1.1. Ego Pharmaceuticals Pty Ltd ABN 86 005 142 361 and its subsidiaries (“Ego”, “we”, “our” and “us”) are committed to responsible privacy practices and to complying with the Australian Privacy Principles contained in the Privacy Act and any other applicable Health Records Acts.
1.2. Where applicable, Ego will handle personal information relying on the related bodies corporate exemption and the employee records exemption in the Privacy Act and any other applicable exemptions in the Privacy Act or other legislation.
1.4. Where it is practical for us to allow you to do so, you may deal with us anonymously (for example when enquiring generally about our products and services).
1.5. Ego acknowledges that the Privacy Principles contained in the Privacy Act and any other applicable Health Records Acts is from a strict legal position applicable within Australia.
- how we collect personal information
- the purposes for which we use this information and
- to whom this information is disclosed
across all of Ego’s operations globally, where it is practical for us to allow its operation and for our Employees to do so.
Where there are additional obligations in the countries that Ego operates in, Ego will comply with those additional obligations.
2. What is Personal Information?
2.2. A reference to “personal information” in this policy includes “health information”, as defined in the Privacy Act and applicable Health Records Acts. Essentially, health information is information or an opinion relating to the health or a disability of a person who is reasonably identifiable.
2.3. The Privacy Act excludes “employee records” from its general requirements. Ego however has voluntarily adopted practices which seek to handle employee records in a manner consistent with the requirements of the Australian Privacy Principles (“APPs”).
3. What Type of Information does Ego Collect?
3.1. The types of personal information Ego collects from you depend on the circumstances in which the information is collected.
3.2. Ego may collect contact details including your name, occupation, address, email address, phone and fax numbers and your date of birth. We may collect answers you provide to questions we ask and other information in relation to your dealings with Ego. If you purchase products or services from us, we may also collect certain transactional information and financial details to process the transaction.
3.3. If you are an Employee or individual contractor to Ego, we may also collect information relevant to your engagement with Ego including qualifications, resume, reference information from your nominated referees, tax file number, bank details, insurance details, feedback from supervisors and training records.
3.4. If you are an Employee of Ego, your personal details are initially collected at the time of your employment and will be retained and updated (where applicable) for payroll, health, superannuation or pension, taxation, insurance and contact purposes as part of our employee records system.
3.5. If we are providing you with, or assisting your health service provider or treating health professional (such as a doctor, pharmacist or hospital) to provide you with, a health related service we may collect your health information and, in such circumstances, you consent to us collecting that information and to us using and disclosing that information for the purpose for which you disclosed it to us and as permitted by the Privacy Act, applicable Health Records Acts and other relevant laws.
3.6. When you use our websites, we may collect website usage information such as the IP address you are using, your browser version, the website that referred you to us and the next website you go to, the pages you request while visiting our websites, the date and time of those requests and the country you are in.
3.7. In certain circumstances we are required to collect government identifiers for tax, health and other requirements, for example in Australia these include tax file numbers, Medicare numbers, health service provider numbers, pension numbers and Veteran’s Affairs numbers. We only collect, use and disclose such information as permitted or required by law.
3.8. In addition to the types of personal information identified above, Ego may collect personal information as otherwise permitted or required by law.
4. How does Ego collect your personal information
4.1. Ego collects personal information in a number of ways. The most common ways we collect your personal information are:
- from publicly available sources;
- directly from you when you provide it to us or our agents or contractors;
- via our website or when you deal with us online (including through our social media pages);
- if you are an individual contractor to Ego, from your employer or recruitment agency;
- from our related companies;
- from credit reporting agencies;
- from third parties (for example, from your health service provider or treating health professional (such as a doctor, pharmacist or hospital) in connection with providing a Return to Work program; from referees if you apply for a position as an Employee or Contractor with us); and
- from consumer feedback where it is possible we would likely get name and contact details. Some consumers provide fuller information such as the condition and treatment so that Ego can help them with product advice.
5. For what purposes does Ego collect, use and disclose your personal information
5.1. The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. Whenever practical we endeavour to inform you why we are collecting your personal information, how we intend to use that information and to whom we intend to disclose it at the time we collect your personal information.
