1.1 Nastjalutietla Pty Ltd (ABN 97 698 216 616) (we, us, or our) is committed to protecting the privacy of your personal information, including your health information.
1.2 We provide healthcare services including “cosmetic medicine services”, “general practice and telehealth consultations”, “intravenous therapy services”, “medicinal cannabis consultations”, “peptide therapy consultations” from our premises located at Sydney, Australia and, where applicable, via telehealth.
1.3 This Privacy Policy explains how we collect, hold, use, and disclose your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).
1.4 By providing personal information to us, you consent to the collection, use, and disclosure of that information in accordance with this Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not provide personal information to us.
1.5 We may update this Privacy Policy from time to time. The current version will always be available on our website at https://www.cosmedicomply.com.au/. We encourage you to review this Privacy Policy periodically.
1.6 This Privacy Policy was last updated on 13 February 2026
2.1 In this Privacy Policy, unless the context otherwise requires:
APPs means the Australian Privacy Principles contained in Schedule 1 of the Privacy Act.
Health Information means information or an opinion about the health, including an illness, disability, or injury, of an individual; an individual’s expressed wishes about the future provision of health services to them; or a health service provided, or to be provided, to an individual. Health Information is a subset of Sensitive Information.
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
Privacy Act means the Privacy Act 1988 (Cth).
Sensitive Information means Personal Information that includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, Health Information, genetic information, biometric information, or biometric templates.
3.1 The types of Personal Information we may collect depend on your interactions with us. This may include:
Identity and contact information:
(a) name, address, telephone number, email address, and date of birth;
(b) Medicare number, health insurance details, and pension or concession card details;
(c) emergency contact details and next of kin information;
(d) photographic identification (e.g., driver’s licence, passport) where required for identity verification; and
(e) photographs or videos (where relevant to the provision of our services, such as for cosmetic procedures).
Health Information:
(f) medical history, including past and current medical conditions, surgeries, hospitalisations, and family medical history;
(g) current medications, allergies, and adverse reactions;
(h) results of medical examinations, tests, and diagnostic procedures;
(i) clinical notes, treatment plans, and records of consultations;
(j) referral letters and reports from other healthcare providers;
(k) mental health information where relevant to your treatment;
(l) information about your lifestyle that may be relevant to your health, including smoking status, alcohol consumption, diet, and exercise habits; and
(m) any other information relevant to providing you with healthcare services.
Financial information:
(n) credit card or bank account details for payment purposes; and
(o) billing and payment history.
Technical information (collected via our website):
(p) IP address, browser type, device information, and operating system;
(q) pages visited, links clicked, and time spent on our website; and
(r) information collected through cookies and similar technologies.
4.1 We collect Personal Information primarily from you directly, including when you:
(a) complete patient registration or intake forms;
(b) attend a consultation or receive treatment;
(c) communicate with us by telephone, email, post, or through our website;
(d) book an appointment through our website or reception;
(e) subscribe to our newsletter or mailing list;
(f) purchase products from us;
(g) complete surveys or provide feedback;
(h) apply for a position with us; or
(i) otherwise interact with us.
4.2 We may also collect Personal Information about you from third parties, including:
(a) other healthcare providers who refer you to us or from whom we seek clinical information;
(b) hospitals and diagnostic service providers;
(c) Medicare, the Department of Veterans’ Affairs, or your private health insurer;
(d) your nominated emergency contacts or family members (where you have consented or it is otherwise permitted);
(e) the My Health Record system, if you have a My Health Record and have not restricted access;
(f) the Therapeutic Goods Administration (TGA), in connection with Special Access Scheme applications or Authorised Prescriber notifications;
(g) pathology and radiology providers;
(h) publicly available sources; and
(i) your authorised representatives (such as a legal guardian, attorney under a power of attorney, or person responsible).
4.3 If you provide us with Personal Information about another person (such as a family member), you must ensure that you have their consent to do so and that they are aware of this Privacy Policy.
4.4 Where it is lawful and practicable, you may deal with us anonymously or using a pseudonym. However, if you do not provide certain Personal Information (particularly Health Information), we may be unable to provide you with our services or the quality of our services may be affected.
5.1 We collect, hold, use, and disclose your Personal Information for the following purposes:
Healthcare provision:
(a) to provide you with healthcare services, including consultations, diagnosis, treatment, and follow-up care;
(b) to communicate with you about your health, appointments, and treatment;
(c) to manage and coordinate your care with other healthcare providers;
(d) to maintain accurate and complete medical records;
(e) to process prescriptions and referrals;
(f) to comply with our legal and professional obligations as healthcare providers;
(g) to investigate and respond to clinical incidents and complaints;
(h) to conduct clinical audits and quality improvement activities; and
(i) to enable continuity of care if you see different practitioners within our practice.
