Privacy Policy

Antidote Apothecary

ABN 79 522 160 691 | Sole Trader: Ella McKenzie

Email: ella@antidoteapothecary.com.au

Last updated: 24/11/2025

1. Introduction

Antidote Apothecary ("the Practice", "we", "our", or "us") is committed to maintaining the privacy, confidentiality, and security of all personal and health information collected in connection with the provision of naturopathic and nutritional services. This Privacy Policy explains how data is collected, used, stored, disclosed, and protected in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, AHPRA-aligned advertising principles, and obligations under Guild Insurance.

Use of our website, booking systems, or services constitutes acceptance of this Privacy Policy.

2. Collection of Personal and Health Information

We collect personal information necessary to provide professional services. This includes contact details, health history, consultation notes, laboratory results, payment information, lifestyle information, and any correspondence relevant to care. Information may be collected through online forms, SimpleClinic, Squarespace, Stripe, email communications, and in-person consultations.

Health information is considered sensitive information and is handled with the highest standard of confidentiality and security.

3. Use of Information

Information is used to deliver clinical services, maintain health records, process payments, manage appointments, operate our website, comply with professional and insurance requirements, and ensure continuity of care. Information may also be used to provide general updates, administrative notifications, and educational content.

4. Automated Decision-Making and AI Transparency

If automated systems, Artificial Intelligence, or algorithmic tools are used now or in the future, we will ensure transparency and protect client rights. Clients will be informed when a decision affecting them has been made automatically, provided with clear information regarding the criteria used, and permitted to request human review of an automated decision where required by law or where the decision significantly affects their rights or wellbeing.

5. Disclosure of Information

We do not sell or trade personal information. Disclosure occurs only when necessary for lawful, clinical, administrative, or operational purposes. Information may be shared with booking systems, secure record platforms, payment processors, IT providers, and administrative support personnel who assist in delivering services. These parties are required to maintain privacy protections consistent with Australian privacy laws.

Information may also be disclosed where required by law, where necessary to prevent or lessen a serious threat to health or safety, or when the client is unable to act on their own behalf and disclosure is essential to ensure appropriate care.

6. Who We Share Your Personal Information With

We may disclose information to third-party contractors who assist in delivering our services, provided that they adhere to privacy standards consistent with this Policy. We may disclose information to third-party service providers within or outside Australia who support our administrative operations or process payments, including platforms such as Stripe, on the condition that the data is used solely for service delivery.

Information may be disclosed internally to employees, contractors, or related entities on a need-to-know basis to ensure continuity of service. Professional advisers, insurers, regulatory bodies, and agents may also receive information in the course of legal compliance or professional oversight.

Information may be transferred in the event that the Practice undergoes a sale, transfer, or merger, provided that equivalent privacy safeguards remain in place.

We may disclose information when necessary to prevent or reduce a serious risk to a patient’s life or health. If a client is unable to act on their own behalf due to a medical condition, essential health information may be shared with a nominated contact or relative to ensure safety and appropriate care.

Certain health conditions may require mandatory reporting under statutory requirements. When required by applicable laws, we may disclose information to fulfil these obligations.

7. Storage and Security

All information is stored securely in encrypted systems. Clinical records are stored in SimpleClinic and encrypted in accordance with industry standards. Payment information is handled through Stripe's secure and encrypted payment gateway and is not accessible to Practice staff. Reasonable administrative, technical, and physical safeguards are implemented to protect information from unauthorised access, misuse, loss, or alteration.

8. Access, Correction and Deletion

Clients may request access to personal or health information, or the correction of inaccurate information, by contacting us via email. Requests will generally be responded to within ten business days. Clients may request deletion of personal data where legally permissible and where retention is not required under health-record retention laws.

9. Retention of Records

Records are retained for the minimum periods required by legislation and insurance obligations. Typically, health records are archived for at least 7 years from the date of the last consultation, or, for a child, until the child turns 25.

10. Website Analytics and Cookies

The website uses cookies, analytics tools, and similar technologies to collect non-identifiable information such as navigation patterns, time spent on pages, device information, and general usage statistics. This data helps improve functionality and the user experience. Cookies may be disabled in browser settings; however, some site features may not operate correctly without them.

11. Communication and Marketing

We may use personal information to communicate with clients about our services, educational content, workshops, events, and updates via newsletters, email, and similar channels. Communications may be sent in various forms, including email, SMS, mail, or other digital formats, in accordance with the Spam Act 2003 (Cth). Where a communication preference has been expressed, we will utilise that preference whenever practicable.

Clients may opt out of direct marketing at any time by notifying us in writing or by using the opt-out facility provided within the communication. We do not provide personal information to third parties for their direct marketing purposes.

12. Updates to This Policy

This Policy may be amended periodically to reflect changes in law, technology, operational needs, or industry standards. The most recent version will be available on the website. Continued use of the website or services constitutes acceptance of any updated terms.