Privacy Policy

Haús of Vitality collects, stores, and uses personal information as part of delivering our services. This policy explains how we handle that information and sets out the obligations of all team members in protecting the privacy of clients, employees, and the business.

This policy is supported by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

2. WHAT INFORMATION WE COLLECT

2.1  Client Information

  • Name, contact details, and date of birth
  • Health and medical history relevant to treatments
  • Treatment history and clinical notes
  • Consent forms and signed documentation
  • Payment information (processed securely via Stripe — not stored by Haús)
  • Photos taken for treatment tracking (with written client consent only)

2.2  Employee Information

  • Name, contact details, and emergency contact information
  • Tax file number and bank details (for payroll purposes only)
  • Training and qualification records
  • Performance and disciplinary records

3. HOW INFORMATION IS STORED

  • Client records are stored in Simple Salon — a secure, cloud-based salon management system
  • Employee records are stored in the Haús Google Drive — access is restricted to the franchisee
  • Physical documents containing personal information must be stored securely and not left accessible in common areas
  • Any personal information stored on personal devices must be protected by a password
  • Records must be retained for a minimum of 7 years in line with Australian tax and business legislation

4. TEAM MEMBER OBLIGATIONS

All team members must:

  • Only access client or employee information that is necessary to perform their role
  • Never share client information with third parties without the client’s written consent
  • Never discuss client details in public areas, in front of other clients, or outside the business
  • Never use client contact details for personal purposes
  • Report any suspected privacy breach to the franchisee immediately
  • Not take copies — digital or physical — of client or employee records without authorisation

5. CLIENT RIGHTS

Clients have the right to:

  • Know what information is held about them
  • Request access to their personal information
  • Request a correction of inaccurate information
  • Withdraw consent to the use of their information
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if they believe their privacy has been breached: www.oaic.gov.au

6. PHOTOGRAPHY AND RECORDING

  • Clients must provide written consent before any photographs are taken for treatment tracking or marketing purposes
  • Photos used in marketing must be approved by the client in writing — general consent forms are not sufficient for public use
  • Team members must not photograph or film clients using personal devices under any circumstances
  • Recordings of any kind in treatment rooms are prohibited without explicit written consent

7. CONFIDENTIAL BUSINESS INFORMATION

All business information — including pricing, supplier agreements, client lists, financial data, and operational processes — is confidential. This obligation applies during and after employment or engagement with Haús of Vitality. Team members must not share, copy, or use confidential business information for personal or commercial benefit.

8. PRIVACY BREACHES

A privacy breach occurs when personal information is accessed, disclosed, or lost without authorisation. If you suspect a privacy breach, report it to the franchisee immediately. The franchisee will assess the breach and notify Haús HQ. Depending on the severity, notification to the OAIC and affected individuals may be required under the Notifiable Data Breaches scheme.