We use cookies to improve your experience. Essential cookies keep the site working; optional ones help us improve.

Contact us
15% First Visit Discount
PromotionsBook NowShop

Privacy Policy

Privacy policy overview

Effective April 19, 2026

Platinum Cosmetic Skin Clinic Pty. Ltd. (trading as Platinum Cosmetic Skin Clinic, ABN 91 692 929 730) respects your privacy and is committed to protecting your personal and health information.

This policy explains what information we collect, how we use it, who we share it with, and how you can access or correct it. It is written to align with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and includes the additional disclosures we are required to make about our use of third-party platforms and tools to deliver our services.

Who We Are

In this policy, "we", "us", and "our" refer to Platinum Cosmetic Skin Clinic (PCSC).

  • Hawker Clinic. 72 Hawker Pl, Hawker ACT 2614, Australia

Contact for privacy matters:

Email: privacy@platinumcostmeicskinclinic.com.au

Phone: 0424 833 790

The Information We Collect

We collect several categories of information about you. Some of it is required for us to deliver our service safely. Some of it is optional.

Personal information (required for booking and service delivery)
  • Name, date of birth, gender (where relevant)
  • Email address, phone number, postal address
  • Emergency contact details
  • Payment information
Health information (required for safe service delivery)
  • Medical history, current medications, allergies
  • Relevant lifestyle information (for example, pregnancy status, smoking, sun exposure)
  • Previous cosmetic or aesthetic treatments, where applicable
  • Skin type and areas of concern, where applicable
  • Practitioner notes about your service and progress
  • Photographs taken for clinical planning and progress review, where applicable (see Section 6)
How you interact with us
  • Appointment history and service records
  • Communication records (emails, SMS, calls)
  • Preferences and feedback you share
Information collected through our website
  • IP address (stored temporarily for abuse protection and when you submit a contact form)
  • Approximate location (typically resolved from IP address, to help you find your nearest clinic)
  • Website usage data (pages visited, interaction patterns, session behaviour) collected via analytics tools described in Section 11
  • Device and browser information (type, operating system, screen size)

We collect this information directly from you at the time you book, complete intake paperwork, or during your consultation and service.

You have the right to refuse to provide information, but this may affect our ability to serve you safely or deliver certain services at all.

Why We Collect It

We collect your information to:

  • Book, confirm, and deliver your appointments
  • Assess your suitability for the services you request
  • Deliver services safely and in line with our professional obligations
  • Maintain accurate records, where this is a legal requirement
  • Process payment
  • Contact you about your appointments, follow-ups, and aftercare
  • Respond to your questions and complaints
  • Comply with our legal and regulatory obligations

Health Information and Consent

Under the Privacy Act 1988, health information is sensitive information that attracts stricter handling rules.

  • We collect health information only with your consent. You provide this consent when you complete our intake paperwork and consent forms.
  • We use health information only for the purposes you have consented to. Typically, this means the delivery of your service, your records, and your ongoing care.
  • We will not use health information for any other purpose (such as marketing) without your additional, specific consent.
  • You can withdraw consent for future use at any time by emailing [Privacy email to be confirmed]. Withdrawal of consent does not affect records we are legally required to retain.

Who We Share Your Information With

We share your information only where necessary and only with the parties listed below.

Third-party service providers we use

Timely. Our booking and practice management platform. Timely holds your appointment history, contact details, and treatment notes. Timely is based in New Zealand and may store data on servers outside Australia, including in New Zealand and potentially other countries where its providers operate. Timely's privacy policy is available at https://www.gettimely.com/privacy-policy/.

Other disclosures
  • Healthcare practitioners. Where your service requires it, or if you request it, we may share relevant health information with your GP or another healthcare provider. We will discuss any such sharing with you first.
  • Legal obligations. We may be required to disclose information to regulatory bodies or to courts under legal process.
  • In an emergency. Where there is a serious threat to your life or health, or the life or health of another person, and we are unable to obtain your consent.

We do not sell your information to third parties. We do not share your information with marketing partners unless you have given us specific consent to do so.

