Skip to main content
Now pre-booking · Melbourne CBD clinic opens 25 May 2026

Privacy Policy - SOUL IV

Last updated: 12 May 2026

The privacy of your Personal Data is important to Soul IV Australia Pty Ltd (ABN 71 679 442 703) and its related affiliates (referred to collectively as "SOUL IV", "we", or "our"), and we are committed to ensuring that your Personal Data is handled responsibly, in accordance with the applicable Data Protection Legislation. We adhere to the Privacy Act 1988 (Cth) ("Privacy Act"), including the Australian Privacy Principles ("the APPs") (hereinafter jointly referred to as the "Australian requirements").

SOUL IV's system for complying with Australian privacy requirements includes:

  • Our commitment to compliance with privacy requirements
  • Our policy and approach to privacy, as explained in this information
  • Our resources allocated to privacy, including our technology systems and services
  • Our people and the training and education we undertake

1. Collection of information

The types of information that SOUL IV collects from you will depend on the circumstances of collection and on the service that we are providing to you.

1.1 Personal information

The type of personal information collected will be directly related to the specified purpose it has been collected for. How much of your personal information that you choose to disclose to us is completely up to you. Generally, the only way we know something about you personally is if you provide it to us. However, failure to provide certain information may result in SOUL IV being unable to provide you with the relevant product or service. We will make you aware of the purpose for which we collect the personal information and, where possible, the consequences of not providing it at the time of collection.

For example:

  • If you request products or services from us, we may collect information such as your name and contact details (i.e. billing and/or postal address, phone/mobile number(s) or email address), date of birth and/or credit card details.
  • If you sign up to use a particular service such as email or mailout marketing (about product updates and developments, special events or promotions), loyalty or rewards program(s) or enter into a competition operated by us, we may collect information such as your date of birth and your interests and any other information required to provide that service to you (in addition to your name and contact details).
  • If you participate in any surveys we, or a third party service provider acting on our behalf, may conduct from time to time gather personal information relating to your survey responses.
  • If you make an inquiry, provide feedback or make a complaint to us, we may collect your name and contact details.
  • If you are applying for employment with us, we may collect any information that is relevant to such employment including your name and contact details (i.e. residential address, phone number(s) and/or email address) and any other information relevant to the recruitment process (including any information contained in the application form and your resume).
  • When you visit our website(s), our analytics tools (Google Analytics 4, Google Tag Manager, and any advertising tags described in §2) collect online identifiers including cookie identifiers, IP addresses, device and browser identifiers, and technical metadata such as pages viewed, referring source, and approximate geographic location. These identifiers are personal information for the purposes of the Privacy Act and the GDPR.

You acknowledge that the personal information we collect from you is your own information or information which you have been authorised to provide us.

1.2 Sensitive information

SOUL IV does not generally collect sensitive information as defined under the Australian Privacy Act, such as racial or ethnicity information, political opinions or associations or criminal records. However, subject to your health needs, with your prior consent, we may collect sensitive information from you in the course of considering the best product or service for you.

1.3 Unsolicited information

Where unsolicited information is received by us, we will determine, within a reasonable period of time, whether or not we would be permitted to collect the information under the APPs/IPPs. If it would not be permitted for us to collect the information, we will destroy the information or ensure it is de-identified as soon as practicable. Otherwise, we may retain the information in accordance with the terms of this policy.

1.4 Anonymous information

We may also collect information about visitors to our website(s). For example, we may collect:

  • Statistical information about the number of visitors to the websites and the date, time and duration of visits;
  • The name of the domain/URL from which you access our websites; and
  • The internet protocol address.

However, we do not collect information about the identity of the visitors unless they voluntarily provide that information.

2. Method of collection

This personal information will only be collected through lawful and fair means and not in an unreasonably intrusive way. SOUL IV collects your personal information when you deal with us directly, including via our website(s), via forms or correspondence (i.e. by mail or email), over the phone or in person.

We may also collect personal information through our related bodies corporate and our third-party service providers (such as data relating to survey responses) so that we may provide a better or more relevant product or service to you.

Credit card information we collect from you will go directly to our processor or bank. If you choose to purchase a product from us, our third-party payment processors will collect your payment information, and none of our personnel will have access to this data.

Our website(s) use the following analytics and advertising technology to monitor performance, measure marketing effectiveness, and improve user experience: Google Analytics 4 (deployed via Google Tag Manager, collecting aggregated session, event, and conversion data); Google Ads conversion tracking and remarketing tags (collecting aggregated campaign performance and audience data); and, where active, Meta Pixel / Datasets (collecting aggregated event data for Facebook and Instagram advertising). These tools set cookies on your browser; the cookies and their lifetimes are listed in §9 below.

