Privacy Policy
1. DEFINITION
For the purposes of these Terms and Conditions:
“Act” | means the Privacy At 1998 (Cth), the Australian legislation that governs the collection, use, disclosure, and management of personal information by private sector organisations and government agencies. It includes the Australian Privacy Principles (APPs), which set out standards, rights, and obligations in relation to handling personal information. |
“APPs” | means the Australian Privacy Principles, a set of 13 principles contained in Schedule 1 of the Act, which regulate how organisations and agencies must collect, use, store, and disclose personal information. |
“Client”, “you” | refers to any individual who seeks cosmetic Treatments at CosLux and is voluntarily engaging in Treatments after being informed of the associated risks and benefits. |
“Client Information” | refers to all personal, medical, and Treatment-related data collected from the Client by CosLux. This includes, but is not limited to, identification details, medical history, Treatment preferences, consent documentation, Images, and any communications with the Clinic. |
“Coslux”, “Clinic”, “we”, “us”, and “our” | refer to CosLux Cosmetic Clinic. |
“Images” | refers to all forms of visual media collected during or related to the Client’s Treatment at CosLux, including but not limited to photographs, videos, digital recordings, and other visual representations. Images may be used for internal training, educational purposes, promotional materials, marketing, and personal record-keeping, with the Client’s consent. |
“Practitioner” | refers to a qualified healthcare professional authorised to perform Treatments at CosLux. This includes, but is not limited to, doctors, nurses, or other licensed professionals trained and certified in cosmetic treatments. |
“Pre-Treatment Pack” | refers to the suite of documents issued to Clients prior to Treatment, which includes the Client Information Booklet, Treatment Consent Form(s), Cooling-Off Period Waiver, Treatment Against Medical Advice Agreement (if applicable), and Photo & Marketing Consent Form. |
“Privacy Policy” | refers to this privacy notice published on the Website that outlines how CosLux collects, stores, uses, and discloses Client Information. It reflects CosLux’s commitment to complying with the Act, including the APPs and relevant amendments, such as emerging privacy protections around serious invasions of privacy, unauthorised disclosure (doxxing), and transparency requirements. |
“Treatment” | means any prescription-only aesthetic procedure provided by CosLux, including but not limited to anti-wrinkle injections, dermal fillers, skin boosters, and other non-surgical cosmetic treatments. |
“Website” | means the CosLux Cosmetic Clinic website, including all subdomains, online booking systems, content, and any other web-based services or digital interfaces operated or controlled by CosLux. |
2. INTRODUCTION
CosLux is committed to protecting the privacy and confidentiality of Client Information provided by our Clients.
This Privacy Policy outlines how we collect, use, disclose, and safeguard your Client Information in accordance with the Act and the APPs.
3. COLLECTION OF CLIENT INFORMATION
CosLux collects Client Information that is necessary for us to provide our services effectively and to ensure the safety and efficacy of treatments. All Client Information is collected in accordance with the Act and the APPs.
We collect Client Information directly from you when you interact with us, such as when you:
- Book an appointment or consultation.
- Complete our Pre-Treatment Pack or consent forms.
- Communicate with us via phone, email, or through our Website.
- Participate in promotional activities or surveys.
The types of Client Information we may collect include:
- Identification details: Your full name, date of birth, and contact information (such as address, email, and phone number).
- Medical information: Health history, current medications, allergies, treatment preferences, and any other information relevant to your care.
- Images: Photographs or videos taken before, during, or after treatments for clinical assessment and treatment planning.
- Payment information: Billing details, transaction history, and payment methods used.
- Digital interactions: Information collected when you use our Website, such as IP addresses, browser type, device information, pages visited, and cookies.
Some services offered by CosLux, such as online bookings or payments, may be provided via trusted third-party platforms. Where this is the case, your Client Information may be collected or processed directly by those third parties in accordance with their own privacy policies. We recommend reviewing their privacy terms before submitting any personal data.
Providing your Client Information is voluntary; however, if you choose not to provide certain information, we may be unable to offer you some of our services.
4. USE OF CLIENT INFORMATION
- Service delivery: To provide you with our services, including scheduling appointments, conducting consultations, and delivering Treatments.
- Communication: To communicate with you regarding appointments, Treatment plans, and follow-up care.
- Medical records maintenance: To maintain accurate and up-to-date medical records in compliance with legal and regulatory requirements.
- Regulatory compliance: To comply with our legal obligations, including those under the Act and other applicable laws and regulations.
- Service improvement: To analyse feedback and usage data to improve our services, develop new offerings, and enhance client satisfaction.
- Marketing and promotions: With your consent, to inform you about promotions, special offers, and new services that may be of interest to you.
- Security and fraud prevention: To protect against fraud, unauthorised transactions, and other illegal activities.
