MED0001664087 - This website contains imagery which is only suitable for audiences 18+. All non-surgical procedures contain risks. Read More Here

  • >

Privacy Policy

Last updated: 13 March 2026

1. Introduction

This Privacy Policy applies to the services offered by Ascension Cosmetic Medicine and its related entities (“we”, “our” or “us”).

Your privacy is important to us. We take the responsibility of handling your personal information very seriously. We comply with:

  • The Privacy Act 1988 (Cth)
  • The Australian Privacy Principles (APPs)
  • The Privacy and Other Legislation Amendment Act 2024 (POLA 2024)
  • The Notifiable Data Breaches Scheme
  • Applicable State health records legislation
  • ISO/IEC 27001 Standard

We take reasonable steps, including technical and organisational measures to protect health information under POLA.

We recognise that health information is sensitive information under the Privacy Act and is subject to higher protections.

Our Privacy Policy describes in detail what personal information we collect, how we collect, use and disclose your personal information, how we store and protect it, how you can access and correct it, and how you can make a complaint.

2. Types of Personal Information We Collect

By using our website, services, or by providing any personal information to us, you consent to our collection, holding, use and disclosure of your personal information, as set out in this Privacy Policy.

The types of personal information we collect depend on the services you use and your interactions with us.

We may collect:

Identity and Contact information including:

  • Name and date of birth
  • Address
  • Contact details
  • Your emergency contact details
  • Email address

Health and Sensitive information:           

  • Medical history
  • Treatment details/records
  • Consultation notes
  • Telehealth consultation records
  • Allergies and medications
  • Imaging and skin analysis data
  • Before and after treatment photographs

All heath information is treated as sensitive information under Australian Law.

Financial information:

  • Payment information such as bank accounts or credit card details
  • Payment history

Digital and Usage information:

  • Website usage data
  • IP address
  • Device and browser information
  • Social media interactions
  • Time and date of access
  • Access location
  • Other website related information through the use of internet cookies
  • Call tracking data
  • Call recordings
  • CCTV footage on clinic premises

Information which does not disclose your identity, or enable your identity to be ascertained), will not be classified as personal information and therefore will not be subject to this Privacy Policy.

3. How We Collect Personal Information

We collect personal information about you where you directly provide it to us, or where required by law.

We collect your personal information primarily to enable us to provide you with our services and products, including:

  • When you use our website, for example, if you purchase a treatment, product or make a booking via our website or if you make a customer account on our website
  • When you complete a new patient form or other paperwork
  • If you contact us via phone or email or social media with a query or complaint
  • During treatment consultations
  • If you provide feedback about your experience with us
  • If you submit a website enquiry
  • If you subscribe to marketing communications

We may also collect information through:

  • Tracking technologies such as cookies, pixels, analytical tools
  • Third party service providers
  • Referring practitioners (where applicable)

You are not obliged to provide your personal information to us, however in some instances, this may limit our ability to provide services or products to you.

4. Use of Tracking Technologies

We use tracking technologies such as cookies or web beacons to make it easier for you to use our website and services.

Cookies are pieces of information that a website transfers to a computer’s hard disk for record keeping purposes and to enhance functionality of the website.

Web Beacon is a technical method that sends information related to the access to websites, when you browse websites, open or preview a HTML-formatted email.

Most web browsers are set to accept tracking technologies such as cookies or web beacons. These tracking technologies do not themselves personally identify you, although they do identify your browser.

These tracking technologies allow us to monitor our website, and to record how many people are using the different parts of the website. It is possible to set your browser to refuse tracking technologies such as cookies or web beacons, however, this may limit the services we can provide to you via our website.

5. Systems and Third-Party Service Providers

We use third-party platforms to deliver our services. These may include:

Clinical and Booking Systems:

  • Zenoti and DappleOS for practice management, bookings, holding patient records
  • Gentu for electronic prescribing services, bookings, holding patient records
  • Coviu for online telehealth consultations

Cloud storage and Document Management:

  • Microsoft Sharepoint/Microsoft 365

Clinical Photography and Image processing:  

  • Adobe Lightroom
  • Canfield VISIA/HairMetrix

Marketing and CRM systems:

  • Active Campaign
  • SMS communication providers
  • Zenoti for SMS communication

Website and Digital Analytics:

  • Website hosting providers
  • WhatConverts (for call and lead tracking)
  • Google Analytics
  • Meta Pixel
  • Google Ads conversion tracking

Advertising Platforms:

  • Meta (Facebook and Instagram advertising)
  • Google Ads
  • LinkedIn
  • Seek

Payment Processors

  • Stripe, Westpac EFTPOS, Paypal

These service providers may store or process personal information in Australia or overseas, including in the United States or other jurisdictions.

We take reasonable steps to ensure these providers comply with the Australian Privacy Principles and applicable security standards.

6. Why We Collect and Use Your Personal Information

We collect, hold, use and disclose your personal information for purposes connected with carrying on our business, including to:

  • Provide you with our medical and cosmetic services and products
  • Maintain accurate treatment records
  • Enable prescribing and dispensing services
  • Manage bookings and appointments
  • Process payments
  • Communicate with you about treatments
  • Provide follow-up care
  • Improve our services
  • Conduct internal audits and clinical reviews
  • Prevent fraud and unlawful activity
  • Comply with legal and regulatory obligations
  • Provide marketing communication where permitted
  • Create a record of your treatments and preferences which can be accessed by your treating team
  • With your consent, publish before and after treatment images on our website
  • With your consent, contact you to provide information about our products, services and special offers
  • Obtain feedback from you about our products and services
  • Record statistical data for our internal marketing analysis
  • Prevent fraud or other unlawful activities, or ensure the safety and security of you and us
  • Enable our medical practitioners to provide you medical consultation for your treatments and any post-treatment review and consultation
  • Record quantitative and qualitative medical and treatment data for internal medical and treatment analysis and research
  • Fulfil purposes that are reasonably necessary or ancillary to the above-mentioned purposes
  • Fulfil any other purposes which we may have notified you prior to, or at the time of, obtaining your consent

We may also use de-identified information for internal analysis and service improvement.

7. Telehealth and Digital Consultations

Where Telehealth services are provided:

  • Consultations are conducted via secure platforms
  • Consultation records are securely stored
  • We take reasonable steps to protect end-to-end transmission

We use ISO/IEC 27001 accredited platform Coviu for all telehealth consultations. The platform ensures an accessible link is provided between patients and employees.

During appointments notes may be taken and entered into Zenoti to ensure safeguarding personal information. In some instances, with patient permission, AI scribe may be used to help generate clinical notes.

However, intent-based communication carries inherent risks. By participating in telehealth, you acknowledge these risks.

8. Medical Images and Consent

Before and after photographs and treatment imagery are classified as sensitive health information. We:

  • Obtain written consent before using images for marketing
  • Specify where images may be published such as on websites or social media
  • Inform you of the duration of consent
  • Allow you to withdraw consent at any time

Please note that once images are published online, third parties may share or reproduce them beyond our control.

9. Automated Decision Making

We may use automated systems to assist with:

  • Appointment reminders
  • Booking confirmations
  • Marketing personalisation
  • AI transcription tools during consultations
  • Skin analysis technologies where applicable

These tools support, but do not replace the clinical judgement of our employees. AI scribe (Coviu and Lyrebird) is sometimes used with patient permission, to generate clinical notes however no AI is used in decision making.

VISIA analysis may be utilised during skin consultation; however images are reviewed by clinicians for final decision making.

You may request further information about automated processing that significantly affects you.

10. Direct Marketing

We may, from time to time, send direct marketing communications to you about our services and other material that we consider you would find interesting.

