Privacy Policy

Community Botanic Dispensary is operated by Bona Sano Pty Ltd ABN 15 679 537 243.

In this Privacy Policy, "Community Botanic Dispensary", "we", "us" or "our" refers to Bona Sano Pty Ltd and the pharmacy services we provide through our website, in-store services, prescription ordering systems, delivery services and related communication channels.

We are committed to protecting your privacy and handling your personal information, including health information, in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, applicable health records laws, pharmacy professional obligations, and other applicable Australian laws.

This Privacy Policy explains how we collect, use, store, disclose and protect your personal information.

We may collect personal information and health information about you when you use our website, submit a prescription, create an account, contact us, place an order, receive pharmacy services, or interact with us.

Health information is sensitive information. Australian privacy law has stricter rules about how health service providers collect, use and disclose health information.

Where possible, we collect personal information directly from you. However, in some cases, pharmacy care requires us to verify or receive information from other health providers or authorised systems.

We collect, use and hold your personal information so that we can provide safe, lawful and appropriate pharmacy services.

When you submit an eScript token or prescription details, we use that information for pharmacy-related purposes, including prescription review, dispensing, supply, record keeping, pharmacist counselling, delivery and support.

We do not use prescription or health information for unrelated marketing purposes without your consent.

You need to create an account to use certain website features, such as submitting prescriptions, managing orders, receiving communications or accessing order history.

You are responsible for keeping your login details secure. Please contact us immediately if you believe your account has been accessed without permission.

We may suspend or restrict account access if we suspect unauthorised use, fraud, misuse, or a risk to patient safety or privacy.

We may collect and use payment-related information to process transactions. Payments may be processed through secure third-party payment providers, such as NAB, or another approved payment service used by Community Botanic Dispensary.

We do not recommend sending card details by email, SMS or unsecured message.

Depending on the payment method used, your payment information may be collected and processed directly by the payment provider. Their own privacy policy and security standards may also apply.

If you request delivery, we may disclose limited personal information to delivery providers so they can deliver your order.

For privacy and safety, prescription medicine deliveries may require secure handling, signature on delivery or identity verification depending on the medicine and delivery method.

We may use delivery providers such as Australia Post, courier services, or other delivery partners approved by the pharmacy.

We may disclose personal information to trusted third-party service providers who help us operate our pharmacy and website.

We take reasonable steps to ensure third-party providers handle personal information appropriately and only for authorised purposes.

Our website may use cookies, pixels, analytics tools and similar technologies, including Google Analytics, to understand how visitors use our website and to improve our services.

Cookies may be used to improve website functionality, analyse use and tailor online experiences.

We may send you service-related communications about your prescriptions, orders, delivery, account or pharmacy care.

We may also send marketing or promotional communications where permitted by law and where you have consented or where it is otherwise lawful to do so.

You can unsubscribe from marketing communications at any time. However, we may still need to send you important non-marketing communications about your prescriptions, orders, safety issues, recalls, account activity or pharmacy services.

We do not use your prescription or sensitive health information to advertise unrelated products.

We may disclose relevant information to your prescriber or another healthcare provider where reasonably necessary for your care, dispensing, medicine safety, prescription clarification or legal compliance.

Where possible, we will take reasonable steps to confirm authority before disclosing sensitive information.

We may also disclose information where necessary to manage a serious threat to life, health or safety.

We aim to store and handle personal information using systems and service providers that are appropriate for an Australian pharmacy business.

Some of our website, database, payment, analytics, communication, hosting, IT support or pharmacy-related service providers may store, process, access or support systems from locations outside Australia. This may depend on the provider, selected data region, technical configuration and the services used.

Where personal information is disclosed to or accessed by an overseas recipient, we will take reasonable steps to ensure the information is handled in accordance with Australian privacy requirements, unless an exception applies.

Where possible, we configure our systems to limit unnecessary access to personal information and health information.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

No website or electronic system is completely risk-free. If we become aware of a privacy or data security incident, we will take steps to respond in accordance with applicable legal obligations.

We keep personal information for as long as needed for the purposes for which it was collected, including pharmacy care, dispensing, record keeping, legal compliance, accounting, insurance, dispute resolution and regulatory obligations.

Pharmacy and health records may need to be kept for minimum periods required by law.

When information is no longer required, we will take reasonable steps to securely destroy, delete or de-identify it, unless we are legally required to keep it.

You may request access to the personal information we hold about you.

To request access, please contact us using the details at the end of this policy. We may need to verify your identity before providing access.

In some situations, we may be legally permitted or required to refuse access, such as where providing access would affect another person's privacy, create a serious safety risk, or be unlawful.

You may ask us to correct personal information we hold about you if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading.

We will take reasonable steps to correct your information where appropriate. We may need to verify your identity before making changes.

If you have a concern about how we have handled your personal information, please contact us first so we can try to resolve the issue.

We will review your complaint and respond within a reasonable time.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

Our pharmacy services may involve collecting information about children or young people where relevant to prescription supply, pharmacy care or legal requirements.

Where appropriate, information may be collected from or disclosed to a parent, guardian or authorised representative.

We may require additional verification or consent depending on the patient's age, the medicine involved, the legal requirements and the circumstances.

Our website may contain links to third-party websites, platforms or services.

We are not responsible for the privacy practices or content of third-party websites. You should read the privacy policy of any third-party website you visit.

We may update this Privacy Policy from time to time to reflect changes in our business, website, systems, services or legal obligations.

The updated version will be published on our website with the updated date.

For privacy questions, access or correction requests, or privacy complaints, please contact: