Privacy Policy

Plumerian Aesthetics

Privacy Policy

Last updated: 18 May 2026

Plumerian Aesthetics is committed to protecting your personal information. This Privacy Policy explains what we collect, why we collect it, how we use and protect it, and what rights you have. It applies to personal information we collect through our website, in-clinic interactions, online booking system, and any communication you have with us.

1. Who we are

Plumerian Aesthetics is a registered cosmetic and skin treatment clinic with locations at 17C Chester Street, Oakleigh VIC 3166 and Shop 3, 544 Hampton Street, Hampton VIC 3188. Our treatments are provided by registered nurses operating under AHPRA registration NMW0002200192.

For the purposes of the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), Plumerian Aesthetics is the data controller of your personal information.

2. The information we collect

Identity and contact information

  • Full name
  • Date of birth
  • Email address
  • Phone number
  • Postal or residential address (when relevant)
  • Emergency contact (if you provide one)

Health and treatment information (“sensitive information”)

  • Medical history, current medications, allergies, and relevant clinical conditions
  • Skin and aesthetic concerns you wish to address
  • Treatment history with us, including products and dosages administered
  • Before-and-after photography (only with your separate written consent)
  • Consultation notes and clinical observations

Health information is treated as “sensitive information” under the Privacy Act and afforded the highest level of protection.

Financial information

  • Payment is processed by our third-party payment processors (such as Stripe, Square, or AfterPay/Zip for payment-plan options). We do not store full credit card numbers.
  • We retain transaction records and receipts for tax and accounting purposes.

Technical information

  • IP address, browser type, device information
  • Pages visited on our website, time spent, and referral source
  • Cookies and similar tracking technologies (see Section 10)

Marketing preferences

  • Whether you have consented to receive newsletters, SMS appointment reminders, or marketing communications
  • Your responses to surveys or feedback requests

3. How we collect information

We collect personal information in the following ways:

  • Directly from you — through our website forms (contact, booking, pricing access, client portal access, newsletter signup), at consultations, by phone, and in clinic intake forms.
  • Through our third-party platforms — our customer relationship management system (HighLevel), online booking system, and email marketing tools.
  • Automatically — when you use our website, we collect technical information through cookies and analytics tools.
  • From referrals — occasionally from another health practitioner with your authorisation.

4. Why we collect your information and how we use it

We collect and use your personal information to:

  • Provide our cosmetic and skin treatment services safely and effectively
  • Schedule and manage your appointments
  • Maintain clinical records as required by AHPRA and Australian medical record-keeping standards
  • Communicate with you about your treatment, aftercare, and follow-up
  • Process payments and manage accounts
  • Comply with legal and regulatory obligations (including TGA, AHPRA, and tax law)
  • Send you marketing communications, only when you have consented and only until you unsubscribe
  • Improve our services, website, and patient experience
  • Detect, prevent, and respond to fraud or security incidents

5. Who we share your information with

We treat your information confidentially. We only share it where necessary for the purposes above, with the following categories of recipients:

  • Our service providers — including our CRM provider (HighLevel / LeadConnector), our online booking platform, our email and SMS providers, our payment processors, our website hosting provider, and our IT support. These providers are bound to use your information only for the services they provide to us.
  • Health practitioners — other treating practitioners involved in your care, with your authorisation.
  • Pharmacies and suppliers — to obtain prescription medicines and treatment products on your behalf.
  • Our professional indemnity insurer — only in the event of a clinical incident or claim.
  • Regulators and authorities — the Therapeutic Goods Administration (TGA), the Australian Health Practitioner Regulation Agency (AHPRA), the Office of the Australian Information Commissioner (OAIC), the Australian Taxation Office, and other government bodies where required by law.

We do not sell your personal information to anyone, and we do not share it for third-party marketing.

6. International data transfers

Some of our service providers, including our CRM platform (HighLevel), store information on servers located outside Australia, including in the United States. Where this occurs, we take reasonable steps to ensure the recipient handles your information consistently with the Australian Privacy Principles, including by relying on the provider’s contractual privacy obligations.

7. Security of your information

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. These steps include:

  • HTTPS / TLS encryption on our website and online booking system
  • Access controls on our clinical and CRM systems — only authorised staff can access patient records
  • Secure physical storage of any paper records
  • Regular software updates and security monitoring on our website and systems
  • Mandatory training for our team on privacy and confidentiality

No system is 100% secure. If we ever become aware of an eligible data breach involving your personal information, we will notify you and the OAIC in accordance with the Notifiable Data Breaches scheme.

8. How long we keep your information

  • Clinical/health records — at least 7 years from the date of your last consultation or treatment, in accordance with Victorian Health Records Act requirements.
  • Financial records — at least 7 years, as required by the Australian Taxation Office.
  • Marketing data — until you unsubscribe or ask us to delete it.
  • Website analytics — typically retained for 14 months in aggregated form.

When the retention period has ended and no legal obligation requires us to keep the information, we will delete or de-identify it.

9. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Correct information that is inaccurate, incomplete, or out of date
  • Withdraw consent for marketing communications at any time (every email and SMS includes an unsubscribe option)
  • Request deletion of your information, subject to our legal obligation to retain certain clinical and financial records
  • Make a complaint if you believe we have mishandled your information

To exercise any of these rights, contact us using the details in Section 12. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au.

10. Cookies and website tracking

Our website uses cookies and similar technologies to improve your experience and understand how the site is used. These include:

  • Essential cookies — required for the site to function (e.g. session, security)
  • Analytics cookies — Google Analytics, which helps us understand visitor behaviour in aggregate
  • Marketing cookies — for retargeting and measuring the performance of any advertising we run

You can control cookies through your browser settings, and you can opt out of Google Analytics tracking by installing the Google Analytics opt-out browser add-on.

11. Children’s privacy

Our services are intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us so we can delete it.

12. How to contact us

The Privacy Officer
Plumerian Aesthetics
17C Chester Street, Oakleigh VIC 3166
Email: info@plumerianaesthetics.com.au
Phone: 0427 916 263

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our service providers, or the law. The “Last updated” date at the top of this page indicates when it was most recently revised. We encourage you to review it periodically. If we make significant changes, we will notify you by email or by a prominent notice on our website.