AVERY AESTHETICS
Avery Reconstructive & Aesthetic Plastic Surgery
Privacy Policy
Effective Date: 11 April 2026 | Version 1.0
Avery Reconstructive & Aesthetic Plastic Surgery ABN [INSERT ABN], trading as Avery Aesthetics ("Avery," "we," "us," or "our"), is committed to protecting your personal information and handling it in an open and transparent way. This Privacy Policy explains how we collect, use, hold, disclose, and protect your personal information, including sensitive information such as health information.
This Policy applies to all personal information we collect in connection with our clinical services, the Avery Aesthetics Education Hub, The Reset Post-Summer Skin Intelligence Programme, our website, and any other services or products we offer.
We are bound by the Privacy Act 1988 (Cth) ("Privacy Act"), the Australian Privacy Principles ("APPs") contained in Schedule 1 of that Act, and the Health Privacy Principles under applicable New South Wales health privacy legislation, including the Health Records and Information Privacy Act 2002 (NSW) ("HRIP Act"). Where your information is health information, the more protective of these frameworks applies.
By using our services, participating in the Programme, or providing us with your personal information, you agree to the collection, use, and disclosure of your information in accordance with this Policy.
1. What Personal Information We Collect
1.1 General Personal Information
We may collect the following categories of personal information from you:
- Identity information: your name, date of birth, and gender.
- Contact information: your email address, phone number, and mailing address.
- Payment information: your payment card details (processed and stored securely by Stripe — Avery does not store full card numbers).
- Programme information: your responses to the Avery Skin Intelligence Quiz, your allocated skin type result, and your participation status in The Reset or any other Avery programme.
- Communications: records of correspondence with Avery by email, phone, or in person.
- Website and digital information: IP address, browser type, pages visited, and referral source, collected automatically via cookies and analytics tools when you use our website or digital content.
1.2 Sensitive Information — Health Information
Because Avery Aesthetics is a clinical practice, we collect health information about you in connection with our services. Health information is a category of sensitive information under the Privacy Act and the HRIP Act and is afforded a higher level of protection.
Health information we collect may include:
- Your skin type, skin concerns, and post-summer skin condition as reported in the Skin Intelligence Quiz and in consultation.
- Clinical imaging data obtained during the complimentary Skin Analysis Appointment, including images and reports generated by the clinical imaging system.
- Your medical history, known allergies, medications, and contraindications, as disclosed by you during consultation or in pre-appointment intake forms.
- Clinical assessment notes and treatment records from any consultation or treatment received at Avery Aesthetics.
- Any other health information you voluntarily provide to us.
We will only collect sensitive information about you with your consent, or where permitted or required by law.
1.3 Information We Collect from Third Parties
In some circumstances, we may receive information about you from third parties — for example, from a referring general practitioner or specialist, or from another treating clinician with your consent. We handle any such information in accordance with this Policy.
2. How We Collect Your Personal Information
We collect personal information in the following ways:
- Directly from you: when you purchase The Reset or another programme, complete the Skin Intelligence Quiz, book an appointment, attend an appointment, submit an enquiry, subscribe to our email list, or otherwise communicate with us.
- Automatically: when you visit our website, interact with our digital content, or open our emails, through cookies, analytics platforms, and email tracking technology.
- From payment processors: Stripe provides us with transaction confirmation and limited payment details necessary to process your purchase and manage refunds.
- From referring practitioners: where a referring clinician shares relevant clinical information with us with your consent.
Where it is reasonable and practicable to do so, we will collect personal information directly from you. If we collect your information from a third party, we will take reasonable steps to notify you of that collection unless doing so is impracticable or would be inconsistent with our legal obligations.
3. Why We Collect Your Personal Information — Purposes of Collection
3.1 Primary Purposes
We collect and use your personal information for the following primary purposes:
- To deliver The Reset Programme and any other Avery Aesthetics services you have purchased or enrolled in, including delivering your personalised education module, preparing your skin type-matched sample kit, and conducting your Skin Analysis Appointment and Clinical Consultation.
- To communicate with you about your Programme participation, appointment bookings, and treatment pathway.
- To process your payment and manage any refund requests.
- To maintain accurate clinical records in connection with any in-clinic services received.
- To fulfil our legal and ethical obligations as a clinical practice, including obligations under AHPRA standards for practitioner-led aesthetic services.
3.2 Secondary Purposes
We may also use your personal information for the following secondary purposes, where you have provided consent or where permitted by law:
- To send you marketing communications about Avery Aesthetics services, programmes, and educational content, where you have opted in to receive such communications.
- To conduct internal quality improvement, programme evaluation, and service development activities, using de-identified or aggregated data.
- To comply with legal, regulatory, and reporting obligations, including reporting required under AHPRA, the Therapeutic Goods Administration (TGA), or any other regulatory body.
- To protect the rights, property, or safety of Avery Aesthetics, its staff, its patients, or the public.
3.3 Consequences of Not Providing Information
If you choose not to provide certain personal information, we may not be able to deliver the Programme or provide clinical services to you. We will advise you at the time of collection if providing particular information is mandatory and what the consequences of not providing it are.
