top of page



This Privacy Policy applies to all personal information collected by Piran-Caldwell PTY LTD and its subsidiary Room Twentyone via the website located at


  1. What is “personal information”?

    1. The Privacy Act 1988 (Cth) currently defines “personal information” as meaning information or an opinion about an identified individual or an individual who is reasonably identifiable:

      1. Whether the information or opinion is true or not; and

      2. Whether the information or opinion is recorded in a material form or not.

    2. If the information does not disclose your identity or enable your itdentity to be ascertained it will in most cases not be classified as “personal information” and will not be subject to this privacy policy


  1. What is confidential information?

    1. As per Australian law, confidential information is as follows:

      1. It is a well-settled principle of law that where one party (‘the confidant’) acquires confidential information from or during his service with, or by virtue of his relationship with another (‘the confider’), in circumstances importing a duty of confidence, the confidant is not ordinarily at liberty to divulge that information to a third party without the consent or against the wishes of the confider.  (Office of the Information Commissioner Queensland, 2012)



  1. What information do we collect?

    1. The kind of personal information that we collect from you will depend on how you use the website. The personal information which we collect include:

  1. Name and date of birth;

  2. Clinical photography of you

  3. your contact details, including email address, mailing address, street address and/or telephone number as well as next of kin or emergency contacts

  4. your payment and credit card details, including payment history where a transaction has been made with us

  5. treatment details

  6. medical history including, but not limited to allergies and regular medications

  7. information you provide to us through customer surveys

  8. details of products and services we have provided to you and/or that you have enquired about, and our response to you

  9. of browser you are using, the type of operating system you are using and the domain name of your Internet service provider

  10. additional personal information that you provide to us, directly or indirectly, through your use of our Site, associated applications, associated social media platforms and/or accounts from which you permit us to collect information

  11. any other personal information requested by us and/or provided by you or a third party

  12. We may collect these types of personal information directly from you or from third parties.


  1. How we collect your personal information

    1. We may collect personal information from you whenever you input such information into our website

    2. We also collect cookies from your computer which enable us to tell when you use the website and also to help customise your website experience. As a general rule, however, it is not possible to identify you personally from our use of cookies. Furthermore, we also may use your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour



  1. Purpose of collection

    1. Our business performs medical based procedures. Your personal information and medical background will inform our decision in treatment modality and medical suitability for receiving treatment. Withholding such information may place you at risk of adverse events.

    2. To ensure that we are practicing within the legislative requirements governed by the Medicines Poisons and Therapeutic Drugs Regulations of the Northern territory, necessitates the need for collecting personal information

    3. As part of best medical practice, it is essential that persons are identified correctly prior to receiving treatment, necessitating the need for collection of confidential information

    4. The purpose for which we collect personal information is to provide you with the best service experience possible on the website.

    5. We customarily disclose personal information only to our service provider who assist us in operating the website. Your personal information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties. We are also obligated by federal law to release any personal information if subpoenaed.

    6. By using our website, you consent to the receipt of direct marketing material. We will only use your personal information for this purpose if we have collected such information direct from you, and if it is material of a type which you would reasonably expect to receive from us. We do not use sensitive personal information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature.

    7. We may collect, hold, use and disclose personal information for the following purposes:

  1. To enable you to access and use our Site, associated applications and associated social media platforms

  2. To contact and communicate with you

  3. For internal record keeping, administrative purposes, invoicing and billing purposes

  4. For analytics, market research and business development, including to operate and improve our Site, associated applications and associated social media platforms

  5. To run competitions and/or offer additional benefits to you

  6. For advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you

  7. To comply with our legal obligations and resolve any disputes that we may have

  8. Medical prescriptions. Medical suitability for treatments.

  9. It is important to note that due to patient confidentially we do not under any circumstances discuss any sensitive information with family members or others that are not involved in the direct care of the patient/client within or outside of our clinic environment.

  10. Information may be shared within the clinic environment with those qualified and directly involved with your care to ensure continuity of care.

  11. Medical and significant family history is required for assessment prior to the issuing of medical prescriptions, ensuring you are medically suited to undergo treatment. Some information may not be relevant to disclose; you will be made aware of this during your complimentary consult. Withholding important and relevant information may place you at risk of an adverse events. Cosmetic Injectables Australia reserves the right to refuse treatment should not all the necessary/legal requirements be met.



  1. What is sensitive information?

    1. Sensitive information is a form of personal information. Cosmetic Injectables Australia collects sensitive information in the form of patients/clients medical and health history. This information is collected as a necessary means to ensure our patients/clients are safe to undergo our medical based treatments. Patient/clients have the right to refuse to disclose any information. It is important to note that withholding important information places you as the patient/client at risk of adverse events. Cosmetic Injectables Australia holds the right to refuse treatment should it be deemed unsafe.


