Privacy Policy

Last Updated: December 2025

ZABÉ Cosmetic ("we," "our," "us," or "ZABÉ") is committed to protecting your privacy and handling your personal information responsibly and in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and other applicable privacy laws including the Health Records Act 2001 (Vic) where applicable.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information, including sensitive health information, and outlines your rights in relation to that information.

1. About ZABÉ Cosmetic

ZABÉ Cosmetic operates aesthetic medical services in Australia. Our registered business address and contact details are:

ZABÉ Cosmetic
Website: zabe.au

2. Information We Collect

We collect personal information that is reasonably necessary for our functions and activities as an aesthetic medical practice. The types of information we may collect include:

2.1 Personal Information

  • Full name, date of birth, and gender
  • Contact details including residential address, email address, and telephone numbers
  • Emergency contact details
  • Government-issued identification (for identity verification purposes)
  • Photographic identification and clinical photographs
  • Payment and billing information including credit card details (processed securely through third-party payment processors)
  • Communication preferences
  • Details of your interactions with us, including appointment bookings, enquiries, and correspondence

2.2 Health Information (Sensitive Information)

As a medical service provider, we collect and handle sensitive health information, which may include:

  • Medical history, including current and past medical conditions
  • Current medications and supplements
  • Allergies and adverse reactions
  • Previous aesthetic treatments and procedures
  • Surgical history
  • Pregnancy and breastfeeding status
  • Mental health information relevant to treatment suitability
  • Clinical assessments, treatment plans, and medical notes
  • Treatment records, including products used, dosages, and injection sites
  • Before and after photographs for clinical documentation
  • Results of any relevant medical tests or assessments
  • Post-treatment outcomes, complications, or adverse events

2.3 Automatically Collected Information

When you visit our website zabe.au, we may automatically collect:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, time spent, referring website)
  • Location data (general geographic location based on IP address)
  • Cookies and similar tracking technologies (see Section 11)

3. How We Collect Information

We collect personal information through various means:

3.1 Direct Collection

  • Online consultation booking forms and enquiry forms
  • Patient intake forms and medical questionnaires
  • During in-person or telehealth consultations
  • Through email, telephone, or other correspondence
  • When you create an online account with us
  • During treatment sessions and follow-up appointments
  • Through consent forms and medical documentation
  • When you provide feedback or reviews

3.2 Third-Party Collection

In some circumstances, we may collect information from third parties, including:

  • Referring medical practitioners (with your consent)
  • Your regular GP or specialist (with your consent)
  • Previous aesthetic practitioners (with your consent)
  • Healthcare facilities or hospitals (where relevant to your treatment)
  • Our online booking system providers
  • Payment processing services
  • Marketing and analytics providers (non-identifiable data only)

We will only collect information from third parties where you have consented to such collection, or where we are legally permitted or required to do so.

4. Why We Collect and Use Your Information

We collect, hold, use, and disclose your personal information for the following purposes:

4.1 Primary Purposes

  • Providing Medical Services: To provide you with aesthetic medical consultations, treatments, and ongoing care
  • Clinical Assessment: To assess your suitability for treatments and develop appropriate treatment plans
  • Patient Safety: To identify contraindications, manage risks, and ensure safe treatment delivery
  • Medical Records: To maintain accurate, comprehensive medical records as required by law and professional standards
  • Treatment Continuity: To ensure continuity of care across multiple appointments and practitioners
  • Appointment Management: To schedule, confirm, reschedule, or cancel appointments
  • Communication: To communicate with you about your treatments, appointments, results, and aftercare
  • Follow-Up Care: To monitor treatment outcomes and provide appropriate post-treatment support
  • Emergency Response: To respond to medical emergencies or adverse events

Privacy Policy

ZABÉ Cosmetic Privacy Policy

Last Updated: December 2024

ZABÉ Cosmetic ("we," "our," "us," or "ZABÉ") is committed to protecting your privacy and handling your personal information responsibly and in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and other applicable privacy laws including the Health Records Act 2001 (Vic) where applicable.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information, including sensitive health information, and outlines your rights in relation to that information.

1. About ZABÉ Cosmetic

ZABÉ Cosmetic operates aesthetic medical services in Australia. Our registered business address and contact details are:

ZABÉ Cosmetic
Website: zabe.au
Email: [Contact email to be inserted]
Phone: [Contact phone to be inserted]

2. Information We Collect

We collect personal information that is reasonably necessary for our functions and activities as an aesthetic medical practice. The types of information we may collect include:

2.1 Personal Information

  • Full name, date of birth, and gender
  • Contact details including residential address, email address, and telephone numbers
  • Emergency contact details
  • Government-issued identification (for identity verification purposes)
  • Photographic identification and clinical photographs
  • Payment and billing information including credit card details (processed securely through third-party payment processors)
  • Communication preferences
  • Details of your interactions with us, including appointment bookings, enquiries, and correspondence

2.2 Health Information (Sensitive Information)

As a medical service provider, we collect and handle sensitive health information, which may include:

  • Medical history, including current and past medical conditions
  • Current medications and supplements
  • Allergies and adverse reactions
  • Previous aesthetic treatments and procedures
  • Surgical history
  • Pregnancy and breastfeeding status
  • Mental health information relevant to treatment suitability
  • Clinical assessments, treatment plans, and medical notes
  • Treatment records, including products used, dosages, and injection sites
  • Before and after photographs for clinical documentation
  • Results of any relevant medical tests or assessments
  • Post-treatment outcomes, complications, or adverse events

2.3 Automatically Collected Information

When you visit our website zabe.au, we may automatically collect:

  • Device information (IP address, browser type, operating system)
  • Usage data (pages visited, time spent, referring website)
  • Location data (general geographic location based on IP address)
  • Cookies and similar tracking technologies (see Section 11)

3. How We Collect Information

We collect personal information through various means:

3.1 Direct Collection

  • Online consultation booking forms and enquiry forms
  • Patient intake forms and medical questionnaires
  • During in-person or telehealth consultations
  • Through email, telephone, or other correspondence
  • When you create an online account with us
  • During treatment sessions and follow-up appointments
  • Through consent forms and medical documentation
  • When you provide feedback or reviews

3.2 Third-Party Collection

In some circumstances, we may collect information from third parties, including:

  • Referring medical practitioners (with your consent)
  • Your regular GP or specialist (with your consent)
  • Previous aesthetic practitioners (with your consent)
  • Healthcare facilities or hospitals (where relevant to your treatment)
  • Our online booking system providers
  • Payment processing services
  • Marketing and analytics providers (non-identifiable data only)

We will only collect information from third parties where you have consented to such collection, or where we are legally permitted or required to do so.

4. Why We Collect and Use Your Information

We collect, hold, use, and disclose your personal information for the following purposes:

4.1 Primary Purposes

  • Providing Medical Services: To provide you with aesthetic medical consultations, treatments, and ongoing care
  • Clinical Assessment: To assess your suitability for treatments and develop appropriate treatment plans
  • Patient Safety: To identify contraindications, manage risks, and ensure safe treatment delivery
  • Medical Records: To maintain accurate, comprehensive medical records as required by law and professional standards
  • Treatment Continuity: To ensure continuity of care across multiple appointments and practitioners
  • Appointment Management: To schedule, confirm, reschedule, or cancel appointments
  • Communication: To communicate with you about your treatments, appointments, results, and aftercare
  • Follow-Up Care: To monitor treatment outcomes and provide appropriate post-treatment support
  • Emergency Response: To respond to medical emergencies or adverse events

4.2 Secondary Purposes

  • Billing and Payment: To process payments and manage billing records
  • Quality Improvement: To evaluate and improve our services, procedures, and patient outcomes
  • Training and Education: To train practitioners (with images de-identified or express consent obtained)
  • Research: To conduct clinical research and contribute to medical knowledge (with appropriate de-identification and consent)
  • Marketing: To send you information about our services, treatments, and special offers (only with your consent)
  • Legal Compliance: To comply with legal obligations, including health reporting requirements
  • Business Operations: To manage our business operations, including insurance, risk management, and professional indemnity
  • Dispute Resolution: To investigate and resolve complaints or disputes

4.3 Other Uses

We may use your information for other purposes where:

  • You have provided consent
  • We are required or authorized by law
  • The purpose is directly related to the primary purpose of collection and you would reasonably expect such use
  • It is necessary to prevent or lessen a serious threat to life, health, or safety

5. Disclosure of Your Information

We may disclose your personal information to third parties in the following circumstances:

5.1 Healthcare Providers

  • Medical practitioners and nurses providing your treatment at ZABÉ
  • Your referring doctor or regular GP (with your consent)
  • Specialist medical practitioners where consultation is required
  • Allied health professionals involved in your care
  • Hospitals or emergency services in case of adverse events

5.2 Service Providers

We engage third-party service providers who may have access to your information, including:

  • Practice management software providers (for booking and patient records)
  • Cloud storage and IT service providers
  • Payment processors and merchant services
  • Accounting and bookkeeping services
  • Legal advisors and professional indemnity insurers
  • Marketing and communication platforms (for newsletters, with your consent)
  • Website hosting and analytics providers

All service providers are required to handle your information in accordance with privacy laws and our instructions, and are prohibited from using your information for their own purposes.

5.3 Legal and Regulatory Disclosure

We may disclose your information where required or authorized by law, including to:

  • Courts or tribunals in legal proceedings
  • Law enforcement agencies investigating suspected criminal activity
  • The Australian Health Practitioner Regulation Agency (AHPRA)
  • The Therapeutic Goods Administration (TGA) for adverse event reporting
  • Professional medical colleges and associations
  • Medicare or private health insurers (where applicable)
  • Government agencies as required by law

5.4 Emergency Situations

We may disclose your health information without consent where necessary to prevent or lessen a serious threat to your life, health, or safety, or to the life, health, or safety of another person or the public.

5.5 Business Transactions

If ZABÉ Cosmetic is involved in a merger, acquisition, restructure, or sale of assets, your personal information may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

6. Marketing Communications

With your express consent, we may use your contact information to send you:

  • Information about new treatments and services
  • Special offers, promotions, and seasonal campaigns
  • Educational content about aesthetic medicine
  • Appointment reminders and clinic updates
  • Client newsletters and updates

6.1 Consent and Opt-Out

You have the right to:

  • Opt-in to receiving marketing communications at any time
  • Opt-out of marketing communications at any time by:
    • Clicking the "unsubscribe" link in marketing emails
    • Contacting us directly via email or phone
    • Updating your communication preferences in your online account
  • Continue to receive essential service communications (appointment confirmations, treatment information, billing) even if you opt out of marketing

We will process opt-out requests promptly, typically within 5 business days.

7. Clinical Photography

Clinical photographs are an important part of aesthetic medical practice for documentation, treatment planning, and outcome assessment.

7.1 Clinical Record Photographs

We take before and after photographs as part of your medical record. These photographs:

  • Are used solely for clinical purposes and your treatment records
  • Are securely stored as part of your confidential medical file
  • Are accessible only to authorized practitioners involved in your care
  • Will not be used for marketing or promotional purposes without separate, explicit consent

7.2 Marketing Use of Photographs

If we wish to use your photographs for marketing purposes (website, social media, promotional materials), we will:

  • Obtain separate, explicit written consent specifically for this purpose
  • Clearly explain how and where the images will be used
  • Allow you to specify any conditions or limitations (e.g., face obscured, specific platforms only)
  • Provide you with the right to withdraw consent at any time

You are under no obligation to consent to marketing use of your images, and refusal will not affect the quality of care you receive.

8. Data Security

We take the security of your personal and health information seriously and implement appropriate technical and organizational measures to protect your information from:

  • Unauthorized access, use, or disclosure
  • Misuse, interference, loss, or modification
  • Damage or destruction

8.1 Security Measures

Our security measures include:

  • Physical Security: Secure premises with restricted access, locked filing cabinets for paper records, and surveillance systems
  • Electronic Security: Encrypted data transmission (SSL/TLS), secure password-protected systems, firewall protection, and regular security updates
  • Access Controls: Role-based access restrictions ensuring staff can only access information necessary for their role
  • Staff Training: Regular privacy and confidentiality training for all staff members
  • Secure Disposal: Secure destruction of paper records and secure deletion of electronic data when no longer required
  • Third-Party Security: Due diligence on service providers to ensure they maintain appropriate security standards
  • Backup Systems: Regular encrypted backups stored securely
  • Incident Response: Procedures for responding to data breaches or security incidents

8.2 Data Breach Response

In the event of a data breach that is likely to result in serious harm, we will:

  • Take immediate steps to contain and remediate the breach
  • Notify affected individuals as soon as practicable
  • Notify the Office of the Australian Information Commissioner (OAIC) as required
  • Take action to prevent future breaches

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

9.1 Health Records Retention

In accordance with Australian health records legislation and professional medical standards, we retain:

  • Adult patient health records for a minimum of 7 years from the date of last treatment
  • Pediatric patient records (if applicable) until the patient reaches 25 years of age
  • Records relating to specific incidents or complaints for longer periods as required

9.2 Other Records

  • Financial and billing records: 7 years (as required by tax law)
  • Marketing consent records: Until consent is withdrawn, plus 3 years
  • Website analytics and cookies: As specified in our Cookie Policy
  • CCTV footage (if applicable): 30 days unless required for investigation

9.3 Secure Destruction

When personal information is no longer required, we securely destroy or permanently de-identify it through:

  • Secure shredding of paper documents
  • Secure deletion or destruction of electronic media
  • De-identification of research or quality improvement data

10. Your Rights and Choices

Under Australian privacy law, you have several rights regarding your personal information:

10.1 Right to Access

You have the right to request access to the personal information we hold about you. To request access:

  • Submit a written request via email or post (details in Section 15)
  • Provide proof of identity to protect your information
  • Specify the information you wish to access

We will respond to your request within 30 days and provide access in a reasonable format (e.g., copies of records, secure online access). In most cases, access is provided free of charge, though we may charge a reasonable fee for extensive requests covering copying and retrieval costs.

10.2 Right to Correction

You have the right to request correction of personal information that is inaccurate, out of date, incomplete, or misleading. To request a correction:

  • Contact us with details of the information requiring correction
  • Provide supporting evidence where appropriate

We will respond within 30 days and, if we agree the information is incorrect, make the necessary corrections. If we disagree about correction, we will provide reasons and allow you to include a statement with your record noting the disagreement.

10.3 Right to Restrict Processing

You may request that we limit how we use your information in certain circumstances, such as:

  • Opting out of marketing communications
  • Restricting use of your information for research purposes
  • Limiting access to your records by specific practitioners

We will honor reasonable requests unless we have a legal obligation to use or disclose the information.

10.4 Anonymity and Pseudonymity

Where practicable, we offer you the option to not identify yourself or to use a pseudonym when interacting with us. However, for medical treatment purposes, it is not practicable to provide services without your real identity due to:

  • Legal and regulatory requirements for medical record-keeping
  • Safety considerations requiring accurate medical histories
  • Professional indemnity and insurance requirements
  • Prescription medication requirements

10.5 Complaints

If you believe we have breached the Australian Privacy Principles or other privacy obligations, you have the right to make a complaint (see Section 14).

11. Cookies and Website Analytics

Our website zabe.au uses cookies and similar technologies to enhance your browsing experience and analyze website usage.

11.1 Types of Cookies We Use

  • Essential Cookies: Required for website functionality, including online booking, security, and session management. These cannot be disabled.
  • Analytics Cookies: Help us understand how visitors use our website through aggregated, non-identifiable data (e.g., Google Analytics)
  • Marketing Cookies: Used to deliver relevant advertising and track campaign effectiveness (only with consent)
  • Preference Cookies: Remember your settings and preferences for future visits

11.2 Managing Cookies

You can control cookies through:

  • Our cookie consent banner when you first visit the website
  • Your browser settings (blocking or deleting cookies)
  • Opting out of third-party analytics tools

Note that disabling cookies may affect website functionality, including the ability to use our online booking system.

11.3 Third-Party Analytics

We use Google Analytics to analyze website traffic. Google Analytics collects anonymous information about your visit, including:

  • Pages viewed and time spent on site
  • Referring website or search terms
  • Geographic location (city/region level only)
  • Device and browser type

This information is aggregated and does not identify you personally. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

12. Third-Party Websites

Our website may contain links to third-party websites, social media platforms, or external services. This Privacy Policy applies only to ZABÉ Cosmetic.

When you click on third-party links, you leave our website and are subject to the privacy policies of those external sites. We:

  • Are not responsible for the privacy practices of third-party websites
  • Do not endorse or make representations about third-party websites
  • Encourage you to read the privacy policies of any website you visit

Third-party websites may include:

  • Social media platforms (Facebook, Instagram)
  • Payment processors
  • Review platforms
  • Product manufacturer websites

13. International Data Transfers

Your personal information is primarily stored and processed within Australia. However, some of our service providers may store data on servers located overseas, including:

  • Cloud storage providers (servers may be located in the United States, Singapore, or other jurisdictions)
  • Email and communication platforms
  • Practice management software providers
  • Website hosting services

Where we disclose personal information to overseas recipients, we take reasonable steps to ensure:

  • The overseas recipient does not breach the Australian Privacy Principles
  • Appropriate contractual arrangements are in place
  • Data is subject to substantially similar privacy protections

Countries where your data may be transferred include the United States, Singapore, and member states of the European Union. By using our services, you consent to these international transfers.

14. How to Make a Complaint

If you believe we have interfered with your privacy or breached the Australian Privacy Principles, we encourage you to contact us directly so we can address your concerns.

14.1 Complaint Process

Step 1: Submit Your Complaint

Contact our Privacy Officer (details in Section 15) with:

  • Your name and contact details
  • Details of the alleged privacy breach
  • Supporting information or evidence
  • The outcome you are seeking

Step 2: Investigation

We will:

  • Acknowledge receipt of your complaint within 5 business days
  • Investigate the matter thoroughly and impartially
  • Contact you if we require additional information
  • Keep you informed of progress

Step 3: Resolution

We will respond to your complaint within 30 days with:

  • Our findings and decision
  • Reasons for our decision
  • Any corrective action we will take
  • Information about further options if you remain dissatisfied

14.2 External Complaints

If you are not satisfied with our response, you may lodge a complaint with:

Office of the Australian Information Commissioner (OAIC)
GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au

For health-related privacy complaints in certain states, you may also contact:

Health Complaints Commissioner (Queensland)
Phone: 133 646
Website: www.hcc.qld.gov.au

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

ZABÉ Cosmetic
Privacy Officer

We aim to respond to all privacy-related enquiries within 5 business days.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

  • Changes to our information practices
  • Changes in privacy laws or regulations
  • New services or technologies we implement
  • Feedback from clients or regulators

16.1 Notification of Changes

When we make material changes to this Privacy Policy, we will:

  • Update the "Last Updated" date at the top of this policy
  • Post the updated policy on our website zabe.au
  • Notify you via email if you have an active patient relationship with us (for significant changes)
  • Obtain fresh consent where required by law

16.2 Your Continued Use

Your continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy. We encourage you to review this policy periodically.

17. Definitions

For clarity, the following definitions apply:

  • Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable
  • Sensitive Information: A subset of personal information including health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, and criminal records
  • Health Information: Information about an individual's physical, mental, or psychological health, disability, or health service provided
  • Australian Privacy Principles (APPs): The 13 principles contained in the Privacy Act 1988 (Cth) governing how organizations handle personal information


Website: zabe.au

This Privacy Policy is effective as of December 2025 and governs all personal information collected by ZABÉ Cosmetic through any means, including our website, in person, via telephone, or through written correspondence.

By providing your personal information to ZABÉ Cosmetic, you acknowledge that you have read, understood, and agree to this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.