Pharmaxis Ltd and its subsidiaries (Pharmaxis, we, us and our) are committed to protecting your privacy.
Pharmaxis is required to comply with the Australian Privacy Principles and the Privacy Act 1988 (Cth) (Australian Privacy Act) which provides for the fair handling of personal information and sets standards for the collection, access, storage and use of personal information. We may also be required to comply with the laws of other jurisdictions, including, if you are a citizen or resident of the European Union, the European General Data Protection Regulation (GDPR).
What information we collect about you;
How and on what basis we use the information we collect;
How we collect your personal information;
How long we keep your personal information;
How we share the information we collect;
How we protect your information;
How you can access and control your information;
How you can contact us.
If you have any questions, please contact us using one of the methods set out in the “Contact Us” section below.
By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this policy and any other specific arrangements that apply between Pharmaxis and you.
We may change this policy from time to time and accordingly encourage you to check this policy periodically.
What information do we collect about you?
The type of information we collect depends on the nature of your dealings with us and the reason forcollecting it. The information, including personal information, that we collect includes:
name and contact details;
details of your company, industry, role and accreditations;
information from your visits to our websites, including the IP address, type of browser, device (including unique device identifiers) and operating system you use, network information, access times, pages viewed, links clicked on;
details of the products you have enquired about or that we have supplied to you, including any additional information necessary to deliver those products and to respond to your enquiries;
credit card and debit card or bank account information for product deposits, purchases or refunds;
information that you provide to us directly through one of our websites, apps or that you email to us; and
information you provide in customer surveys, interviews or case studies.
If you are someone who uses our products including clinical trial participants: we may collect additional specific information about your use of our products and you, such as your gender, date of birth, your medical history and conditions, test results and diagnoses, family and social history, medical enquiries you make, side effects (adverse events) you report, your participation in patient support schemes, named patient or compassionate use access and clinical trials. We may receivesome of this information from third parties, such as our distributors or your healthcare professional. Some of this information may be, but is not always, anonymised or de-identified.
Suppliers, Customers or Other External Stakeholder
If you are a supplier, customer, distributor or healthcare professional: we may collect additional specific information including information about your professional details, practice specialty and areas of interest, membership of professional associations, product usage and your dealings with us.
If you are an employee, contractor or applicant: we may collect additional specific information including your gender, date of birth, contact details, information collected in our employment records, including tax file number, job application, reference checks, curriculum vitae/resume, records of training, documentation of performance appraisals and disciplinary matters, employment terms, and medical condition or history. We may receive some of this information from third parties such as recruiters or from reference checks.
Prospective Employees, Contractors / Job Applicants and Employees and Contractors
If you are a prospective employee or contractor or employee or contract: we may also collect personal information about you during the recruitment process or during your employment/ engagement with us. This information may include your gender, date of birth, contact details, personal medical & health history and information (such as physical or mental health or a disability, type of health service being
provided and healthcare identifiers that we are lawfully able to collect), information collected in our employment records, including tax file number, job application, reference checks, curriculum vitae/resume, records of training, documentation of performance appraisals and disciplinary matters, employment terms, and medical condition or history.
The collection of Personal Information from job applicants may be obtained from a third-party source, such as a recruitment agency or from reference checks.
If you are an investor: we may collect additional information including your tax file number, contact details and investment details.
How do we use your personal information?
Our use of your personal information depends on the nature of your dealings with us and the reason for collecting it. Generally, the purpose for which we collect personal information will be apparent from the way in which we collect it, or will be disclosed at the time of collection. We may use your information, including personal information to:
provide you and healthcare professionals with product support;
respond to and fulfil queries and requests you, your healthcare professional and our distributors and suppliers may make;
administer, improve and promote our products;
analyse the performance of our products;
improve our services and services of our third party suppliers and distributors;
monitor the safety of our products and record, analyse and respond to and act on medical queries, complaints and safety reports and to report as required to regulatory bodies and other relevant companies which market and sell our products;
notify you of matters concerning the safety of our products which we consider you should be notified of or to notify you as may be required by law or regulation;
generate and maintain customer lists for the purposes of our own market research and to enable us or our distributors to undertake marketing to you and others;
perform clinical trials and other research organised by us which you have agreed to be involved in;
administer patient support, named patient access, compassionate use, health awareness/management programs or other similar programs organised by us;
organise and administer conferences, symposia, seminars or other events and meetings;
generate and maintain our investor information to comply with legal requirements and to enable reporting to investors;
provide you with information such as our press releases and ASX releases;
to maintain our register of shareholders and investor communication lists and to make offers and communicate with our shareholders and investors; and
comply with applicable laws, regulations, guidance, codes of conduct, product approvals, license requirements and ethical requirements including to comply with demands or requests made by regulators, governments, courts and law enforcement authorities.
On what basis do we use your personal information?
For personal data subject to the GDPR, we rely on several legal bases to process and use your personal information. These are:
for legitimate business purposes: for example, we use your personal information as part of our business, including in particular to satisfy regulatory requirements and monitor the safety of our products.
to perform a contract to which you are a party: we may need to process your personal information to provide a product you request.
to comply with our legal obligations and other demands for information: we need to use your information if required to comply with laws, regulations and guidance, as well as the other lawful demands for personal information.
you have given your consent: at times we may need to get your consent to allow us to use your personal information for one or more of the purposes set out above.
How do we collect your personal information?
