Privacy Policy

PRIVACY POLICY

The ARFID Clinic

Effective Date: May 14, 2025

Your privacy is important to us. This Privacy Policy explains how The ARFID Clinic ("Company," "we," "us," or "our") collects, uses, discloses, and protects personal information you provide when accessing our coaching, consulting, and educational services ("Services"). This Policy applies to clients located primarily in the United States of America, and also reflects our obligations under Australian privacy law.

By using our Services, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree to this Policy, please do not use our Services.

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us, which may include:

• Contact details: full name, email address, postal address, and mobile/telephone number;

• Information about your child: name, date of birth, diagnosis (ARFID, Autism Spectrum Disorder, or related conditions), feeding history, medical history relevant to nutritional management, and enteral feeding details where applicable;

• Health and dietary information: nutritional assessment data, food intake records, growth data, and related clinical information;

• Payment information: billing details processed through secure third-party payment processors;

• Communications: correspondence, queries, and feedback you share with us via email, phone, SMS, or other channels; and

• Program participation data: session notes, progress records, and responses to educational content.

1.2 Information Collected Automatically

When you access our website or digital platforms, we may automatically collect certain technical information, including:

• IP address and browser type;

• Pages visited and time spent on our website;

• Device and operating system information; and

• Referring URLs and click-stream data.

This information is collected via cookies and similar tracking technologies. You may disable cookies through your browser settings; however, this may affect the functionality of our website.

1.3 Sensitive Information

We acknowledge that health and medical information relating to your child constitutes sensitive information under both Australian privacy law and applicable US state laws. We collect this information only where it is necessary for the provision of our Services and only with your explicit consent. We take particular care in protecting sensitive information.

2. How We Use Your Information

We use the personal information we collect to:

• Provide, manage, and improve our coaching and educational Services;

• Communicate with you about appointments, programs, and Services, including via email and SMS;

• Send appointment reminders and scheduling notifications via SMS and email;

• Process payments and manage billing;

• Develop educational content (using de-identified and anonymised data only);

• Comply with legal and regulatory obligations; and

• Respond to your enquiries and provide client support.

We do not use your personal information for purposes other than those described in this Policy without your prior consent, except where required by law.

3. SMS Communications

The ARFID Clinic uses SMS messaging as a communication tool for the following purposes:

• Appointment reminders and scheduling confirmations;

• Notifications of upcoming meetings or program sessions; and

• Essential administrative communications related to your enrolment or service agreement.

By providing your mobile phone number and engaging our Services, you consent to receive these SMS messages from us. We will not send unsolicited marketing messages via SMS. Message and data rates may apply. Message frequency varies based on your appointment schedule.

You may opt out of SMS communications at any time by replying STOP to any SMS from us, or by contacting us at [email protected]. Following an opt-out request, you will continue to receive essential communications via email.

Your mobile phone number is not shared with third parties for their marketing purposes. SMS opt-in data is not shared with any third party and is used solely for the purpose of sending you the messages described above.

4. Disclosure of Your Information

4.1 Third-Party Service Providers

We may share your personal information with trusted third-party service providers who assist us in operating our business, including:

• Payment processors (to handle billing and transactions);

• Telehealth and video conferencing platforms (to deliver our sessions);

• Email and SMS communication platforms (to send appointment reminders and program communications);

• Cloud storage and data management providers; and

• Website hosting and analytics providers.

These service providers are contractually bound to use your information only for the purposes for which it is disclosed and to maintain appropriate security measures.

4.2 Professional Referrals

With your explicit consent, we may share relevant information with other healthcare professionals involved in your child's care, such as your child's paediatrician, gastroenterologist, or treating dietitian.

4.3 Legal Requirements

We may disclose your personal information where required to do so by law, court order, or regulatory authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for any purpose.

