Privacy Policy
DRIP HAUS
CLINICAL LONGEVITY | CLINICAL LUXURY
PRIVACY POLICY
Collection, Use, Disclosure & Management of Personal & Health Information
| Document | Privacy Policy |
|---|---|
| Version | 3.1 — May 2026 |
| Entity | Drip Haus Pty Ltd | ABN 68 665 152 205 |
| Contact | admin@driphaus.com.au | +61 440 139 440 |
| Website | driphaus.com.au |
| Legislative Basis | Privacy Act 1988 (Cth) | Australian Privacy Principles (APPs 1–13) |
| Regulatory Scope | ACL | AHPRA | TGA | Spam Act 2003 | WHS WA |
OVERVIEW
Drip Haus Pty Ltd ('Drip Haus', 'we', 'us', 'our') is committed to protecting your privacy and handling your personal information with transparency, respect, and care. This Privacy Policy explains how we collect, hold, use, and disclose personal and health information in accordance with the Privacy Act 1988 (Cth) and all thirteen (13) Australian Privacy Principles (APPs).
By using this website, booking a service, or providing information to Drip Haus, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.
This Privacy Policy was last updated: May 2026. We encourage you to review it periodically.
1. OPEN & TRANSPARENT MANAGEMENT (APP 1)
We are committed to managing personal information openly and transparently. This Privacy Policy sets out our policies and practices in plain language. If you have any questions about how we handle your information, contact us at admin@driphaus.com.au.
2. ANONYMITY & PSEUDONYMITY (APP 2)
Where practicable, you may interact with us anonymously or using a pseudonym. However, to access clinical services, we are required by law and professional obligations to verify your identity and collect health information. Anonymous use of our website (for general browsing only) is available.
3. COLLECTION OF PERSONAL INFORMATION (APP 3)
3.1 What we collect
We collect personal and health information necessary to provide our services safely and effectively, including:
• Full name, date of birth, gender, and contact details (address, phone, email)
• Medical history, current medications, allergies, and health-related information
• Appointment and treatment records, clinical notes, and consent documentation
• Payment and billing information
• Communications with our team (including emails, SMS, and phone call records)
• Website usage data (see section 11 — Cookies & Tracking)
3.2 Sensitive information
Health information is classified as 'sensitive information' under the Privacy Act 1988. We collect sensitive information only:
• With your consent, or
• Where required or authorised by law, or
• Where it is reasonably necessary for the provision of our clinical services
3.3 How we collect information
Information is collected directly from you through:
• Health and medical history intake forms (completed prior to your first appointment)
• In-person, telehealth, or phone consultations with our clinical team
• Our booking system at driphaus.com.au
• Email, SMS, and other written communications
• Our CRM system (Go High Level) and client portal
We only collect information that is reasonably necessary for our functions and activities. We will not collect personal information by unlawful or unfair means.
4. DEALING WITH UNSOLICITED INFORMATION (APP 4)
If we receive personal information about you that we did not solicit, and that information could not have been collected under APP 3, we will destroy or de-identify it as soon as practicable, provided it is lawful and reasonable to do so.
5. NOTIFICATION OF COLLECTION (APP 5)
At or before the time of collection, we will take reasonable steps to notify you of:
• Who we are and how to contact us
• The purposes for which we are collecting your information
• How you can access and correct your information
• Whether we are likely to disclose your information to overseas recipients
• Any law that requires the collection
This notification is provided through this Privacy Policy, our intake forms, and our client-facing Terms & Conditions at driphaus.com.au/terms.
6. USE & DISCLOSURE OF INFORMATION (APPs 6, 8)
6.1 Use of your information
Your information is used to:
• Assess your suitability for treatment and deliver safe, appropriate clinical care
• Manage bookings and service delivery
• Process payments and issue receipts
• Comply with legal, regulatory, and professional obligations (including AHPRA requirements)
• Send appointment reminders, aftercare information, and clinical communications
• Send marketing communications (with your consent — see section 10)
Personal information will not be used or disclosed for a purpose other than the primary purpose of collection unless you have consented, or the secondary purpose is directly related to the primary purpose and you would reasonably expect such use or disclosure.
6.2 Disclosure of your information
We do not disclose your personal or health information to third parties except:
• With your express consent
• Where required or authorised by law (e.g. mandatory reporting obligations)
• To AHPRA-registered healthcare providers directly involved in your care, where clinically necessary
• To our compounding pharmacy, for the purpose of filling a prescription issued to you
• To our technology and service providers (see clause 6.3)
6.3 Third-party service providers & cross-border disclosure (APP 8)
Drip Haus uses third-party software platforms to manage bookings, client communications, and marketing. Some platforms may store or process data on servers located outside Australia, including in the United States. These include:
• Go High Level (CRM, marketing automation) — servers may be located in the US
• Booking and appointment management systems
• Cloud-based email and SMS platforms
By using our services, you consent to the possible transfer of your information to overseas recipients. We take reasonable contractual steps to ensure any overseas recipient handles your information consistently with the Australian Privacy Principles. However, if an overseas recipient breaches the APPs, you may not be able to seek redress under the Privacy Act.