Administrative and business purposes:
(j) to verify your identity and contact you;
(k) to process payments and manage billing, including Medicare and health fund claims;
(l) to manage appointments and send appointment reminders;
(m) to respond to your enquiries and requests;
(n) to manage our relationship with you as a patient;
(o) to improve our services and develop new services;
(p) to maintain and improve the security and functionality of our website;
(q) to comply with our legal, regulatory, and professional obligations; and
(r) to establish, exercise, or defend legal claims.
Marketing and communications:
(s) with your consent, to send you newsletters, health information, promotions, or other marketing communications.
5.2 We will only use or disclose your Personal Information for a purpose other than those listed above if:
(a) you have consented to the use or disclosure;
(b) you would reasonably expect us to use or disclose the information for that purpose and, in the case of Sensitive Information (including Health Information), the secondary purpose is directly related to the primary purpose of collection;
(c) the use or disclosure is required or authorised by or under an Australian law or court/tribunal order; or
(d) a permitted general situation or permitted health situation applies under the Privacy Act.
6.1 We may disclose your Personal Information to the following categories of recipients:
Healthcare providers and related parties:
(a) other healthcare providers involved in your care, such as general practitioners, specialists, allied health professionals, hospitals, pathology providers, and radiology providers;
(b) pharmacists for the purpose of dispensing prescriptions;
(c) your nominated emergency contact or next of kin in an emergency or where clinically appropriate;
(d) your legal guardian, attorney, or person responsible where relevant;
(e) medical defence organisations and professional indemnity insurers in connection with claims or potential claims; and
(f) health professional regulatory bodies (such as AHPRA) where required by law or in response to a complaint.
Government and regulatory bodies:
(g) Medicare Australia and the Department of Human Services for the purpose of processing Medicare claims;
(h) the Department of Veterans’ Affairs where applicable;
(i) the Therapeutic Goods Administration (TGA), including in connection with adverse event reporting, Special Access Scheme applications, or Authorised Prescriber notifications;
(j) state and territory health departments as required by law (e.g., for notifiable diseases or conditions);
(k) coroners, courts, and tribunals in response to lawful requests; and
(l) law enforcement agencies where required or authorised by law.
Service providers:
(m) our IT service providers, including providers of practice management software, cloud storage, and website hosting;
(n) payment processors and financial institutions;
(o) debt collection agencies where necessary;
(p) professional advisers, such as lawyers, accountants, and auditors;
(q) telehealth platform providers; and
(r) other third-party service providers who assist us in operating our practice, subject to appropriate confidentiality arrangements.
6.2 We will take reasonable steps to ensure that any third party to whom we disclose your Personal Information is bound by obligations to protect the privacy of that information.
6.3 We will not sell, rent, or trade your Personal Information to any third party for their marketing purposes.
7.1 If you have a My Health Record, we may upload information to, or access information from, your My Health Record in accordance with applicable law.
7.2 Information we may upload to your My Health Record includes:
(a) shared health summaries;
(b) event summaries relating to consultations;
(c) discharge summaries (if applicable);
(d) prescription and dispense records; and
(e) pathology and diagnostic imaging reports.
7.3 You have the right to control access to your My Health Record, including by:
(a) setting access controls to restrict which healthcare providers can access your record;
(b) restricting access to specific documents; and
(c) cancelling your My Health Record.
7.4 For more information about My Health Record, including how to set access controls, please visit www.myhealthrecord.gov.au or call the My Health Record helpline on 1800 723 471.
8.1 If you are a patient seeking access to medicinal cannabis, we may collect, use, and disclose additional Personal Information for the following purposes:
(a) assessing your eligibility for medicinal cannabis treatment;
(b) preparing and submitting applications to the Therapeutic Goods Administration (TGA) under the Special Access Scheme (Category B) or for Authorised Prescriber approval;
(c) complying with state and territory poisons legislation and permit requirements;
(d) reporting to the TGA as required under the Special Access Scheme or Authorised Prescriber scheme;
(e) liaising with pharmacies regarding the dispensing of medicinal cannabis products; and
(f) maintaining records as required by law.
8.2 Information disclosed to the TGA may include your name, date of birth, medical condition, clinical justification for treatment, details of the products prescribed, and treating practitioner details.
8.3 By consenting to medicinal cannabis treatment, you consent to the collection, use, and disclosure of your Personal Information for the purposes set out in this section.
9.1 If you participate in a telehealth consultation, we may collect additional information including:
(a) your location at the time of the consultation;
(b) technical information about the device and internet connection used for the consultation; and
(c) any recordings of the consultation (where you have consented).
9.2 Telehealth consultations are conducted using [INSERT TELEHEALTH PLATFORM NAME(S)], which is/are provided by [INSERT PROVIDER NAME(S)]. These providers may have access to your Personal Information in accordance with their privacy policies, which are available at https://www.cosmedicomply.com.au/privacy-policy/.
9.3 We will take reasonable steps to ensure the security and privacy of telehealth consultations. However, we cannot guarantee the security of information transmitted over the internet and you acknowledge that you participate in telehealth consultations at your own risk.
9.4 Telehealth consultations may be recorded for quality assurance, training, or clinical record-keeping purposes. We will seek your consent before recording any consultation. Recordings will be stored securely and treated as part of your medical record.
10.1 If you receive cosmetic procedures from us, we may collect the following additional information:
(a) photographs and videos of the treatment area (before, during, and after treatment);
(b) detailed medical history relevant to cosmetic procedures, including previous cosmetic treatments, reactions to treatments, and skin type; and
(c) information about your aesthetic goals and expectations.
10.2 Photographs and videos are collected for the following purposes:
(a) clinical assessment and treatment planning;
(b) documenting your treatment and progress;
(c) clinical record-keeping;
(d) with your separate written consent, for use in marketing materials, case studies, or educational presentations (identifiable images will only be used with your express consent); and
(e) quality assurance and clinical audit.
10.3 You may withdraw your consent to the use of your photographs or videos for non-clinical purposes at any time by contacting us in writing. Withdrawal of consent will not affect the use of images for clinical record-keeping purposes.
11.1 We generally store your Personal Information in Australia. However, we may disclose your Personal Information to recipients located overseas in the following circumstances:
(a) where you have consented to the disclosure;
(b) to cloud service providers or IT service providers whose servers are located overseas;
(c) where you are receiving telehealth services while located overseas; or
(d) as otherwise required or permitted by law.
11.2 “We do not anticipate disclosing your Personal Information to recipients located overseas”
11.3 Before disclosing your Personal Information to an overseas recipient, we will take reasonable steps to ensure that the recipient handles your Personal Information in accordance with the APPs, except where:
(a) we reasonably believe that the recipient is subject to a law or binding scheme that has the effect of protecting the information in a way that, overall, is at least substantially similar to the APPs and there are mechanisms available to you to enforce that protection; or
(b) you have provided your consent after being expressly informed that we will not be taking such steps.
12.1 We take reasonable steps to ensure that the Personal Information we collect is accurate, up-to-date, complete, and relevant to the purposes for which we collect and use it.
12.2 We ask that you assist us in maintaining accurate records by informing us of any changes to your Personal Information, including your contact details, Medicare number, and health information.
12.3 We take reasonable steps to protect Personal Information from misuse, interference, loss, and from unauthorised access, modification, or disclosure. These steps include:
(a) physical security measures, such as locked filing cabinets and restricted access to premises;
(b) electronic security measures, such as password protection, encryption, firewalls, and access controls;
(c) staff training on privacy obligations and information security;
(d) confidentiality obligations for staff and contractors;
(e) secure disposal of Personal Information that is no longer required; and
(f) regular review and testing of security measures.
12.4 Despite our security measures, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee the absolute security of your Personal Information.
12.5 If you suspect any misuse, loss, or unauthorised access to your Personal Information, please contact us immediately using the details in Section 17.
13.1 In the event of a data breach that is likely to result in serious harm to any individual whose Personal Information is involved, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.
13.2 This includes:
(a) taking reasonable steps to contain the breach and assess the risk of serious harm;
(b) notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals if the breach is an “eligible data breach”; and
(c) keeping records of data breaches and our response.
14.1 We retain Personal Information for as long as necessary to fulfil the purposes for which it was collected, and as required by law.
14.2 Medical records are retained for the following minimum periods:
(a) for adult patients: [INSERT PERIOD, typically 7 years from the date of the last entry, or longer under some state/territory laws];
(b) for patients who were children at the time of treatment: until the patient reaches [INSERT AGE, typically 25 years of age, or 7 years from the date of the last entry, whichever is later]; and
(c) for patients who have died: [INSERT PERIOD, typically 7 years from the date of death].
14.3 At the end of the relevant retention period, Personal Information will be securely destroyed or de-identified.
14.4 We may retain de-identified data for statistical analysis, research, or quality improvement purposes.
15.1 You have the right to request access to the Personal Information we hold about you and to request correction of any information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading.
15.2 To request access to or correction of your Personal Information, please contact us using the details in Section 17. We will respond to your request within a reasonable period (and in any event within 30 days, or such longer period as permitted by law).
15.3 We will provide access to your Personal Information unless:
(a) we reasonably believe that giving access would pose a serious threat to the life, health, or safety of any individual or to public health or public safety;
(b) giving access would have an unreasonable impact on the privacy of other individuals;
(c) the request is frivolous or vexatious;
(d) the information relates to existing or anticipated legal proceedings and would not be accessible through the discovery process;
(e) giving access would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations;
(f) giving access would be unlawful;
(g) denying access is required or authorised by or under an Australian law or court/tribunal order;
(h) we have reason to suspect that unlawful activity or serious misconduct relating to our functions has been, is being, or may be engaged in, and giving access would be likely to prejudice an investigation of the matter; or
(i) giving access would reveal evaluative information generated within our practice in connection with a commercially sensitive decision-making process.
15.4 If we refuse to give you access to your Personal Information or refuse to correct your Personal Information, we will provide you with written reasons for the refusal (unless it would be unreasonable to do so) and information about how you may complain about the refusal.
15.5 We may charge a reasonable fee for providing access to your Personal Information. We will inform you of any applicable fees before processing your request.
15.6 If you request correction of your Personal Information and we agree that the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading, we will take reasonable steps to correct the information within a reasonable period.
15.7 If we refuse to correct your Personal Information, you may request that we associate with the information a statement that you believe it to be inaccurate, out-of-date, incomplete, irrelevant, or misleading. We will take reasonable steps to associate such a statement with your information in a way that is apparent to users of the information.
16.1 If you have any concerns or complaints about how we have handled your Personal Information, please contact us using the details in Section 17.
16.2 We will investigate your complaint and respond to you in writing within 30 days. If you are not satisfied with our response, you may escalate your complaint to:
Website: www.oaic.gov.au
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Post: GPO Box 5218, Sydney NSW 2001
16.3 You may also lodge a complaint with the Health Complaints Commissioner Victoria: Website: www.hcc.vic.gov.au | Telephone: 1300 582 113
17.1 If you have any questions about this Privacy Policy, wish to request access to or correction of your Personal Information, or wish to make a complaint, please contact us at:
Privacy Officer
CosmediComply
Address: Sydney, Australia
Email: info@www.cosmedicomply.com.au
Telephone: 1800 943 997
18.1 Our website uses cookies and similar technologies to collect information about your browsing behaviour. Cookies are small text files that are stored on your device when you visit a website.
18.2 We use the following types of cookies:
(a) Essential cookies: These are necessary for the website to function properly and cannot be switched off. They are usually set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms.
(b) Analytics cookies: These allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us understand which pages are the most and least popular and how visitors move around the site.
(c) Functional cookies: These enable enhanced functionality and personalisation, such as remembering your preferences.
(d) Marketing cookies: These may be set by our advertising partners to build a profile of your interests and show you relevant advertisements on other sites.
18.3 We use [INSERT ANALYTICS TOOLS, e.g., “Google Analytics”] to analyse website traffic and usage. [INSERT ANALYTICS PROVIDER] may transfer information to servers located outside Australia. For more information, please see [INSERT LINK TO ANALYTICS PROVIDER’S PRIVACY POLICY].
18.4 You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or delete cookies that have already been set. However, if you disable cookies, some features of our website may not function properly.
18.5 For more information about cookies and how to manage them, visit www.allaboutcookies.org.
19.1 We do not knowingly collect Personal Information from children under the age of [INSERT AGE, typically 16 or 18] without the consent of a parent or guardian.
19.2 If we become aware that we have collected Personal Information from a child without parental consent, we will take steps to delete that information.
19.3 Where we provide healthcare services to children, we will collect Personal Information from the child’s parent or guardian, or with their consent.
20.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
20.2 We will post any changes to this Privacy Policy on our website. The updated policy will be effective from the date of posting.
20.3 We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your Personal Information.
20.4 Your continued use of our services or website after any changes to this Privacy Policy will constitute your acceptance of those changes.
Access the complete notarial fee schedule, including service breakdowns, pricing, and disbursements. We’ll send the PDF directly to your inbox.