5. Your Privacy Rights (United States)

As we primarily serve clients in the United States, we acknowledge your rights under applicable US federal and state privacy laws, including (where applicable) the California Consumer Privacy Act (CCPA/CPRA) and similar state laws. Depending on your state of residence, you may have the right to:

• Know what personal information we collect about you and how it is used;

• Access a copy of the personal information we hold about you;

• Request correction of inaccurate personal information;

• Request deletion of your personal information, subject to certain exceptions;

• Opt out of the sale or sharing of your personal information (we do not sell personal information);

• Non-discrimination for exercising your privacy rights; and

• Receive notice at or before the point of collection about the categories of personal information collected and their purposes.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within the timeframe required by applicable law.

6. Australian Privacy Obligations

The ARFID Clinic is an Australian company and is subject to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We comply with our obligations under the APPs with respect to the collection, use, disclosure, and security of personal information.

Australian residents have the right to request access to and correction of personal information we hold about them. To make such a request, please contact us at [email protected]. We will respond within 30 days.

If you believe we have breached the APPs, you may lodge a complaint with us in the first instance. If your complaint is not resolved to your satisfaction, you may refer the matter to the Office of the Australian Information Commissioner (OAIC).

7. Health Information and HIPAA

Where our Services involve the collection of health information about US-based clients, we handle such information with the same care and confidentiality standards as required under applicable US health privacy laws. While The ARFID Clinic may not be a covered entity under the Health Insurance Portability and Accountability Act (HIPAA) in all contexts, we voluntarily adopt equivalent standards of care for all health information we handle.

Health information relating to your child will only be used for the purposes for which it was collected and will not be disclosed to third parties without your consent, except as required by law or to enable the direct provision of our Services.

8. Data Security

We implement reasonable and appropriate technical, administrative, and physical security measures to protect your personal information against unauthorised access, disclosure, alteration, and destruction. These measures include:

• Encrypted data storage and transmission;

• Access controls limiting staff access to personal information on a need-to-know basis;

• Use of reputable, security-certified third-party platforms for telehealth and communication; and

• Regular review of our security practices.

While we take all reasonable steps to protect your information, no method of electronic transmission or storage is 100% secure. In the event of a data breach that is likely to result in serious harm, we will notify affected individuals and relevant authorities as required by law.

9. Data Retention

We retain personal information for as long as is necessary to fulfil the purposes described in this Policy or as required by law. Health and clinical records relating to children are retained in accordance with applicable professional and legal obligations, which may require retention for a specified period after the child reaches adulthood.

When personal information is no longer required, we take reasonable steps to securely destroy or de-identify it.

10. Children's Privacy

Our Services involve the collection of information about children with ARFID and Autism Spectrum Disorder. This information is collected from and with the consent of parents and legal guardians only. We do not knowingly collect personal information directly from children under the age of 13.

If you believe we have inadvertently collected personal information from a child without parental consent, please contact us immediately at [email protected] and we will take steps to delete that information.

11. International Data Transfers

As an Australian company serving clients primarily in the United States, your personal information may be transferred internationally between Australia and the United States. We take reasonable steps to ensure that any international transfers of personal information are conducted in accordance with applicable privacy laws and that the receiving party maintains appropriate privacy protections.

12. Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your browsing experience and collect usage data. You can control the use of cookies through your browser settings. We do not use cookies to collect sensitive personal information.

We may use third-party analytics tools (such as Google Analytics) to understand how visitors interact with our website. These tools may collect anonymised usage data in accordance with their own privacy policies.

13. Third-Party Links

Our website or communications may contain links to third-party websites, platforms, or resources. This Privacy Policy applies only to The ARFID Clinic's own Services and platforms. We are not responsible for the privacy practices of third-party sites and encourage you to review their privacy policies before providing any personal information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices or legal requirements. When we make material changes, we will notify you by email and post the updated Policy on our website with a revised effective date. Your continued use of our Services following notification of changes constitutes your acceptance of the updated Policy.

15. Contact Us

If you have any questions about this Privacy Policy, wish to access or correct your personal information, or wish to make a privacy complaint, please contact our Privacy Officer at:

The ARFID Clinic

Attn: Privacy Officer

Suite 1345, 91 Noosa Drive, Noosa Heads QLD 4567, Australia

Email: [email protected]

We will endeavour to respond to all privacy enquiries within 30 days of receipt.