Privacy Policy

1. About this policy

PM Aesthetics & Co. (“we”, “us”, “our”) is committed to protecting the privacy of the people who visit our website, enquire about treatments, and become clients of our clinic. This policy explains what personal information we collect, how we use and store it, who we share it with, and the rights you have over your information under the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth).

This policy applies to www.pmaestheticsco.com.au and to in-clinic services delivered at Unit 1, 9 Bradshaw Crescent, Manning WA 6152.

2. What information we collect

The types of personal information we collect include:

• Identity & contact information — your name, date of birth, email address, phone number, and postal address.
• Health information — skin concerns, medical history, current medications, allergies, previous aesthetic or medical treatments, VISIA skin analysis results, photographs taken for clinical record, and treatment plans. This is “sensitive information” under the Privacy Act and is treated with additional protections.
• Booking & payment information — appointment history, deposit and payment transaction records (processed via Timely and its payment providers).
• Communication preferences — whether you have opted in to receive marketing emails, SMS, or other communications from us.
• Technical & website usage information — IP address, browser and device type, pages viewed, referring URLs, and information collected through cookies and similar technologies (see Section 7).

3. How we collect your information

We collect personal information directly from you when you:

• Book or enquire about an appointment online, by phone, by email, or in person.
• Complete an intake or consultation form before or during a session.
• Subscribe to our marketing communications.
• Contact us with a question, request, or complaint.

We also collect technical information automatically when you visit our website (see Section 7). In limited cases, we may receive information about you from third parties — for example, a person who refers you to the clinic — but only where they are entitled to share that information with us.

4. Why we collect it & how we use it

We use your personal information to:

• Provide the treatments and services you book with us.
• Maintain accurate clinical records and treatment plans.
• Communicate with you about your appointments, treatment progress, and follow-up care.
• Process payments, deposits, and refunds via our booking system.
• Send you marketing communications about our services, new treatments, and offers — but only where you have opted in to receive them. You can opt out at any time.
• Improve our website, services, and client experience, including through analytics and customer feedback.
• Comply with our legal, regulatory, and professional obligations.

5. Who we share your information with

We do not sell your personal information. We may share it with trusted third parties only where necessary to deliver our services, comply with law, or operate our website:

• Booking & payment services — Timely (our booking platform) and its payment processors handle appointment scheduling and deposit transactions.
• Analytics & advertising platforms — Google Analytics, Google Tag Manager, and Meta (Facebook and Instagram) help us understand website usage and measure the effectiveness of our advertising. For conversion measurement we may also send irreversibly hashed (SHA-256) versions of your email address and phone number to Meta and Google so that they can confirm an ad they showed you led to a booking, without sharing your contact details in readable form. These platforms may transfer data overseas (see Section 9).
• Healthcare professionals — where clinically relevant and with your consent, we may share treatment information with your GP, dermatologist, or other treating practitioners.
• Legal & regulatory bodies — where required or authorised by law, or to respond to a valid legal request.

6. Clinical photography

Before-and-after photography is part of how we measure treatment outcomes. Photographs of your skin are stored securely as part of your clinical record. We will not use your photographs for marketing, social media, or any external purpose without your separate, specific written consent. You can withdraw that consent at any time, and we will remove the relevant images from any public-facing context as soon as reasonably practicable.

7. Cookies & website tracking

Our website uses cookies and similar technologies to remember your preferences, measure traffic, and improve your experience. The main tracking technologies we use are:

• Google Analytics 4 & Google Tag Manager — aggregate website analytics.
• Meta Pixel & Conversions API — measures the effectiveness of our Facebook and Instagram advertising and helps us reach similar audiences.

You can control cookies through your browser settings or opt out of personalised advertising via the relevant platform's settings.

8. Storage & security

We store your information in secure cloud-based systems and physical records held at the clinic. Access is restricted to authorised staff and contractors who require it to deliver services or operate the business. We use reasonable technical and administrative measures to protect personal information against loss, misuse, unauthorised access, modification, and disclosure.

Health records are retained for the period required by Australian health record-keeping standards (currently a minimum of seven years after the last treatment, or longer where the client was a minor at the time of treatment). Marketing and non-clinical information is retained only as long as needed for the purpose it was collected.

9. Overseas data transfers

Some of the service providers we rely on — including Timely, Google, and Meta — store or process information outside Australia (typically in the United States, the European Union, or other jurisdictions where their data centres operate). Where we transfer your personal information overseas, we take reasonable steps to ensure it remains protected to a standard consistent with the APPs.

10. Your rights

You have the right to:

• Request access to the personal information we hold about you.
• Request that we correct or update any inaccurate, incomplete, or out-of-date information.
• Withdraw consent to marketing communications at any time (use the unsubscribe link in any email, reply STOP to any SMS, or contact us directly).
• Withdraw consent for the use of your photography in any external context.
• Lodge a complaint if you believe we have mishandled your information.

To exercise any of these rights, contact us at the address in Section 12 below.

11. Children

Our services are intended for clients aged 18 and over. Where treatment is provided to a minor, it is only with the express written consent of a parent or guardian, and only for treatments clinically appropriate for that age.

12. Contact us & complaints

For any privacy enquiry, request, or complaint, please contact us:

• Email: hello@pmaestheticsco.com.au
• Phone: 0479 123 182
• Post: PM Aesthetics & Co., Unit 1, 9 Bradshaw Crescent, Manning WA 6152

We will acknowledge any complaint within a reasonable period and aim to respond substantively within 30 days. If you are not satisfied with our response, you can refer the matter to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

13. Changes to this policy

We may update this policy from time to time to reflect changes to our practices, technology, or legal obligations. The current version will always be available on this page, with the “Last updated” date at the top.