4. How We Use and Disclose Your Personal Information
4.1 Internal Use
Your personal information is accessed by Avery Aesthetics staff and treating clinicians on a need-to-know basis for the purposes described in Section 3. Clinical records are accessible only to clinically authorised personnel.
4.2 Disclosure to Third-Party Service Providers
We engage third-party service providers who assist in delivering our services. These providers may receive your personal information only to the extent necessary to perform their services on our behalf, and are bound by confidentiality obligations and, where applicable, the Australian Privacy Principles. Our current service providers include:
- Stripe Inc. — payment processing. Your payment card data is transmitted directly to Stripe and is subject to Stripe's Privacy Policy. Avery does not store full payment card numbers.
- Mailchimp / Klaviyo — email marketing and automated email delivery. Your email address, name, and programme status are shared with our email platform to deliver Programme emails and, where you have consented, marketing communications.
- Cliniko or equivalent practice management software — appointment booking, clinical record management, and patient communication.
- Website analytics platforms (e.g., Google Analytics) — de-identified and aggregated data about website usage. Where these platforms process any personal data, we have configured them in accordance with applicable privacy requirements.
We will not disclose your personal information to any third party for their own marketing purposes without your express consent.
4.3 Disclosure Required by Law
We may be required to disclose your personal information to a government body, regulatory authority, law enforcement agency, or court where required or authorised by law. Where we are not legally prohibited from doing so, we will take reasonable steps to notify you of any such required disclosure.
4.4 Disclosure with Your Consent
With your express consent, we may share your clinical information with other treating practitioners, your general practitioner, or a specialist involved in your care. We will seek your consent before doing so and you may withdraw consent at any time, subject to legal and clinical record-keeping obligations.
4.5 Overseas Disclosure
Some of our third-party service providers (including Stripe and Mailchimp/Klaviyo) are based overseas or process data on servers located overseas, including in the United States. By using our services, you consent to the transfer of your personal information to these providers in accordance with Australian Privacy Principle 8. We take reasonable steps to ensure that these providers maintain privacy protections that are broadly comparable to the Australian Privacy Principles.
5. Health Information — Additional Protections
5.1 Health information about you collected in the course of providing clinical services is a clinical record. It is held, used, and disclosed in accordance with the Privacy Act 1988 (Cth), the Health Records and Information Privacy Act 2002 (NSW), and the AHPRA Code of Conduct applicable to our registered practitioners.
5.2 Your health information will not be used or disclosed for any purpose other than providing your clinical care, managing our clinical operations, complying with legal obligations, or as otherwise described in this Policy, without your express written consent.
5.3 Clinical imaging data obtained during your Skin Analysis Appointment — including images generated by our imaging system — forms part of your clinical record and is stored securely within our practice management system. These images will not be used in any marketing, social media, training, or publication material without your separate, specific, written consent.
5.4 Any request by a third party (including insurance companies, employers, or other practitioners) for access to your health information will require your written authority unless we are required to disclose by law.
6. Cookies and Website Analytics
6.1 Our website and digital Programme content use cookies — small data files stored on your device — to support the functionality of our website, remember your quiz progress, and collect analytics data about how our site is used.
6.2 We use analytics tools including Google Analytics to collect de-identified and aggregated data about website traffic and usage patterns. This data does not identify you personally and is used to improve our website and Programme.
6.3 We use advertising pixels — including the Meta (Facebook) Pixel and Google Ads conversion tracking — to measure the effectiveness of our advertising campaigns and to show relevant advertising to people who have visited our website. These pixels collect data about your interaction with our website and may connect that data with your social media profile or Google account, subject to Meta's and Google's respective privacy policies.
6.4 You may configure your browser to refuse cookies or to alert you when cookies are sent. However, some features of our website or digital content may not function correctly if cookies are disabled.
6.5 You may opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-On, available at tools.google.com/dlpage/gaoptout.
7. Direct Marketing and Communications
7.1 We may send you marketing communications about Avery Aesthetics services, new programmes, and educational content where you have provided consent to receive such communications — for example, by subscribing to our email list or by opting in at the time of Programme purchase.
7.2 All marketing emails include an unsubscribe link. You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at [INSERT EMAIL]. Opting out of marketing communications will not affect transactional emails related to your Programme participation or clinical appointments.
7.3 We will not send marketing communications to you using information collected solely from your clinical health record, unless you have given separate consent for this purpose.
7.4 We comply with the Spam Act 2003 (Cth) in relation to all commercial electronic messages.
8. How We Hold and Protect Your Personal Information
8.1 We store personal information in a combination of secure electronic systems and, where applicable, physical records. Electronic records are held within password-protected and access-controlled systems. Clinical records are held within our practice management software, which applies encryption and role-based access controls.
8.2 We take reasonable steps to protect the personal information we hold from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. These measures include:
- Role-based access controls limiting staff access to information on a need-to-know basis.
- Encryption of data in transit (TLS/SSL) across all digital platforms.
- Secure payment processing via Stripe, which is PCI DSS compliant. Avery does not store full payment card data.
- Regular review of our data security practices.