The data captured by these tags is processed by the platform owner (Google or Meta) under their own published terms, and is also accessed by our analytics consultancy Nathan Schram Digital (see §4a below) for the purpose of providing us with consolidated reporting. We do not deploy session-replay tools (Hotjar, FullStory, etc.) on our own website or any technology that captures form submissions or page-content interactions on our website beyond what the analytics tags above describe. Note that our booking platform Timely (see §4b) may use such tools within its own booking interface; refer to Timely's privacy policy and sub-processor list for current details.

3. Use of information

3.1 Use of personal information

We will use the personal information you have chosen to provide us for the purpose for which you provided it or a related secondary purpose which you would reasonably expect. We will not use it for any other purpose without your consent, unless permitted or required by law.

Generally, we will use your personal information for the following purposes:

  • Providing the products and/or services you have requested from SOUL IV;
  • To process sales transactions;
  • To deliver the products or services to you;
  • To register you for a service requested by you, such as our newsletter(s) and e-newsletters, mailouts, rewards program(s) or competitions and administering such services;
  • To respond to any inquiries, feedback or complaints made by you;
  • Direct marketing of products and services which we believe may interest you, including product updates and developments, special events or promotions;
  • Assisting us to improve our products and services and making them more relevant to you;
  • Assisting us to improve our website(s);
  • Processing and assessing employment applications for current and future positions; and
  • Otherwise managing our internal business operations and processes.

SOUL IV will provide you with the opportunity to "opt-out" of receiving marketing materials at the time of collection and/or at any time afterwards by either unsubscribing from the email service or contacting our Privacy Officer via the contact details provided below.

3.2 Use of anonymous information

SOUL IV gathers anonymous information to:

  • Monitor the use of our website(s);
  • Help us make improvements to the website(s); and
  • Offer relevant information and services to as many users as possible.

4. Disclosure

There will be occasions where it will be necessary for SOUL IV to disclose your personal information to third parties. The named recipients we currently work with are:

  • Google LLC (and its affiliates) — for analytics and advertising performance measurement. We use Google Analytics 4, Google Search Console, Google Tag Manager, Google Ads, and Google Business Profile. Google's data processing for these services is governed by the Google Ads Data Processing Terms v8.0 (analytics, ads, tag manager) and the Google Controller-Controller Data Protection Terms v11 (Business Profile). Google's privacy policy: policies.google.com/privacy.
  • Meta Platforms, Inc. (where active) — for paid advertising performance and Facebook / Instagram organic insights. We have engaged Meta Marketing API access via partner-share with our consultancy's Business Portfolio. Meta's privacy policy: www.facebook.com/privacy/policy/.
  • Nathan Schram Digital (ABN 32 380 848 852, Melbourne, Australia) — our analytics consultancy and data sub-processor. NSD has read access to our analytics platforms (Google Analytics 4, Google Search Console, Google Tag Manager, Google Ads, Google Business Profile, Meta — where active) for the purpose of monthly cross-channel reporting. NSD's full data-handling practices are documented at nathanschram.com/privacy/ and at §4a below.
  • Our third-party payment processors — credit and debit card details are processed directly by our payment processor (see §2) and are not retained by SOUL IV personnel.
  • Timely Limited (P.O. Box 13112, Dunedin 9018, New Zealand) — our online booking platform. When you book via our website, the booking form is hosted by Timely under their privacy policy. Timely collects your name, contact details, date of birth, appointment preferences, and (where you save a card for future bookings) tokenised payment data via their payment sub-processor Stripe. Timely's privacy policy: gettimely.com/privacy/. Timely acts as a data processor on our behalf and adheres to the Australian Privacy Principles in accordance with APP 6.1. See §4b below for fuller disclosure.
  • Contractors and third-party service providers on a confidential basis that we use in the ordinary course of our business to assist with the delivery of the product or service (e.g. cloud hosting, IT support, professional services).
  • Other members of SOUL IV's corporate group for marketing purposes (subject to obtaining your prior consent, if necessary).
  • Government authorities or other third parties as required by law, and relevant health or government authorities related to pandemic (COVID-19) or other serious public health issues.
  • Any other purpose that you have consented to.

4a. Nathan Schram Digital — analytics consultancy and sub-processor

SOUL IV uses Nathan Schram Digital ("NSD") to consolidate marketing analytics data from our advertising and analytics platforms into a single reporting view.

What NSD accesses: read-only access to our marketing platforms (Google Analytics 4, Google Search Console, Google Tag Manager, Google Ads, Google Business Profile, Meta Business — where applicable to our engagement). NSD does not have write access except where we have explicitly engaged them to manage content or campaigns on our behalf. NSD does not access our website directly and does not deploy any tracking code on our website beyond what we have already authorised through the platforms above.

