Privacy Policy

Privacy Policy

Effective date: 23 April 2026 (Last reviewed: 23 April 2026)

Introduction

Dr J Clinics ("we", "us", "our") is committed to protecting your privacy. We handle personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what we collect, how we use it, who we share it with, and your rights.

By providing your personal information to us, or by continuing to use our services or website, you consent to us collecting, holding, using, retaining and disclosing your personal information in the ways described below.

Who to contact about this policy

For any enquiries about this policy or how we handle your personal information, please contact us at:

  • Email: info@drjclinics.com.au

  • Postal: Dr J Clinics, Level 1, Kiaora Place, 451 New South Head Road, Double Bay NSW 2028

  • Phone: 0452 108 308

What we collect

We only collect information reasonably necessary to provide cosmetic and aesthetic services (and other treatments) and to run our clinic. This may include:

  • Identification and contact details (name, date of birth, address, email, phone) when you enquire or complete website or intake forms.

  • Booking details (appointment time, service, preferences) when you book online via Acuity Scheduling.

  • Marketing details (name, email) if you subscribe to our newsletter via Squarespace.

  • Payment details when purchasing services or gift cards online. Payments are processed by Stripe; we do not store full card numbers.

  • Health information (medical history, medicines, allergies and adverse reactions, prior treatments, social and family history, relevant risk factors, and treatment notes) provided via intake forms and during consultations so we can deliver safe, appropriate care.

  • Medicare, DVA or private health fund details where relevant for identification or claiming.

  • Clinical images (before/after and treatment-area photos) taken during consultations and treatments, where clinically relevant.

  • Website usage data collected via cookies and similar technologies (see "Cookies and tracking" below).

If you choose not to provide certain information, we may be unable to deliver requested services or ensure treatment safety.

Can you deal with us anonymously?

You can deal with us anonymously or under a pseudonym where it is lawful and practicable – for example, when making a general enquiry. However, for the provision of clinical treatment, identity verification, payments, Medicare/health fund claiming, and safe follow-up care, we are required to deal with you as an identified individual.

Sensitive health information

We may collect sensitive health information to assess treatment suitability and provide safe care. We do not collect this without your consent unless permitted by law (e.g. an emergency). Health information is used only for your care, stored securely, and accessed only by authorised personnel involved in your treatment.

How personal information is collected

We may collect your personal information in several ways:

  • Directly from you when you enquire, register as a patient, complete an intake or consent form, attend a consultation, or contact us by phone, email, SMS, online booking, or social media.

  • From a parent, guardian or responsible person where appropriate.

  • From other healthcare providers involved in your care, such as your GP, specialists, allied health professionals, hospitals, or pathology and imaging services, where relevant to your treatment.

  • From your health fund, Medicare, or the Department of Veterans' Affairs, where relevant.

We will always comply with our privacy obligations when collecting personal information from third-party sources. This includes ensuring transparency with patients, obtaining any necessary consents, maintaining data accuracy, securing the information, and using it only for the purposes for which it was collected.

Clinical photographs and images

Clinical photographs are an important part of cosmetic and aesthetic care. With your consent, we may take and store photographs or medical images of treatment areas to:

  • assess suitability for treatment,

  • plan and document your treatment,

  • track outcomes and side effects over time, and

  • support safe, consistent follow-up care.

Where a clinician uses a personal device to capture a clinical image, this is done in line with RACGP guidance on Using personal mobile devices for clinical photos – images are transferred into your secure clinical record as soon as practicable and removed from the personal device. Clinical images are only used for marketing, teaching or publication with your separate, specific written consent, and you may withdraw that consent for future use at any time.

How we use personal information

  • Provide services and care: schedule and conduct appointments, assess treatment suitability, deliver treatments, and maintain clinical records.

  • Communicate with you: confirmations, reminders, follow-ups, and responses to enquiries.

  • Process payments: complete transactions for services and gift cards via Stripe.

  • Marketing (with consent): we will not use your personal information to market goods or services directly to you without your express consent. If you opt in, you can opt out of direct marketing at any time using the unsubscribe link or by contacting us.

  • Quality, safety and training: internal audits, accreditation, clinical governance, staff training and practice improvement.

  • Research and service improvement: where appropriate, we may use de-identified information to help improve our services and treatment outcomes (see "De-identified data" below).

  • Legal and safety obligations: comply with laws, respond to lawful requests, and address fraud, security, or health/safety risks.

Disclosure of personal information

We do not sell your personal information. We share it only as needed to deliver our services or meet legal obligations, including with:

  • Acuity Scheduling (Squarespace) to manage online bookings.

  • Squarespace to host the website, manage web forms, and send newsletters.

  • Stripe to securely process payments.