If you do not wish to receive such direct marketing communications, you can opt out using the unsubscribe mechanism contained in each email or to by contacting us at reception@ascension.com.au

If you choose to opt out of all direct marketing communications, please note that we may still contact you for other reasonable purposes, including information we send to confirm a booking, or notifications of changes to our services or policies.

Please note that opting out of direct marketing communications will not opt you out of targeted advertising from us. Please use your cookies and other tracking technologies setting to control the advertising you see from us across social media and other digital properties.

11. Disclosure of Personal Information

We may disclose personal information to:

  • Medical practitioners involved in your care
  • IT service providers
  • Marketing and analytics providers
  • Payment processors
  • Government authorities where required by law
  • Professional advertisers

We only disclose personal information where reasonably necessary for business operations or required by law.

12. Overseas Transfer

Some service providers may store or process personal information overseas.

Where this occurs, we take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles and complies with applicable safeguards.

13. Storage, Security and Retention of Your Personal Information

We hold your personal information both in hard copy and electronically, on our own servers and those of our service providers.

We implement a range of technical, administrative, personnel and physical measures to safeguard your personal information against loss, interference and unauthorised access, modification and disclosure, and misuse, including using electronic and physical access restrictions to files containing personal information, password protection and authentication measures and ensuring encryption, secure cloud storage of personal information that is sent and received.

Employees receive annual cybersecurity training and annual confidentiality lunch and learns to ensure information is protected.

Company software such as booking platform (Zenoti), secure storage of information (Sharepoint), internal communications (Microsoft Teams) are only accessible by company email and require multi-factor authentication. Non- authorised devices are both unable to connect to the platforms or Wifi to protect data.

We require that all third parties who may have access to personal information have appropriate controls to protect your personal information in a manner that is consistent with our Privacy Policy. They must only use your personal information for authorised purposes.

Health records are retained in accordance with legal requirements, including retaining records for at least seven (7) years for adults and longer retention for minors.

We securely destroy or de-identify your personal information when the purpose for which it was collected no longer exists, if you have asked us to remove it from our records, if you have withdrawn your consent to our collection of your sensitive or health information, or where we are no longer required by law to keep it.

14. Data Breach Response

In the event of an eligible data breach:

  • We will assess and contain the breach
  • We will notify affected individuals where required
  • We will notify the Office of the Australian Information Commissioner (OAIC) as required

We maintain a documented Data Breach Response Plan where all internal potential breaches are to be reported to the Clinic Manager, Operations Manager, Director and First Focus (external technology support provider) for immediate investigation.

15. Children and Minors

Where we provide services to minors:

  • We obtain consent from a parent or guardian where required
  • We assess a minor’s capacity to consent
  • We apply additional safeguards to protect children’s information

16. Access to and Amendment of Your Personal Information

You have the right to access personal information that we hold about you, and to ensure that the personal information we hold about you is correct, up-to-date and complete. To access your personal information, please contact us at reception@ascension.com.au

We may charge a reasonable fee for retrieving your personal information, in which case we will inform you of the fee before providing the information. We may decline a request to access or correct your personal information in certain circumstances in accordance with law. If we refuse a request, we will aim to provide a reason for our decision.

17. Further Information and Enquiries

For further information regarding this Privacy Policy or to make a complaint about our handling or use of your personal information, please contact us at the contact set out below. We will investigate any enquiries received in writing and do our best to resolve them as soon as possible.

Ascension Cosmetic Medicine
reception@ascension.com.au

We aim to respond within 7 days.

If you are not satisfied with the result of your complaint to us, you can refer your complaint to:

Office of the Australian Information Commissioner 
1300 363 992 
GPO Box 5218, Sydney NSW 2001 
www.oaic.gov.au

18. Policy Updates

We reserve the right to review, amend, update and change this Privacy Policy from time to time to reflect our practices and obligations. At a minimum, a review will be undertaken every two (2) years.

Any changes will take effect from when the updated Privacy Policy is uploaded to our website.

Get in Touch

Connect with our team for personalised advice