7. DIRECT MARKETING OPT-OUT (APP 7)
We may use your contact details to send you marketing communications about our services, promotions, and health information, where you have consented to receive these. All marketing communications:
• Include a clear and functional unsubscribe mechanism
• Identify Drip Haus as the sender
• Comply with the Spam Act 2003 (Cth)
You may opt out of receiving marketing communications at any time by:
• Clicking the 'Unsubscribe' link in any marketing email
• Replying STOP to any marketing SMS
• Contacting us at admin@driphaus.com.au or +61 440 139 440
Opting out of marketing will not affect your access to clinical services, your clinical records, or any other aspect of your relationship with Drip Haus.
8. GOVERNMENT-RELATED IDENTIFIERS (APP 9)
Drip Haus does not collect, use, or disclose government-related identifiers (such as Medicare numbers, Tax File Numbers, driver's licence numbers, or passport numbers) as a means of identifying clients, except where required by law or expressly authorised under the Privacy Act 1988.
Where government-related identifiers are provided incidentally (for example, a Medicare number provided for referral purposes), they are handled in accordance with APP 9 and not adopted as internal client identifiers.
9. QUALITY OF PERSONAL INFORMATION (APP 10)
Drip Haus takes reasonable steps to ensure that personal information is accurate, up-to-date, complete, and relevant before using or disclosing it. Clients are encouraged to notify us promptly of any changes to their personal or health information.
10. SECURITY OF PERSONAL INFORMATION (APP 11)
We take reasonable steps to protect your personal and health information from misuse, loss, unauthorised access, modification, and disclosure. Our security measures include:
• Encrypted electronic records management systems with access controls
• Role-based access — health information is accessible only to authorised clinical team members on a need-to-know basis
• Multi-factor authentication for systems containing personal information
• Staff training on privacy obligations and data handling
• Secure disposal of physical records no longer required
In the event of a data breach that is likely to result in serious harm, Drip Haus will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act and notify affected individuals and the OAIC as required.
11. ACCESS & CORRECTION (APPs 12 & 13)
You have the right to request access to the personal and health information we hold about you, and to request correction of any information that is inaccurate, incomplete, or out of date.
To make an access or correction request, contact us at:
• Email: admin@driphaus.com.au
• Phone: +61 440 139 440
We will respond to access requests within 30 days. Where access is denied (in limited circumstances permitted by law), we will provide written reasons. We do not charge a fee for making a request, but may charge a reasonable fee for providing access to a large volume of information.
Access may be refused in limited circumstances permitted by law, including where providing access would pose a serious threat to the life, health, or safety of any individual, would have an unreasonable impact on the privacy of another person, would prejudice enforcement-related activities, or is otherwise required to be withheld by law. Where access is refused, we will provide written reasons and inform you of any available complaint mechanisms.
12. RETENTION OF HEALTH RECORDS
Client health records are retained in accordance with applicable Australian health records legislation:
• A minimum of 7 years from the date of the last service for adult clients
• A minimum of 25 years from the date of birth where the client was a minor (under 18) at the time the record was created
Records are held in encrypted, access-controlled electronic systems. Physical records, where they exist, are stored securely and disposed of by confidential destruction when no longer required.
13. COOKIES & TRACKING TECHNOLOGIES
Our website uses cookies and similar tracking technologies (including analytics pixels, marketing tags, and session tracking) for the following purposes:
• Website performance and analytics (e.g. Google Analytics)
• Marketing and remarketing (e.g. Meta Pixel, Google Ads)
• Booking system functionality
• Cookie consent management
On your first visit to our website, you will be presented with a cookie consent banner. You can accept, decline, or customise cookie categories. Essential cookies required for website functionality cannot be disabled.
You may manage or withdraw consent to non-essential cookies at any time via the cookie settings in the website footer. For full details of cookies used and how to manage them, see our Website Terms & Conditions at driphaus.com.au/terms (Section 9.5).
14. PRIVACY COMPLAINTS (APP 1)
If you have a concern about how Drip Haus has handled your personal or health information, please contact us in the first instance:
• Email: admin@driphaus.com.au
• Phone: +61 440 139 440
We will acknowledge your complaint within 2 business days and respond with our findings within 30 days. Where a complaint involves a potential data breach or clinical record, it will be escalated to our Privacy Officer (CEO / Operations Manager) immediately.
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
• Website: oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001
15. UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The updated policy will be published on our website at driphaus.com.au/privacy-policy with a revised 'last updated' date. We encourage you to review this policy periodically.
16. CONTACT US
| Entity | Drip Haus Pty Ltd |
|---|---|
| ABN | 68 665 152 205 |
| admin@driphaus.com.au | |
| Phone | +61 440 139 440 |
| Website | driphaus.com.au |
| Locations | Perth | Broome | South West WA |
DRIP HAUS PTY LTD | CLINICAL LONGEVITY | CLINICAL LUXURY
Perth | Broome | South West WA | driphaus.com.au