Website Privacy Policy

Hi and welcome!  Thank you for taking the time to read our privacy policy. This website, is owned and operated by Janine Caton T/A Magnolia Apothecary ABN 3014526009. If you have any questions or need further information, please contact:

Jan Caton


This document sets out our Privacy Policy. It describes how we collect and manage your personal information when you interact with this site. Magnolia Apothecary takes this responsibility very seriously. If you have any questions or concerns about how your personal information is being handled, please do not hesitate to contact us.

We comply with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act).

Personal Information

If you engage with us via this website, or choose to become our client we may ask to collect the following kinds of personal information from you, including:

Contact Details

  • Name, email address, mobile or phone number when you opt into our email or make an appointment via our website.

Interests and preferences

  • Your opinion about future topics, products or services that may interest you.


  • Information that allows us to tailor our content to your needs when you sign up for one of our webinars or promotional events.


  • With your consent, we may collect your IP address, and information about your browsing history to help us improve the usability and appeal of our website

Collection and Use

We may collect your personal information by various means including:

  • When you send us a question or enquiry via email
  • When you book an appointment with us
  • If you sign up for our newsletter
  • Through sign up or in person at seminars / webinars / events

We use this information to:

  • Respond to your enquiries
  • Provide (specific) services to you at your request
  • Help other people understand our services better
  • Provide you with more relevant information and news about our services
  • Provide news about developments in our area of work
  • Improve this website

We will only collect your personal information:

  • With your full awareness and consent, such as when you email us, tick a checkbox or fill in a form to provide us with information
  • We need it to provide you with information or services that you request
  • We are legally required to collect it
  • For necessary administrative processes if you become our client
  • We believe that we can demonstrate a legitimate interest in using your data for marketing purposes, although we will always give you a choice to opt out

Sensitive Information

We understand that some personal information is particularly sensitive.

We will only collect sensitive information by methods that are reasonably secure, such as:

  • Through our intake form in Simple Clinic
  • In a face to face, zoom or skype consultation
  • When you send us information in an email.

Please be aware that email, skype and zoom information may be intercepted. You may choose not to send sensitive information via these methods. Please contact me to organise a more secure alternative.

The reason why we collect this information is:

  • So that we can provide you with the services you have contracted for
  • To ensure that I am providing you with the most appropriate services

The sensitive information we ask you to provide for this purpose may include:

  • Your birth date, information about your medical history, family history,  allergies and intolerances, current medications, supplements and diagnosed health conditions, so we can provide you with a safe and effective naturopathic service.
  • Information about the food and fluids you consume, as well as dietary and lifestyle preferences or habits, in order to understand factors influencing your health, and enable realistic and appropriate dietary and lifestyle recommendations as part of your treatment plan.
  • Information about your physical wellbeing, such as blood pressure, pulse rate, temperature, weight, height, nail, tongue or iris data, to further inform our naturopathic understanding of your case, your treatment plan and ensure safety.
  • We may discuss your emotional wellbeing at the consultation, in which case we may record some of the emotions you’re experiencing, to help track your progress and identify most appropriate treatment options, including any referrals.

How it is stored

We are committed to securely storing and handling your sensitive information.

  • Sensitive information is stored in a locked filing cabinet or on a password protected computer.
  • Some of your personal and sensitive information may be stored with SimpleClinic Online. This information may include your personal details, health history, consultation notes, test results, prescriptions and treatment plans. SimpleClinic is an Australian owned practice management system for Naturopathic Practitioners and Complementary Health Care Providers. They comply with the Australian Privacy Act and take the protection of your information very seriously. They have a stringent security system, including password protected access to their platform restricted to registered subscribers, AES-246 or 256 bit SSL encryption of all sensitive information, access logging, and firewall and IP traffic monitoring for suspicious or malicious traffic. You can find out more about their security here :

Who has access to it?

  • Only the therapist responsible for your treatment, or authorised team members, may access sensitive material.

