Privacy Policy

1. Introduction

Dermaq Aesthetics Pty Ltd (ABN: 60 638 945 963) ("we", "us", "our", "Dermaq") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, store and protect your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our services, visiting our website (www.dermaq.co), or providing us with your personal information, you consent to the collection, use and disclosure of your information as described in this policy.

2. What Personal Information We Collect

2.1 General Information

We may collect the following types of personal information:

• Full name and title
• Contact details (address, phone number, email address)
• Date of birth
• Medicare number (where applicable for rebates)
• Private health insurance details (where applicable)
• Payment information (credit card details, billing address)
• Government identifiers (driver's licence for identity verification if required)
• Emergency contact details
• Photographs (before and after treatment images)
• Communication preferences

2.2 Sensitive Information

As a healthcare provider, we collect sensitive information including:

• Medical history and current health status
• Medications and allergies
• Treatment records and clinical notes
• Skin type and condition assessments
• Aesthetic concerns and treatment goals
• GP or referring practitioner details
• Any adverse reactions or complications

We only collect sensitive information with your explicit consent and for the primary purpose of providing safe and effective treatments.

2.3 Digital Information

When you visit our website, we automatically collect:

• IP address (anonymized)
• Browser type and version
• Device type and operating system
• Pages visited and time spent on site
• Referring website or search terms
• Location data (general geographic region)
• Interaction with our online advertisements

3. How We Collect Personal Information

We collect personal information through:

• Initial consultation forms and medical history questionnaires
• Online booking systems
• Phone and email enquiries
• Face-to-face consultations
• Our website contact forms
• Social media interactions
• Cookies and tracking technologies (see Section 9)
• Third-party referrals (with your consent)
• CCTV footage at our clinic locations (for security purposes)

4. Why We Collect and How We Use Your Information

4.1 Primary Purposes

We collect and use your personal information to:

• Provide safe and effective cosmetic medical treatments
• Assess your suitability for treatments
• Maintain accurate medical records
• Process payments and insurance claims
• Schedule and manage appointments
• Communicate treatment plans and aftercare instructions
• Contact you in case of urgent medical follow-up
• Meet our legal obligations as healthcare providers

4.2 Secondary Purposes

With your consent, we may also use your information to:

• Send appointment reminders via SMS or email
• Provide information about new treatments or promotions
• Conduct patient satisfaction surveys
• Improve our services and patient experience
• Internal training and quality assurance (de-identified)
• Marketing communications (with opt-out options)

4.3 Automated Processing

We may use automated tools and technologies to assist with:

• Processing and responding to enquiries
• Administrative and operational tasks
• Improving the quality and efficiency of our services
• Analysing de-identified data to enhance patient experience

Where automated processing is used, appropriate safeguards are in place to protect your personal information. Clinical decisions regarding your treatment are always made by qualified healthcare professionals.

5. Disclosure of Personal Information

We may disclose your personal information to:

5.1 Healthcare Related

• Your GP or referring medical practitioner (with your consent)
• Medical specialists if complications arise requiring referral
• Our medical indemnity insurers (if required for a claim)
• Registered nurses and clinical staff involved in your care

5.2 Business Operations

• Our appointment booking system providers
• Payment processors and financial institutions
• IT service providers and data storage providers
• Professional advisers (lawyers, accountants) when necessary
• Website analytics providers (Google Analytics - anonymized data only)
• Marketing and advertising platforms (Google Ads - anonymized data only)
• Automated processing and software tools used to assist with enquiry handling, administrative tasks, and service improvements

5.3 Legal Requirements

• Government agencies where required by law
• Law enforcement agencies if required
• Regulatory bodies (AHPRA, Health Complaints Commissioner)
• Courts or tribunals as required

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Quality and Security

6.1 Data Quality

We take reasonable steps to ensure your personal information is:

• Accurate, complete, and up-to-date
• Relevant for the purposes for which it is used
• Protected from misuse, interference, and loss
• Protected from unauthorised access, modification, or disclosure

6.2 Security Measures

We implement the following security measures:

