Who we are
The website and its content is owned by The Mind High Club Pty Ltd ABN 71 627 132 870 (‘Company’, ‘we’, ‘us’, ‘our’). The term ‘you’ refers to the user or viewer of www.mindhighclub.com.au (‘Website’). If you want to know more about what we do, you can visit the “About” page on our Website.
Our principles of data protection
Transparency: We are committed to being open, honest and transparent about Personal Data.
Trust: We agree to only use Personal Data for the purposes we say we will, and for improving the effectiveness and efficiency of our services.
Safety: We are committed to keeping Personal Data provided to us secure.
Responsibility: We accept the responsibility of handling Personal Data.
What information we collect
When you visit our Website or use our services, we collect Personal Data. The type of personal information we collect will depend on the circumstances of its collection and the nature of your dealing with us. This information may include, but is not limited to, your name, contact details, date of birth, credit and financial details, bank account details, personal and lifestyle information you provide to us via the on-boarding/customization questionnaire, your health information and medical history (including medication history) and bloodwork results, government related identifiers such as your Medicare number, and preferences or opinions about our services.
Sensitive information includes information about an individual’s physical or mental health, disability, racial or ethnic origin, criminal convictions, religious affiliation and political affiliation. We will only collect, use or disclose your sensitive information if it is reasonably necessary to carry out our functions or activities and we have your explicit consent.
For the purpose of providing the Services, we ask may you provide us with sensitive data about you. We may also collect sensitive data from you if you join our membership platform and for our booking service. We require your explicit consent for processing sensitive data.
The ways we collect your data
Information you provide to us directly: When you visit or use some parts of our Website and/or Services we might ask you to provide Personal Data to us when you complete an enquiry form, respond to an email offer or to receive a newsletter, participate with us on social media forums, register on our site as a member, or when making a booking. Where appropriate, you will be asked to enter your name, email address, mailing address and/or phone number (when making bookings).
By doing so you are giving this information to us voluntarily, and by providing us with this information you are giving us consent to use, collect and process this Personal Data.
Information you provide to us through orders:
By making an order through our Website, you are consenting to provide us with your Personal Data for the purpose of processing and fulfilling your order as requested by you.
You warrant you are giving this information to us voluntarily, and by providing us with this information you are giving us consent to use, collect and process this Personal Data for the purpose of completing the order and/or pursuant to our legal obligations.
You acknowledge that if we cannot collect this and other Personal Data, we will not be able to process your order and may not be able to provide you with all or some of our Services.
Collection of health and other sensitive information:
We may collect information about you, considered sensitive (under applicable privacy and data protection laws), which may include personal and health information that is necessary to provide you with the products you have ordered and any services you require.
We may also handle your health or other sensitive information in other ways to comply with our legal obligations, to protect your interests (where you are not capable of giving your consent), where it is in the public interest or in relation to legal claims.
How long we retain your personal information
We will only retain your Personal Data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data-retention policies and practices. Following that period, we’ll make sure such information is deleted or is converted to aggregate data. If at any time you wish to opt out or request us to delete your Personal Data you can contact us at firstname.lastname@example.org. However, you acknowledge we will not be able to process your order if you do so at any time prior to the completion of the order.
Overseas disclosure of your personal information
We are based in Australia, so all bookings are processed in Australia. For European Union citizens who are booking through us, you acknowledge and consent your Personal Data to be transferred outside of the EU.
Information we collect automatically
We collect some information about you automatically when you visit our Website or use our services, like your IP address, device ID, computer and connection information, geo-location information and device type. We also collect information when you navigate through our Website and Services, including what pages you looked at and what links you clicked on. This information gives us get a better understanding of how you are using our Website and services so that we can continue to provide the best experience possible, for example, by personalising the content you see
We do not set any personally identifiable information in cookies, nor do we employ any data-capture mechanisms on our Website other than cookies. If you prefer, you can choose to disable cookies through your own web browser’s settings or have your computer warn you each time a cookie being sent. Please note disabling this function may cause some of the features on this Website not to work as well as intended however you can still place orders for our programs or services over the telephone.
Information we get from third parties
At times we might collect Personal Data about you from other sources, such as publicly available materials or trusted third parties like our marketing and research partners. We use this information to supplement the Personal Data we already hold about you, in order to better inform, personalise, and improve our services, and to validate the personal data you provide.
