Privacy policy

Inner Bloom Dispensary ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website and use our services. By accessing or using our website, you agree to the terms of this Privacy Policy.

About our service and who uses it

Inner Bloom Dispensary is a practitioner-only dispensary. Our website and services are intended for use by registered healthcare practitioners ("practitioners"), who use our platform to order products and to create prescriptions and formulas for their own patients.

This means we handle two broad categories of people's information:

  • Practitioners — the account holders and customers who use our platform directly. Practitioners provide their own contact, account, and (where applicable) payment and banking details.
  • Patients — individuals who are not our direct customers, but whose information a practitioner provides to us so that we can dispense and ship products, and so that the practitioner can manage and reorder prescriptions for them.

Because patients do not interact with us directly, practitioners are responsible for ensuring they have the appropriate authority and consent from their patients to provide that patient information to us and for it to be handled as described in this Policy. 

Information We Collect

We collect information in a variety of ways when you interact with our website and services. This includes:

Practitioner personal information

  • Contact and account information: When a practitioner creates an account, places an order, or contacts us, we collect information such as name, email address, phone number, and postal address.
  • Payment information: When a purchase is made, we collect payment-related details including billing address and payment method. Card payments are processed by our third-party payment processor (Stripe); we do not store full card numbers on our systems.
  • Banking details for rebates: Where a practitioner is eligible to receive rebate payments, we collect bank account details (account name, BSB, and account number) in order to pay those rebates. These details are stored in encrypted form. 

Patient information

As part of our service, practitioners provide limited patient information necessary to dispense and ship products and to manage prescriptions. This may include:

  • Patient name(s) (including names used on prescription labels);
  • Shipping name and address for delivery;
  • Prescription and formula details created by the practitioner for the patient (for example, the composition of a compounded or herbal formula).

Important — how we store and use patient information: Unlike a one-off transaction, our platform is designed to let practitioners reorder and reuse prescriptions and formulas for their patients over time. To make this possible, we store patient names, shipping details, and prescription/formula records associated with a practitioner's account on an ongoing basis, so that the practitioner can recall a patient's previous formulas and reorder them. We use this patient information only to:

  • fulfil and ship orders;
  • enable the practitioner who provided it to view, recall, and reorder that patient's prescriptions and formulas; and
  • maintain records relating to those orders.

We do not use patient information for marketing, and we do not sell it. 

Non-personal information

  • Log data: Our servers and infrastructure providers automatically collect information such as IP address, browser type, operating system, referring URLs, and pages visited on our site.
  • Cookies: We use cookies and similar technologies to collect information about browsing activity on our site and to improve your experience.

How We Use Your Information

We use the information we collect for the following purposes:

To provide and improve our services

  • To process orders and provide customer support.
  • To enable practitioners to create, store, recall, and reorder prescriptions and formulas for their patients.
  • To calculate and pay practitioner rebates.
  • To personalise and improve the functionality of our website.

To communicate

  • To send updates and information related to orders and payments (for example, payment confirmations and dispatch notifications).
  • To notify practitioners about matters relating to their account, including rebate payments and requests to provide payment details.
  • To inform practitioners about promotions, special offers, and new products (practitioners can opt out of marketing communications at any time).

To maintain security and compliance

  • To protect our website and users from fraud and abuse.
  • To comply with legal obligations and enforce our terms and policies.

How We Share Your Information

We respect your privacy and do not sell, trade, or rent personal information to third parties. We may share information in the following circumstances:

Service providers

We share information with third-party service providers who perform services on our behalf, including:

  • Payment processing — Stripe processes patient and practitioner card payments. 
  • Order fulfilment and shipping — including the carriers used to deliver orders. 
  • Website, e-commerce, and hosting infrastructure — including our e-commerce platform (Shopify) and our application/hosting infrastructure (Cloudflare), which store and process order, prescription, and account data on our behalf. 
  • Email delivery — for transactional and account emails. 

These providers are permitted to use the information only to perform services for us.

Legal requirements

We may disclose information if required by law, or if we believe such action is necessary to comply with legal process, protect our rights, or ensure the safety of our users.

Business transfers

In the event of a merger, acquisition, or sale of all or part of our assets, information may be transferred to the acquiring entity.

Security of Your Information

We implement technical and organisational measures to safeguard information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive financial information: practitioner bank account details are stored in encrypted form.
  • Restricted access to systems holding personal and patient information. 
  • Use of reputable infrastructure and payment providers with their own security measures.

However, no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

Data Retention

We retain personal, patient, and prescription information for as long as necessary to provide our services (including enabling practitioners to recall and reorder prescriptions), to comply with our legal and record-keeping obligations, to resolve disputes, and to enforce our agreements. 

Your Choices and Rights

Access and update

Practitioners have the right to access and update their personal information by logging into their account or by contacting us.

Patient information

Because patient information is provided to us by practitioners, requests relating to a patient's information (including access, correction, or deletion) should generally be directed through the practitioner who provided it. Where required by law, we will assist in responding to such requests.

Opt-out

Practitioners can opt out of marketing communications by following the unsubscribe instructions in any marketing email or by contacting us. Note that we may still send non-marketing, transactional messages relating to orders, payments, and account matters.

Cookies

Most web browsers accept cookies by default. You can set your browser to remove or reject cookies, but this may affect the functionality of our website.

Children's Privacy

Our services are directed to registered healthcare practitioners and are not intended for individuals under the age of 18. We do not knowingly collect personal information directly from children. Note that a practitioner may provide patient information relating to a patient who is a minor, as part of that practitioner's care of the patient; such information is handled as patient information described above and remains subject to the practitioner's authority and consent obligations. 

International Transfers

If you are accessing our website from outside Australia, please be aware that your information may be transferred to, stored, and processed in Australia and in other locations where our service providers operate. By using our website, you consent to any such transfer of information.

Sensitive Information

Some of the information we handle — including health-related prescription and formula information relating to patients — may constitute "sensitive information" under applicable privacy law including the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on our website. Your continued use of our services after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your information, please contact us.

Â