HealthHub Login

Privacy Policy


Your Privacy is very important to us.

This Privacy Policy has been created to explain how and why we collect and use information about you and how we manage the protection of your privacy. We recommend that you read this statement in full so you have a complete understanding of how we will use your personal data. You can click on the links below to move directly to a section:

  1. What personal data do we collect?
  2. How do we hold and use your personal data?
  3. How do we share your information?
  4. Your rights and choices.
  5. Other important information.

1. What personal data do we collect?

The Lucy Rose Clinic collects personal data to operate our business and to provide you with the product and services that we offer. You provide some of this data to us directly, for example when you make an appointment with us, contact us via 3rd party app such as Facebook, or send a query to our support team. Other data is collected when you interact with our products, by using cookies and other technologies.

When using our site, you have choices about what data we collect, and when you are asked to provide personal data you may decline. If you decline to provide data that is necessary to provide you with a particular product or feature, you may not be able to use this product or feature.

We collect personal data through:

  • Information you provide to us: The Lucy Rose Clinic does not collect personally identifiable information about individuals except when such individuals specifically provide such information on a voluntary basis.

    When you submit an enquiry on our website or make an appointment at one of our clinics you will be asked to complete an online form to submit information about you to us. Such information includes: your name, your contact details such as your telephone number, physical address and email address; your date of birth; and information that allows us to process your payment to us, such as credit card information.

    We will also securely store information relating to the use of our service. For example, medical records you send us or have performed through us; when you contact us through our platform; the contents of the emails you send to us and any other information that you may upload to the Sites. Finally, we may also collect information from any correspondence that you have with us.

  • Your use of our services:
    When you use our services, we collect information about what types of services you use and how you use them. For example, which parts of our websites you visit, and what advertisements you view. The information that we collect while you use our services can be grouped into the following categories:

    • Information about your device and internet connection: Using technical logs and other tools, we register information about the device you use, such as the device manufacturer, operating systems and browser version. We also collect information about the connection to our services, such as IP address, network ID, cookies and unique ID files. This information can help us to adapt the way content is displayed to you, based on your device and user profile. 
    • Information about how our services are used: We also register information about how you use our services. For example, which pages of the site you visit; the searches that you have performed; the times and dates that you visited our site; how long a page is displayed on your screen; how you navigate around the page, which websites you have visited before visiting our site; what functions you have carried out on a page; and if you have completed a transaction.
  • Cookies and other locally stored content:
    When you use our platforms and services, cookies and other data are stored locally on your device. These cookies provide us with information that allows us to recognise and remember you and your preferences. We use four different types of cookies:

    • Strictly necessary cookies: these are essential to enable us to provide you with access to the services you requested, blocking these cookies will mean that some of our services do not work for you.
    • Performance cookies: This measures information on your activity on our platforms and how often you use them. This information is used to drive changes that improve your experience on our site.
    • Functional cookies: Enable us to provide you with a more personalised experience across our platforms by remembering your preferences and settings when you revisit the site.
    • Advertising: These are cookies that are used to collect information about the pages you viewed, any links clicked and information about your browser, device and IP address.
  • Other information: We may also store information about your location (based on IP address and mobile network code), collect information from any messages that you send to or receive from us (both on our platforms and via third party apps such as social media platforms). We may also receive information from third parties where you use their services to interact with our site.

2. How do we hold and use your personal data?

Information relating to patients, healthcare professionals and third parties with which The Lucy Rose Clinic conducts business will be held on The Lucy Rose Clinic’s secure customer relationship management (CRM) software platform. This information will be accessed and used in the ordinary course of conducting business, including but not limited to communicating with you, order processing and fulfilment, accounting, responding to enquiries or complaints.

Information relating to third parties with which The Lucy Rose Clinic conducts business will be used to facilitate the provision of products and services to The Lucy Rose Clinic.

We may also use the information that we collect from you: to advertise our services and the Website; for our internal administrative, marketing and planning requirements; to compile and report statistics, with all the relevant personal and/or proprietary information de-identified prior to the completion of such statistics; and for other purposes that are expressly permitted under any agreement with you.

We may also disclose aggregated data (in a form that does not identify you individually) to our advisors for the purposes of conducting market and user experience analysis.


We may publish customer testimonials on our website, in social media profiles, on our Youtube channel and within advertising creative material. These testimonials may contain personally identifiable information. We obtain your written consent at the time the testimonial is recorded. It is our usual policy to publish testimonials with the first and last name of the individual giving the testimonial. If you would like us to only publish your first name, please let us know when you give us the testimonial.

Data Security

The Lucy Rose Clinic uses technical and organisational security precautions to protect your data from misuse, interference or loss and from unauthorised access, modification or disclosure. We store the majority of the personal information that we collect from you in Australia, we may from time to time store some of the information in a computer server located in another country. We will take such reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles.

Any Personal Information that is provided to The Lucy Rose Clinic by you through The Lucy Rose Clinic’s systems will be encrypted in transit to prevent its possible misuse by third parties. (not sure what to put here.

The Lucy Rose Clinic uses reasonable means to protect the security and confidentiality of email information sent and received. However, given the risks, we will not be liable for the inadvertent disclosure of confidential information. Email is not appropriate for urgent or emergency situations, nor a substitute for care that may be provided via telehealth  or Zoom consultation. No consultations will ever be conducted via email.

