Privacy & Security

Last updated: 4th March 2024

Our commitment to protecting your privacy: This privacy policy applies to the collection,
storage, use and disclosure of personal information by or on behalf of Alter Wellness Pty Ltd
(ABN 72 657 629 402) trading as yourAlly (referred to in this policy as “our”, “we” or “us”). Please read it carefully.

We are committed to protecting your personal information, and ensuring its privacy,
accuracy and security. We handle your personal information in a responsible manner in
accordance with the Privacy Act 1988 (Act) and the Australian Privacy Principles (APPs).
By giving us your personal information when you contact us, use any of our services or
products, visit our website (www.yourally.com.au) you agree to your information being
collected, stored, used and disclosed as set out in this Privacy Policy.

Personal information: ‘Personal information’ means information or an opinion about an
identified individual, or an individual who is reasonably identifiable, whether true or not,
and whether or not recorded in a material form.

‘Sensitive information’ (a type of personal information), means information or an opinion
about an individual’s race or ethnic origins, political opinions and associations, religious
beliefs or affiliations, philosophical beliefs, sexual preferences or practices, trade or
professional associations and memberships, union membership, criminal record, health or
genetic information or biometric information.

Whose personal information do we collect? We may collect your personal information from
a range of sources, including from you, contractors and our business partners. For example,
we may collect your personal information when you request or acquire a product or service
from us, provide a service or product to us, apply for employment with us or communicate
with us via our website, by e-mail, telephone or in writing.

Wherever reasonable and practicable, we collect personal information from the individual
to whom the information relates. If you provide personal information about someone other
than yourself, you agree that you have that person’s consent to provide the information for
the purpose for which you provide it to us. You also agree that you have told the person
about this Privacy Policy and where to find it.

What types of personal information do we collect and hold? The personal information we
may collect includes:
• name and address; and
• telephone/e-mail contact details;
We will only collect your sensitive information: if you have consented to us doing so – for
example, as part of information collected about Alter Wellness Pty Ltd, trading as yourAlly.
How do we collect personal information? We only collect personal information by lawful
and fair means. We usually collect personal information from:
• face-to-face meetings, interviews and telephone calls;
• electronic communications – for example, e-mails and attachments; forms filled out
by people, including as part of acquiring a product or service from us; and our website, including if you use it to contact us, engage in discussion forums, give us feedback or to make an enquiry about our programs.
• we may collect personal information using various technologies, such as cookies,
pixels, Internet tags or web beacons, and navigational data collection (log files, server logs,
and clickstream data).
• we may also use analytical web tools such as Google Analytics to collect visitor
information for us to better understand how to improve our products and services for you.

Why do we collect personal information? We collect the personal information: necessary
for us to provide you with the services and products you have requested from us; to provide
you with information about services and products that may be of interest to you; to improve
the services and products we provide; and to enable us to carry out our functions and
activities, including meeting our legal and regulatory obligations. If you do not provide your
personal information, we may not be able to supply the requested service or product,
employ you or otherwise deal with you.

How do we deal with unsolicited personal information? If we receive personal information
about you that we have not requested, and we determine that we could not have lawfully
collected that information under the APPs had we asked for it, we will destroy or de-identify
the information if it is lawful and reasonable to do so.

Do you have to disclose your identity when dealing with us? Where lawful and practicable,
we will give you the option of interacting with us anonymously or using a pseudonym.
Use of personal information: We only use your personal information for the purpose for
which it was provided to us, for related purposes or as required or permitted by law. Such
purposes include:

• in the ordinary course of carrying out our functions and activities. For example,
supplying or acquiring services or products, administering our programs and services,
responding to your enquiries and feedback, and providing information about our products
and services that may be of interest to you;
• market research and product and service development, so that we can tailor our
future services and products accordingly;
• performing general administration, reporting and management functions. For
example, invoicing and account management, payment processing, risk management,
training, quality assurance and managing suppliers;
• employment-related purposes, such as recruiting and providing services to staff; and
• other purposes related to or in connection with our functions and activities,
including meeting our legal and contractual obligations to third parties and for internal
corporate governance purposes.
Disclosure of personal information: We may disclose, and you consent to us disclosing, your
personal information to third parties:
• engaged by us to provide products or services, or to undertake functions or
activities, on our behalf. For example, providing our IT systems and services, processing
payment information and managing databases;
• that are authorised by you to receive information we hold;• that are our business partners, joint venturers, partners or agents such as our
external advisers. For example, where disclosure is reasonably required to obtain advice,
prepare legal proceedings or investigate suspected unlawful activity or serious misconduct;
or;
• as required or permitted by law.

