1. Background

Yu & Co Skin Clinic (we, us, our) provides aesthetic and skin treatments and related products. In providing these services, we collect, use and disclose personal information. Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

We are committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, use, disclose and otherwise handle personal information. It also tells you how you can ask to access and correct the personal information we hold about you or complain about a suspected privacy breach.

We are required to comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). The APPs regulate the manner in which personal information is handled. We are also required to comply with more specific privacy legislation in some circumstances, such as applicable State and Territory health privacy legislation, the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).

2. What Types of Information Do We Collect?

2.1 Personal Information

The type of personal information that we collect and hold about you depends on the type of dealings that you have with us. If we need to identify you or verify your identity, we may collect your name, gender, date of birth, Medicare card number, driver’s licence and/or passport details. If we need to communicate with you, we may collect your email, residential and postal addresses and telephone numbers. To help us improve our services, we may collect your responses to surveys and details about how, when and why you access our services.

We only provide treatment to individuals aged 18 years and over. We do not collect or hold personal information about individuals under the age of 18.

2.2 Sensitive Information

Sensitive information is personal information such as health information and information about racial or ethnic origin that is generally afforded a higher level of privacy protection.

We only collect sensitive information where it is reasonably necessary for our business functions and you have consented, or we are required to do so by law. This may include information about your medical history, skin conditions, allergies, treatments, medications, lifestyle factors, or other health information relevant to the services we provide.

2.3 Non-Personal Information

When you visit our website, some of the information collected about your visit is not personal information because it does not reveal your identity. We use this information to help improve our services and for marketing purposes. We may aggregate this information for statistical purposes. Provided that it remains anonymous, we may disclose that aggregated information to third parties or publish it for marketing or research purposes.

Site Visit Information:

We may record your server address, the date, time and duration of your visit, search terms you used, the pages you viewed, any documents you downloaded and the type of device, browser and operating system you used.

Cookies:

A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use do not identify individual users. We use cookies to hold anonymous session information. This information is used to personalise your current visit to the website and may also be used as a basis for targeting online advertising. Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your browser settings to reject cookies or notify you when they are being used. Rejecting cookies may limit the functionality of our website.

3. How Do We Collect Personal Information?

We will collect personal information by lawful and fair means as required by the Privacy Act. We will also collect personal information directly from you where this is reasonable and practicable.

We collect personal information in a number of ways, including:

- Directly from you in person, over the phone, through written communications (either paper or electronic) or by you completing forms or answering questions on our website;

- From third parties, direct marketing database providers, government agencies, and your authorised representatives;

- From our own records of your use of our services.

Where we collect personal information directly from you, we will take reasonable steps to notify you of certain matters in a collection notice at or before the time of collection, or as soon as practicable afterwards.

Where we collect information about you from your authorised representative, we will take reasonable steps to make sure that you are made aware of the collection. If you provide us with personal information about someone else (as their authorised representative), we rely on you to inform them and to advise them that we can be contacted for further information.

4. Why Do We Collect, Hold, Use and Disclose Your Personal Information?

The main purposes for which we collect, hold, use and disclose personal information are to:

- Identify you and verify your identity;

- Communicate with you about our services;

- Provide our services to you, including facilitating your access to our treatment services and obtaining payment;

- Help us improve our services;

- Fulfil administrative, marketing, promotional, planning and quality control functions;

- For any other purposes to which you have consented; or

- As otherwise required or permitted by law.

Where we have your express or implied consent, or where permitted by law, we may use your personal information to send you information about the services we offer. We may send this information by mail, email, SMS or telephone.

Opting Out:

You can opt out of receiving marketing communications at any time by contacting us or using the unsubscribe facility included in our commercial electronic messages.

5. To Whom Do We Disclose Your Personal Information?

We may disclose your personal information to organisations that we deal with in the ordinary administration of our business for the purposes set out above, including:

- Information technology service providers (including cloud service providers);

- Marketing, communications and research agencies;

- Mailing houses, postal, freight and courier service providers;

- Printers and distributors of direct marketing material;

- External business advisers (such as auditors and legal advisers).

We may de-identify and aggregate the personal information of you and others for statistical purposes. Provided that it remains permanently de-identified, we may disclose that aggregated information to third parties or publish it for marketing or research purposes.

We do not disclose personal information to overseas recipients.

6. Data Quality and Security

We hold personal information in electronic databases, email contact lists, and in paper files held in secure premises. Paper files may also be archived offsite in secure facilities. We take reasonable steps to:

- Ensure that the personal information we collect, use and disclose is accurate, up to date and complete;

- Protect the personal information we hold from misuse, interference and loss and from unauthorised access, modification or disclosure;

- Destroy or permanently de-identify personal information that is no longer needed for any purpose permitted by the APPs.

We use a range of physical, technical and administrative security measures, including encryption, firewalls, antivirus software, password protection, secure office access, staff training and confidentiality agreements.

Payment Security:

We process payments using EFTPOS and online technologies. All transactions processed meet industry security standards to ensure payment details are protected.

Website Security:

While we strive to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information disclosed online. If you are concerned, you may contact us by post or email (see Section 9).

7. How Can You Access and Correct Your Personal Information?

You may request access to the personal information we hold about you and request corrections by contacting our Privacy Officer (see Section 9 below).

8. Complaints

If you have a complaint about how we have handled your personal information, please contact our Privacy Officer (see Section 9 below). We will endeavour to deal with your complaint promptly and in accordance with our legal obligations. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

9. Changes to This Policy

We may amend this Privacy Policy from time to time. The current version will be posted on our website, and a copy may be obtained by contacting us.