Treatment Photographs

When we take photos
  • Photos are taken only with your written consent
  • Consent is obtained as a separate item on your intake form, not bundled with general treatment consent
  • You can decline to have photos taken without affecting your treatment in any other way
Why we take photos
  • Clinical planning and progress tracking. Photos form part of your clinical record and help your practitioner plan treatment, assess progress, and adjust your plan over time. This use is included in your standard treatment consent.
  • Marketing and education (optional, separately consented). With your separate and specific consent, we may use photos for marketing (for example, social media, website, or printed materials) or for practitioner education. This consent is optional and can be given or withheld independently of your treatment consent.
How we store photos
  • Photos are stored in your client record in our practice management system (Timely)
  • Photos are retained for the same period as your clinical records (see Section 8)
  • Access to photos is restricted to practitioners involved in your care
Withdrawing consent
  • You may withdraw consent for future marketing use at any time by contacting us. We will stop using the images in new marketing materials from the date we receive your request.
  • Images already used in published materials (for example, printed brochures, social media posts that have been live) may not be retrievable. We will do our best to remove content from platforms we control.
  • Clinical records, including photos forming part of those records, cannot be deleted on request where we are legally required to retain them. We can, however, separate them from any marketing use.

How Long We Keep Your Information

We keep your personal and health information for as long as it is needed for the purposes it was collected, and for as long as we are legally required to retain it.

  • Client clinical records (including health information and photos): retained for a minimum of 7 years from the date of your last service, consistent with Australian medical-record retention standards. Records for minors are typically retained until 7 years after the person turns 18.
  • Booking and contact information: retained for the same period, as it forms part of your client record.
  • Payment information: retained only as long as needed to process payment and meet our financial record-keeping obligations.

After the applicable retention period, we securely destroy or de-identify records.

Accessing and Correcting Your Information

You have the right to:

  • Ask what information we hold about you
  • Ask for a copy of your information
  • Ask us to correct information you believe is inaccurate or out of date

To make a request, contact us at [Privacy email to be confirmed].

We will respond within a reasonable time (typically within 30 days). We do not charge a fee for reasonable access requests. In limited circumstances, we may be unable to provide access (for example, where doing so would breach another person's privacy or is otherwise restricted by law). Where this happens, we will explain why in writing.

Marketing Communications

Where you have given us your email address or phone number, we may contact you with information about our services, promotions, or updates from time to time.

  • You can opt out at any time by clicking the unsubscribe link in any email, replying STOP to an SMS, or contacting us directly.
  • We will not send you marketing communications without your consent, except for direct communications necessary for your service (appointment reminders, aftercare instructions, follow-up).
  • We will not share your contact details with third parties for their marketing purposes.

Children and Young People

All our services are provided to adults aged 18 and over only. We do not provide cosmetic treatments, skin treatments, body treatments, or any other service to people under the age of 18.

Where a parent or guardian would like information about services for their own treatment, that information is handled in the usual way described in this policy. Our policies do not address minors, because they are not our clients.

Data Security

We take reasonable steps to protect your information from misuse, loss, unauthorised access, modification, or disclosure. These steps include:

  • Secure storage of physical and electronic records
  • Password-protected access to our business management systems with role-based access controls
  • Encrypted connections (HTTPS / TLS) for data we send to and receive from our website
  • Encryption at rest for the customer data held by our platform provider
  • Staff training on privacy and confidentiality
  • Regular review of our data handling practices and the data handling practices of the providers we depend on

No system is perfectly secure. If a data breach affecting your information occurs and we assess it is likely to result in serious harm to you, we will follow the Notifiable Data Breaches Scheme under Part IIIC of the Privacy Act 1988 (Cth) — notifying you and the Office of the Australian Information Commissioner where the threshold is met, and taking steps to contain and remediate the breach.

How We Communicate With You

We may contact you by email, SMS, or WhatsApp where you have given us your details and consented to receive those communications, or where the message is a transactional one you would reasonably expect (for example, a booking confirmation or an order receipt). You can stop receiving marketing communications at any time:

  • Email. Use the unsubscribe link at the bottom of any marketing email we send.
  • SMS. Reply STOP to any marketing SMS you receive from us. We will record your opt-out and stop sending marketing SMS to that number.
  • WhatsApp. Block our business number from your WhatsApp app, or reply asking us to remove you, and we will stop sending you WhatsApp messages.

Transactional messages (booking confirmations, order receipts, appointment reminders for services you have engaged us to provide) continue regardless of your marketing preferences because they are necessary to deliver the service you have engaged us for. If you no longer want to receive those, please tell us so we can pause the underlying service.

