Privacy Policy

Gardens Pharmacy and The Mortar & Pestle (collectively "we," "us," or "our") are committed to protecting your privacy and handling your personal information with care and respect. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

Contact Information:
Gardens Compounding Pharmacy
Suite 1.5, 470 Wodonga Place, Albury NSW 2640
Phone: (02) 6023 3666
Email: gardens@awardpharmacies.com

2.1 Personal Information You Provide

We may collect the following personal information when you:

• Create an account or register for our services
• Place orders for compounded medications or products
• Contact us with inquiries or requests
• Subscribe to newsletters or promotional communications
• Use Google OAuth to sign in

This information may include:

• Name and contact details (email, phone number, address)
• Date of birth
• Medical information (prescriptions, allergies, health conditions)
• Payment and billing information
• Google account information (name, email address) when using Google Sign-In

2.2 Automatically Collected Information

When you visit our website, we may automatically collect:

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent on site, referring URLs)
• Cookies and similar tracking technologies

2.3 Google OAuth Data

When you choose to sign in with Google, we receive limited information from your Google account, including:

• Your name
• Your email address
• Your Google profile picture (if available)

We use this information solely for account creation and authentication purposes. We do not access any other data from your Google account.

We use your personal information for the following purposes:

• Processing and fulfilling your orders and prescriptions
• Providing customer service and responding to inquiries
• Administering your account and authenticating your identity
• Sending important notifications about orders, services, or policy changes
• Improving our website, services, and customer experience
• Complying with legal obligations and regulatory requirements
• Preventing fraud and maintaining security
• Marketing communications (with your consent)

For users in the European Economic Area (EEA), we process your personal information based on:

• Consent: When you provide explicit consent (e.g., for marketing communications)
• Contractual necessity: To fulfill our obligations under a contract with you
• Legal obligations: To comply with applicable laws and regulations
• Legitimate interests: To improve our services, prevent fraud, and ensure security

We do not sell, trade, or rent your personal information to third parties. We may share your information with:

• Healthcare providers: When necessary to fulfill prescriptions and provide care
• Service providers: Trusted third parties who assist with operations (payment processing, shipping, IT services)
• Legal authorities: When required by law or to protect our rights and safety
• Business transfers: In the event of a merger, acquisition, or sale of assets

All third parties are contractually obligated to maintain the confidentiality and security of your information.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication mechanisms (including OAuth 2.0)
• Regular security assessments and updates
• Access controls and staff training
• Compliance with pharmacy regulations and healthcare privacy standards

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal obligations)
• Objection: Object to processing of your information for certain purposes
• Data portability: Receive your information in a structured, machine-readable format
• Withdraw consent: Withdraw consent for marketing communications at any time
• Revoke OAuth access: Disconnect Google Sign-In from your Google account settings

To exercise these rights, please contact us at gardens@awardpharmacies.com or call (02) 6023 3666.

We only set first-party cookies that are required to keep customer and admin areas secure. These cookies are issued by Supabase (our auth provider) and stay scoped to our domain:

• sb-auth-token (httpOnly, session): maintains your authenticated session for secure API calls and dashboard access.
• sb-refresh-token (httpOnly, session): refreshes your authenticated session so you stay signed in between page loads.

To help you resume unfinished tasks, we also store limited data in your browser's local storage. The data never leaves your device until you choose to submit a form:

• cartData: shopping cart contents and automatic reorder selections so items persist across visits.
• notificationSettings: your preferred reminder settings on the automatic reorders page.
• hormone-symptom-screening-female-v1 / hormone-symptom-screening-male-v1 and hormone-symptom-selected-dataset: saved progress for the hormone symptom questionnaire so you can pick up where you left off.

You can clear these entries at any time from your browser settings or via the "Clear saved progress" option inside the hormone symptom questionnaire. Blocking these cookies or storage features may prevent you from signing in or resuming drafts.

Our website may contain links to third-party websites and services, including Google's services when you use Google Sign-In. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies:

• Google Privacy Policy: https://policies.google.com/privacy

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Medical and prescription records are retained in accordance with Australian pharmacy regulations and healthcare privacy laws.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of our services after such changes constitutes your acceptance of the updated policy.

As an Australian business, we comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). We are committed to protecting your privacy in accordance with these principles and relevant healthcare privacy regulations.

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Gardens Pharmacy
Suite 1.5, 470 Wodonga Place, Albury NSW 2640

Phone: (02) 6023 3666
Email: gardens@awardpharmacies.com