How we collect personal information will depend upon the nature of your dealings with us. Whenever it is reasonable and practical to do so, we will collect your personal information directly from you. We may also collect personal information from third parties, including in the course of providing products to you such as from our distributors, your healthcare practitioners, your carer/family member,
guardian, publicly available information and databases supplied by third parties. Other examples include information collected concerning our investors from our share registrar.
If you are one of our suppliers, distributors or healthcare professionals, your personal information may be collected from you, your employer, other employees, or third parties. Similarly, if you are a prospective employee, we may collect information for third parties such as recruiters and referees.
If you elect not to provide some personal information to us, this may affect our ability to provide products to you.
How long will we keep your personal information?
We will always keep your personal information for the period required to comply with applicable laws, regulations, guidance, codes of conduct, product approvals, license requirements, ethical and safety requirements. We may also maintain your information as required to comply with any contract of which we are a party. Otherwise, we keep your personal information:
for as long as needed to provide you with access to product and longer to assist us in best addressing any safety matters that may arise with respect to our products;
where you have contacted us with a question or request, for as long as necessary to allow us to respond to your question or request.
How do we share your personal information?
Our headquarters are in Australia and we use service providers and have distributors in other jurisdictions. As a result, your personal information is sometimes shared with others and transferred and processed outside of your home country. We may share your personal information with:
companies within our group;
third parties who we have a business relationship with, including distributors, agents, suppliers, share registrars. This would also include companies that provide technology services to us, our professional advisors and auditors;
governments, regulators, courts and law enforcement authorities; and
other third parties in connection with any re-organisation or sale of all or any part of our business.
Data privacy laws in the countries to which your personal information is transferred may not be equivalent to, or as protective as, the laws in your home country.
The European Commission has the power to determine, on the basis of the GDPR, whether a country outside the European Union offers an adequate level of data protection by making an ‘adequacy decision’. To date, the European Commission has not adopted an adequacy decision in respect of Australia. Instead, with respect to any transfers of information from the EU, we rely on other legal bases to lawfully transfer personal data. We will implement appropriate measures to protect and secure your personal information when it is transferred outside of your home country, in accordance with applicable data protection and privacy laws, including in the case of EU residents, with your consent or through the use of European Commission-approved model contractual clauses.
We will not sell, share or otherwise distribute personal information about you to any person, except as provided in this policy and in accordance with applicable law and regulation. The circumstances in which we may disclose that information include where:
we expressly tell you at the time you supply the information or it is expressly permitted under any agreement with you;
it is necessary to provide you with the products which you have requested;
it is requested by third parties for use in the ordinary operation of our business. We will only disclose your personal information to reputable third parties and only on a confidential basis;
disclosure is in response to demands or requests made by regulators, governments, courts and law enforcement authorities;
permitted or required by law, regulation or applicable guidance.
How do we protect your personal information?
We will take reasonable steps to protect the personal information we hold from misuse, loss and from unauthorised access, modification or disclosure in line with applicable data protection and privacy laws. However, no data can be guaranteed as totally secure.
Websites that we do not own or control
How do you collect personal information from children?
Any individual who requests information about a product indicated for use in children must be 18 or over (16 in certain jurisdictions). Except as required by law or as may be required in connection with the safety of our products, we will not collect, use or disclose personal information from a minor under the age of 18, without obtaining prior consent from a person with parental responsibility (e.g. a parent or guardian). If we later find out that we have collected personal information from an individual under the age of 18 without getting the necessary consent, we will suspend use of this information and, subject to applicable laws and regulations, remove it.
What are your rights regarding your personal information?
Data privacy laws provide you with a number of rights over your personal information. Your rights may be different depending on where you are located. You (or your parent or guardian, as applicable) may be entitled to:
ask us for access to the personal information we hold about you;
request the correction and/or deletion of your personal information;
request the restriction of the processing of your personal information, or object to that processing;
withdraw your consent to the processing of your personal information (where we are processing your personal information based on your consent);
request for the receipt or the transfer to another organisation, in a machine-readable form, of the personal information that you have provided to us; and
complain to your local data protection authority if your privacy rights are violated, or if you have suffered as a result of unlawful processing of your personal information.
If you have any questions of concerns or would like to exercise your rights, please let us know by getting in touch with us as set out in the “Contact Us” section below.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. This could mean that we may not be able to perform the actions necessary to achieve the purposes as set out in the section “How do we use your personal information?” above.
Like many websites, our websites may collect certain information through the use of “cookies”, web beacons, device identifiers and other technologies to provide functionality and to recognize you across different services and devices.
How do you make a Privacy Complaint?
Your privacy is important to us. If you have any questions or concerns, we suggest you email Pharmaxis at email@example.com or telephone Pharmaxis on +61 2 9454 7200. Our head office is located at 20 Rodborough Road, Frenchs Forest, Frenchs Forest NSW 2086.
We may not be able to answer immediately but will review your question or concern and will attemptto resolve it as soon as possible.
If you are not satisfied with our response, we may require you to submit your complaint in writing byemail at firstname.lastname@example.org with your contact details and details of your complaint.
Further Information on Privacy
Further information may be obtained on privacy issues in Australia by visiting the Australian Information Commissioner’s website at https://www.oaic.gov.au/. The Australian Information Commissioner's hotline on 1300 363 992 or, if calling from outside Australia, + 61 2 9284 9749. If you are a resident of the EU, you can also contact your local Information Commission Office.
Breaches of this policy
Any breaches of this Policy may result in disciplinary action, which could result in the termination of employment with Pharmaxis.
This procedure is reviewed to ensure its continuing relevance to the systems and process that it describes.