Request Consultation

Privacy Policy


We are committed to protecting the privacy of patient information and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles and relevant State and Territory privacy legislation (referred to as privacy legislation).

This Privacy Policy explains how we collect, use and disclose your personal information, how you may access that information and how you may seek the correction of any information. It also explains how you may make a complaint about a breach of privacy legislation.

This Privacy Policy is current from 2019. From time to time we may make changes to our policy, processes and systems in relation to how we handle your personal information. We will update this Privacy Policy to reflect any changes. Those changes will be available on our website and in our practice.


We collect information that is necessary and relevant to provide you with medical care and treatment, and manage our medical practice. This information may include your name, address, date of birth, gender, health information, family history, and contact details. This information may be stored in our medical records system and wherever practicable we will collect information from you personally. However, we may also need to collect information from other sources such as treating specialists, radiologists, pathologists, hospitals and other health care providers. In emergency situations, we may also need to collect information from your relatives or friends.

We collect your personal information from you in various ways, such as over the phone (including by way of telephone calls), in person at one of our offices, via email and over the internet if you transact with us online. We collect your personal information when you enquire about products or services we offer, subscribe to our email news, have telephone conversations with us or otherwise transact with us.  This information may be collected by medical and non-medical staff.  

We may be required by law to retain medical records for certain periods of time depending on your age at the time we provide services.

Use and Disclosure

We will treat your sensitive information as strictly private and confidential. We will only use or disclose it for purposes directly related to your care and treatment, or in ways that you would reasonably expect that we may use it for your ongoing care and treatment. For example, the disclosure of blood test results to your specialist, or communications with your other treating health professional/s or requests for x-rays.

There are circumstances where we may be permitted or required by law to disclose your personal information to third parties. For example, to Medicare, Police, insurers, solicitors, government regulatory bodies, tribunals, courts of law, hospitals, or debt collection agents. We may also from time to time provide deidentified statistical data to third parties for research purposes.

We may disclose information about you to outside contractors to carry out activities on our behalf, such as our website and marketing provider, IT service provider, solicitor or debt collection agent. We impose security and confidentiality requirements on how they handle your personal information. Outside contractors are required not to use information about you for any purpose except for those activities we have asked them to perform.

Data Quality and Security

We endeavour to keep sensitive information safe by taking all reasonable precautions to protect personal information from misuse, loss and unauthorised access, modification or disclosure. For this purpose our staff may ask you to confirm that your contact details are correct when you attend a consultation. We request that you let us know if any of the information we hold about you is incorrect or out of date.  Our staff receive ongoing training and information on the Australian Privacy Principles and the Privacy Act.

Storage and Security of Sensitive Information

We endeavour to keep personal information safe by taking all reasonable precautions to protect personal information from misuse, loss and unauthorised access, modification or disclosure. Our staff receive training and information on the Australian Privacy Principles and the Privacy Act.

AR Plastic Surgery takes all reasonable steps to keep secure personal information recorded and to keep this information accurate and up to date. The personal information is stored on secure servers in digital format, including on servers located in the United States and EU, or in locked/alarmed areas if in hardcopy format. AR Plastic surgery employees and data processors are obliged to respect the confidentiality of any personal and/or sensitive information held by us. AR Plastic Surgery only permits authorised personnel to access your information and information will only be disclosed to third parties where they have the appropriate authority. We destroy or de-identify personal information we no longer need or we are no longer required by law to keep, wherever possible.  

Sensitive information that we hold is protected by:

  • Securing our premises appropriately and with monitored alarm surveillance;

  • Where available we utilise 2 factor authentication for more secure logins and varying access levels on databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure; and

  • Online patient forms are protected with:  256 bit SSL (Secure Socket Layer) connection that uses a SHA256 Certificate. This is the same level of protection used by online banking or e-commerce providers.  Form submission data is also transferred and stored in a secure format using the RSA-2048 algorithm while encrypting your form data.  Online patient forms are also HIPAA compliant. HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. You can learn more about HIPAA compliance here


If you believe that the information we have about you is not accurate, complete or up-to-date, we ask that you contact us in writing (see details below).


You are entitled to request access to your medical records. We request that you direct your request for access in writing to The Practice Manager and we will respond to it within a reasonable time frame.

There may be a fee for the administrative costs of retrieving and providing you with copies of your medical records.