The Lucy Rose Clinic’s security procedures are continuously revised based on new technological developments.

In the event of an actual or suspected data breach, The Lucy Rose Clinic will follow the procedures outlined in its Mandatory Data Breach Response Plan, including

  • containing the data breach
  • conducting a risk assessment to assess the severity rating of a suspected or known data breach
  • assessing whether an Eligible Data Breach has occurred.

If an Eligible Data Breach has occurred, The Lucy Rose Clinic may report the data breach to third parties such as:

  • The Lucy Rose Clinic’s financial services provider
  • police or law enforcement bodies
  • the Australian Securities & Investments Commission (ASIC)
  • the Australian Taxation Office (ATO)
  • the Australian Transaction Reports and Analysis Centre (AUSTRAC)
  • the Australian Cyber Security Centre (ACSC)
  • the Australian Digital Health Agency (ADHA)
  • the Department of Health
  • State or Territory Privacy and Information Commissioners
  • Australian Health Practitioner Regulation Agency
  • professional associations and regulatory bodies
  • insurance providers.

We will contact you if you have been personally impacted by an Eligible Data Breach.

3. How do we share your information?

We retain access to all personal information that we have collected from you. If you have consented on signup or on the appropriate email form, we may provide any of the information we collect to carefully screened third parties to contact you regarding products or services that we think may be of interest to you. If The Lucy Rose Clinic enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.

  • Our services: Our service allows you to engage with other members of our site. If you send a message to another member of our site, your message will be shared with that site member. If you comment on an forum topic, or leave feedback on the account of another person in one of our community run groups, these will be publicly visible on that site.
  • Service providers: We engage other service providers to help us to provide our service to you. For example, to process payments, site maintenance, and fraud detection. These service providers will have access to your information as much as is reasonably necessary for them to perform these tasks on our behalf. They are obligated not to disclose or use your data for any other purpose.
  • Legal disclosures: When required to by law, we may disclose information about you. This may be as the result of a subpoena or other legal process. Your personal information will also be shared if we believe that the disclosure is necessary to:
    • Be used by government enforcement agencies to investigate, prevent or take action against any suspected or actual illegal activities.
    • To enforce the agreements that we have with you.
    • To investigate and defend The Lucy Rose Clinic against any allegations made by third parties.
    • To protect the integrity and security of our services.
    • To exercise the rights and safety of The Lucy Rose Clinic, our employees and other users of our service.
  • Change of ownership: If The Lucy Rose Clinic enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners in preparation for, or as a result of, any of these events. Any other entity which buys The Lucy Rose Clinic or any part of our business, will have the right to continue to use your data in the way described by this privacy policy, unless you consent otherwise.

4. Your rights and choices

The General Data Protection Regulations offer you a number of rights in relation to your data. This includes the right to access a copy of your data, a right to receive a copy of your data that can be transferred to another organisation, a right to data deletion, a right to withdraw your consent to data processing, a right to restrict the processing of your data, and information on any automated decision making processes.

  • Data Retention: The amount of time that we retain data for, depends on the type of data being retained, and how that is used. In some cases, there will be a legal requirement for us to hold data for a specified amount of time. In other cases, we will not retain the data for any longer than necessary for the purpose that it was collected and processed. When you register a profile or account with us, we will retain the information that you provide to us for as long as you hold this profile or account. Once a profile or account has been closed, we will continue to retain this data for a period of 7 years. If you have provided data to us without registering a profile or account, this data will be retained for 7 years after your last date of activity with us.
  • Right to Access Your Personal Data: Non- registered and registered users of our platforms can request we provide them with a copy of the personally identifiable information we hold by contacting our Customer Support Team directly at or calling us in business hours on 1300 849 764.
  • Right to Control Your Personal Data: Registered users of our platforms can update their information by contacting our Customer Support Team directly at or calling us in business hours on 1300 849 764. You can change your marketing preferences at any time by changing your topic preferences or opting out of receiving these communications in the footer of every email with the exception of appointment reminders, treatment plans, and correspondence directly with us in regard to your medical care. You may ask us to make any necessary changes to ensure that such information is accurate and kept up-to-date.
  • Right to Data Deletion: Non- registered and registered users of our platforms can request we delete any personally identifiable information we hold by contacting our Customer Support Team directly at In some instances we may be unable to delete your data if we are required to retain it to comply with our legal obligations (including requests from law enforcement agencies).

5. Other information

Special Category Personal Data

The Lucy Rose Clinic may collect special categories of personal data for patients undergoing. However, if you enter this information into any free text section of our site, such as in a medical intake form, or on our forums, this information will be held and processed in the same manner as all other data that you have provided to us.


The security of your data is important to us. We perform regular monitoring of our systems to identify possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send to us. No guarantee is given that the data will not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

Direct marketing

We will only send you marketing information where you have opted in to receive these communications. You can change your marketing preferences at any time, by logging into your account and changing this on your account dashboard. You can also opt out of receiving marketing at any time using the unsubscribe link that can be found at the end of each email that we send.

Changes to this Statement

This statement will be updated when necessary to reflect changes that we make to our products. When this statement is updated, the “last updated” date will be revised at the top of this statement. We encourage you to review our Privacy Policy regularly so that you can stay informed about our use of your data.

Contact information

If you have any questions in relation to this Policy, please email at