Privacy Policy - Kora Wellness

Last Updated: 16th February 2026

1. Introduction

Kora Wellness ("we", "us", "our") is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, store, disclose and handle your personal information, including sensitive information such as health information.

Our Details:

  • Business Name: Kora Wellness

  • ABN: 94503329419

  • Address: 43 Wentworth Street, Port Kembla NSW 2505

  • Email: korawellness1@gmail.com

  • Phone: 0404 470 951

2. What personal information we collect

2.1 Information You Provide Directly

We may collect the following personal information when you:

  • Contact us via email, phone or website forms

  • Book or attend a breathwork session

  • Subscribe to our newsletter or marketing communications

  • Participate in our services or programs

This may include:

  • Full name

  • Email address

  • Phone number

  • Date of birth

  • Residential address

  • Emergency contact details

  • Payment information (processed securely through third-party payment processors)

2.2 Sensitive information (Health information)

As a health and wellness service provider, we may collect sensitive information including:

  • Medical history relevant to breathwork practice (e.g., cardiovascular conditions, respiratory conditions, mental health diagnoses)

  • Current medications that may affect your ability to participate in breathwork

  • Pregnancy status

  • Mental health information (e.g., history of psychosis, severe anxiety, trauma)

  • Physical health conditions (e.g., high/low blood pressure, epilepsy, recent surgery)

  • Emotional or psychological state relevant to session facilitation

We only collect sensitive information:

  • With your explicit consent

  • When necessary to provide our services safely and effectively

  • To ensure we can tailor sessions appropriately to your needs

  • To meet our duty of care obligations

2.3 Information collected automatically

When you visit our website, we may automatically collect:

  • IP address

  • Browser type and version

  • Device information

  • Pages visited and time spent on site

  • Referring website

  • Geographic location (city/region level)

This information is collected through:

  • Cookies (small text files stored on your device)

  • Google Analytics (anonymized website analytics)

  • Squarespace analytics (our website platform)

You can disable cookies in your browser settings, though this may affect website functionality.

3. How we collect your information

We collect personal information:

  • Directly from you when you fill out booking forms, contact forms, intake questionnaires, or speak with us

  • From your interactions with our website, social media, or email communications

  • From third parties such as your emergency contact (only when necessary and with your consent)

  • During sessions through verbal communication or observation relevant to your safety and session outcomes.

4. Why we collect your information (Primary purposes)

We collect and use your personal information for the following purposes:

4.1 Service delivery

  • To provide 9D breathwork sessions and related wellness services

  • To assess your suitability and safety for breathwork sessions

  • To tailor sessions to your individual needs and goals

  • To provide appropriate facilitation and support during sessions

  • To follow up on your wellbeing after sessions

4.2 Health and safety

  • To identify any contraindications or health risks

  • To ensure we can provide services safely

  • To respond to medical emergencies (if your emergency contact needs to be notified)

  • To maintain duty of care obligations

4.3 Administrative purposes

  • To schedule and manage appointments

  • To process payments and issue receipts

  • To send booking confirmations and reminders

  • To maintain accurate business records

  • To respond to inquiries and customer service requests

4.4 Communication and marketing

  • To send you information about our services (where you have consented)

  • To notify you of upcoming events, workshops, or special offers

  • To send newsletters (where you have subscribed)

  • To communicate changes to session times, policies, or services

4.5 Legal and Regulatory Compliance

  • To comply with legal obligations under health and safety laws

  • To respond to complaints or legal claims

  • To maintain records as required by law

  • To comply with tax and accounting obligations.

5. When we disclose your information

We do not sell, rent or trade your personal information to third parties for marketing purposes.

We may disclose your personal information in the following circumstances:

5.1 Service providers

We may share your information with trusted third-party service providers who assist us in operating our business, including:

  • Payment processors (Stripe, Square, or similar) - to process payments securely

  • Booking systems (Acuity Scheduling) - to manage appointments

  • Email marketing platforms (if we use services like Mailchimp) - to send newsletters (only if you've subscribed)

  • Website hosting (Squarespace) - to host our website

  • Accounting software - to maintain financial records

These providers are contractually bound to protect your information and only use it for the purposes we specify.

