Privacy Policy

Privacy Policy for Glow AntiAging Aesthetics

Publication-ready draft prepared for:Glow AntiAging Aesthetics
Website: www.glowantiaging.com.au
Business address: 10 / 5 Enterprise Drive, Rowville VIC 3178, Australia
Phone: 0415 292 123
Last updated: 8 June 2026

1. Overview

Glow AntiAging Aesthetics respects your privacy and is committed to protecting the personal information and health information we collect and hold. We provide age-well aesthetics, cosmetic and therapeutic skin services, consultations, non-surgical cosmetic treatments, paramedical skin treatments, cosmetic aesthetic mentoring, and related products and communications.

Because we provide health-related and clinical aesthetic services, we may collect information that is sensitive, including health information. We handle that information carefully and in accordance with applicable Australian privacy and health-records requirements, including the Privacy Act 1988 (Cth), the Australian Privacy Principles, and the Health Records Act 2001 (Vic) where they apply.[1] [2] [3]

This Privacy Policy explains what information we collect, why we collect it, how we use and disclose it, how we protect it, and how you may request access to or correction of your information or make a privacy complaint.

2. Who this policy applies to

This policy applies to personal information we collect from patients, clients, prospective clients, website visitors, online shop users, people who contact us, people who book appointments, people who subscribe to our communications, suppliers, contractors, job applicants, students or practitioners seeking mentoring, and any other person whose personal information we handle.

In this policy, personal informationmeans information or an opinion about an identified individual, or an individual who is reasonably identifiable. Health information includes information about your health, medical history, medications, allergies, treatment needs, use of health services, treatment preferences, clinical images, treatment notes, and other information collected in connection with providing a health service.[4]

3. What information we collect

We collect information that is reasonably necessary for our business functions and clinical services. The information we collect will depend on how you interact with us and the services you request.

Category of information

Examples relevant to Glow AntiAging Aesthetics

Identity and contact information

Name, phone number, email address, address, date of   birth, emergency contact details, and preferred contact times.

Booking and appointment information

Appointment requests, consultation bookings, attendance   records, cancellations, reminders, practitioner allocation, and treatment   enquiries.

Health and clinical information

Medical history, medications, allergies,   contraindications, pregnancy or breastfeeding status where relevant, previous   treatments, treatment goals, skin concerns, consent forms, treatment plans,   procedure notes, product details, adverse events, follow-up care, and   referral information.

Images and visual records

Photographs or videos taken for clinical assessment,   treatment planning, treatment records, progress comparison, training, or   advertising where separate consent is obtained.

Payment, order, and account information

Purchase history, invoices, receipts, online shop   account details, order information, payment confirmation information, and   transaction references. We generally do not store full card details unless a   payment provider makes that functionality available and it is necessary for a   lawful purpose.

Website and technology information

IP address, browser type, device information, pages   visited, cookies, analytics information, reCAPTCHA interaction data, and   website usage data.

Communications and marketing preferences

Emails, SMS, phone enquiries, contact-form messages,   consent to receive marketing, unsubscribe preferences, and records of   communications with us.

Complaints, feedback, and incident information

Details of complaints, concerns, adverse events, privacy   requests, privacy complaints, and actions taken in response.

Professional mentoring enquiries

Name, contact details, professional role,   qualifications, experience, mentoring interests, and information supplied in   mentoring enquiries.

We aim to collect only the information we need. For health information and other sensitive information, we generally collect it with your consent and because it is needed to assess, plan, provide, document, review, and follow up your care.

4. How we collect information

We usually collect personal information directly from you. This may occur when you visit our clinic, complete a consultation or consent form, book an appointment, use our online booking link, contact us by phone or email, submit a website contact form, subscribe to marketing updates, create an online account, purchase products, interact with our social media pages, or communicate with a practitioner.

We may also collect information from third parties where lawful and appropriate. This may include information from a referring practitioner, another health service provider, a parent, guardian, authorised representative, payment processor, website platform, booking platform, or technology service provider. We will only collect information from others where you have consented, where it is necessary for your care or our business functions, where it is unreasonable or impracticable to collect it directly from you, or where the law permits or requires it.

Our website uses Google reCAPTCHA to help protect website forms from spam and misuse. Use of reCAPTCHA may involve Google collecting information about your device and interaction with the website, in accordance with Google’s own privacy terms.

5. Why we collect, use, and hold information

We collect, use, and hold personal information so that we can provide safe, personalised, and properly documented services. This includes assessing whether a treatment is suitable for you, preparing treatment plans, obtaining informed consent, delivering clinical and aesthetic services, communicating with you, managing appointments, processing orders and payments, providing aftercare, responding to questions and complaints, meeting legal and professional obligations, and improving our services.

Purpose

How information may be used

Clinical assessment and treatment

To understand your health history, skin concerns,   treatment goals, risks, contraindications, consent, and aftercare needs.

Appointment and practice administration

To manage bookings, reminders, practitioner scheduling,   cancellations, accounts, payments, receipts, and record keeping.

Patient safety and continuity of care

To document treatments, products used, adverse events,   follow-up instructions, and information needed by another practitioner if   care is transferred.

Communication

To respond to enquiries, send appointment reminders,   provide pre-treatment and post-treatment information, and contact you about   your care.

Legal and professional compliance

To comply with privacy, health-records, clinical,   professional, insurance, tax, accounting, complaint-handling, and regulatory   obligations.

Marketing and service updates

To send newsletters, promotions, updates, and offers   where you have subscribed or where we are otherwise permitted to do so. You   may opt out at any time.

Website operation and security

To operate and improve the website, analyse website   traffic, protect forms from spam, manage cookies, and maintain website   security.

Training, mentoring, and quality improvement

To support internal training, mentoring, clinical audit,   and service improvement, using de-identified information where practicable or   identifiable information only where lawful and appropriate.

6. Health information and sensitive information

Health information is sensitive and is handled with additional care. We may collect health information to decide whether a treatment is suitable for you, to identify risks and contraindications, to create an individualised treatment plan, to obtain and document informed consent, to provide treatment, to provide follow-up care, and to maintain complete clinical records.

You do not have to provide personal or health information. However, if you do not provide information that is necessary for a consultation or treatment, we may be unable to provide the requested service, or we may need to modify, defer, or decline treatment to protect your safety.

7. Clinical photographs, videos, and before-and-after images

For some consultations and treatments, we may ask to take photographs or videos. These images may be required for clinical assessment, treatment planning, progress comparison, record keeping, insurance, regulatory, training, or other legitimate clinical purposes. If images are part of your clinical record, they are treated as health information.

Where we propose to use images for advertising, website content, social media, training, mentoring, or showing examples to other people, we will seek separate consent. Consent to use images for advertising or promotional purposes is separate from consent to receive treatment. You may refuse consent for advertising or promotional use of your images, and refusal will not affect your access to treatment.

Before asking for image-use consent, we will explain the purpose of the images, how they may be used, where they will be stored, who may access them, and whether they may be published on platforms that are difficult to fully remove later. If you withdraw consent for image use, we will take reasonable steps to stop using the images where practicable, including removing them from our website or social media accounts where we control the content. However, we may not be able to retrieve or remove images that have already been copied, shared, archived, cached, printed, or otherwise distributed outside our control.

We will not knowingly store clinical images on personal devices as part of our practice records. Clinical images should be stored using secure clinic-approved systems or devices with appropriate access controls.

8. Direct marketing and communications

If you subscribe to our email list or otherwise consent to receive marketing communications, we may use your name, email address, phone number, and preferences to send updates, promotions, product information, service announcements, and educational content. We may also send communications about services similar to those you have requested where permitted by law.

You may unsubscribe from marketing communications at any time by using the unsubscribe function in an email, replying with an opt-out request where available, or contacting us directly. We may still send you non-marketing communications, such as appointment reminders, treatment information, aftercare instructions, invoices, receipts, safety notices, or responses to your enquiries.

9. Cookies, analytics, and website technologies

Our website may use cookies and similar technologies to operate the website, analyse website traffic, optimise website experience, remember preferences, support account or shopping cart functionality, and improve our services. Information collected through cookies may include device information, IP address, browser type, pages visited, referring pages, and interaction data.

You may be able to disable cookies through your browser settings. However, some parts of the website, online shop, account features, or booking-related functions may not work properly if cookies are disabled.

Our website and forms may also involve third-party services, including website hosting, analytics, reCAPTCHA, online booking, payment, ecommerce, and email or SMS communication tools. These providers may collect, store, process, or access information as part of providing their services to us.

10. When we disclose information

We do not sell your personal information. We may disclose personal information where it is necessary for our services or business operations, where you have consented, where you would reasonably expect the disclosure in connection with your care, or where the law permits or requires it.

Recipient or circumstance

Why disclosure may occur

Practitioners and clinic staff

To assess, provide, document, follow up, and manage your   care and appointments.

Booking, practice-management, and health-record systems

To manage appointments, clinical records, reminders,   forms, consent, and communications.

Payment, ecommerce, and accounting providers

To process payments, manage orders, issue invoices and   receipts, and maintain accounting records.

Website, hosting, analytics, and security providers

To operate the website, online forms, analytics,   cookies, reCAPTCHA, spam prevention, and security systems.

Other health service providers

Where you request a transfer, referral, shared care,   emergency support, or another practitioner requires information for your   care.

Insurers, professional advisers, and legal advisers

To manage claims, professional obligations, disputes,   complaints, legal compliance, and risk management.

Regulators and complaint bodies

Where required or appropriate, including Ahpra, National   Boards, the Victorian Health Complaints Commissioner, courts, tribunals, law   enforcement, or other lawful authorities.

Parents, guardians, or authorised representatives

Where you consent, where they are legally authorised,   where required for a minor or person lacking capacity, or where otherwise   permitted by law.

Emergency contacts or emergency services

Where necessary to lessen or prevent a serious threat to   life, health, or safety.

11. Overseas disclosure and cloud services

Some of our service providers may store or process information using servers or support teams located outside Australia. This may include providers of website hosting, booking platforms, analytics, payment processing, email, SMS, cloud storage, practice-management tools, and security services.

Where personal information is disclosed or made accessible outside Australia, we will take reasonable steps to protect it in accordance with applicable privacy obligations. Because cloud and technology providers may change their infrastructure, we may not always know each country where information is stored or accessed. Where practicable, we will prefer reputable providers with appropriate privacy, confidentiality, and security safeguards.

12. How we protect information

We take reasonable steps to protect personal information and health information from misuse, interference, loss, unauthorised access, unauthorised modification, and unauthorised disclosure. These steps may include restricted access to patient records, secure practice-management systems, password protections, device security, staff confidentiality obligations, secure storage of paper records where used, staff training, secure disposal procedures, and review of privacy and security practices.

No method of electronic transmission or storage is completely secure. If you communicate with us by email, SMS, web form, social media, or other electronic methods, you acknowledge that these methods may carry security risks. Please do not send highly sensitive information through social media or insecure channels unless we specifically request it and you are comfortable doing so.

13. How long we keep information

We retain personal information for as long as reasonably necessary for the purpose for which it was collected, for continuity of care, and to meet legal, professional, insurance, accounting, and business requirements.

Health information is retained in accordance with applicable health-records obligations. In Victoria, health service providers generally must retain health information for at least seven years after the last occasion on which a health service was provided, or if the person was under 18 at the time of last treatment, until the person reaches 25 years of age.[5]

When information is no longer required and we are legally permitted to do so, we will take reasonable steps to securely destroy it or de-identify it.