  1. Access, correction and disclosure of your personal information

    1. Australian Privacy Principle 12 permits you to obtain access to the personal information we hold about you in certain circumstances, and Australian Privacy Principle 13 allows you to correct inaccurate personal information subject to certain exceptions. If you would like to obtain such access, please contact us as set out below

    2. We may disclose personal information to:

      1. Third party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, web-hosting and server providers, debt collectors, maintenance or problem-solving providers, marketing or advertising providers, professional advisors and payment systems operators

      2. Our employees, contractors and/or related entities

      3. Our existing or potential agents or business partners

      4. Sponsors or promoters of any competition we run

      5. Anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred

      6. Credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you

      7. Courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights

      8. Third parties, including agents or sub-contractors, who assist us in providing information, products, services or direct marketing to you. This may include parties located, or that store data, outside of Australia

      9. Third parties to collect and process data, such as Google Analytics or other relevant businesses. This may include parties that store data outside of Australia By providing us with personal information, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act and if any third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act and you will not be able to seek redress under the Privacy Act.


  1. Information storage and security

  1. We are committed to ensuring that the personal/sensitive information we collect is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. We cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

  2. Any photos shown as before and afters on public platforms have been approved by the patient/client involved. All photos are stored in a secure database for the purpose of medical records/documentation.

  3. No photos are displayed or shown at any time without the informed consent of the patient/client. We promote photos of an unidentifiable nature. Photos that show identifiable features will at all times have the informed consent of the patient/clients.


  1. Affiliated sites and businesses

    1. Room Twentyone cannot be held liable in instances of a breach of protection and privacy of any personal information which you provide whilst visiting affiliated websites. Those websites are not governed by this Privacy Policy.


  1. Employees/Third Party involvement of confidential information

    1. Where Cosmetic Injectables Australia has access to any personal information belonging to a customer/client of the Company, the Company will ensure the maintenance of confidence of any confidential information that the Company has access to, or become aware of, and will prevent its unauthorised disclosure or use by any person.
      Cosmetic Injectables Australia will not use the confidential information for any purpose other than for the relevant and related Company processes.

    2. All Room Twentyone employees are responsible for the appropriate handling of such private and confidential information to prevent unlawful disclosure. Under no circumstances will employees use confidential and or sensitive information for any purpose other than for the relevant and related employer processes during their employment, unless for those reasons already outlined in this policy. All employees are not to disclose or use any personal or sensitive information of individual’s post-employment with Room Twentyone, where any such breach or misconduct would result in disciplinary or legal action.



  1. Overseas Transfer

    1. Your personal information may be transferred overseas or stored overseas for a variety of reasons. It is not possible to identify each and every country to which your personal information may be sent. If your personal information is sent to a recipient in a country with data protection laws which are at least substantially similar to the Australian Privacy Principles, and where there are mechanisms available to you to enforce protection of your personal information under that overseas law, we will not be liable for a breach of the Australian Privacy Principles if your personal information is mishandled in that jurisdiction. If your personal information is transferred to a jurisdiction which does not have data protection laws as comprehensive as Australia’s, we will take reasonable steps to secure a contractual commitment form the recipient to handle your information in accordance with the Australian Privacy Principles.


  1. Accessing your treatment records

    1. All patrons and clients have the right to access their personal information under the freedom of information Act. If you would like a copy of your records, please contact our administrative staff on

    2. To apply for access to your treatment records we do require written confirmation that you wish for this information to be released and a method in which you wish to receive it. Our release of information form will also need to be completed. Please allow thirty working days for all treatment records to be issued. A fee may be applied.



  1. Problems Queries or Complaints

    1. If you have a complaint concerning the manner in which we maintain the privacy of your personal information, please contact us as set out below. All complaints will be considered by Piran-Caldwell PTY LTD and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take the appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner, whose details are as follows:  

Australian Information Commissioner
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
Online Form: (Privacy Complaint Form).


  1. How to contact us about privacy

    1. We may, at any time and at our discretion, vary this Privacy Policy by publishing the amended Privacy Policy on our Site. We recommend you check our Site regularly to ensure you are aware of our current Privacy Policy.


If you have any queries, or if you seek access to your personal information, or if you have a complaint about our privacy practices, you can contact us through:


ABN: 44 655 414 789

Last update: 26th of June 2022

Privacy Act 1988 (Cth) compilation No. 76 (Austl.) retrieved from

Payment Methods
bottom of page