We may deny access to your medical records in certain circumstances permitted by law, for example, if disclosure may cause a serious threat to your health or safety. We will always tell you why access is denied and the options you have to respond to our decision.

Collecting through our websites

AR Plastic Surgery has it own public website — We also have a web blog where we allow comments.

Where our website allows you to make comments or give feedback we collect your email address and sometimes other contact details. We may use your email address to respond to your feedback. 

AR Plastic Surgery may employ other companies or service providers to assist us in providing our services, including (but not limited to) marketing, market research, hosting and product development services, analysis of client lists and/ or consulting services. These third parties may have access to personal information that is needed to perform their specific function. They cannot use that information for any other purpose.

Analytic, session and cookie tools

We use tracking technologies such as cookies or web beacons to make use of the website and services as convenient as possible. Cookies are pieces of information that a website transfers to a computer’s hard disk for record keeping purposes. Web Beacon is a technical method that sends information related to the access to websites, when you browse websites, open or preview an HTML-formatted email. Most web browsers are set to accept tracking technologies such as cookies or web beacons. These tracking technologies do not themselves personally identify users, although they do identify a user’s browser. These tracking technologies allow us to monitor AR Plastic Surgery’s website, and to record how many people are using the different parts of the site. It is possible to set the browser to refuse tracking technologies such as cookies or web beacons, however, this may limit the services provided by our website.

We use a range of tools provided by third parties, to collect or view website traffic information. These sites have their own privacy policies. 

The information collected by these tools may include the IP address of the device you are using and information about sites that IP address has come from, the pages accessed on our site and the next site visited. We use the information to maintain, secure and improve our websites and to enhance your experience when using them. In relation to Google Analytics you can opt out of the collection of this information using the Google Analytics Opt-out Browser Add-on.

Social Networking Services

We use social networking services such as Facebook, YouTube, Instagram and LinkedIn to communicate with the public about our work and our business. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the general public. The social networking service will also handle your personal information for its own purposes. These sites have their own privacy policies.

Electronic forms

AR Plastic surgery uses an electronic form to service to collect patient health history.  When you submit a form using this service it is encrypted and stored in a secure server which is HIPPA compliant and in keeping with The Australian Privacy Principles. Once the form is downloaded, it is deleted from that server. Saved forms that have not been submitted within the timeframe specified on the form will also be deleted from the server. We will not access or download your saved forms before you submit. 

Email lists

We collect your email and, if you provide it, other contact details when you subscribe to our email lists. We only use this information for the purpose of sending you regular updates on the activities of the our practice.  

Our practice also regularly uses email as a form of communication, however, we cannot guarantee that email is always a secure form of communication.

Receiving marketing material from us

It is our aim to provide you with information and education about our services and our team. To do this, unless you opt-out, we use the information that you provide to us to better understand your needs. We then provide you with information, marketing materials, and related publications by phone, text message, postal mail or email about products and services that we believe may be of interest to you, as well as access to offers and competitions. 

Direct marketing will not contain any of your sensitive personal information. We provide you with a choice to opt out of our marketing activities, and will respect your request not to receive marketing material from us. If you do not wish to receive marketing material from us, we ask you to contact us and at any time or by following the opt out instructions provided in the marketing communication. You should inform us if you do not want your personal information to be used and disclosed for marketing purposes. We will implement your request as soon as we can, and apologise if you do receive any materials during the intervening period.


If you have a complaint about the privacy of your personal information, we request that you contact the Practice Manager in writing. Upon receipt of a complaint we will consider the details and attempt to resolve it in accordance with our complaints handling procedures.

If you are dissatisfied with our handling of a complaint or the outcome you may make an application to the Australian Information Commissioner or the Privacy Commissioner in Queensland.

Overseas Transfer of Data

AR Plastic Surgery uses a range of third party software applications that have data centres based in the USA and EU.  These applications have privacy policies in keeping with The Australian Privacy Principles.  We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of sensitive information is protected and maintained. AR Plastic Surgery may change this privacy policy from time to time at AR Plastic Surgery’s sole discretion.


Please direct any queries, complaints, requests for access to medical records to:

The Practice Manager

Aesthetic & Reconstructive Plastic Surgery

Wesley Medical Centre

Suite 50/40 Chasely St

Auchenflower Qld 4066

Updated: 21 October 2023