Gro Clinics (Online) Pty Ltd (“us”, “we”, or “our”) is a health care platform that provides access to hair care and hair loss treatments. The Gro offering includes but is not limited to; ‘Everyday Products’ (over the counter) through the online store, the ‘Online Clinic’ service, which facilitates confidential consultations with registered UK doctors (Doctors) and health practitioners such as pharmacists (Practitioners) and ‘InClinic’ procedures provided by a registered UK doctor in one of our physical Gro Clinics locations in the UK.
We will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, we will collect your personal information directly from you. Our Doctors or Practitioners may also collect and hold your personal information (including your health information).
We may collect the personal information you directly give us through some of the following means:
We may also collect personal information from publicly available sources and third parties, such as suppliers, recruitment agencies, contractors, our clients and business partners.
If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information.
The type of personal information we may collect can include (but is not limited to), your name, postal address, email address, phone numbers, date of birth, billing and shipping information, your device ID, IP address, statistics on page views, traffic, standard web log-in information, and details of the services, products and treatments you make enquiries about.
We will collect and hold sensitive health information about you, such as your height, weight and medical history and any information you provide to Doctors or Practitioners. We only collect sensitive health information about you with your consent, or otherwise in accordance with the Privacy Act.
Where you do not wish to provide us with your personal information, we may not be able to provide you with requested goods or services.
We collect, hold, use and disclose personal information for the following purposes:
We may disclose personal information between our organisations or to third parties such as our suppliers, organisations that provide us with technical and support services, or our professional advisors, where permitted by the Privacy Act. If we disclose information to a third party, we generally require that the third party protect your information to the same extent that we do.
We will hold personal information as either secure physical records, electronically on our intranet system, in cloud storage, and in some cases, records on third party servers, which may be located overseas.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of personal information. This also applies to disposal of personal information.
We further protect personal information by restricting access to personal information to only those who need access to the personal information do their job. We will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
From time to time we may engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider. However, by providing us with your personal information, you consent to the storage of such information on overseas servers (such as servers located in the United States of America) and acknowledge that Australian Privacy Principle 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the APPs, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act.
We may use third-party vendors to show our ads on sites on the Internet and serve these ads based on a user’s prior visits to our Website. We may also use analytics data supplied by these vendors to inform and optimise our ad campaigns based on your prior visits to our Website.
While cookies allow a computer to be identified, they do not contain personal information about a specific individual. For information on cookie settings of your internet browser, please refer to your browser’s manual.
You can contact us using the information below to access the personal information we hold about you. On rare occasion, we may not be able to provide you with access to all of your personal information and, where this is the case, we will provide you with written notice stating our reasons. We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.
If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We take all complaints seriously, and will respond to your complaint within a reasonable period.