5.2 Legal requirements

We may disclose your information when legally required to:

  • Comply with court orders, subpoenas, or legal processes

  • Respond to requests from law enforcement or government authorities

  • Protect our rights, property, or safety, or that of our clients or the public

  • Enforce our terms and conditions

5.3 Emergency situations

We may disclose your health information to:

  • Emergency services (ambulance, hospital) if you experience a medical emergency during a session

  • Your nominated emergency contact if we reasonably believe you are at risk of harm

  • Healthcare professionals if we believe disclosure is necessary to prevent serious harm to you or others

5.4 With your consent

We may disclose your information to other parties where you have explicitly consented (e.g., if you request we share information with your healthcare provider).

6. How we store and protect your information

6.1 Security measures

We take reasonable steps to protect your personal information from:

  • Misuse, interference, and loss

  • Unauthorized access, modification, or disclosure

Our security measures include:

  • Password-protected systems for client records

  • Secure servers with encryption (SSL/TLS) for website data transmission

  • Limited access - only authorized personnel can access client information

  • Regular backups to prevent data loss

  • Secure payment processing through PCI-DSS compliant providers

6.2 Storage location

Your information is stored:

  • In Australia on secure servers (Squarespace, Acuity Scheduling servers may be located overseas but comply with Australian privacy requirements)

  • In paper records stored securely at our Port Kembla studio in locked filing cabinets

  • On password-protected devices used for business purposes

6.3 Overseas disclosure

Some of our service providers may store data on servers located outside Australia (e.g., United States). When we use these providers:

  • We ensure they have appropriate privacy safeguards in place

  • We only use providers that comply with Australian privacy standards or equivalent protections

  • You consent to this overseas storage when you provide us with information

Countries where data may be stored:

  • United States (Squarespace, Stripe, Acuity Scheduling)

  • European Union (if using EU-based email services).

7. How long we retain your information

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Retention periods:

  • Client health records: Minimum 7 years from last session (as required by health practitioner guidelines)

  • Financial records: 7 years (as required by Australian tax law)

  • Marketing communications: Until you unsubscribe or request deletion

  • General inquiries: 2 years from last contact

  • Session recordings or notes: Duration of our professional relationship plus 7 years

After the retention period, we will securely delete or destroy your information.

8. Your rights and choices

Under the Australian Privacy Principles, you have the right to:

8.1 Access your information

You may request access to the personal information we hold about you. To make a request:

  • Email us at korawellness1@gmail.com

  • Include your full name and contact details

  • Specify what information you wish to access

We will respond within 30 days and provide access unless an exception applies (e.g., disclosure would pose a serious threat to someone's health or safety).

We may charge a reasonable fee for providing access if the request is complex or resource-intensive.

8.2 Correct your information

If you believe any information we hold about you is inaccurate, incomplete, or out-of-date, you may request correction.

We will take reasonable steps to correct the information within 30 days, or notify you if we disagree with your correction request.

8.3 Request deletion

You may request that we delete your personal information in certain circumstances:

  • The information is no longer needed for the purpose it was collected

  • You withdraw consent (where consent was the basis for collection)

  • The information was collected or used unlawfully

Note: We may not be able to delete information if:

  • We are legally required to retain it (e.g., financial records, health records)

  • Deletion would compromise legal claims or compliance obligations

  • The information is stored in backups (which are deleted on a rolling schedule)

8.4 Object to processing

You may object to:

  • Marketing communications - Unsubscribe via the link in emails or contact us directly

  • Use of cookies - Adjust your browser settings to block or delete cookies.

8.5 Data portability

You may request a copy of your information in a commonly used electronic format.

9. Marketing and Communications

9.1 Consent

We will only send you marketing communications (newsletters, promotional emails, event invitations) if:

  • You have explicitly opted in via our website or booking form, OR

  • You have provided your email address in the context of purchasing a service and have not opted out

9.2 How to unsubscribe

You can opt out of marketing communications at any time by:

  • Clicking "Unsubscribe" at the bottom of any marketing email

  • Emailing us at korawellness1@gmail.com with "Unsubscribe" in the subject line

  • Contacting us by phone at 0404 470 951

Note: Even if you unsubscribe from marketing, we may still send you:

  • Transactional emails (booking confirmations, receipts, appointment reminders)

  • Important updates about our services or policies

  • Responses to your inquiries.

10. Third-Party links and services

Our website may contain links to third-party websites (e.g., Instagram, Facebook, 9D Breathwork global site).

Please note:

  • We are not responsible for the privacy practices of these third-party sites

  • We encourage you to read their privacy policies before providing any information

  • This Privacy Policy only applies to information collected by Kora Wellness.

