01
Overview
Overview
Overview
This Privacy Policy explains how The Avīnya(“we”, “us”) collects, uses, discloses, and safeguards personal data in connection with our hospitality and wellness Services. As a hospitality entity, we hold only the data needed to coordinate stays and partner referrals; clinical records are held by the independent HIMPSI-registered partners delivering care.
This Privacy Policy explains how The Avīnya(“we”, “us”) collects, uses, discloses, and safeguards personal data in connection with our hospitality and wellness Services. As a hospitality entity, we hold only the data needed to coordinate stays and partner referrals; clinical records are held by the independent HIMPSI-registered partners delivering care.
This Privacy Policy explains how The Avīnya(“we”, “us”) collects, uses, discloses, and safeguards personal data in connection with our hospitality and wellness Services. As a hospitality entity, we hold only the data needed to coordinate stays and partner referrals; clinical records are held by the independent HIMPSI-registered partners delivering care.
02
Data We Collect
Data We Collect
Data We Collect
We may collect the following categories of personal data:
We may collect the following categories of personal data:
We may collect the following categories of personal data:
Contact and identity details you provide via enquiry or intake forms (name, email, phone, organisation).
Booking and logistics information (dates, programme tier, travel and accommodation preferences).
Referral context shared by an employer, treating practitioner, or insurer where you have consented to such a referral.
Website usage data such as device, browser, and pages viewed.
We do not seek to hold clinical or medical records on our own systems; these reside with our clinical partners.
Contact and identity details you provide via enquiry or intake forms (name, email, phone, organisation).
Booking and logistics information (dates, programme tier, travel and accommodation preferences).
Referral context shared by an employer, treating practitioner, or insurer where you have consented to such a referral.
Website usage data such as device, browser, and pages viewed.
We do not seek to hold clinical or medical records on our own systems; these reside with our clinical partners.
Contact and identity details you provide via enquiry or intake forms (name, email, phone, organisation).
Booking and logistics information (dates, programme tier, travel and accommodation preferences).
Referral context shared by an employer, treating practitioner, or insurer where you have consented to such a referral.
Website usage data such as device, browser, and pages viewed.
We do not seek to hold clinical or medical records on our own systems; these reside with our clinical partners.
03
How We Use Your Data
How We Use Your Data
How We Use Your Data
To respond to enquiries and coordinate intake and bookings.
To facilitate referrals to HIMPSI-registered clinical partners.
To produce aggregate, de-identified reporting for corporate and insurer partners (no individual clinical detail).
To meet legal, accounting, and safeguarding obligations.
To respond to enquiries and coordinate intake and bookings.
To facilitate referrals to HIMPSI-registered clinical partners.
To produce aggregate, de-identified reporting for corporate and insurer partners (no individual clinical detail).
To meet legal, accounting, and safeguarding obligations.
To respond to enquiries and coordinate intake and bookings.
To facilitate referrals to HIMPSI-registered clinical partners.
To produce aggregate, de-identified reporting for corporate and insurer partners (no individual clinical detail).
To meet legal, accounting, and safeguarding obligations.
04
Legal Bases
Legal Bases
Legal Bases
Where GDPR or equivalent regimes apply, we process personal data on the bases of consent, performance of a contract, compliance with a legal obligation, and our legitimate interests in operating the Services. You may withdraw consent at any time, subject to existing contractual commitments.
Where GDPR or equivalent regimes apply, we process personal data on the bases of consent, performance of a contract, compliance with a legal obligation, and our legitimate interests in operating the Services. You may withdraw consent at any time, subject to existing contractual commitments.
Where GDPR or equivalent regimes apply, we process personal data on the bases of consent, performance of a contract, compliance with a legal obligation, and our legitimate interests in operating the Services. You may withdraw consent at any time, subject to existing contractual commitments.
05
Encrypted Portals & Security
Encrypted Portals & Security
Encrypted Portals & Security
Patient confidentiality and medical records are managed via HIPAA / GDPR / PDPA-equivalent encrypted portals operated with our clinical partners. We apply access controls, encryption in transit and at rest, and the principle of least privilege to the limited hospitality data we hold.
Patient confidentiality and medical records are managed via HIPAA / GDPR / PDPA-equivalent encrypted portals operated with our clinical partners. We apply access controls, encryption in transit and at rest, and the principle of least privilege to the limited hospitality data we hold.
Patient confidentiality and medical records are managed via HIPAA / GDPR / PDPA-equivalent encrypted portals operated with our clinical partners. We apply access controls, encryption in transit and at rest, and the principle of least privilege to the limited hospitality data we hold.
06
Sharing with Clinical Partners
Sharing with Clinical Partners
Sharing with Clinical Partners
With your consent, we share the minimum information necessary to coordinate care with independent, HIMPSI-registered clinical partners and their Australian, Singaporean, and allied international oversight psychologists. These partners act as independent controllers of the clinical data they collect.
With your consent, we share the minimum information necessary to coordinate care with independent, HIMPSI-registered clinical partners and their Australian, Singaporean, and allied international oversight psychologists. These partners act as independent controllers of the clinical data they collect.
With your consent, we share the minimum information necessary to coordinate care with independent, HIMPSI-registered clinical partners and their Australian, Singaporean, and allied international oversight psychologists. These partners act as independent controllers of the clinical data they collect.
07
Data Retention
Data Retention
Data Retention
We retain hospitality data only for as long as necessary to deliver the Services and to meet legal and accounting obligations, after which it is securely deleted or de-identified. Clinical records are retained by partners under their own regulatory retention schedules.
We retain hospitality data only for as long as necessary to deliver the Services and to meet legal and accounting obligations, after which it is securely deleted or de-identified. Clinical records are retained by partners under their own regulatory retention schedules.
We retain hospitality data only for as long as necessary to deliver the Services and to meet legal and accounting obligations, after which it is securely deleted or de-identified. Clinical records are retained by partners under their own regulatory retention schedules.
08
Your Rights
Your Rights
Your Rights
Subject to applicable law, you may request access to, correction of, or deletion of your personal data, object to certain processing, or request data portability. Requests relating to clinical records should be directed to the relevant clinical partner.
Subject to applicable law, you may request access to, correction of, or deletion of your personal data, object to certain processing, or request data portability. Requests relating to clinical records should be directed to the relevant clinical partner.
Subject to applicable law, you may request access to, correction of, or deletion of your personal data, object to certain processing, or request data portability. Requests relating to clinical records should be directed to the relevant clinical partner.
09
International Transfers
International Transfers
International Transfers
Because our partners and oversight psychologists operate across Australia, Singapore, the European Union, and Indonesia, your data may be transferred across borders. Such transfers are protected by appropriate safeguards consistent with GDPR, PDPA, and equivalent frameworks.
Because our partners and oversight psychologists operate across Australia, Singapore, the European Union, and Indonesia, your data may be transferred across borders. Such transfers are protected by appropriate safeguards consistent with GDPR, PDPA, and equivalent frameworks.
Because our partners and oversight psychologists operate across Australia, Singapore, the European Union, and Indonesia, your data may be transferred across borders. Such transfers are protected by appropriate safeguards consistent with GDPR, PDPA, and equivalent frameworks.
10
Contact & Data Requests
Contact & Data Requests
Contact & Data Requests
For privacy enquiries or to exercise your rights, contact partnerships@theavinya.com. For booking-related data, contact intake@theavinya.com.
For privacy enquiries or to exercise your rights, contact partnerships@theavinya.com. For booking-related data, contact intake@theavinya.com.
For privacy enquiries or to exercise your rights, contact partnerships@theavinya.com. For booking-related data, contact intake@theavinya.com.