Where we collect Personal Data, we will only process it to perform a contract with you, make a booking, or where we have legitimate interests to process the Personal Data and they are not overridden by your rights, or in accordance with a legal obligation, or where we have provided your consent. If we do not collect your Personal Data, we may be unable to provide you with all our services, and some functions and features on our Website may not be available to you.
How we hold your personal information
We hold your personal information in encrypted electronic forms, and in secure databases or cloud-based platforms that we own and operate or that are owned and operated by our service providers. While we take reasonable steps to protect the security of your personal information, data protection and security measures can never be guaranteed. We therefore cannot guarantee the security of your personal information.
What we use your information for
We mostly use your Personal Data to operate our Website and provide you with any Services you have requested, and to manage our relationship with you. We also use your Personal Data in the following ways:
To communicate with you: We may provide you with information you have requested from us or information we are required to send to you and to respond to your enquiries, comments, and applications.
We may communicate with you about changes to our Website and Services, security updates, or for assistance with using our Website and Services.
We may communicate about and administer our products, Services, events, online webinars, podcasts, programs and promotions (such as by sending transactional emails about your purchases).
We may send you marketing materials we think you may be legitimately interested in or ask you for feedback or to take part in any research we are conducting (which we may engage a third party to assist with).
To personalise your experience: Your information helps us to better respond to your individual needs.
To enhance our Website and Services and develop new ones: By carrying out technical analysis or the tracking and monitoring of the use of our Website and Services, we can improve and optimise your user experience.
To support you and improve customer service: Your information helps us to more effectively respond to your customer service requests and support needs.
To administer a contest, promotion, survey or other site feature
To protect you: So that we can make sure everyone is using our Website in accordance with our permitted uses, and so we can detect and prevent any fraudulent or malicious activity.
To market to you: In addition to marketing communications, we may also use your Personal Data to display targeted advertising to you online. Through our own Website, through third-party websites or through social media platforms, we carry out profiling activities in order to learn more about you and offer you tailored advertising based on your behaviour on our platforms. You can opt out of Google Analytics at any time. For more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
To analyse, aggregate and report: We may use the Personal Data we collect about you and other users of our Website and Services (whether obtained directly by us or from third parties) to produce aggregated and anonymised analytics and reports, which we may share publicly or with third parties.
To send periodic emails: The email address you provide for order processing may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc. Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
The legal basis for processing your Personal Data as described above will typically be one of the following:
- your consent;
- performance of a contract by you or a relevant party;
- our legitimate business interests or compliance with our legal obligations.
Security: How we protect your information
Security is a priority when it comes to your Personal Data. We are committed to protecting the information you provide us. To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of the information, we have put in place appropriate physical and managerial procedures to safeguard the information we collect.
We use Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive data such as credit card information. SSL encryption is designed to make the information unreadable by anyone but us. This security measure is working when you see either the symbol of an unbroken key or closed lock (depending on your browser) on the bottom of your browser window.
However, we cannot guarantee that your Personal Data will always be secure due to technology or security breaches. If we become aware of a high-risk data breach, we will notify you (and the appropriate authority) within seventy-two (72) hours.
Access to information by Mind High Club staff can only be performed by staff members with a secure password, with access only performed when required. Access to this information is recorded by log files to track unauthorised access and modifications.
Mind High Club also uses PayPal Gateway Service. This system uses the industry’s best security methods and practises. All credit card numbers are housed within the secure environment of PayPal. We do not record a copy of your credit card details using this payment gateway.
Mind High Club also uses Shopify Pay and Stripe payment services which may securely save your credit card information for future payments with your permission.
How we can share your data
We may share your Personal Data with third parties who we trust, who we are affiliated with and whom we are required to provide it to for the purpose of fulfilling the Services. We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. Trusted third parties include those who assist us in operating our Website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. For example, third-party service providers and partners who assist us with the functionality of the Website or Services, or to deliver, market or promote our goods and Services to you.
We use third-party browsers and mobile analytics services like Google Analytics® on the Website. These services use tools to help us analyse your use of our Website including information like the third-party website you arrive from, how often you visit, events within the platforms, usage and performance data, and purchasing behaviour. We use this data to improve the Website and provide information, products and services that may be of interest to you.
We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We may be required to provide your Personal Data to regulators, law enforcement bodies, government agencies, courts or other third parties where it is necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure.
Your Personal Data may be shared with an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business.
We will only disclose your Personal Data to other third parties where we have obtained your consent.
To use certain features of the Website or its content, you may need a username and password or login details from time to time. You are responsible for maintaining the confidentiality of the username and password, and you are responsible for all activities, whether by you or by others, that occur under your username or password and within your account. We cannot and will not be liable for any loss or damage arising from your failure to protect your username, password or account information. If you share your username or password with others, they may be able to obtain access to your Personal Data at your own risk.
You agree to notify us immediately of any unauthorised or improper use of your username or password or any other breach of security. To help protect against unauthorized or improper use, make sure that you log out at the end of each session requiring your username and password.
Direct marketing means using your personal information to contact you via the phone, SMS or email to promote our services. You acknowledge that by providing us with your personal information, we, our related entities or business partners may contact you to promote and market our respective products and services. You can opt-out from being contacted by us, our related entities or business partners for direct marketing by emailing us at email@example.com at any time to receive a Personal Information Request or Preference Update form, or you can simply follow the unsubscribe instructions contained in the email communication.
Data Controller and Data Processors
We are data controllers as we are collecting and using your Personal Data. We use trusted third parties as our data processors for technical and organisational purposes, including for payments and email marketing. We make all reasonable efforts to ensure our data processors are GDPR-compliant.
International Data Transfers
In order for us to provide the products and services to you, your Personal Data will be stored and processed in Australia. By providing us with your personal information, you consent to us disclosing your Personal Data to third parties located overseas and acknowledge Australian Privacy Principle APP 8.1 does not apply to any such disclosure. When we share data (to the extent that we do from time to time), it may be transferred to, and processed in countries other than the country you live.
Where data is shared with third-party data processors in other countries, we put reasonable safeguards in place to ensure your Personal Data remains protected, however we note that your Personal Data will be captured, transferred, stored and processed in accordance with their policies, practices and in compliance with their local regulatory laws.
For those in the European Union (EU), this means that your data may be transferred outside of the European Economic Area (EEA). Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data.
Where your Personal Data is transferred outside the EU, it will only be transferred to countries that have been identified as providing adequate protection for EU data or to a third party where we have approved transfer mechanisms in place to protect your Personal Data. If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place. If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
We will always provide you with the ability to opt out of our communications by selecting the unsubscribe link at the bottom of all emails. We will not share your email address without your consent.
We may provide links to other websites on our Website. We have no responsibility over or liability for the content and activities of any other individual, company or entity whose website or materials may be linked to our Website or its content, and thus we cannot be held liable for the privacy of the information on their website or that you voluntarily share with their website. Please review their privacy policies for guidelines as to how they respectively store, use and protect the privacy of your Personal Data.
Children’s Online Privacy Protection Act Compliance and Minors
We do not knowingly collect any personally identifiable information from anyone under 16 years of age in compliance with COPPA (Children’s Online Privacy Protection Act (USA)), the Australian Privacy Act 1988 (Cth) and the GDPR (General Data Protection Regulation of the European Union). If you are under the age of 16, you must ask your parent or guardian for permission to use this website.
We will retain your Personal Data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we will make sure it is deleted or is converted to aggregate data.
You have the right to ask us not to send you marketing emails at any time by emailing us at firstname.lastname@example.org to receive a Personal Information Request or Preference Update form, or you can simply follow the unsubscribe instructions contained in the email communication.
You have the right to know what Personal Data we hold about you, and to make sure it’s correct and up to date.
You have the right to request a copy of your Personal Data or ask us to restrict processing your personal data or delete it.
You have the right to object to our processing of your Personal Data.
You have the right to “be forgotten” and request we erase your Personal Data.
You can exercise these rights at any time by sending an email to us at email@example.com and we will respond within thirty (30) days.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
If you wish to contact us about what personal data we hold about you or you have a question or feedback for us on this notice, our Website or services, you can contact us at any time at firstname.lastname@example.org.
If wish to make a complaint you can email us at email@example.com. We will review and investigate your complaint and get back to you. You can also submit a complaint to the Privacy Commissioner or local authorities, which will advise you how to submit a formal complaint.