How It Heals (“we”, “us”) is committed to protecting your privacy. This policy explains what personal information we collect when you use howitheals.com or book a consultation, how we use it, and your rights under the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
Who we are
How It Heals is a clinical nutrition and functional testing practice based at 45 Michael St, Bulimba QLD 4171. We provide consultations in person in Brisbane and via telehealth across Australia. You can reach our privacy officer at admin@howitheals.com.
What we collect
We collect personal information in the following ways:
- Contact and booking forms. When you submit a form on this site or book a Clarity Call, we collect your name, email, phone number, and the contents of any message you send us.
- Clinical intake. When you become a client, we collect health information including symptoms, medical history, medications, supplements, lab results, lifestyle factors, and family history. This is sensitive information under the Privacy Act.
- Functional test results. Where we arrange functional pathology testing on your behalf (DUTCH, ENDOmap, HTMA, GI-MAP, OAT, DNA, comprehensive bloods, etc.), the laboratory returns results to us. We retain copies as part of your clinical record.
- Payment information. Payments are processed by our third-party booking and payment providers. We do not store full card numbers ourselves.
- Analytics. When you browse the site we collect technical information including IP address, device type, browser, pages viewed, referring URL, and approximate location. We use Google Analytics 4 and Vercel Web Analytics for this.
How we use it
We use personal information to:
- provide consultations and follow-up care, including ordering tests and writing protocols;
- communicate with you about your appointments, results, and care plan;
- respond to your enquiries and provide information you have requested;
- improve the website and the way we deliver care;
- meet our legal, professional, and insurance obligations.
Health information
Health information is afforded the highest level of protection under the Australian Privacy Principles. We will only collect, use, or disclose your health information for the primary purpose for which it was collected (your care) or for directly related secondary purposes you would reasonably expect, except where you have given specific consent or another exception in the Privacy Act applies (such as a serious threat to life, health, or safety).
Who we share information with
We share personal information only as follows:
- Functional pathology laboratories we order tests from on your behalf (including, where relevant, NutriPath, Nutripath/ARL, Mosaic Diagnostics, Diagnostic Solutions, InterClinical Labs, and similar). Each laboratory has its own privacy policy.
- Software providers who power this site and our practice operations — currently Vercel (hosting), Google (analytics, calendar, mail), our booking and CRM platform, and Stripe (payment processing).
- Health practitioners you have asked us to liaise with (your GP, specialist, or other allied health professional) — only with your written consent.
- Insurers, lawyers, regulators, or courts where we are required by law or to assert or defend a legal claim.
We do not sell your personal information. We do not share it with advertisers for behavioural targeting.
Overseas disclosure
Some of our software providers (including Google and our hosting provider) store data outside Australia, primarily in the United States. Where that occurs we take reasonable steps to ensure those providers handle your information consistently with the Australian Privacy Principles.
Cookies and analytics
We use cookies and similar technologies to operate the site and to understand how it is used. Most analytics cookies can be disabled in your browser settings. Disabling cookies will not stop you from using the site, but some features may be less convenient. Google Analytics records aggregated behaviour using anonymised IP addresses; you can opt out via the Google Analytics opt-out browser add-on.
How long we keep it
Clinical records are retained for the period required by the law of the State in which care is delivered and by our professional indemnity insurer — currently a minimum of seven years from the date of last contact for adults, and until age 25 for minors. Other personal information is retained only for as long as we need it for the purpose for which it was collected.
Security
We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access. These include encryption in transit, access controls on our practice systems, and staff training. No internet-connected system is perfectly secure; if you discover a security issue please contact us immediately.
Your rights
You have the right to:
- request access to the personal information we hold about you;
- request that we correct information that is inaccurate, out-of-date, incomplete, or misleading;
- withdraw consent (where we are relying on consent) at any time;
- make a complaint about how we have handled your information.
To exercise any of these rights, email admin@howitheals.com. We will respond within 30 days. If you are not satisfied with our response, you can complain to the Office of the Australian Information Commissioner at oaic.gov.au or by phone on 1300 363 992.
Children
This website and our services are not directed at children under 16. We do not knowingly collect personal information from children without parental consent.
Changes to this policy
We may update this policy from time to time. The version in force at any moment is the one published on this page. Material changes will be flagged on the homepage for at least 30 days.
Contact
Privacy questions or complaints: admin@howitheals.com
Postal address: 45 Michael St, Bulimba QLD 4171