Where NSD stores the data: in a private analytics warehouse hosted by Hetzner Online GmbH in Falkenstein, Germany. Encrypted backups are stored by Amazon Web Services in Ireland. Both jurisdictions provide privacy protections substantially similar to or stronger than Australia's requirements under the Privacy Act.

Retention: NSD retains analytics data for up to 24 months, after which it is automatically deleted. We can instruct NSD to delete our data sooner.

Sharing: NSD does not share, sell, or onward-transfer our analytics data to any other party, does not use it to train artificial-intelligence systems, and does not combine it with data from any other client.

Your rights: if you wish to access, correct, or delete data NSD holds about your interactions with SOUL IV, contact our Privacy Officer (details in §11) and we will action your request through NSD on your behalf, typically within 30 days.

NSD's own privacy policy is published at nathanschram.com/privacy/ and details NSD's full processing practices, sub-processor list (Hetzner, AWS, Bitwarden), and contact channels.

4b. Timely — booking platform and processor

SOUL IV uses Timely Limited ("Timely") to manage online bookings, appointment reminders, customer profiles, and card-on-file storage.

What Timely accesses: booking form submissions (name, contact details, date of birth, treatment preference, and any notes you provide), appointment history, and card-on-file tokens (held by Stripe, not by Timely directly).

Where Timely stores the data: primary hosting in the United States and Australia via Amazon Web Services, Microsoft Azure, and Google Cloud. Card data is held by Stripe Payments Australia Pty. Ltd under PCI DSS Level 1 compliance. Timely's full sub-processor list (including SMS, email, and usability sub-processors) is published at help.gettimely.com/hc/en-gb/articles/360062775233.

Retention: booking and customer-profile data is retained for the duration of our active relationship with Timely. Saved card-on-file tokens are retained for 14 days following a booking unless you choose to save your card for future bookings (see our Terms of Service §8). You may request deletion of your customer profile data via our Privacy Officer (§11).

Sensitive information: Timely's terms of service prohibit storage of HIPAA-regulated health data on their platform. Health screening information for SOUL IV's IV therapy services is collected and stored separately via the Consent Form signed at your first appointment (see Terms of Service §8) — not via Timely's booking flow.

Your rights: Timely's full privacy policy is published at gettimely.com/privacy/ and includes a list of all third-party sub-processors. Timely adheres to the Australian Privacy Principles. To exercise data access, correction, or deletion rights in relation to data Timely holds about your bookings with SOUL IV, contact our Privacy Officer (details in §11) and we will action your request through Timely on your behalf.

5. Transfer of information outside Australia

Some of the third-party processors named in §4 are based outside Australia, which means your personal information may be transferred overseas in the ordinary course of providing our services to you. The current overseas transfer destinations are:

  • Google LLC — United States and other jurisdictions worldwide where Google maintains data-processing facilities. Google's transfers are governed by the European Standard Contractual Clauses incorporated into the Google Ads Data Processing Terms v8.0, Appendix 3A and the equivalent provisions in the Controller-Controller Terms v11 covering Google Business Profile.
  • Meta Platforms, Inc. (where active) — United States. Meta's transfers are governed by Standard Contractual Clauses and the EU-US Data Privacy Framework.
  • Nathan Schram Digital — Germany (Hetzner Online GmbH, Falkenstein, where the analytics warehouse runs) and Ireland (Amazon Web Services, where encrypted backups are stored). Both jurisdictions have privacy protections substantially similar to those in the Privacy Act and the GDPR.
  • Timely Limited — New Zealand (registered office), United States and Australia (data hosting via Amazon Web Services, Microsoft Azure, and Google Cloud), and incidental sub-processor jurisdictions for ancillary services (Twilio and SendGrid in the United States for SMS and email confirmations; Hotjar in Malta and Fullstory in the United States for usability monitoring within Timely's booking interface). Timely's transfers from Australia and the EU are governed by Standard Contractual Clauses with each sub-processor. The full sub-processor list is published at help.gettimely.com/hc/en-gb/articles/360062775233.
  • Stripe Payments Australia Pty. Ltd (Australia) — payment processor used by Timely for card storage and transaction processing. Card data is held under PCI DSS Level 1 compliance by Stripe, not by SOUL IV or Timely directly. Stripe's privacy policy: stripe.com/au/privacy.

Where your personal information is disclosed to an overseas recipient, we take such steps as are reasonable in the circumstances to ensure that the recipient does not breach the Australian Privacy Principles in relation to that information, in accordance with APP 8.1. By providing us with your personal information, you consent to your personal information being stored or sent overseas for the purposes set out in this Policy.

6. No sale of personal information

Under no circumstances will SOUL IV sell or receive payment for licensing or disclosing your personal information.

7. Security

The security of your information is important to us. SOUL IV operates secure data networks that are designed to protect your privacy and security. When we have collected information about you it cannot be seen or modified by anyone else. SOUL IV has implemented generally acceptable standards of technology and operational security to ensure personal information (in both physical and electronic form) is protected against loss, misuse, interference and unauthorised access.

