In the course of your visits to our website or use of our services at our clinic, tonika health, we may obtain the following information about you: name, email, address, telephone number, credit card details, billing address, geographic location, IP address, support queries, blog and social media comments.
Personally identifiable information: We use the information we collect to deliver our services to you, including: communicating with you, providing technical support, notifying you of updates and offers, sharing useful content, measuring customer satisfaction and diagnosing and treating health issues.
Marketing communications are only sent to you if you have requested or subscribed to them. You can opt out of our marketing communications at any time by unsubscribing or emailing us and your request will be actioned immediately.
Non-personally identifiable information: We also use the information we collect to improve our services, including: administering our website, producing reports and analytics, advertising our products and services, identifying user demands and assisting in meeting customer needs generally.
Any information you choose to make publicly available, such as blog comments and testimonials on our website, will be available for others to see. If you subsequently remove this information, copies may remain viewable in cached and archived pages on other websites or if others have copied or saved the information.
We will use all reasonable means to protect the confidentiality of your personal information while in our possession or control. All information we receive from you is stored and protected on our secure servers from unauthorised use or access. Credit card information is encrypted before transmission and is not stored by us on our servers.
We retain your personal information for as long as needed to provide services to you and as otherwise necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
In the event there is a breach of our security and your personal information is compromised, we will promptly notify you in compliance with the applicable law.
We do not and will not sell or deal in personal information or any customer information.
We may from time to time need to disclose certain information, which may include your personal information, to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request. Also, we may use your personal information to protect the rights, property or safety of the tonika health clinic, our customers or third parties.
If there is a change of control in one of our businesses (whether by merger, sale, transfer of assets or otherwise) customer information, which may include your personal information, could be transferred to a purchaser under a confidentiality agreement. We would only disclose your personal information in good faith and where required by any of the above circumstances.
At tonika health we use the practice management system, Cliniko, which securely stores your health information, and we utilise it in a secure fashion with usage policies in place with all practitioners within the practice. Access to Cliniko is via username and password, and 2FA (two-factor authentication), and access to computers at the practice is password protected.
Please see information below related to Cliniko and its policies of protecting medical information and information of its users.
Cliniko takes security seriously. Data is encrypted, stored in state-of-the-art facilities, access is restricted to those who have a need to know, and they regularly review their technology to maintain security.
In the event that there is a breach and Personal Information that they have collected directly is at risk, their clients will be notified within 72 hours of discovering the breach. They will be informed of what information is at risk, steps that Cliniko have taken to ensure safety, and what action Cliniko are taking or have taken to rectify the breach. To the extent permissible at law, in the event that there is a breach and indirectly collected information is at risk, Cliniko will follow the same protocol, however the affected Customers (rather than the individuals) will be notified instead.
Cliniko is a worldwide service, and they acknowledge that Personal Information about patients, and the obligations of medical practitioners relating to them, may be subject to access and privacy laws in the country of residence of those patients.
Cliniko takes all reasonable steps to comply with local access and privacy laws, to the extent consistent with legal obligations they have under Australian law, where they are based.
Cliniko is hosted in state-of-the-art datacenter facilities. Physical access is controlled at the perimeter and building entry points by professional security staff using video surveillance, intrusion detection systems, and other electronic means.
Whenever data is sent between Cliniko and its users, it’s encrypted using HTTPS (end-to-end encryption). Cliniko uses a 2048-bit SSL certification for encryption in transit. All data is also encrypted at rest and backed up daily, using the industry-standard AES-256 encryption algorithm.
If that sounds like jargon, here’s what it means: all data shared between Cliniko and its users is transmitted and stored securely. No one can read the information except for Cliniko and its users. Plus, Cliniko refreshes its users’ backups every day to make sure they stay current.