5.2. We may use or disclose your personal information:
- for the purposes for which we collected it (and certain secondary purposes where permitted by law);
- for other purposes to which you have consented; and
- as otherwise authorised or required by law.
5.3. In general we collect, use and disclose your personal information so that we can do business together and for purposes connected with our business operations such as Ego providing you with information useful to your needs.
5.4. If you are an Ego Employee, we will not disclose personal identifying information about you without your prior written consent, unless we are required to do so by law or in the good faith belief that such action is necessary in order to comply with the law or with a legal process served upon Ego.
5.5. Unless otherwise required or permitted by law, we will only collect health information about you with your consent and we will only use that information for the primary purpose for which it was collected. In some circumstances, we may collect your health information through third parties (e.g. from health care professionals, such as pharmacists, doctors or healthcare professionals, who are treating you). We will only do this if you have consented or where otherwise permitted or required by law.
- Some of the specific purposes for which we collect, use and disclose personal information are:
- to respond to you if you have requested information (including via our websites or via an email or other correspondence you send to us);
- to provide goods or services to you, to assist a health professional or service provider to provide you with certain services (e.g. health services) or to receive goods or services from you;
- to administer and manage services, including charging, billing and collecting debts;
- to enable you to participate in any research or marketing or competitions or similar programs that we conduct;
- to improve our products and services and keep you up to date on such improvements;
- to understand our customer better and help improve our products and services;
- to allow performance reporting and benchmarking of your business, if applicable;
- to contact you (directly or through our service providers) to obtain your feedback, to find out your level of satisfaction with our products and services and for other market research activities;
- to verify your identity;
- to enable and manage the ongoing employment relationship;
- to enable and manage all Ego’s contracts, including Ego’s supplier, contractor or consultant relationships;
- to address any issues or complaints that we or you have regarding our relationship; and
- to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone, by fax or in any other lawful manner.
5.6. We may also use and disclose your personal information for the purpose of direct marketing to you where:
- you have consented to us doing so; or
- it is otherwise permitted by law.
5.7. Direct marketing involves communicating directly with you for the purpose of promoting goods or services to you and to provide you with special offers. Direct marketing can be delivered by a range of methods including mail, fax, telephone, email or SMS. You can unsubscribe from our direct marketing, or change your contact preferences, by contacting us (see section 15).
5.8. Although the Privacy Act does not apply to employee records, Ego retains and uses your personal information as an Employee of Ego solely for employment-related purposes.
5.9. We may be obligated to provide our records containing your personal information if required to do so by law.
6. What happens if you don’t provide personal information
6.1. Generally, you have no obligation to provide any personal information requested by us. However, if you choose to withhold requested personal information, we may not be able to provide you with products and services that depend on the collection of that information.
6.2. Individuals while seeking employment with Ego, who fail to provide any lawfully requested personal information, may experience delays in the consideration of their application for employment or it may result in their application for employment being unsuccessful.
7. To whom does Ego disclose personal information
7.1. We may disclose your personal information to third parties in connection with the purposes described in section 5.
7.2. This may include disclosing your personal information to the following types of third parties:
- our related companies;
- health service providers or treating health professionals (such as your doctor, pharmacist or hospital), in connection with providing health-related goods or services to you or as otherwise required or authorised by law;
- our contractors and other third parties that provide goods and services to us (including suppliers, marketing agencies, data analysis specialists, data processing organisations, billing and debt recovery providers, website and data hosting providers and other IT suppliers);
- our accountants, insurers, lawyers, auditors and other professional advisers;
- government and regulatory authorities, courts, tribunals and other bodies as required or authorised by law;
- in an emergency, to medical and health service providers;
- any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees);
- in the event that we or our assets may be acquired or considered for acquisition by a third party, that third party and its advisors;
- carefully selected third parties with whom we have data sharing arrangements;
- third parties that require the information for law enforcement or to prevent a serious threat to public safety; and
- otherwise as permitted or required by law.
7.3. Where we disclose your personal information to third parties we will use reasonable commercial efforts to ensure that such third parties only use your personal information as reasonably required for the purpose we disclosed it to them and in a manner consistent with the Privacy Principles under the Privacy Act and relevant Health Records Acts, for example by (where commercially practical) including suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your personal information.
