Privacy Policy

1. Who we are

In this policy, Medical Aesthetics 360°, MA360, we, us and our refer to the clinic services operating under the Medical Aesthetics 360° brand, including our Chatswood and Hurstville locations.

We handle personal information and sensitive information, including health information, as part of providing medical consultations, cosmetic medicine services, treatment planning, follow-up care, clinic administration and website services.

Where lawful and practicable, you may contact us anonymously or using a pseudonym for a general enquiry. In most clinical situations, however, this is not practical because we need accurate identifying information to provide safe care, maintain clinical records, verify consent, arrange appointments, issue invoices, and meet legal or regulatory obligations.

2. What personal information and health information we collect

Depending on your interaction with us, we may collect and hold information such as:

If relevant to your care, we may also collect Medicare details, referral information, private health fund information, imaging or pathology results, and information provided by a parent, guardian, carer, support person or other authorised representative.

3. How we collect information

We may collect information directly from you when you:

• make an enquiry by phone, email, social media, online form or in person
• book, attend or cancel an appointment
• complete registration, consent, history or treatment forms
• send us photographs, messages or other documents
• make a payment or request a receipt
• visit our website or interact with our advertisements, cookies or tracking technologies.

We may also collect information from third parties where reasonably necessary and permitted by law, including from your referring practitioner, another treating practitioner, pathology or imaging providers, family members or authorised representatives, insurers, payment providers, or publicly available sources where relevant to your enquiry or care.

4. Why we collect, hold, use and disclose information

We collect, hold, use and disclose personal information and health information for purposes including:

• assessing enquiries and arranging appointments
• providing medical and cosmetic medicine consultations, treatment planning and follow-up care
• maintaining accurate clinical records and documenting consent
• verifying identity and suitability for treatment
• communicating with you about appointments, treatment instructions, aftercare, recalls and clinical follow-up
• processing payments, deposits, invoices and refunds
• meeting legal, professional, accreditation, insurance, safety and regulatory obligations
• clinic administration, quality assurance, staff training, risk management and complaint handling
• improving our website, systems, service delivery and patient experience
• sending marketing or promotional communications where permitted by law and, where required, with your consent.

Where we use information for quality improvement, education or internal review, we will seek to use de-identified information where appropriate.

Where we wish to use identifiable patient photographs, videos, testimonials or case information for marketing or promotional purposes, we will seek a separate consent unless otherwise permitted by law.

5. Who we may disclose information to

Depending on the circumstances, we may disclose information to:

• our doctors, nurses, dermal or support staff, and authorised contractors who need the information to perform their duties
• other treating practitioners or health service providers involved in your care
• pathology, imaging, pharmacy, laboratory or referral providers where relevant
• payment processors, practice management software providers, appointment, messaging, transcription, IT, cloud hosting or cyber security providers
• professional advisers, insurers or auditors where reasonably necessary
• government bodies, courts, tribunals, regulators or law enforcement where required or authorised by law.

We do not sell personal information. We only disclose information where it is reasonably necessary for our functions and activities, with your consent where required, or where the disclosure is otherwise permitted or required by law.

6. Marketing, website forms, cookies and tracking technologies

Our website may use cookies, analytics tools and similar technologies to understand website traffic, improve performance, measure advertising effectiveness and support website functionality. These technologies may collect technical information such as your IP address, browser, device information and pages visited.

If we use online advertising or remarketing tools, we aim to do so in a way that is transparent and consistent with applicable privacy and marketing laws. You can usually control cookies through your browser settings and, where implemented, any cookie banner or consent tool on our website.

We may send service-related communications such as booking confirmations, appointment reminders, treatment preparation or aftercare instructions without treating these as promotional messages. Promotional emails, SMS or similar communications will only be sent where permitted by law, and you may opt out of marketing communications at any time using the unsubscribe method provided or by contacting us directly.

Overseas disclosure: some of our website, cloud, booking, payment, email, analytics or advertising providers may store or process information outside Australia.

7. Storage, security and retention

We take reasonable steps to protect the information we hold from misuse, interference, loss, unauthorised access, modification and disclosure. These steps may include staff confidentiality obligations, access controls, secure software systems, password protection, multi-factor authentication, secure disposal practices and other physical, technical and administrative safeguards.

We retain records for as long as reasonably required for clinical, administrative, legal and regulatory purposes. Retention periods may depend on the type of record and the laws or professional requirements that apply.

While no system can be guaranteed to be completely secure, we take privacy and data security seriously. If an eligible data breach occurs, we will respond in accordance with applicable law.

8. Access to and correction of your information

You may request access to the personal information or health information we hold about you, and you may ask us to correct information that is inaccurate, out of date, incomplete, irrelevant or misleading.

To protect your privacy, we may ask you to verify your identity and, where relevant, your authority to act on another person’s behalf. In some situations, access may be refused or limited where the law permits. If that happens, we will provide written reasons where required and explain the available next steps.

Requests for access or correction should be made in writing to our Privacy Contact using the details below.

9. Privacy complaints

If you have a privacy concern or complaint, please contact us first in writing and provide enough detail for us to investigate. We will review your concern and aim to respond within a reasonable time.

If you are not satisfied with our response, you may be able to lodge a complaint with the Office of the Australian Information Commissioner (OAIC), or pursue any other rights available to you under applicable privacy or health records laws.