Privacy Policy

1. Our Commitment

Anova Skin Clinic protects your personal and health information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Notifiable Data Breaches (NDB) scheme.

2. Information We Collect

2.1. Booking & Personal Information

When booking through Timely, you provide your name, date of birth, email address, phone number, and gender. Emergency contact details and medical history are collected via a consultation form completed prior to your appointment.

2.2. Health & Skin Information

Your dermal clinician collects:

• Current medications, medical conditions, skin conditions, and allergies
• Previous treatment history, including cosmetic and medical procedures
• Skin analysis findings, clinical observations, and treatment notes
• Signed consent forms and, where applicable, parental or guardian consent

2.3. Clinical Photography

Standardised photographs are taken using the Clinical Imaging Australia system to document your skin baseline, track progress, and support consistent treatment delivery. Images are stored in our secure Clinical Imaging Australia system and are health information under the Privacy Act 1988.

Where Anova Skin Clinic seeks to use before-and-after images for marketing or social media, you will be asked to sign a Photography Release Consent Form. Signing is entirely voluntary and has no bearing on the treatment you receive.

2.4. Payment Information

Deposits are processed online via Timely’s secure payment infrastructure. In-clinic payments are processed via the TimelyPay terminal through Stripe, a PCI-DSS Level 1 compliant payment processor.

2.5. Website & Booking System Data

Basic usage data (device type, browser, IP address, pages visited) may be collected when you use our website or Timely booking portal, solely for system security and service improvement.

3. How We Use Your Information

Your information is used solely to:

• Schedule and manage appointments via Timely
• Conduct skin consultations and deliver treatments safely
• Maintain clinical records and track treatment progress
• Process payments via TimelyPay
• Send appointment reminders and follow-up communications
• Comply with legal, clinical, and professional obligations

We do not use your information for direct marketing without your explicit opt-in consent.

4. Third-Party Systems

4.1. Timely

Timely (operated by Timely Limited) manages our bookings, client records, and payments. Data is transmitted via SSL/TLS encryption, stored in secure cloud infrastructure with role-based access controls, and is not sold to third parties. Timely’s Privacy Policy is available at gettimely.com.

4.2. Clinical Imaging Australia

Clinical photographs are stored in a password-protected database on our clinic’s networked hardware, tagged with client name, procedure, and date. Access is restricted to authorised clinic staff and the treating dermal clinician. Clinical Imaging Australia does not retain ongoing access beyond installation and technical support.

5. Data Storage & Security

The following measures protect your information:

• All client data and clinical photographs are accessible only by authorised staff via individual login credentials
• Access is restricted on a need-to-know basis, and all staff are trained in their privacy obligations
• Physical records are held in locked storage accessible only to authorised personnel

In the event of a data breach likely to cause serious harm, we will notify affected clients and the OAIC as required under the NDB scheme.

6. Data Retention

We retain information only as long as necessary or as required by law:

• Health records (clinical photographs, treatment notes, consent forms): minimum 7 years from last treatment
• Booking and appointment data: 7 years
• Payment transaction records: in accordance with ATO requirements (generally 5-7 years)

Records are securely deleted once retention periods are met.

Clients Under 18

Clients under 18 require written consent from a verified parent or legal guardian prior to the first appointment, retained permanently on file. Treatment will not proceed without it.

All records for clients treated under 18 are retained until the client turns 25, or for 7 years from the date of last treatment – whichever is longer. This cannot be overridden by a client or guardian request for early deletion.

7. Disclosure of Your Information

We do not sell, rent, or trade your information. Disclosure occurs only:

• To other treating practitioners involved in your care, with your knowledge
• To Timely and Clinical Imaging Australia, strictly to operate those systems on our behalf
• Where required by law
• In an emergency, to protect your life or safety

Where platform providers use international cloud infrastructure, we take reasonable steps to ensure overseas handling is consistent with the APPs.

8. Your Rights

Under the Privacy Act 1988, you have the right to:

• Access your personal and health information held by us
• Request correction of inaccurate, incomplete, or outdated information
• Request deletion of your information (subject to retention obligations)
• Withdraw consent for photography or marketing use at any time

Contact us in writing to exercise any of these rights. We will respond within 30 days.

9. Feedback & Privacy Concerns

If you believe your privacy has not been respected, contact us in writing. We will acknowledge within 5 business days and respond in full within 30 days.

If you remain unsatisfied, you may contact the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001