8.3 Despite our reasonable security measures, no data transmission over the internet or electronic storage system is completely secure. We cannot guarantee the absolute security of information transmitted to us electronically. If you become aware of any suspected security breach affecting your information, please contact us immediately at [INSERT EMAIL].
8.4 In the event of an eligible data breach under the Notifiable Data Breaches scheme (Privacy Act Part IIIC), we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required by law.
9. Retention of Personal Information
9.1 We retain personal information for as long as is necessary to fulfil the purposes for which it was collected, or as required by law.
9.2 Clinical health records are retained in accordance with the minimum retention periods required under applicable NSW legislation. For adult patients, clinical records are generally retained for a minimum of seven years from the date of the last entry, or until the patient turns 25 years of age (whichever is the later), in accordance with the Health Records and Information Privacy Act 2002 (NSW) and relevant AHPRA guidelines.
9.3 Non-clinical personal information (such as Programme purchase records and email communications) is retained for as long as is reasonably necessary for our business and legal purposes, and then securely destroyed or de-identified.
9.4 Where you request deletion of your personal information and we are not legally required to retain it, we will take reasonable steps to delete or de-identify it within a reasonable timeframe.
10. Your Rights — Access, Correction, and Complaints
10.1 Right of Access
You have the right to request access to the personal information we hold about you. To make an access request, please contact us in writing at [INSERT EMAIL] or [INSERT MAILING ADDRESS]. We will respond to your request within 30 days. In some circumstances, we may be unable to provide access — for example, where doing so would pose a serious threat to the life or health of another person, or where access is restricted by law. Where we decline access, we will explain the reason in writing.
We may charge a reasonable fee to cover the cost of providing access to clinical records, in accordance with the HRIP Act. We will advise you of any applicable fee before processing your request.
10.2 Right of Correction
If you believe that personal information we hold about you is inaccurate, out of date, incomplete, or misleading, you have the right to request that we correct it. We will take reasonable steps to correct the information and will respond to your request within 30 days. If we do not agree that a correction is warranted, we will explain our reasons and you may request that we associate a statement of your disagreement with the record.
10.3 Withdrawing Consent
Where we rely on your consent to collect, use, or disclose your personal information, you may withdraw that consent at any time by contacting us at [INSERT EMAIL]. Withdrawal of consent does not affect the lawfulness of any collection, use, or disclosure that occurred before your withdrawal. Withdrawal of consent for certain uses of your information may mean that we can no longer provide you with the relevant service.
10.4 Making a Complaint
If you have a complaint about the way we have handled your personal information, we encourage you to contact us first so we have an opportunity to resolve it directly.
To make a complaint:
- Contact our Privacy Officer in writing at [INSERT EMAIL] or [INSERT MAILING ADDRESS].
- Describe your complaint and the outcome you are seeking.
- We will acknowledge your complaint within 5 business days and will respond in full within 30 days.
If you are not satisfied with our response, or if you do not wish to contact us directly, you may lodge a complaint with:
- The Office of the Australian Information Commissioner (OAIC) at oaic.gov.au, for complaints under the Privacy Act 1988 (Cth).
- The NSW Privacy Commissioner at ipc.nsw.gov.au, for complaints about health information under the HRIP Act 2002 (NSW).
11. Children's Privacy
Our services are directed at adults aged 18 years and over. We do not knowingly collect personal information from persons under 18 years of age without verified parental or guardian consent. If you are under 18 and wish to participate in The Reset or any Avery Aesthetics programme, a parent or legal guardian must provide consent on your behalf and may be required to attend appointments with you. If we become aware that we have inadvertently collected information from a person under 18 without appropriate consent, we will take steps to delete that information promptly.
12. Anonymity and Pseudonymity
Where it is lawful and practicable, you have the option of not identifying yourself, or of using a pseudonym, when interacting with us. However, for the delivery of clinical services and The Reset Programme (including bag collection, the Skin Analysis Appointment, and the Clinical Consultation), we require you to be identified so that we can provide the service safely and maintain accurate clinical records.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or regulatory requirements. Where we make material changes, we will provide notice by updating the effective date at the top of this Policy and, where appropriate, by notifying you directly by email. We encourage you to review this Policy periodically. Your continued use of our services after any amendment constitutes acceptance of the updated Policy.
14. Contact Us — Privacy Enquiries
For all privacy-related enquiries, access requests, correction requests, or complaints, please contact our Privacy Officer:
Privacy Officer — Avery Aesthetics
Avery Reconstructive & Aesthetic Plastic Surgery
[INSERT STREET ADDRESS], Newcastle, NSW, Australia
Email: [INSERT PRIVACY EMAIL]
Phone: [INSERT PHONE]
Website: averyaesthetics.com.au
For complaints to external regulators:
- Office of the Australian Information Commissioner (OAIC): oaic.gov.au | 1300 363 992
- NSW Information and Privacy Commission: ipc.nsw.gov.au | 1800 472 679
Know your skin. Reset your summer.
Avery Aesthetics — Newcastle, NSW | Dr Gary Avery (Medical Director) | Sam Avery (Practice Coordinator)
CONFIDENTIAL — INTERNAL DRAFT — Recommend independent legal review before publi