top of page

Privacy Policy

This privacy policy outlines how Elspeth McLean (Nutritionelly) ABN 75256331838 collects, holds, uses and discloses personal information. 

We appreciate that your privacy is very important, and we are committed to handling your personal information (including your health information and any other sensitive information about you) in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) and other applicable legislation. 

If you (the user) don’t agree with the terms of this policy, please do not use this website

Kinds of personal information collected 

We collect and hold personal information about clients and potential clients, contractors and other people who enquire with us.  The kinds of personal information collected and held may include: information about your health and other sensitive information; your name, address, phone number, and e-mail address; your date of birth; your geographic location; your nationality; your medical history; and any other information you may voluntarily provide to us when you use our website or our services. 

How personal information is collected

Personal Information is collected about you in the following ways:


(a) Information provided to us directly

We may ask for certain information such as your name and address, email address, birth date, and health history in your correspondence with us and as part of our delivery of our service to you. Personal information may also be obtained about you by way of forms and other documents or information that you submit to us (in paper or electronic form), correspondence you provide via telephone calls, video calls, emails, other online messaging or meetings with you. 

We use this information to operate, maintain, and provide the service to you, to correspond with you, and to address any issues you raise about the service.


(b) Information received from 3rd parties

With your consent, we may receive information about you from 3rd parties, for example in the event that you have submitted a test to a 3rd party (such as a breath test, stool sample or saliva sample). 


(c) information collected from you automatically

We use 3rd party analytics tools to help us assess usage patterns for the service. These tools collect information sent by your browser / mobile device, including the pages of the site you visit and other information that assists us in improving the service.  


The reasons for collecting information

The personal information collected and held about you depends on your interaction with us. 


Generally, we will only collect, hold and use personal information about you if it is directly related to, or reasonably necessary for, the provision of our services and for the purposes of: 


  • providing you with our services and customising the service to your needs.  

  • answering any questions or inquiries you direct to us; 

  • facilitating our internal business operations, including the fulfilment of any legal requirements; 

  • for other purposes which are reasonably necessary in connection with our normal functions and activities; 

  • analysing our services and customer needs with a view to developing new or improved services; and 

  • as otherwise required or permitted by applicable laws and regulations. 

Except as otherwise permitted by law, we only collect sensitive information – including health information – about you if you consent to the collection of the information and if the information is reasonably necessary for the performance of our functions, as set out above. 

How we use and disclose personal information 

We will not rent or sell your information to third parties without your consent. Generally, we will only use or disclose personal information about you for the purposes for which it was collected (as set out above). 

Sharing information with 3rd parties

With your consent, we may share your information with 3rd party service providers for the purpose of providing our service or a related service to you. 3rd parties will only be provided with access to such information as is reasonably necessary for the purpose for which they have been engaged, and we require that 3rd parties comply with this privacy policy, appropriate data processing terms, and any applicable laws. 


We may disclose personal information about you to:

  • named service providers and partners, who assist us in operating our business and for the purpose of providing you with our service, such as testing facilities, Australia Post, email service providers, and supplement providers; 

  • 3rd party payment gateway providers for the purposes of payment and billing;

  • any industry body, tribunal and/or court in connection with any complaint made by you about us; and 

  • any other organisation or person with your consent or as permitted or required by law. 


We may also disclose to Australia Post certain personal information you provide us (such as your email address, phone number and/or residential address) in connection with us providing our services to you (this information may be used by Australia Post for the purposes of providing notification of tracking events and collecting any relevant feedback in relation to the delivery or tracking service). 

Unless we have your consent, or an exception under the APPs applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your personal information. 

Your information won’t be used for direct marketing without your consent. 

How information is held

Personal information is held in different ways, including in paper form (where results have been delivered), electronic form, cloud services including but not limited to those listed below and/or in other mediums. Service providers used include (website management), Google Inc (email service provision), Dropbox Inc (file transfer), Cliniko (consultation bookings and notes) and Mindbody (consultation bookings and notes). 


While we take reasonable steps to protect the personal information we hold from misuse, interference and loss and from unauthorised access, modification or disclosure, we cannot guarantee that such misuse, interference, loss, or unauthorised access, modification or disclosure will not occur, we also recommend you review the privacy policies and terms of use of the service providers above as we do not directly control their privacy practices. 

Cross-border transfers of information (for EEA users)

Where we transfer your information to a 3rd party service provider that is not located in the EEA, and is not subject to an adequacy decision by the EU Commission, we will require those third party providers to enter into agreements that provide appropriate safeguards for your information.

Retention of your information

Following termination of provision of services to you, we will retain your profile information and other provided information for as long as we have a valid reason to do so. We will retain your information for the purposes of complying with our legal obligations, quality review and improvement, and for backup purposes.

If you’d like to obtain your personal information

If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at


We may decline a request for access to personal information in circumstances prescribed by applicable legislation, and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons). For any personal information we hold, we will provide you upon request with access to your personal information in a standard format for any purpose, except where identified by local laws.

If, upon receiving access to your personal information or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete and up to date. 

You may, by using the contact details set out below, notify us in writing that you have withdrawn your consent for us to use some or all of your personal information that we hold (which may include your health information). Upon receiving such notification from you, we will take such steps as are reasonable in the circumstances to destroy or de-identify your personal information that is the subject of your notification (in such manner determined by us). Please be aware that if we destroy or de-identify some or all of the personal information about you, we may be unable to provide you with some or all of our services. 

If we refuse to correct, destroy or de-identify your personal information, for example where we are required to retain the information for legal purposes, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint. 


A cookie is a data file that a website transfers to your computer. This enables the website to track the pages you have visited. A cookie only contains information you supply. It cannot read data on your computer. There are many types of cookies that may be used for different purposes. For example, some cookies help a website to remember information about your visit, like your preferred language and other settings while others may identify which pages are being visited or offer security features. Our website uses cookies. You can set your browser to refuse cookies, however, this may mean you are unable to take full advantage of our website or our services. 

To learn how to access cookie settings you may find the below links helpful: 


The following links explain how to access cookie settings in various browsers:

·       Cookie settings in Firefox

·       Cookie settings in Internet Explorer

·       Cookie settings in Google Chrome

·       Cookie settings in Safari (OS X)

·       Cookie settings in Safari (iOS)

·       Cookie settings in Android

To opt out of being tracked by Google Analytics across all websites, visit this link:

Data breach notification
In case of an actual or suspected personal data breach, we will fulfil our obligations to notify of data breaches without undue delay, including managing the end-to-end process from the recognition of a breach up to notifying you as a user.

We have put in place appropriate procedures to deal with any personal data breach and will notify the supervisory authority and / or data subjects where we are legally required to do so. In the event of a data breach, we will notify the supervisory authority and the affected individuals without undue delay and within 72 hours of becoming aware of the situation.

If you know or suspect that your personal data may have been breached or otherwise compromised, or a personal data breach has occurred, please contact us at to report it and obtain advice, and take all appropriate steps to preserve evidence relating to the breach.

Updates and changes to this policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 


Contacting us about this policy 

If you have any questions or concerns regarding this privacy policy or our privacy practices, please contact us at


If you wish to make a complaint about a breach of the Privacy Act, the APPs or a privacy code that applies to us, please contact us using the details below and we will take reasonable steps to investigate the complaint and respond to you. 

If you don’t want us to process your data anymore, please contact us at

Legal bases for processing information under GDPR (for EEA users)

If you are a user from the European Economic Area (EEA), we process your information in accordance with European laws and regulations, such as the General Data Protection Regulation (GDPR). The GDPR governs how we may process your information, and the rights that EEA users have in relation to it.

This means that Nutritionelly will collect and use your information only where:

  • It is required to provide you with the service and fulfil our obligations to you  

  • It is in our legitimate interests to provide a useful service, to send you marketing and to enhance our service 

  • You consent to us using your information in a certain way – for example, to hear about new features or offers

  • It is necessary to comply with our legal obligations.

If you have consented to our use of your information you can withdraw that consent at any time. Depending on the situation you can withdraw your consent by emailing Where we are using your information because of a legitimate interest to do so, you have the right to object to that use. However, if you do so it may mean that it is not possible for you to continue using the services.

bottom of page