11. Children's privacy

Our services are designed for adults. We do not knowingly collect personal information from individuals under 18 years of age without parental or guardian consent.

If you are under 18 and wish to participate in our services:

  • A parent or guardian must complete intake forms on your behalf

  • A parent or guardian must provide consent for the collection and use of your information

  • A parent or guardian must be present during sessions

If we become aware that we have collected information from a child under 18 without appropriate consent, we will take steps to delete that information.

12. Cookies and tracking technologies

12.1 What are cookies?

Cookies are small text files stored on your device when you visit a website. They help us understand how you use our website and improve your experience.

12.2 Types of cookies we use

Essential cookies (strictly necessary)

  • Enable core website functionality (e.g., secure login to booking system)

  • Remember your session and preferences

  • Cannot be disabled without affecting website functionality

Analytics cookies (performance)

  • Google Analytics - tracks website usage (anonymized data)

  • Squarespace Analytics - measures site performance

  • Help us understand which pages are most popular and how visitors navigate our site

Marketing cookies (optional)

  • Facebook Pixel (if we use Facebook ads) - tracks conversions from Facebook advertising

  • Google Ads (if we use Google advertising) - measures ad performance

12.3 Managing cookies

You can control cookies through your browser settings:

  • Google Chrome: Settings > Privacy and Security > Cookies

  • Safari: Preferences > Privacy > Cookies

  • Firefox: Options > Privacy & Security > Cookies

Note: Blocking all cookies may prevent some website features from working properly.

12.4 Google Analytics

We use Google Analytics to understand website traffic. Google Analytics collects:

  • How visitors find our site (search engines, social media, direct)

  • Which pages are viewed and for how long

  • Geographic location (city/region, not precise address)

  • Device and browser type

Google Analytics data is anonymized and aggregated. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

13. Data breach notification

In the unlikely event of a data breach that is likely to result in serious harm to you, we will:

  • Notify you as soon as practicable (unless prohibited by law enforcement)

  • Notify the Office of the Australian Information Commissioner (OAIC) if required

  • Take immediate steps to contain and remediate the breach

  • Provide you with information about the breach and steps you can take to protect yourself.

14. Complaints and concerns

If you have a complaint about how we have handled your personal information, please contact us:

Email: korawellness1@gmail.com
Phone: 0404 470 951
Mail: Privacy Officer, Kora Wellness, 43 Wentworth Street, Port Kembla NSW 2505

We will:

  1. Acknowledge your complaint within 7 days

  2. Investigate your complaint thoroughly

  3. Respond to you within 30 days with our findings and proposed resolution

  4. Work with you to resolve the issue

14.1 External complaints

If you are not satisfied with our response, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Mail: GPO Box 5218, Sydney NSW 2001

15. International visitors and GDPR Compliance

If you are accessing our services from outside Australia, particularly from the European Union (EU), additional privacy rights may apply under the General Data Protection Regulation (GDPR).

15.1 Legal Basis for Processing (GDPR)

We process your information based on:

  • Consent - You have explicitly agreed to our processing (e.g., marketing communications)

  • Contract - Processing is necessary to provide you with our services

  • Legitimate interests - We have a legitimate business interest (e.g., fraud prevention, service improvement)

  • Legal obligation - We are required by law to process your information

15.2 Additional rights for EU residents

If you are in the EU, you have additional rights including:

  • Right to withdraw consent at any time

  • Right to data portability

  • Right to object to processing based on legitimate interests

  • Right to lodge a complaint with your local data protection authority

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes in our practices or services

  • Changes in privacy laws or regulations

  • Technological developments

  • Feedback from clients or regulators

When we make changes:

  • We will update the "Last Updated" date at the top of this policy

  • If changes are significant, we will notify you via email or prominent notice on our website

  • Continued use of our services after changes indicates your acceptance of the updated policy.

17. Contact us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

Kora Wellness - Privacy Inquiries
Email: korawellness1@gmail.com
Phone: 0404 470 951
Address: 43 Wentworth Street, Port Kembla NSW 2505

We aim to respond to all privacy inquiries within 7 business days.

18. Consent and acknowledgment

By using our services, booking a session, or providing us with your personal information, you acknowledge that:

  • You have read and understood this Privacy Policy

  • You consent to the collection, use, and disclosure of your information as described in this policy

  • If providing sensitive information (health information), you explicitly consent to its collection and use for the purposes outlined above

  • You understand your rights regarding your personal information

END OF PRIVACY POLICY