Page

Privacy Policy

Privacy Policy

Kura Consulting Pty Ltd

ABN: 72 661 519 437

Website: kurahealth.au

Contact: hello@kurahealth.au

 

 

Kura Consulting Pty Ltd trading as Kura Health (“Kura Health”, “we”, “us”, “our”) is committed to handling your personal information with care, transparency and respect. This Privacy Policy explains how we collect, use, hold, disclose and protect your personal information when you visit kurahealth.au, purchase our products, use our digital resources, subscribe to our emails, or otherwise interact with us.

This Privacy Policy is issued by Kura Consulting Pty Ltd (ABN 72 661 519 437), a company registered in Victoria, Australia, and applies to all personal information we handle about individuals in Australia and overseas.

This policy complies with the Privacy Act 1988 (Cth) (“Privacy Act”), the Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act, the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act, and the Privacy and Other Legislation Amendment Act 2024 which received Royal Assent on 10 December 2024.

By using our website or providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy.

1.  What Personal Information We Collect

Personal information means any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not (as defined under the Privacy Act).

We may collect the following types of personal information:

Category

Examples

Identity information

First name, last name

Contact information

Email address, phone number, delivery address, billing address

Account information

Username, password (encrypted), purchase history, saved preferences

Transaction information

Order details, products purchased, payment method type (not full card details)

Health and lifestyle information

Information you voluntarily share with us about your health, family, dietary preferences or wellness goals when completing forms, surveys or communications

User-generated content

Reviews, testimonials, comments or feedback you submit

Marketing preferences

Email subscription status, consent records, communication preferences

Technical and usage data

IP address, browser type, device type, pages visited, time spent on pages, referring URL, click behaviour (collected via cookies and analytics tools)

 

Sensitive information: Health information is a category of sensitive information under the Privacy Act. We only collect health or lifestyle information that you voluntarily provide to us (for example, in a contact form, survey or email). We will not collect sensitive information without your consent unless required or authorised by law. We will never require you to disclose sensitive information as a condition of purchasing from us.

Information about children: Our website is not directed at children under the age of 15. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information without parental consent, please contact us immediately and we will take steps to delete it.

2.  How We Collect Personal Information

We collect personal information directly from you when you:

             Place an order or make a purchase on our website

             Create an account

             Subscribe to our email list or download a resource

             Complete a contact form, quiz, survey or feedback request

             Submit a review or testimonial

             Contact us by email, phone or social media

             Engage with our social media accounts or advertisements

We also collect certain information automatically when you visit our website through cookies, analytics tools and tracking technologies. See Section 7 (Cookies and Tracking Technologies) for full details.

We may occasionally collect information about you from third parties, including:

             Our e-commerce platform (Shopify)

             Payment processors (such as Stripe, Afterpay or Shop Pay)

             Email marketing platforms (such as Klaviyo)

             Social media platforms (such as Meta/Instagram) when you interact with our ads or content

             Analytics providers (such as Google Analytics)

Where we receive personal information from a third party, we will handle it in accordance with this Privacy Policy.

3.  Why We Collect and Use Your Personal Information

We collect, hold and use your personal information for the following purposes:

Purpose

Detail

Processing and fulfilling orders

To confirm, process and dispatch your purchases, send order confirmations and manage returns

Customer service

To respond to your enquiries, resolve complaints and provide support

Account management

To create and manage your customer account

Email marketing

To send you educational content, product updates, offers and brand communications where you have given consent or where we have a legitimate basis under the Spam Act 2003

Personalisation

To personalise your experience on our website and in communications

Website improvement

To analyse how our website is used and improve its performance, content and design

Legal compliance

To comply with our legal obligations, including under the Australian Consumer Law, Privacy Act, Therapeutic Goods Act and tax legislation

Fraud prevention and security

To detect, investigate and prevent fraudulent transactions and other illegal activities

Business operations

For internal record-keeping, auditing, product development, and business planning

 

We will only use your personal information for the purpose for which it was collected, a directly related purpose, or another purpose with your consent, or as otherwise permitted by law under the APPs.

4.  Legal Basis for Handling Your Information

Under the Privacy Act and APPs, we handle your personal information on the following grounds:

             Your consent (for example, subscribing to our email list or submitting a review)

             The performance of a contract with you (for example, processing your order)

             Compliance with a legal obligation

             Our legitimate interests in operating and improving our business, where those interests are not overridden by your rights

Where we rely on consent, you may withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of any handling carried out prior to withdrawal.

