The Medi Beauty (‘we’, ‘our’, ‘us’) are one of Australia’s leading cosmetic clinics, providing a range of cosmetic procedures.
We take your privacy very seriously, and are committed to ensuring any personal and health information which we collect and hold in the course of interacting with you and anyone is kept secure.
In addition to our professional, ethical and other obligations, we comply with the Commonwealth and Victorian privacy laws and associated legislation (collectively, the Privacy Law). This includes:
the Australian Privacy Principles (APPs), which form part of the Privacy Act 1988 (Cth);
the Victorian Health Privacy Principles (HPPs) which form part of the Health Records Act 2001 (Vic).
More information about the Privacy Law can be found at www.oaic.gov.au.
How and what types of personal information do we collect?
We only collect personal information where necessary and relevant so that we can provide our services to you. The nature of personal information held by us will vary depending on the nature of your interaction with us. Generally, the collection of your personal information will be necessary for us to provide a service to you and where applicable, other purposes that you would reasonably expect or to which you have consented.
The kinds of information we collect and hold may include:
Name and contact details including email address, phone number or other relevant information;
Identification proof if required;
Skills, qualifications, career history and employment if required;
Health information (including current and previous conditions, allergies, medical histories, referral to other health service providers, results and reports received from other health service providers, and other health information relevant to providing you with our services and treatments);
Financial details (including bank account, credit card or direct debt details) for billing purposes; and
We may collect personal information in a variety of ways including (but not limited to):
forms completed and provided to us in hard copy or electronically;
social media and mobile apps.
You may browse our website without telling us who you are or revealing any information that personally identifies you. We may also collect website and app statistics (which includes pages accessed and search terms used) but this information is not identifiable.
Sensitive and Health Information
When we provide our services and treatments, we may require you to provide us with sensitive (including health) information, including details of physical or mental health and wellbeing. This will always be done in compliance with the Privacy Law and with your express consent.
We will usually collect your personal information directly from you. Sometimes, we may need to collect information about you from a third party (including other health service providers) but will only do this if you have consented for us to collect personal information in this way.
When do we use or disclose your information?
We use and disclose your information only to fulfil the purpose for which it is collected – this will usually be to provide you with our services or treatments, or else in ways you would reasonably expect us to. If you do not provide some or all of the personal information requested, we may not be able to offer you our services or treatments.
In addition to the above, we may use or disclosure your information:
to the Medi Beauty staff, nurses, doctors and other staff directly involved with your treatments;
to our administrative staff for billing and other administrative tasks required to provide your treatments;
where required by law; and
to our insurers, lawyers or other advisors for the defence of a medical claim.
How do we store your information?
As stated above, we respect the confidentiality of your personal information and the privacy of individuals. To that end, we have in place steps to protect the personal information held from misuse, interference and loss, unauthorised access, modification or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records. Although we take all necessary steps to protect your personal information, we provide no warranty and cannot ensure the security of any information which you provide to us. Accordingly, any information which you provide to us is at your own risk.
We may disclose personal information to overseas recipients, for instance, when store personal information with ‘cloud’ service providers which may be situated outside Australia which may include the USA, UK, Singapore and other countries from time to time. However, we will not send personal information about an individual outside Australia without:
obtaining the consent of the individual (in some cases this consent will be implied); or
otherwise complying with the Privacy Law.
What happens if there is a breach?
As the internet is inherently insecure no matter how many protection measures we may take, should there be a data breach, we may notify you as soon as practicable in compliance with the law. In the case of what is known under the law as an ‘eligible data breach’, we may notify you of what has occurred, what personal information is involved, what the implications may be, what you can do, and what we will do in the specific circumstances.
How do you correct and accessing your information?
We take steps that are reasonable in the circumstances to ensure that your information that we collect, use or may disclose is accurate, current, complete and relevant. Under the Privacy Law, you have the right to obtain access to any personal information which we hold about you, and to advise of any inaccuracy, if it is out of date, incomplete, irrelevant or misleading. There are some exceptions to this right set out in the Privacy Law.
We will require you to verify your identity and specify what information you require. We may charge a fee to cover the cost of verifying you application and locating, retrieving, reviewing and copying any material requested. If we agree to correct the personal information, we will do it as soon as practicable and if there is a delay, we will advise you in writing. Please advise us of changes to your contact details.
If you would like further information about the way we manage the Personal Information we hold, or wish to complain that you believe we have breached the Australian Privacy Principles (APPs) , please contact our Privacy Officer at firstname.lastname@example.org or on 1300868000 and we will investigate any complaint. We will notify you of a decision in relation to your complaint as soon as practicable after it has been made.
You may also obtain further information regarding compliance with the Privacy Act from the Office of the Federal Privacy Commissioner’s website at www.privacy.gov.au.