Marketing use and disclosure: We may use and disclose your personal information (other
than sensitive information) to provide you with information about our services and products
that we consider may be of interest to you. You may opt out at any time if you do not, or no
longer, wish to receive marketing and promotional material. You may do this by: contacting
us via e-mail or in writing at the address below and requesting that we no longer send you
marketing or promotional material; or where applicable, clicking the “Unsubscribe” button.
Use or disclosure of sensitive information: We will only use or disclose your sensitive
information for the purpose for which it was initially collected or for a directly related
purpose, as required or permitted by law, or where you consent to the use or disclosure.
How is my personal information kept secure? We take reasonable steps to protect your
personal information from misuse, interference, loss and unauthorised access, modification
and disclosure. Such steps include: physical security over paper-based and electronic data
storage and premises; computer and network security measures, including use of firewalls,
password access and secure servers; restricting access to your personal information to
employees and those acting on our behalf who are authorised and on a ‘need to know’
basis; retaining your personal information for no longer than it is reasonably required,
unless we are required by law to retain it for longer; and entering into confidentiality
agreements with staff and third parties.

Where we no longer require your personal information, including where we are no longer
required by law to keep records relating to you, we will ensure that it is de-identified or
destroyed.

Data quality: We take reasonable steps to ensure that your personal information is
accurate, complete and up-to-date. However, we rely on you to advise us of any changes or
corrections to the information we hold about you. If you consider that the information we
hold about you is not accurate, complete or up-to-date, or if your information has changed,
please let us know as soon as possible.

Access: You may request access to the personal information we hold about you by
contacting us. We will respond to your request within a reasonable time. We will provide
you with access to the information we hold about you unless otherwise permitted or
required by law. If we deny you access to the information, we will notify you of the basis for
the denial unless an exception applies. Where reasonable and practicable, we will provide
access to the information we hold about you in the manner you request. No fee applies for
requesting access to information we hold about you. However, we reserve the right to
charge a reasonable fee where we do provide access.Correction: If you believe that personal information we hold about you is incorrect, incomplete or not current, you may request that we update or correct your information by contacting us. We will deal with your request within a reasonable time. If we do not agree with the corrections you have requested (for example, because we consider that the information is already accurate, up to date, complete, relevant and not misleading), we are not required to make the corrections. However, where we refuse to do so, we will give you a written notice setting out the reasons. You may request that all your associated data be deleted in perpetuity. To do so, contact us via the contact methods at the end of this policy.

Identifiers: We do not adopt, use or disclose government related identifiers except as
required or permitted by law.

Complaints: If you have a complaint in relation to the collection, storage, use or disclosure
of your personal information, please contact our Privacy Officer using the details below.
You will need to provide us with details of your complaint, as well as any supporting
evidence and information. We will review all complaints received and our Privacy Officer
will respond to you. If you are not satisfied with our response, you may discuss your
concerns with or complain to the Australian Privacy Commissioner via www.oaic.gov.au.

Changes to this Privacy Policy: We reserve the right to revise this Privacy Policy or any part
of it from time to time. Please review this Policy periodically for changes. Any revised policy
will be placed on our website at www.yourally.com.au/privacy-policy. Your continued
use of our website, services or products, requesting our assistance, or the provision of
further personal information to us after this Privacy Policy has been revised, constitutes
your acceptance of the revised Privacy Policy.

How to contact us: If you have any questions about this Privacy Policy, please contact yourAlly:

(a) by email to privacy@yourally.com.au, with subject line Attn: Privacy Officer
(b) by writing to: Privacy Officer – yourAlly, PO Box 5058 Cheltenham East VIC 3192
(c) by telephone: 1300 928 530
Effective date: March 2023