5. LEGAL COMPLIANCE AND EMERGING PRIVACY PROTECTIONS
5.1. Commitment to Privacy Protection
CosLux is committed to upholding the highest standards of Client privacy and transparency. In accordance with the Privacy and Other Legislation Amendment Act 2024, we recognise the right of individuals to seek legal recourse for serious invasions of privacy.
CosLux implements strict safeguards to prevent misuse of Client Information and supports the responsible and ethical handling of all personal data.
5.2. Doxxing and Unauthorised Disclosure
CosLux does not tolerate any unauthorised disclosure of Client Information.
We take active steps to prevent any misuse or publication of personal details that may expose Clients to harm, harassment, or intimidation. Any such conduct will be treated seriously and may be reported to the relevant authorities in accordance with the law.
5.3. Automated Decision-Making
CosLux does not currently use automated systems to make decisions about Client eligibility, Treatment planning, or access to services. All clinical and administrative decisions are made by qualified staff. If this changes in future, we will update this Privacy Policy and clearly notify affected Clients.
5.4. Children’s Privacy
CosLux services are not intended for individuals under the age of 18. We do not knowingly collect, store, or use personal information from children. If we become aware that personal information has been collected from a minor without parental or guardian consent, we will take immediate steps to delete such data and notify the relevant parties as required.
6. DISCLOSURE OF CLIENT INFORMATION
At CosLux, we are committed to maintaining the confidentiality of your Client Information. We only disclose your Client Information when it is necessary for the provision of our services, compliance with legal obligations, or with your explicit consent. The entities to whom we may disclose your Client Information include:
- Practitioners: Medical practitioners and allied health professionals involved in your Treatment, to ensure coordinated and effective care.
- Third-Party service providers: External service providers who assist us in delivering our services, such as IT support, payment processors, marketing agencies, and data analytics firms. We ensure that these providers are contractually obligated to protect your information and use it solely for the purposes we specify.
- Regulatory and legal authorities: Government agencies, regulatory bodies, or law enforcement authorities when required or authorised by law, including compliance with health regulations and reporting obligations.
- Business partners: In the event of a merger, acquisition, or business restructuring, your Client Information may be transferred to the relevant third party, subject to confidentiality agreements.
- Others with your consent: Any other third parties for whom you have provided explicit consent for disclosure.
We take reasonable steps to ensure that any third parties to whom we disclose your Client Information are bound by confidentiality and privacy obligations consistent with this Privacy Policy and applicable laws.
Please note that some of our third-party service providers may be located outside of Australia. In such cases, we take appropriate measures to ensure that your Client Information is handled in a manner that complies with the APPs.
7. STORAGE AND SECURITY
At CosLux, we prioritise the security and confidentiality of your Client Information. We implement a comprehensive range of technical and organisational measures to protect your data from unauthorised access, alteration, disclosure, or destruction.
7.1. Technical safeguards
- Secure data storage: Client Information is stored on secure servers with robust firewalls and intrusion detection systems to prevent unauthorised access.
- Encryption: We employ industry-standard encryption protocols to protect data during transmission and storage, ensuring that your information remains confidential.
- Access controls: Access to Client Information is restricted to authorised personnel who require it to perform their job functions. We utilise role-based access controls and regularly review permissions to maintain strict confidentiality.
- Regular security audits: We conduct periodic security assessments and audits to identify and address potential vulnerabilities in our systems.
7.2. Organisational measures
- Staff training: All staff members receive regular training on data privacy and security practices to ensure they understand their responsibilities in protecting Client Information.
- Data retention policies: We retain Client Information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
- Incident response plan: In the unlikely event of a data breach, we have a comprehensive incident response plan in place to promptly address and mitigate any potential harm.
While we strive to protect your Client Information, it’s important to note that no method of electronic transmission or storage is completely secure. Therefore, we cannot guarantee absolute security. We encourage you to take precautions when sharing sensitive information and to contact us directly for any concerns regarding your data security.
8. ACCESS AND CORRECTION
At CosLux, we are committed to maintaining the accuracy and integrity of your Client Information. In accordance with the Act, you have the right to access and request correction of the Client Information we hold about you.
8.1. Accessing your Client Information
You may request access to your Client Information held by CosLux at any time. To do so, please contact us using the contact details provided below (see ‘Contacting Us’ below). We will respond to your request within a reasonable timeframe, typically within 30 days.
In certain circumstances, we may refuse access to your Client Information, such as when:
- Providing access would pose a serious threat to the life, health, or safety of any individual or to public health or safety.
- The request is frivolous or vexatious.
- Providing access would have an unreasonable impact on the privacy of others.
- The information relates to existing or anticipated legal proceedings between you and CosLux, and would not be accessible by the process of discovery in those proceedings.
- Providing access would be unlawful.
If we deny your request for access, we will provide you with written reasons for the refusal and information on how you can complain about the decision.
8.2. Correcting your Client Information
If you believe that any Client Information we hold about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you may request correction of that information. We will take reasonable steps to correct the information to ensure that it is accurate, up-to-date, complete, relevant, and not misleading.