Only authorised SOUL IV personnel and contractors are provided access to personal information and have agreed to ensure the confidentiality of this information. Reasonable steps are taken to destroy or permanently de-identify any personal information that is no longer required.

We review and update our security measures in light of current technologies. You should however be aware that the internet is not a secure environment and information sent via the internet (including email) cannot be guaranteed to be totally secure.

8. Data quality, access and correction

Under the Australian Privacy Act you have certain rights of access to correct your personal information.

8.1 Access

If you access one of our online services or products, you may access your personal information at any time by accessing your subscriber/account details via the relevant facility on our websites. Otherwise, you may at any time, request access to personal information that SOUL IV holds about you by making a request to our Privacy Officer at the address or email address below.

We will endeavour to process any requests for access to personal information within a reasonable period of time. Where possible, we will provide you with access to that information either by providing you with copies of the information requested, allowing you to inspect the information requested, or providing you with a summary of the information held. If we need to deny your request for access we will let you know why and inform you how you may lodge a complaint regarding this decision.

SOUL IV may charge a nominal fee for supplying personal information.

8.2 Correction

We will try to ensure that all information we collect, use or disclose about you is accurate, complete, up-to-date and relevant to the service or products being provided. If you discover or suspect that there is an error or information is missing, please forward your request for correction to our Privacy Officer in writing at the address or email address below.

9. Use of Cookies

Our website(s) use cookies and similar technologies for analytics, advertising performance, and user-experience improvements. The cookies that may be set on your browser are listed below. You can opt out of advertising personalisation across Google services at adssettings.google.com and review Google's full cookie reference at policies.google.com/technologies/cookies.

9.1 Analytics cookies (Google Analytics 4)

Cookie Set by Purpose Lifetime
_ga Google Analytics Distinguish unique visitors 2 years
_ga_<container-id> Google Analytics 4 Session and state tracking for the specific GA4 property 2 years

9.2 Advertising and conversion-tracking cookies (Google Ads)

Cookie Set by Purpose Lifetime
_gcl_* (e.g. _gcl_au, _gcl_aw, _gcl_dc) Google Ads conversion linker Attributing conversions to ad clicks 90 days
_gac_* Google Ads Conversion tracking 90 days
_gads Google Ads Advertising identifier on first-party domain 13 months
IDE and id Google (DoubleClick) Cross-site advertising personalisation 13 months in the EEA, Switzerland, and UK; 24 months elsewhere
NID Google Search session identifier (set on Google.com when applicable) 6 months from last use

9.3 Advertising cookies (Meta Pixel — only if you have engaged with SOUL IV's Facebook or Instagram ads)

Cookie Set by Purpose Lifetime
_fbp Meta Pixel Distinguish unique browsers for Facebook ad-conversion attribution 90 days
_fbc Meta Pixel Last-click attribution for Facebook ads 90 days

9.4 Functional / session cookies

SOUL IV may also set strictly-necessary functional cookies for booking-cart state, session continuity, and CSRF protection. These cookies are exempted from consent requirements under the EU ePrivacy Directive and equivalent Australian guidance because they are necessary for the service to function.

9.5 How to control cookies

Most browsers let you block or delete cookies through their settings. Blocking analytics or advertising cookies may reduce the relevance of content and ads you see, but will not prevent you from using core features of our site (booking, account, payment). To opt out of personalised Google advertising specifically, visit adssettings.google.com. To opt out of personalised Meta advertising, visit accountscenter.facebook.com/ads/.

10. Complaints about privacy

If you have any complaints relating to the management of your personal information or if you believe there has been a breach of the APPs by SOUL IV, please forward your complaint in writing to our Privacy Officer at the address or email address below. Our Privacy Officer will consider the complaint and advise you of their decision in writing within a reasonable time from receipt of the complaint.

If you are unhappy with the handling of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner (visit www.oaic.gov.au for more information).

11. Contact Privacy Officer

If you believe your Personal Data has not been treated consistently with this Privacy Policy or the Privacy Act, please contact us:

  • Post: Privacy Officer, Soul IV Australia Pty Ltd, Level 1, 420 Spencer Street, Melbourne VIC 3003
  • Phone: 1300 467 685
  • Email: [email protected]

12. Changes to this Privacy Policy

We may, from time to time, review and update this Privacy Policy including, to take into account new laws, regulations and technology. Any changes we make to this Privacy Policy in the future will be posted on the website and, where appropriate, notified to you by email. We re-verify this Privacy Policy at least once every 90 days; the Last updated date at the top of this page reflects the most recent verification.

All Personal Data that we collect, use, hold and disclose will be governed by the most recent Privacy Policy that has been posted on our websites.