Our Use of the Hixel Platform

Our website, booking system, online storefront, and customer messaging are delivered using the Hixel platform, operated by Hexonova Pty. Ltd. trading as Hixel. Hixel acts as our data processor for the information you submit through our site and the messages we exchange with you through our channels — Hixel handles that information on our instructions and under a written agreement.

For more detail about how Hixel processes that information on our behalf — including where it is stored, the sub-processors Hixel uses, and Hixel's commitments around AI-assisted features (next section) — see Hixel's privacy policy. Nothing in Hixel's policy overrides our obligations to you under this policy or the Privacy Act.

AI-Assisted Tools

We use AI-assisted features built into the Hixel platform to help us work faster — for example, to draft email or SMS templates, suggest content, qualify enquiries, and pre-flight outbound messages for compliance with carrier rules before we send them. These features are powered by a third-party large-language-model provider (currently Microsoft Azure AI Foundry, also known as Azure OpenAI Service) and are operated by Hixel on our behalf.

We only include the information that is needed for the AI tool to do its job. The AI provider's commercial terms commit that the inputs we send are not stored beyond the immediate request and are not used to train AI models. Some of the AI processing happens in Microsoft data centres outside Australia under the provider's Global Standard service tier — this cross-border disclosure is made for the purposes of Australian Privacy Principle 8. AI output is reviewed by a human (us) before it is sent to you, used, or relied on.

Cookies and Our Website

Our website uses cookies, scripts, and similar technologies to help it function, to understand how it is used, and to keep it safe. The specific tools enabled on our site depend on the choices we have made — open the cookie consent control on any page of our site to see which categories are active and to change your preferences. The categories of tool we may enable are listed below.

Analytics and behaviour tools (when enabled)

  • Google Analytics. A web analytics service provided by Google LLC. Helps us understand how visitors use our website (for example, which pages are most popular and how people navigate between them). It uses cookies and may collect information including pages visited, time on site, referring URL, and anonymised usage patterns. Google Analytics data is processed in accordance with Google's privacy policy at policies.google.com/privacy.
  • Meta Pixel (Facebook Pixel). An advertising and analytics tool provided by Meta Platforms, Inc. Helps us measure the effectiveness of our advertising and understand the actions visitors take on our site. May collect information about your device, browser, IP address, and the pages you view. This information may be shared with Meta and used for advertising personalisation on Facebook and Instagram. Meta's privacy policy is available at facebook.com/privacy/policy.
  • Microsoft Clarity. A user-behaviour analytics service provided by Microsoft Corporation. Records session replays and heatmaps to help us understand how visitors interact with our website. Sensitive form fields (for example, payment details) are masked by default. Microsoft's privacy policy is available at privacy.microsoft.com/privacystatement.

Technical information we collect

  • IP addresses. We store visitor IP addresses temporarily to protect the website from abuse (for example, to rate-limit requests and to protect against denial-of-service attacks). We also store IP addresses associated with contact form submissions so that we can investigate if a form is misused. IP addresses are retained only for the period necessary for these security purposes.
  • Approximate location. Our website may resolve your approximate location (typically from your IP address) to offer location-relevant information, such as directing you to your nearest location. This does not track your precise GPS location unless you explicitly grant that permission in your browser.

Third-party tools and cross-border disclosure

Where the analytics or pixel tools above are enabled on our site, they are operated by Google, Meta, or Microsoft. These providers are based outside Australia, and some of the data collected through these tools may be processed on servers in the United States and other countries. Where any of these tools is active on our site, by using our site you acknowledge that your interaction data may be transferred to and processed in those jurisdictions.

Managing cookies

Most web browsers allow you to control cookies through your browser settings, including blocking or deleting cookies. You can also adjust the categories of non-essential tool you allow through the cookie consent control on every page of our site. Note that blocking cookies may affect some functionality on our website.

Complaints

If you believe we have mishandled your personal information, please contact us first at privacy@platinumcostmeicskinclinic.com.au. We take complaints seriously and will respond within 30 days.

If you are not satisfied with our response, you can make a complaint to the Office of the Australian Information Commissioner (OAIC):

  • Website: oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5288, Sydney NSW 2001

Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal obligations. The updated policy will be published on our website with the "last reviewed" date shown below.

For significant changes, we will notify existing clients by email where appropriate.

This policy was last reviewed on May 28, 2026.

© 2026 Platinum Cosmetic Skin Clinic
TermsPrivacy policyHixel