Lapeau Medi Spa (“we”, “us”, “our”) is committed to protecting
the privacy of your personal information. This policy describes how we collect, use, store and disclose
personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian
Privacy Principles (APPs).
By using our website or booking a consultation, you acknowledge that you have read and understood this
privacy policy.
1. Information we collect
We may collect the following types of personal information:
- Identity information – name, date of birth, gender.
- Contact information – phone number, email address, postal address.
- Health information – medical history, skin concerns, treatment records, photographs
taken during consultations (with your consent). Health information is classified as “sensitive
information” under the Privacy Act and is subject to additional protections.
- Financial information – payment details processed securely through our third-party
payment providers. We do not store credit card numbers on our systems.
- Website usage data – IP address, browser type, pages visited and referring URLs,
collected via cookies and analytics tools.
2. How we collect information
We collect personal information:
- Directly from you – when you book a consultation, complete a health questionnaire, attend an
appointment, or contact us by phone, email or through our website.
- Through our online booking system – when you book a consultation or complete intake forms.
- Automatically – through cookies and analytics when you browse our website (see Section 8).
3. Why we collect information
We collect and use your personal information to:
- Provide, plan and manage your treatments safely and effectively.
- Communicate with you about appointments, treatment plans and aftercare.
- Process payments and manage billing.
- Comply with our legal and professional obligations, including record-keeping requirements under Victorian
health legislation.
- Improve our services and website experience.
- Send you information about our services, where you have opted in to receive marketing communications.
We will not use or disclose your health information for marketing purposes without your explicit consent.
4. Disclosure of information
We may disclose your personal information to:
- Our staff and practitioners involved in your care.
- Third-party service providers who assist our operations – including our payment processor
(Stripe) and website hosting providers. These providers are contractually required to handle your
information in accordance with the APPs.
- Regulatory or government bodies where required by law (for example, mandatory reporting obligations
under the Health Practitioner Regulation National Law).
We will not sell, rent or trade your personal information to third parties for their marketing purposes.
5. Storage and security
We take reasonable steps to protect your personal information from misuse, interference, loss, and
unauthorised access, modification or disclosure. Measures include:
- Secure, encrypted connections (HTTPS/TLS) for all data transmitted via our website.
- Access controls limiting staff access to information on a need-to-know basis.
- Secure storage of physical records at our clinic premises.
- Use of reputable, Australian-hosted or Privacy Act-compliant cloud services for digital records.
Health records are retained for the minimum periods required under Victorian law (currently seven years
from the date of last entry for adults, or until a patient turns 25 if treated as a minor – whichever
is later), after which they are securely destroyed.
6. Your rights
Under the Australian Privacy Principles, you have the right to:
- Access your personal information held by us.
- Request correction of information that is inaccurate, out of date or incomplete.
- Withdraw consent for marketing communications at any time.
- Make a complaint if you believe we have breached the APPs.
To exercise any of these rights, please contact us using the details in Section 10 below.
7. Before-and-after photographs
We may photograph treatment areas before and after procedures for clinical record-keeping and, with your
separate written consent, for use on our website and marketing materials. Photographs used publicly are
selected to protect your identity where possible and are never digitally altered to misrepresent treatment
outcomes.
You may withdraw consent for the public use of your photographs at any time. Withdrawal of consent does
not affect photographs retained as part of your clinical record.
8. Cookies and analytics
Our website uses cookies and similar technologies to analyse traffic and improve your browsing experience.
Specifically:
- Google Analytics – collects anonymised usage data (pages visited, session
duration, device type). Google Analytics uses cookies to identify unique visitors without personally
identifying them. You can opt out via the
Google Analytics
Opt-out Browser Add-on.
- Essential cookies – required for basic website functionality (session management,
security).
You can control cookies through your browser settings. Disabling cookies may affect some website features.
9. Third-party links
Our website may contain links to third-party websites (for example, our booking portal, social media
profiles, or external resources). We are not responsible for the privacy practices of these sites and
encourage you to review their privacy policies independently.
10. Contact us
If you have questions about this privacy policy, wish to access or correct your personal information, or
wish to make a privacy complaint, please contact us:
We will respond to your enquiry within 30 days. If you are not satisfied with our response, you may lodge
a complaint with the Office of the Australian Information Commissioner (OAIC).
11. Changes to this policy
We may update this privacy policy from time to time to reflect changes in our practices or legal
requirements. The updated policy will be published on this page with a revised “last updated”
date. We encourage you to review this page periodically.