7.4. If you post information to public parts of our websites or to our social media pages, you acknowledge that such information (including if it includes your personal information) may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.
8. Disclosure of information outside the State/Territory/Nation of collection
8.1. Some of the third parties to whom we disclose personal information may be located outside the state or territory in which the information was collected, or outside Australia, or outside your nation. The state/territories and countries in which such third parties are located will depend on the circumstances. For example, we may disclose personal information to our related companies overseas and to our overseas service providers
8.2. In the ordinary course of business we may transfer to, or store personal information at, overseas parties (for example, offshore data centres located in the US and Asia). All transfer of information is encrypted, and Ego takes reasonable commercial technical measures to ensure data security using contemporary storage and cryptographic techniques. Ego ensures processes are in place to ensure information is only shared with parties with a legitimate requirement to carry out services outlined in this policy.
8.3. Except in some cases where we may rely on an exception under the Privacy Act or other law, we will take reasonable steps to ensure that such overseas recipients do not breach the Privacy Principles in the Privacy Act in relation to such information.
8.4. In respect of health information covered by Health Records Acts, unless otherwise required or permitted by law, we will only disclose your health information to a third party outside the state/territory of collection if we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which upholds principles for fair handling of the information that are substantially similar to those in the applicable Health Records Acts.
9. How does Ego protect personal information
9.1. Ego will take reasonable steps to keep any personal information we hold about you secure. Please notify us immediately if you become aware of any breach of security.
10. Accuracy of the personal information we hold
10.1. We try to maintain your personal information as accurately as reasonably possible. We rely on the accuracy of personal information as provided to us both directly (from you) and indirectly.
10.2. You may contact us if the personal information we hold about you is incorrect or to notify us of a change in your personal information. Our contact details are set out in section 15.
10.3. Corrections will be made to any incorrect information or, in the event of a correction being refused, a reason will be provided.
11. Links, cookies and use of Ego websites and applications
11.2. Ego uses “cookies” and similar technology on its websites and in other technology applications. The use of such technologies is an industry standard, and helps us monitor the effectiveness of our advertising and how visitors use our websites/applications. We use such technologies to generate statistics, measure your activity, improve the usefulness of our websites/applications and to enhance the customer experience.
12. How can you access and correct personal information Ego holds about you
12.1. You may seek access to personal information which Ego holds about you by contacting us as described in section 15. We will provide access to that information in accordance with the Privacy Act and Health Records Acts, subject to certain exemptions which may apply. We may require that the person requesting access provide suitable identification and where permitted by law we may charge an administration fee for granting access to your personal information.
12.2. If you become aware that any personal information we hold about you is incorrect or if you wish to update your information, please contact us (see section 15).
13. Employee Responsibilities
13.1. All Employees of Ego have an obligation to preserve the privacy of customers, clients, agents, contractors, suppliers, distributors and fellow Employees of Ego. In preserving this privacy, Employees must refrain from disclosing personal information about any of these people. This obligation extends to out of hours conduct, and any breach of privacy in this regard may be subject to an investigation by Ego. The consequence of an investigation could be disciplinary action to follow as may be appropriate.
13.2. Where an Employee is unsure whether the information is personal or not, they are to promptly contact their manager for clarification and advice before taking any action or disclosing information.
13.3. Ego expects every Employee to respect privacy, and to support the policy set out in this document.
14. Queries, comments and complaints about our handling of personal information
14.2. When contacting us please provide as much detail as possible in relation to your question, comment or complaint.
14.3. Ego will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you co-operate with us during this process and provide us with any relevant information that we may need.
14.4. If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner or other relevant regulators at http://www.oaic.gov.au/.
15. How can you contact us?
15.1. Please address all privacy complaints and requests to update or access information to:-
Attention: Privacy Officer / General Counsel
Ego Pharmaceuticals Pty Ltd
21-31 Malcolm Road
Braeside Victoria 3195
Any requests to access, update or correct your health information should be made in writing.
15.2. To unsubscribe from our direct marketing, you can also contact us at firstname.lastname@example.org and set out the contact details that you no longer want used for direct marketing.