14. Accessing your information

You may request access to personal information or health information we hold about you. We may ask you to make the request in writing and verify your identity before providing access. We will respond within a reasonable period and in accordance with applicable law. In Victoria, requests to access health information should be responded to as quickly as possible and no later than 45 days after the request is received.[6]

Access may be provided by inspection, copy, summary, or another appropriate method. We may charge a reasonable fee for access where permitted by law, including fees capped under Victorian health-records regulations where applicable. We will not charge you merely for making an access request.

In some circumstances, we may refuse access or provide access in a limited way, for example where providing access would unreasonably affect another person’s privacy, pose a serious threat to health or safety, be unlawful, prejudice legal proceedings, or where another legal exception applies. If we refuse access, we will provide reasons where required.

15. Correcting your information

We take reasonable steps to keep personal information accurate, complete, up to date, relevant, and not misleading. You may request correction of information we hold about you if you believe it is inaccurate, incomplete, out of date, irrelevant, or misleading.

If we agree, we will take reasonable steps to correct the information. If we do not agree, we will explain why where required and, where appropriate, allow you to have a statement associated with your record explaining your requested correction. We will not delete clinical records merely because you disagree with them where we are legally or professionally required to retain those records.

16. Anonymity and pseudonymity

Where lawful and practicable, you may interact with us anonymously or using a pseudonym, for example when making a general enquiry. However, for consultations, treatments, bookings, payments, health records, product orders, complaint handling, or legal compliance, we will usually need accurate identifying information.

17. Children and people under 18

Some treatments may not be suitable for children or people under 18. Where we collect information about a person under 18, we may need information from a parent or guardian, and we may need to assess capacity, consent, and best interests. For non-surgical cosmetic procedures involving people under 18, additional professional requirements may apply, including cooling-off periods and restrictions on advertising directed at under-18s.[7]

18. Data breaches

If we become aware of a data breach involving personal information, we will take steps to contain the breach, assess the likely impact, and reduce the risk of harm. If a breach is likely to result in serious harm and the Notifiable Data Breaches scheme applies, we will notify affected individuals and the Office of the Australian Information Commissioner as required.[8]

19. Complaints and privacy concerns

If you have a question, concern, or complaint about how we handle your personal information, please contact us first so that we can try to resolve it promptly.

Privacy contact:
Glow AntiAging Aesthetics
10 / 5 Enterprise Drive, Rowville VIC 3178, Australia
Phone: 0415 292 123
Email: info@glowantiaging.com.au

Please include your name, contact details, the nature of your concern, and any relevant details. We may ask for further information and may need to verify your identity. We will aim to acknowledge your complaint within a reasonable period and respond after we have investigated it.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner for Privacy Act matters or the Health Complaints Commissioner Victoria for Victorian health-records or health-service complaints. You may also have rights to complain to Ahpra or a relevant National Board about a registered health practitioner’s professional conduct.

20. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our services, website, technology providers, legal obligations, or information-handling practices. The updated policy will be published on our website with the date of the latest update.

[1]Office of the Australian Information Commissioner, Small business. The OAIC states that some small businesses are covered by the Privacy Act regardless of turnover, including health service providers.

[2]Office of the Australian Information Commissioner, Chapter 1: APP 1 — Open and transparent management of personal information; Office of the Australian Information Commissioner, Chapter 3: APP 3 — Collection of solicited personal information; Office of the Australian Information Commissioner, Guide to health privacy.

[3]Health Complaints Commissioner Victoria, Health records: Providers. The guidance summarises Victorian Health Privacy Principles, access/correction rights, response timeframes, and health-record retention requirements.

[7]Australian Health Practitioner Regulation Agency, Putting patients first: New guidelines for cosmetic procedures; Medical Board of Australia, Guidelines for medical practitioners who perform cosmetic surgery and procedures; Ahpra and National Boards, Guidelines for registered health practitioners who perform non-surgical cosmetic procedures.

[8]Office of the Australian Information Commissioner, Notifiable data breaches.