5.  Disclosure of Your Personal Information

We do not sell your personal information. We may disclose your personal information to the following categories of third parties, only to the extent necessary to fulfil the purposes described in this Policy:

Recipient

Purpose

Shopify Inc.

Our e-commerce platform. Shopify processes orders, stores account data and powers our online store. Shopify is based in Canada (an OAIC-recognised comparable jurisdiction) and complies with applicable privacy laws.

Payment processors

Stripe, Afterpay, Shop Pay and similar providers process payment transactions. We do not store your full card details. Their use is governed by their own privacy policies.

Email marketing platform

Klaviyo or similar platforms manage our email list, send communications and track engagement. Data is processed subject to those platforms’ privacy terms.

Logistics and fulfilment providers

Couriers and fulfilment partners receive your name and delivery address to dispatch your order.

Analytics providers

Google Analytics and similar tools collect anonymised or pseudonymised data about website usage. See Section 7 for detail.

Professional advisers

Our lawyers, accountants and other professional advisers where necessary for legal or compliance purposes.

Law enforcement or regulators

Where required or authorised by law, including by court order, subpoena, or a request from the OAIC or another regulatory authority.

 

Where we disclose your personal information to third parties, we take reasonable steps to ensure those parties handle it in accordance with the APPs or equivalent standards. Third parties who receive your information are only authorised to use it for the specific purpose for which it was disclosed.

6.  Overseas Disclosure

Some of the third parties we work with are located overseas or store data on servers outside Australia. These include:

             Shopify Inc. — Canada (comparable privacy protections recognised by the OAIC)

             Klaviyo Inc. — United States

             Google LLC (Analytics, Ads) — United States

             Meta Platforms Inc. (Instagram, Facebook) — United States

             Stripe Inc. — United States

Where we disclose personal information to overseas recipients, we take reasonable steps to ensure those recipients handle it in a manner consistent with the APPs, including by relying on contractual protections or the privacy frameworks of the recipient country. By providing us with your personal information, you acknowledge that we may disclose it to overseas recipients in the circumstances described above. In some cases, those recipients may not be subject to privacy obligations equivalent to those in Australia, and you may have limited ability to seek redress.

7.  Cookies and Tracking Technologies

We use cookies, pixels, web beacons and similar tracking technologies on our website. These tools help us understand how visitors use our site, improve performance, and deliver relevant content and advertising.

What are cookies? Cookies are small text files placed on your device by a website. They allow the website to recognise your browser and remember certain information across sessions.

Cookie type

Purpose

Essential cookies

Required for the website to function, including shopping cart, checkout and account login. Cannot be disabled without affecting site functionality.

Analytics cookies

Google Analytics and similar tools collect anonymised data on page views, session duration, traffic sources and user behaviour to help us improve the website.

Marketing and advertising cookies

Meta Pixel and similar tools track visits and conversions to help us measure ad performance and show relevant ads on platforms like Instagram and Facebook.

Functional cookies

Remember your preferences (such as currency, language or saved items) to personalise your experience.

 

Your choices: You can control cookies through your browser settings. Most browsers allow you to refuse new cookies, accept or reject specific cookies, or delete existing cookies. You can also opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on. Note that disabling certain cookies may affect website functionality.

Do Not Track: Our website does not currently respond to “Do Not Track” signals from browsers. We will update this disclosure if that changes.

8.  How We Hold and Protect Your Personal Information

We hold your personal information in electronic form through our e-commerce platform (Shopify), email marketing platform (Klaviyo), and other business systems that are access-controlled and password-protected.

We take reasonable technical and organisational measures to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure. These measures include:

             Encryption of data in transit using SSL/TLS protocols

             Access controls and authentication requirements for our internal systems

             Use of reputable, security-certified third-party platforms (including Shopify, which is PCI DSS compliant for payment processing)

             Limiting access to personal information to staff and contractors who need it to perform their role

             Regular review of our security practices

These measures are consistent with our obligations under APP 11 and the clarification introduced by the Privacy and Other Legislation Amendment Act 2024, which specifies that “reasonable steps” include both technical and organisational measures.

Despite our best efforts, no data transmission or storage system is completely secure. If you have reason to believe your interaction with us has been compromised, please contact us immediately.

9.  Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. In particular:

             Customer order and account data is retained for a minimum of 7 years to comply with Australian tax and accounting requirements

             Email marketing consent records are retained for as long as you remain subscribed, plus a reasonable period thereafter to evidence consent

             Analytics data collected via cookies is retained in accordance with the retention policies of the relevant platform (e.g. Google Analytics default retention periods)

             Records of data breach notifications are retained for a minimum of 5 years

When personal information is no longer required, we take reasonable steps to destroy or de-identify it in a secure manner.

10.  Your Rights and Choices

Under the Privacy Act and APPs, you have the following rights in relation to your personal information:

Right

What this means

Access (APP 12)

You may request access to the personal information we hold about you. We will respond within a reasonable time and no later than 30 days.

Correction (APP 13)

If you believe information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, you may request we correct it.

Unsubscribe from marketing

You may unsubscribe from our marketing emails at any time using the unsubscribe link in any email. We will action your request within 5 business days.

Withdraw consent

Where we rely on consent to process your information, you may withdraw that consent at any time by contacting us.

Complain

If you believe we have mishandled your personal information, you may make a complaint. See Section 12 for our complaints process.

 

To exercise any of these rights, please contact our Privacy Officer using the details in Section 13. We may need to verify your identity before responding to your request. We will not charge a fee for access requests unless the request is complex or requires significant resources, in which case we will notify you in advance.

If we refuse a request for access or correction, we will provide you with written reasons for the refusal and information about how to complain about the decision.

11.  Notifiable Data Breaches

We are committed to complying with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. If we become aware of a data breach that is likely to result in serious harm to affected individuals, we will:

             Conduct a prompt assessment of the breach

             Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable

             Notify affected individuals directly, or publicly if direct notification is not reasonably practicable

             Include in our notification the nature of the breach, the types of information involved, and what steps affected individuals should take to protect themselves

We maintain a data breach response plan and conduct regular reviews of our security practices to minimise the risk of a notifiable data breach occurring.

12.  Privacy Complaints

If you believe Kura Health has interfered with your privacy or mishandled your personal information, we encourage you to contact us first so we can try to resolve the matter.

To make a complaint:

             Email our Privacy Officer at [insert contact email] with the subject line “Privacy Complaint”

             Provide sufficient detail for us to understand and investigate your complaint, including your contact details

We will acknowledge receipt of your complaint within 5 business days and provide a substantive response within 30 days. If we require additional time, we will notify you.

If you are not satisfied with our response, or if you do not hear from us within 30 days, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC):

             Website: www.oaic.gov.au

             Phone: 1300 363 992

             Post: GPO Box 5218, Sydney NSW 2001

Since June 2025, individuals also have the right to bring a statutory tort for serious invasion of privacy directly in the courts, pursuant to the Privacy and Other Legislation Amendment Act 2024. This right arises where the invasion was intentional or reckless and caused serious harm.

13.  Direct Marketing

We may send you direct marketing communications about our products, resources, educational content and promotions by email or other electronic means where:

             You have given us express consent by subscribing to our email list or opting in at checkout; or

             We have inferred consent based on a provable, ongoing commercial relationship with you, and the communications are directly related to that relationship

All marketing emails will clearly identify Kura Consulting Pty Ltd trading as Kura Health (ABN 72 661 519 437) as the sender and will include a functional, free-of-charge unsubscribe mechanism. We will action unsubscribe requests within 5 business days, in compliance with the Spam Act 2003 (Cth).

We do not send unsolicited commercial electronic messages. We do not use your personal information for direct marketing unless we have the appropriate consent or lawful basis to do so.

14.  Third-Party Websites and Links

Our website may contain links to third-party websites, platforms and resources. This Privacy Policy applies only to information collected by Kura Health. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies before providing any personal information to them.

15.  Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal obligations. The updated version will be published on this page with a revised effective date and “Last reviewed” date.

Where changes are material, we will take reasonable steps to notify you (for example, by placing a notice on our website or sending an email to our subscribers). Continued use of our website after any update constitutes acceptance of the updated policy.

We recommend reviewing this Privacy Policy periodically. Previous versions are available on request.

16.  Contact and Privacy Officer

All privacy enquiries, access requests, correction requests and complaints should be directed to our Privacy Officer:

Kura Consulting Pty Ltd  trading as  Kura Health

ABN: 72 661 519 437

Website: kurahealth.au

Email: hello@kurahealth.au

This Privacy Policy should be read together with our Terms and Conditions and Returns Policy, available at kurahealth.au

© Kura Consulting Pty Ltd  |  ABN 72 661 519 437  |  All rights reserved.