Cloud storage

  • A mentioned we use a service called Simple Clinic. This is a cloud based service that records information as set out above in sensitive information. You can find out more about their security here :
  • We use a service called Mailchimp to send electronic newsletters to you via email. If you subscribe to this list, your name and email address are stored on Mailchimp servers to enable me to communicate with you in this way. You can opt out at any time by clicking the ‘unsubscribe’ button at the bottom of emails. Please refer to Mailchimp’s privacy policy for further information

Collection from Minors

Sensitive information may be collected from children under the age of 18 under the following circumstances:

  • In the presence of their parents and with their parent or guardian’s full consent, when they become our client
  • When they subscribe to my newsletter, in which case their name and email address are stored via Mailchimp as described above. Please refer to Mailchimp’s privacy policy for further information

Destruction policy

  • All archived sensitive information is securely destroyed 7 years from last appointment date

Professional Considerations

We are subject to the following regulations regarding the collection of personal information:

Click to access code_of_conduct_a4_summary_poster.pdf

You may choose not to provide us with your personal information. However,

  • It is important to be completely honest with us, if not I may not be able to provide you with the services that you request.
  • You must provide me with full and accurate information about your diagnosed medical conditions, medications or supplements, known allergies and intolerances, so I can ensure safety of treatment and check for pharmacological interactions with any herbs or nutrients I prescribe.

Use of Personal Information


  • With your consent, I will share your information with other health care professionals, if we both agree another practitioner could help you further. In such cases, you are in control of what information I share with which health professionals. Other health professionals could include a GP, counsellor, psychologist, chiropractor, osteopath, or another naturopath. A de-identified summary of your case may be verbally shared with another naturopath for mentoring purposes, which would assist your treatment further.
  • As mentioned, I use a service called Mailchimp to send electronic newsletters to you via email. If you subscribe to this list, your name and email address are stored on Mailchimp servers to enable me to communicate with you in this way. Please refer to Mailchimp’s privacy policy for further information
  • Also as mentioned, I use a service called Simple Clinic. This is a cloud based service that records patient name, phone number, email address, personal history and treatment notes. You can find out more about their security here:

Legal disclosure

  • We will also disclose your information if required by law to do so or in circumstances permitted by the Privacy Act – for example, where we have reasonable grounds to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in, and in response to a subpoena, discovery request or a court order.

If you have any concerns regarding the disclosure of your personal information, please do not hesitate to get in touch with us to discuss this personally.

Disclosure overseas

We will use all reasonable means to protect the confidentiality of your personal information while in our possession or control. We will not knowingly share any of your personal information with any third party other than the service providers who assist us in providing the information and/or services we are providing to you. To the extent that we do share your personal information with a service provider, we would only do so if that party has agreed to comply with our privacy standards as described in this privacy policy. However, some of our service providers may be overseas and may not be subject to Australian Privacy Laws or compliant with GDPR. Please contact us if you have any concerns about the potential disclosure of your information.


Policy statement

We take reasonable physical, technical and administrative safeguards to protect your personal information from misuse, interference, loss, and unauthorised access, modification and disclosure.

Risk management

We manage risks to your personal information by:

  • Storing files securely
  • Ensuring that only key personnel have access to sensitive information
  • Releasing information to service providers on a strictly need-to-know basis, and
  • Conducting regular audits of our security systems.

As mentioned above, your personal information may also be stored with a third-party provider, where it will be managed under their security policy:

From time to time I may combine information provided by you with information gathered from:

  • Social Media, such as Facebook, LinkedIn, Instagram and Twitter
  • Google Analytics
  • Personal contact

If you would like more information about this or do not wish this to occur, please contact me.

Access to Information

You can contact us to access, correct or update your personal information at any time. Unless we are subject to a confidentiality obligation or some other restriction on giving access to the information which permits us to refuse you access under the Privacy Act, and we believe there is a valid reason for doing so, we will endeavour to make your information available you within 30 days.

Please begin the process by sending an email requesting access to your information to me at and we will endeavour to respond within 7 days.


If a breach of this Privacy Policy occurs, or if you wish to a request a change to your personal information, you may contact us by sending an email outlining your concerns to us at and I will endeavour to respond within 48 hours.

If you are not satisfied with our response to your complaint you may seek a review by contacting:

  • The Office of the Australian Information Commissioner using the information available at
  • The health ombudsman in your state or territory.

Notification of Change

If we decide to change our Privacy Policy, we will post a copy of the revised policy on our website.

Notification of Breach

If we have reason to suspect that a serious data breach has occurred and that this may result in harm or loss to you, we will immediately assess the situation and take appropriate remedial action. If we still believe that you are at risk, we will notify the Office of the Information Commissioner and either notify you directly, or if that is not possible, publicise a notification of the breach on this website.