If we refuse to correct your Client Information as requested, we will provide you with written reasons for the refusal and information on how you can complain about the decision.
To request access to or correction of your Client Information, please contact us using the contact details provided below (see ‘Contacting Us’ below). We may require you to verify your identity before processing your request to ensure the security of your Client Information.
9. COOKIES AND TRACKING TECHNOLOGIES
Our Website uses cookies and similar tracking technologies to enhance your browsing experience, analyse Website traffic, and personalise content and advertisements. These technologies help us understand how visitors interact with our Website, enabling us to improve functionality and provide a more tailored experience.
9.1. What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They allow the website to recognise your device and remember your preferences or actions over time.
9.2. Types of Cookies we use
- Essential Cookies: These are necessary for the Website to function properly and enable core functionalities such as security, network management, and accessibility.
- Performance and Analytics Cookies: These cookies collect information about how you use our Website, such as which pages you visit most often. This data helps us improve Website performance and user experience.
- Functionality Cookies: These cookies allow our Website to remember choices you make, such as your username, language, or region, to provide enhanced and personalised features.
- Advertising and Targeting Cookies: These cookies are used to deliver advertisements more relevant to you and your interests. They also help limit the number of times you see an ad and measure the effectiveness of advertising campaigns.
9.3. Third-Party Tracking Technologies
We may also use third-party services, such as Google Analytics, to collect and analyse information about your use of our Website. These third parties may use cookies, web beacons, and other tracking technologies to collect information about your online activities over time and across different websites. We do not control these third-party tracking technologies or how they may be used.
9.4. Managing Cookies
You have the option to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. Please note that disabling cookies may affect the functionality of our Website and your user experience.
9.5. Consent
By continuing to use our Website, you consent to our use of cookies and similar tracking technologies as described in this Privacy Policy. If you do not agree to the use of these technologies, please adjust your browser settings accordingly or refrain from using our Website.
10. DIRECT MARKETING
At CosLux, we may use your Client Information to inform you about our services, promotions, and other offerings that may be of interest to you. This includes sending you communications via email, SMS, phone calls, or postal mail.
10.1. Consent and preferences
We will only send you direct marketing communications with your consent. You can provide your consent by subscribing to our mailing list, opting in during the consultation process, or through other means provided by us.
You have the right to withdraw your consent at any time. To opt-out of receiving marketing communications, you can:
- Click the “unsubscribe” link in our emails.
- Reply “STOP” to our SMS messages.
- Contact us using the details provided below (see ‘Contacting Us’ below).
Please note that even if you opt-out of marketing communications, we may still contact you for administrative purposes, such as appointment reminders or important updates about our services.
10.2. Third-Party Marketing
We do not share your Client Information with third parties for their direct marketing purposes without your explicit consent. If we ever intend to do so, we will seek your permission beforehand.
You can opt-out at any time by contacting us or using the unsubscribe link in our communications.
10.3. Updating your preferences
You can update your marketing preferences at any time by contacting us using the contact details provided below (see ‘Contacting Us’ below).
11. COMPLAINTS
At CosLux, we are committed to safeguarding your Client Information and upholding your privacy rights in accordance with Act and the APPs. If you have concerns about how we handle your Client Information, we encourage you to raise them with us so we can address the matter promptly and fairly.
11.1. How to make a complaint
If you believe we have breached your privacy rights or mishandled your Client Information, please contact us using the contact details provided below (see ‘Contacting Us’ below).
We will acknowledge your complaint within 7 business days and aim to respond within 15 business days. If additional time is needed to investigate the issue, we will notify you.
11.2. Escalating your complaint
If you are dissatisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) or the Office of the Health Ombudsman (Queensland), depending on the nature of your concern.
- Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992
Mail: GPO Box 5218, Sydney NSW 2001
- Office of the Health Ombudsman (Queensland)
Website: www.oho.qld.gov.au
Phone: 133 646
Mail: PO Box 13281, George Street, Brisbane QLD 4003
These agencies can provide guidance and, where appropriate, conduct independent investigations into privacy or health service-related complaints.
12. CHANGES TO THIS POLICY
CosLux is committed to maintaining the highest standards of privacy and data protection. To ensure our practices remain current and compliant with legal obligations, we may update this Privacy Policy periodically. Any changes will be effective upon posting the revised policy on our Website.
We encourage you to review this Privacy Policy regularly to stay informed about how we protect your Client Information. Your continued use of our services and Website constitutes your acceptance of any changes to this Privacy Policy.
If we make significant changes to the way we handle your Client Information, we will notify you through appropriate channels, such as email or prominent notices on our Website.
13. CONTACTING US
If you have any questions, requests, or complaints regarding this Privacy Policy or the handling of your Client Information, you may contact us at the details below:
CosLux Cosmetic Clinic
Address: Studio 2, 130 Commercial Rd, Teneriffe, QLD 4005
Email: [email protected]
Phone: 0499 447 558