  • IT, cloud hosting, clinical software and professional service providers (e.g. accountants, accreditation agencies) who are bound by confidentiality and privacy obligations.

  • Other healthcare providers (with your consent) for referrals or coordinated care, including via referral letters.

  • Authorities, regulators or courts where required or authorised by law (for example, mandatory notifications, subpoenas).

  • Any person or body where it is necessary to lessen or prevent a serious threat to your life, health or safety, or to public health or safety, and it is impracticable to obtain your consent.

Only people who need to access your personal information in order to carry out these functions are able to do so. Other than as described in this policy, we will not share your personal information with any third party without your consent.

Some providers may process data overseas (e.g. the United States). We take reasonable steps to ensure overseas recipients protect your information in a manner consistent with the APPs.

Document automation

We use secure clinical and practice-management software to generate documents such as referrals, scripts, treatment plans and letters to other healthcare providers. These documents contain only the information that is relevant to your care. All users of this software have unique credentials, and access is limited to what is necessary for each team member's role.

Use of AI scribes

[Include this section only if an AI scribe is used at the clinic. Otherwise delete.] We may use an AI scribe tool ([insert product name]) to help your clinician take notes during your consultation. The tool uses an audio recording of the consultation to generate a clinical note that is reviewed by your clinician before being saved to your record.

For our AI scribe service:

  • Data location: [does / does not] share information outside of Australia.

  • Audio handling: the audio file is [destroyed / retained] once the transcription is complete.

  • Identifying information: the service [removes / retains] sensitive, personally identifying information as part of the transcription.

We only use data from the AI scribe service to provide healthcare to you. You can ask your clinician to turn the AI scribe off at any time before or during your consultation; this will not affect the care you receive.

De-identified data and quality improvement

We may use de-identified information (information from which you cannot be reasonably identified) for internal quality improvement, auditing, training, and – in limited cases – to contribute to research or population-health initiatives that aim to improve care. De-identified data is not "personal information" under the Privacy Act and may be used without specific consent; however, you can let us know if you would prefer your de-identified information not be included and we will take reasonable steps to exclude it.

Where an external research project would require access to identifiable information, we will only approach you about it with your express consent, and you can choose whether or not to participate.

Cookies and tracking

Our website uses cookies and similar technologies to operate the site, remember preferences, and analyse usage. We also use tools such as Google Analytics and Facebook Pixel to understand site performance and the effectiveness of our advertising. These tools may collect device and usage data (e.g. IP address, pages visited, actions taken) which is generally aggregated or pseudonymised. We use this information to improve the site and our marketing.

By using our website with cookies enabled, you consent to this use. You can control cookies through your browser settings; disabling cookies may affect site functionality. You can also adjust Google Analytics and Facebook ad preferences using the tools they provide.

Data security and storage

We use appropriate technical, administrative and physical safeguards to protect personal information, including:

  • encryption in transit (HTTPS/SSL),

  • secure cloud-based clinical and practice-management systems,

  • role-based access controls and unique logins,

  • staff confidentiality agreements and ongoing privacy training, and

  • secure storage of any paper records in locked areas.

Health records are accessible only to authorised clinical staff. We retain information only as long as necessary for our functions or as required by law (including minimum retention periods for health records), then securely destroy or de-identify it. We do not store full payment card details; Stripe handles payment data to PCI-DSS standards.

Access and correction

You may request access to the personal information we hold about you and request corrections if it is inaccurate, out-of-date, incomplete or misleading. Requests can be made by contacting us using the details above. We will verify your identity before releasing information and respond within a reasonable time (generally within 30 days).

A reasonable fee may be charged to cover the cost of complying with an access request (for example, the cost of copying a large file); no fee is charged simply for making the request. In rare cases allowed by law, we may refuse access (e.g. where providing access would impact another person's privacy or pose a serious threat). If we refuse, we will explain why in writing.

Complaints

We take privacy concerns seriously. If you believe your privacy has been breached, please contact us using the details at the top of this policy. We will acknowledge your complaint promptly and aim to respond substantively within a reasonable time (generally within 30 days).

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC):

Your choices

  • Marketing: unsubscribe anytime using the link in our emails or by contacting us.

  • Cookies: control or block cookies via your browser settings.

  • Consent: you may withdraw consent you have given for specific uses or disclosures (for future use), including for AI scribe use, clinical photography, or use of de-identified data.

Changes to this policy

We review this Privacy Policy regularly to ensure it reflects current obligations and the way our clinic operates. Any changes will be posted on this page with an updated effective date, and significant changes may also be communicated directly to patients by email. Please check this page periodically. Your continued use of our website or services after updates indicates acceptance of the revised policy.