Legal
Privacy
Policy
How we collect, use, and protect your personal information.
Last updated: 1 March 2026
1. About This Policy
Aesthetics by Heidi (“we”, “us”, “our”) is committed to protecting your privacy and personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). As a health service provider, we are subject to the Privacy Act regardless of our annual turnover.
This policy explains how we collect, hold, use, and disclose your personal information, including sensitive health information.
2. Information We Collect
Personal Information
- Name, email address, phone number
- Postal address (for product orders)
- Payment information (processed securely via Stripe - we do not store card details)
- Booking and appointment details
- Communication preferences
Health Information
- Medical history relevant to treatments
- Treatment records and clinical notes
- Photographs taken for clinical purposes (with your consent)
- Allergy and medication information
Website Information
- IP address, browser type, device information
- Pages visited, time spent on site
- Cookies and analytics data (Google Analytics, Meta Pixel)
3. How We Collect Information
We collect information:
- Directly from you - via consultation forms, contact forms, bookings, and purchases
- From our booking system (Timely)
- From our payment processor (Stripe)
- Automatically via cookies and analytics tools when you visit our website
4. How We Use Your Information
- To provide treatments and clinical care
- To process bookings and appointments
- To process product orders and deliveries
- To communicate with you about your treatment, bookings, or orders
- To send marketing communications (only with your consent)
- To comply with legal and regulatory obligations (including AHPRA requirements)
- To improve our services and website experience
5. How We Protect Your Information
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access or disclosure. Measures include:
- Encrypted data transmission (TLS/SSL)
- Secure payment processing via Stripe (PCI DSS compliant)
- Access controls on clinical records
- Regular review of data security practices
6. Disclosure of Information
We may disclose your personal information to:
- Our service providers (Stripe, Timely, Resend, Brevo) - only as necessary to deliver services
- Regulatory bodies (AHPRA, TGA) - where required by law
- Law enforcement - where required by law or court order
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
7. Cookies and Analytics
Our website uses cookies and analytics services including Google Analytics 4 and Meta Pixel to understand how visitors use our site. When you first visit, a cookie consent banner will allow you to accept all cookies or limit to essential cookies only. Analytics scripts are only loaded after you consent. You can clear your preference at any time by clearing your browser's local storage.
8. Your Rights
Under the Australian Privacy Act, you have the right to:
- Access your personal information that we hold
- Request correction of inaccurate information
- Request deletion of your information (subject to legal retention requirements)
- Opt out of marketing communications at any time
- Make a complaint about our handling of your information
9. Retention
We retain health records for a minimum of 7 years from the date of last treatment, as required by Victorian health record-keeping regulations. Other personal information is retained only as long as necessary for the purposes described in this policy.
10. Contact Us
If you have questions about this privacy policy, wish to access or correct your personal information, or want to make a complaint, please contact us:
- Email: [email protected]
- Phone: 0427 191 811
- Address: 1/270-272 Coventry Street, South Melbourne VIC 3205
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.