• Secure SSL encryption on our website
• Password-protected electronic files
• Locked filing cabinets for physical records
• Restricted access to personal information (staff on need-to-know basis)
• Staff training on privacy and confidentiality
• Secure disposal of records after retention period
• Regular security audits and updates
• Two-factor authentication for clinical systems

7. Data Retention and Disposal

We retain your personal information as required by law:

• Medical records: Minimum 7 years from last treatment (adults)
• Medical records: Until age 25 for patients under 18
• Financial records: 7 years for tax purposes
• CCTV footage: 30 days unless required for an incident
• Marketing data: Until you opt-out or request deletion

After the retention period, we securely destroy or permanently de-identify your information.

8. Your Rights and Choices

8.1 Access and Correction

You have the right to:

• Request access to your personal information
• Request correction of inaccurate information
• Request a copy of your medical records
• Know who has accessed your information

To exercise these rights, please contact our Privacy Officer (details below). We will respond within 30 days. No fee is charged for access requests, but administrative fees may apply for copies.

8.2 Marketing Communications

You can opt-out of marketing communications at any time by:

• Clicking "unsubscribe" in our emails
• Replying STOP to SMS messages
• Contacting us directly
• Updating your preferences in our patient portal

Note: We will still send essential communications about your treatments and appointments.

8.3 Complaints

If you have privacy concerns, please contact us at privacy@dermaq.co or 1800 DERMAQ. If you're not satisfied with our response, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au or 1300 363 992.

9. Cookies and Online Tracking

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies to:

• Remember your preferences
• Improve website functionality
• Analyze website traffic
• Measure advertising effectiveness

9.2 Types of Cookies We Use

• Essential Cookies: Required for website operation
• Analytics Cookies: Google Analytics to understand site usage
• Advertising Cookies: Google Ads to measure campaign effectiveness
• Functional Cookies: Remember your preferences and settings

9.3 Third-Party Services

We use the following third-party services that may set cookies:

• Google Analytics (GA4): Website analytics and behavior tracking
• Google Ads: Conversion tracking and remarketing
• Google Tag Manager: Managing website tags
• Facebook Pixel: Social media advertising (if applicable)
• Online booking system cookies

9.4 Managing Cookies

You can control cookies through your browser settings:

• Block all cookies
• Delete existing cookies
• Set warnings before cookies are stored

Note: Disabling cookies may affect website functionality and your ability to book online.

For more information:

• Google Privacy Policy: https://policies.google.com/privacy
• Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout
• Facebook Privacy: https://www.facebook.com/privacy/explanation

10. Cross-Border Data Transfers

Some of our service providers may store data overseas, including:

• Cloud storage providers (data encrypted)
• Email service providers
• Analytics platforms

We ensure any overseas recipients comply with the APPs or equivalent privacy protections.

11. Special Provisions

11.1 Minors

For patients under 18:

• Parental/guardian consent required for treatment and data collection
• Parents/guardians have access rights to minor's information
• Mature minors may have additional privacy rights depending on circumstances

11.2 Photography

Clinical photography requires separate written consent. You may:

• Decline photography without affecting treatment
• Request deletion of photos at any time
• Specify restrictions on photo use

11.3 CCTV

Our clinics have CCTV for security. Cameras are positioned to:

• Monitor entrances and reception areas
• Protect staff and patient safety
• Not record in treatment rooms or private areas

12. Updates to This Policy

We may update this Privacy Policy periodically. Changes will be posted on our website with the updated date. Significant changes will be communicated via:

• Email notification
• Website banner
• Notice at reception

13. Contact Information

For privacy-related queries, complaints, or to exercise your rights:

14. Definitions

• Personal Information: Information that identifies or could identify you
• Sensitive Information: Information about health, race, religion, or other protected categories
• APPs: Australian Privacy Principles under the Privacy Act 1988 (Cth)
• Consent: Voluntary agreement to collection and use of your information
• De-identified: Information that cannot reasonably identify you

15. Acknowledgment

By providing your personal information and using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy.