Privacy Policy

We collect different types of information depending on how you interact with us. This includes:

We collect information in the following ways:

• In-person consultations. When you attend the clinic, you will complete a client intake form that captures your personal details, health history and consent to treatment. This is collected directly from you and is essential to providing safe, personalised care.
• Online bookings. When you book an appointment through our booking system (Timely, operated by Timely Limited, New Zealand), your personal details are collected and stored on the Timely platform. Please refer to Section 6 regarding cross-border data storage.
• Website contact forms and enquiries. If you submit an enquiry via our website, we collect the information you provide, including your name, email address and message.
• Phone and email communications. When you contact us by phone or email, we may record relevant details from that conversation to assist with your care.
• Photography. Where you have provided written consent, we may take photographs before, during or after treatment for clinical documentation or, separately, for marketing purposes.
• Automatically via our website. Our website uses analytics tools that automatically collect technical data about your visit (see Section 10).

We collect and use your information only for legitimate purposes related to your care and our operations. These purposes include:

• Assessing your suitability for treatment and identifying any contraindications or safety risks
• Planning and delivering personalised treatment to achieve your skin goals
• Managing your appointments, bookings and treatment history
• Processing payments for services rendered
• Communicating with you about your appointments, treatment aftercare and follow-up recommendations
• Sending you marketing communications, offers and clinic news — but only if you have consented to receive these (you may opt out at any time)
• Meeting our legal, regulatory and professional obligations, including AHPRA requirements for registered health practitioners
• Improving our services, website and overall client experience
• Responding to enquiries, complaints or feedback

We will never use your health information for marketing purposes without your explicit, separate consent.

We do not sell, rent or trade your personal information. We may share your information only in the following limited circumstances:

• Timely (booking platform). Your name, contact details and appointment information are stored on the Timely platform to manage your bookings. Timely is a reputable SaaS provider used by health and beauty clinics worldwide. See Section 6 regarding overseas storage.
• Payment processors. Payment transactions are processed through secure third-party payment processors. We do not store full card details on our systems.
• Referral practitioners. If your treatment plan requires referral to or consultation with another registered health professional (such as a GP or dermatologist), we will share relevant clinical information with your consent.
• Legal and regulatory bodies. We may disclose your information where required or authorised by law — for example, to respond to a court order, comply with a regulatory investigation, or report a notifiable incident to AHPRA or the Office of the Australian Information Commissioner (OAIC).
• Professional advisors. Our accountants, lawyers and insurers may have access to limited information as reasonably necessary for our business operations, subject to strict confidentiality obligations.

In all cases, we take reasonable steps to ensure that third parties handle your information securely and only for the purpose for which it was shared.

Health information is treated as sensitive information under both the Privacy Act 1988 (Cth) and the Health Records and Information Privacy Act 2002 (NSW). We apply a higher standard of care to this information.

Specifically:

• We collect health information only with your knowledge and consent, except in emergency circumstances where your safety is at risk.
• We store clinical records securely in our practice management system, with access restricted to authorised clinical staff.
• Physical records are stored in locked, secure storage within the clinic premises.
• We do not disclose your health information to any third party without your consent, except as required by law or for the purpose of your care (such as referral).
• Clinical photographs taken with your consent are stored securely and used only for the purpose for which consent was given. If you consent to their use for marketing, this consent is captured separately and may be withdrawn at any time.

Under Australian Privacy Principle 8, before disclosing your personal information to an overseas recipient, we are required to take reasonable steps to ensure the overseas recipient does not breach the APPs.

Timely complies with New Zealand's Privacy Act 2020, which is broadly comparable to Australia's privacy framework. By proceeding to make a booking through our online booking system, you acknowledge and consent to your personal information being transferred to, and stored in, New Zealand by Timely Limited.

Timely's privacy policy is available at gettimely.com/privacy-policy.

Other than Timely, we do not knowingly transfer your health information or sensitive information to overseas recipients.

We take reasonable steps to protect your information from misuse, interference, loss, and unauthorised access, modification or disclosure. Our security measures include:

• Password-protected systems and restricted access controls for client records
• Secure HTTPS encryption on our website
• Physical security measures at the clinic premises
• Staff training on privacy obligations and confidentiality
• Regular review of our data handling practices

While we take every reasonable precaution, no method of electronic storage or internet transmission is completely secure. If you have reason to believe your information has been compromised, please contact us immediately.

We retain your information for as long as necessary to fulfil the purposes set out in this policy, and in accordance with our legal and professional obligations. For health records, this typically means:

• Adult client records are retained for a minimum of 7 years from the date of last treatment, in accordance with standard health record retention requirements in NSW.
• Records relating to treatment of clients under 18 years of age are retained until the person turns 25, or for 7 years from last treatment — whichever is the longer period.
• Financial records are retained for a minimum of 5 years as required by Australian taxation law.

Once your information is no longer required, we will take reasonable steps to destroy it securely or de-identify it.

You have the right to access the personal information we hold about you, and to request corrections if that information is inaccurate, out of date, incomplete, irrelevant or misleading.

To make an access or correction request:

• Contact us at hello@eternitylaser.com.au or by phone on 0449 951 366.
• We will respond to your request within 30 days.
• We may ask you to verify your identity before providing access to your information.
• In some cases, we may decline to provide access — for example, if doing so would pose a serious threat to another person's health or safety, or if access would unreasonably affect another person's privacy. If we decline, we will explain why in writing.

There is no charge for making an access request. If your request is complex, we will advise you of any applicable cost before proceeding.

Our website uses cookies — small text files placed on your device — to improve your browsing experience and help us understand how visitors interact with our site.

We use Google Analytics to collect anonymised data about website traffic, including pages viewed, session duration and approximate geographic location. This data does not identify you personally and is used solely to improve our website content and user experience.

You can control or disable cookies through your browser settings at any time. Disabling cookies may affect the functionality of some parts of our website.

Our website does not respond to Do Not Track (DNT) signals at this time.

We may send you marketing communications — such as treatment promotions, clinic news and seasonal offers — if you have opted in to receive them.

In accordance with the Spam Act 2003 (Cth):

• We will only send marketing emails with your clear consent.
• Every marketing communication will include a straightforward option to unsubscribe.
• We will process unsubscribe requests promptly and within 5 business days.

To opt out of marketing communications at any time, click "unsubscribe" in any marketing email, or contact us at hello@eternitylaser.com.au. Opting out of marketing will not affect your appointment reminders or essential treatment communications.

If you believe we have mishandled your personal or health information, we want to hear from you. We take privacy complaints seriously and will respond thoughtfully and promptly.

Step 1 — Contact us directly. Please send your complaint to hello@eternitylaser.com.au or write to us at 1/500 Old Northern Road, Dural NSW 2158. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days.

Step 2 — External complaint bodies. If you are not satisfied with our response, you may escalate your complaint to:

• Office of the Australian Information Commissioner (OAIC) — for complaints under the Privacy Act 1988 (Cth). Visit oaic.gov.au or call 1300 363 992.
• NSW Information and Privacy Commission (IPC) — for complaints under the Health Records and Information Privacy Act 2002 (NSW). Visit ipc.nsw.gov.au or call 1800 472 679.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations or services. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this page periodically. Continued use of our services after any changes constitutes your acceptance of the updated policy.

For any questions, requests or concerns about this Privacy Policy or how we handle your information, please reach out:

You may also review our Terms of Service for further information about the conditions governing your use of our services.