Error: Contact form not found.

07 3189 4457 [email protected] GET IN CONTACT TODAY
 

Privacy Policy

BeautyFULL CMC Privacy Policy

Effective date: 12/08/2025
Operator: BeautyFULL CMC Pty Ltd t/a BeautyFULL Cosmetic Medical Clinic® (“BeautyFULL CMC”, “we”, “us”, “our”)
Website: https://beautyfullcmc.au
Contact: [email protected] | 1024 Logan Road, Holland Park West, QLD 4121

 

  1. Scope & who this policy applies to

This policy explains how we collect, use, disclose, store and protect personal information—including health information—about patients, prospective patients, site visitors and other individuals interacting with us in Australia. It applies to our clinics, Website, telehealth, online bookings, marketing and customer support. It reflects the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), with health-sector guidance from the OAIC.

  1. Key terms

  • Personal information: information about an identified or reasonably identifiable individual (e.g., name, contact details, IP address where it identifies you).
  • Sensitive information / Health information: includes information about your health, disabilities, treatment, prescriptions, photos taken for clinical documentation, and similar. This attracts additional protections.
  • Health service provider: we are a private-sector health service provider and must meet stricter requirements for health information.

  1. What we collect

We collect information needed to deliver safe, lawful, high-quality care and to run our business, including:

Identity & contact – name, date of birth, address, email, phone.
Clinical & health – medical history, medications, allergies, prior procedures, consultation notes, treatment plans, consent forms, adverse event notes, clinical photos/videos and aftercare notes.
Bookings & commerce – preferred clinic, appointment history, payments (via third-party processors), gift vouchers, package balances.
Communications – emails/SMS/phone notes, feedback, complaints, telehealth recordings where we notify you, and forms you complete.
Website/tech – device identifiers, IP, browser, usage logs, and cookies/pixels (analytics/ads). (See Section 9.)
In-clinic security – CCTV in public areas (sign-posted), incident reports.

Providing some information is optional, but if you withhold certain details we may be unable to provide some services (e.g., injectables without medical history).

  1. How we collect

  • Directly from you (online forms, consultations, emails/calls, telehealth, in-clinic paperwork).
  • Automatically when you use our Website (cookies, pixels, analytics—see Section 9).
  • From others with your consent or as permitted by law (e.g., treating practitioners, referral sources, emergency contacts).
  • From public sources where appropriate (e.g., verifying contact details).

  1. Why we collect (purposes)

  • To provide health services: triage, consult, treat, and follow up; maintain clinical records.
  • To manage bookings, payments, reminders, aftercare and support.
  • To improve quality and safety (audits, training, de-identified analytics).
  • To run our business and meet legal, regulatory and insurance obligations.
  • Marketing with consent (see Section 10)—e.g., service updates, offers, clinic news. For health information, we only use it for direct marketing if you specifically agree, and you can opt out anytime.

  1. Clinical consent, photos & telehealth

  • You’ll receive information about benefits, risks, alternatives and costs before consenting to any procedure.
  • Clinical photography forms part of your record. We use it for care and insurance/quality purposes. Separate, consent is required before we use any image in marketing/education materials; you can withdraw future use at any time (we can’t always retract items already printed/distributed).
  • Telehealth: remote care has limitations (e.g., connectivity). Where we record a telehealth consult, we’ll tell you first.

  1. Anonymity & pseudonymity

You may interact anonymously or use a pseudonym for general enquiries. For clinical services, we must identify you to provide safe care and meet legal obligations.

  1. Disclosures we make

We disclose personal information where necessary for the purposes above, including to:

  • treating clinicians engaged by us;
  • service providers (IT hosting, EHR/booking platforms, secure messaging/SMS, email, analytics/ads platforms, payment processors like Afterpay/Zip, document storage, insurers, legal/medical advisors);
  • regulators or insurers where required or authorised by law; and
  • anyone you authorise us to share with.

Overseas disclosures

Some providers may operate outside Australia. Before disclosing personal information overseas, we take reasonable steps (e.g., privacy due diligence and contractual safeguards) to ensure the recipient handles it consistently with the APPs. In many cases we remain accountable for overseas recipients under s 16C. You can contact us to ask about likely countries for your data.

  1. Cookies, pixels & analytics

We use cookies and similar tech (e.g., Meta/Google pixels) to operate the site, measure performance and deliver/measure advertising. You can control cookies in your browser and ad preferences; some features may not work without them. Where pixels collect personal information and send it to a third party (including overseas), we ensure disclosure complies with APP 6 and APP 8 (see Section 8).

  1. Direct marketing

We may contact you about services and offers we believe are relevant. You can opt out at any time via the unsubscribe link or by contacting us. We do not use your health information for direct marketing unless you have specifically consented; you may withdraw consent at any time.

  1. Security

We use administrative, technical and physical safeguards appropriate to the sensitivity of the information (e.g., access controls, MFA where supported, encryption in transit where applicable, secure areas for paper files, staff training, vendor contracts). We also require our providers to implement appropriate controls.

  1. Retention & destruction

We keep records only as long as needed for the purposes above and to comply with clinical, legal and insurance requirements. When no longer required, we securely destroy or de-identify records.

  1. Access & correction

You can request access to the personal information we hold about you and ask us to correct it if it’s inaccurate, out-of-date, incomplete, irrelevant or misleading. We may need to verify your identity and, if permitted by law, charge a reasonable retrieval fee. We’ll respond within a reasonable time and explain if we’re unable to grant access or make a correction.

  1. Data breaches

If an eligible data breach occurs (likely to result in serious harm), we will promptly assess, take steps to contain the incident, and notify affected individuals and the OAIC, consistent with the Notifiable Data Breaches scheme.

  1. Children & young people

For patients under 18, we collect information with appropriate parental/guardian involvement unless a mature minor exception applies. Certain procedures may only be available to adults under our clinical and legal obligations.

  1. Complaints

If you’re concerned about privacy, please contact us first (details below). We will investigate and respond. If you’re not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC) (oaic.gov.au | 1300 363 992 | GPO Box 5218 Sydney NSW 2001).

  1. Changes to this policy

We may update this policy to reflect changes in law or our practices. The latest version will be posted on our Website with the effective date. Continued use of our services after an update constitutes acceptance.

  1. Contact us

BeautyFULL Cosmetic Medical Clinic®
1024 Logan Road, Holland Park West, QLD 4121
E: [email protected]