing
  • Affiliates and business partners (e.g., SoulAdvisor Foundation Limited)
  • Courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
 

Schedule – UK & European Economic Area (EEA) Compliance

1. Applicability of GDPR

This Schedule applies to users located in the UK and EEA and explains how SoulAdvisor Pty Ltd complies with the UK GDPR and EU GDPR when handling your personal data.

2. Personal Data We Collect

We collect and process personal data as described in our Privacy Policy, including:

  • Identifiers (name, email, contact details)

  • Browsing behaviour, interactions, and preferences

  • Sensitive data where necessary (e.g., health-related data when booking a Practitioner)

  • Practitioner details (qualifications, business information, insurance, and professional memberships)

We process special category data (such as health-related information) only where we have your explicit consent or another lawful basis under the GDPR.

3. Legal Bases for Processing Personal Data

Under GDPR, we process your personal data on the following legal bases:

  • Performance of a contract: To provide our services (e.g., enabling bookings, processing payments, and facilitating Practitioner connections).

  • Consent: When you opt in to marketing communications or provide sensitive health-related data.

  • Legitimate interests: For analytics, service improvements, fraud prevention, and ensuring platform security.

  • Legal obligations: Where required for compliance with laws or regulatory authorities.

4. Data Transfers from the UK & EEA

Your personal data may be transferred outside the UK and EEA, including to Australia, where our servers and operations are based. We ensure adequate safeguards are in place, such as:

  • UK & EU Standard Contractual Clauses (SCCs) where required

  • Binding corporate rules with third-party service providers

  • Adequacy decisions where applicable (e.g., transfers under the UK’s adequacy regulations)

By using our services, you acknowledge that your data may be transferred and processed in jurisdictions with different privacy laws.

5. Your Rights Under GDPR

If you are located in the UK or EEA, you have the following rights:

  • Access: Request a copy of your personal data.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure ('Right to be Forgotten'): Request deletion of your data under certain circumstances.

  • Restriction of Processing: Request limits on how we process your data.

  • Data Portability: Request a copy of your data in a structured format.

  • Objection to Processing: Object to data processing based on legitimate interests or direct marketing.

  • Withdraw Consent: Withdraw previously given consent at any time.

  • Automated Decision-Making: Not be subject to decisions based solely on automated processing that significantly affects you.

To exercise these rights, contact us at [email protected]. We will respond within one month, as required by GDPR.

6. Data Retention Policy

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy. Retention periods vary based on:

  • Service-related requirements (e.g., account management and transaction history)

  • Legal compliance (e.g., tax and financial regulations)

  • Security and fraud prevention

When no longer needed, data is securely deleted or anonymized.

7. Cookies & Online Tracking

As described in our Privacy Policy, we use cookies and third-party analytics tools, including:

  • Google Analytics for website performance tracking

  • Microsoft Clarity for behavioural analytics

  • Ontraport for marketing automation

You can manage cookie preferences via your browser settings.

8. How to Lodge a Complaint

If you have concerns about our data handling, you may contact your local data protection authority:

For general inquiries, contact us at [email protected].

9. Updates to this Schedule

We may update this Schedule periodically to reflect changes in regulatory requirements. The latest version will always be available on our website.

 

Last updated: 12 February 2025

Find in