Privacy

Last Updated: 8 October 2021

This Privacy Policy describes how Myopharm Limited (ACN 133 150 884), and any affiliates of the above (collectively, weus or our) collect and process your personal information in connection with our websites, platforms, applications, products, software, or services (collectively, Services).

This Privacy Policy does not apply to our employee and contractor records.

If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the bottom of this Privacy Policy.

How we collect information

Broadly speaking, the way in which we collect personal information about you will depend on your relationship or interactions with us.

Information that you provide voluntarily

Certain parts of our Services may ask you to provide personal information voluntarily. For example, we may ask you to provide your contact details in order to register an account with us, to subscribe to marketing communications from us, or to submit enquiries to us. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.

Information that we collect automatically

When you access our Services online, we may collect certain information automatically from your device. Specifically, the information we collect automatically may include your internet protocol (IP) address, your login data, browser type and version, time zone setting and location and other technical information. We may also collect information about how your device has interacted with our Services, including what was accessed and the links clicked.

Collecting this information enables us to better understand the users of our Services, where they come from, and what content is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Services.

Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Online tracking and your choices” below.

Information that we obtain from third party sources

Where possible, we collect information directly from you. However, there may be occasions where we receive information about you from third parties, such as your healthcare professional or pharmacy if you are a patient, your patient if you are a healthcare professional, or third parties with whom we have a relationship. For example, in some countries, regulations require us to obtain relevant documents from third parties which contain patient information before we can release products.

Information we collect and why

The table below sets out the types of personal information we collect, why we use it, and where required under applicable law, the lawful basis for processing that personal information.

Warranties

Data subject category Data type Why do we use this information? Lawful basis
Healthcare professionals Contact information: such as your name, email and work address (i.e.clinic details) To assist you in completing any required application forms, required bylaw/regulation
  • Performance of a contract

  • Our legitimate interests
    To facilitate contact from one of our representatives where you request such a visit
  • Consent

  • Our legitimate interests
    To provide you with information about our products, educational platform and other services on your request
  •  Consent

  • Our legitimate interests
    To participate in surveys provided by us for research purposes
  •  Consent
Patients with a profile on our Services Contact information: such as your name, email and location To create your user profile on our Services
  •  Consent
    To provide you with information and/or access to information relating to products on your request
  •  Consent
    To contact you to participate in a survey
  •  Consent
    To assist you in locating relevant healthcare professionals near your location when you use our Services
  •  Consent
    To sign up or register to use our Services
  •  Consent
  Survey information: any information you provide to us as part of your voluntary participation in a survey, which could include sensitive personal information To carry out analysis on users of our Services
  • Consent
Patients of healthcare professionals engaging with us Contact information: such as name, email, address Information uploaded by your healthcare professional to one of our Services, but not accessible to us N/A
  Prescription data: such as name, initials, address, date of birth, gender, weight and printed age for those under the age of 12 or over the age of 60, indication and clinical justification for the use of the product (e.g. the seriousness of the condition, details of previous treatments including detail on use of therapeutic treatment), product type, dosage and dose form, treating doctor or clinic For identity verification purposes and to fulfil a product order relating to your prescription from a healthcare professional, including where you have requested products from a dispensing pharmacist.
  • Legal obligation

  • Health or social care (for the provision of healthcare or treatment)
  Medical information: such as your diagnosis or medical condition, indication and clinical justification for the use of the product (e.g. the seriousness of the condition, details of previous treatments including detail on use of therapeutic treatment), except where such infor mation is collected as part of your “prescription data” (see above) To carry out analytics and create aggregate statistics for research purposes.
  • Our legitimate interests
  • Scientific research purposes
    Information uploaded by your healthcare professional to one of our Services including as part of regulatory requirements but not accessible to us. N/A
  Adverse events or special situations: information about any untoward medical occurrence in a patient or clinical trial subject administered a medicinal product, with or without an adverse event To enable us to contact the reporter, if necessary, to clarify the information received
  • Legal obligation
    To carry out risk to benefit assessments for our products
  • Legal obligation
    For submission to regulatory authorities
  • Legal obligation
  •  Health or social care (for the provision of healthcare or treatment)
  Treatment information: such as product type, dosage, dose form, frequency of administration and expected duration of treatment, treating clinic, except where such information is collected as part of your “prescription data” (see above) To carry out analytics and create aggregate statistics for research purposes.
  • Our legitimate interests
  • Scientific research purposes
    Information uploaded by your healthcare professional, including as part of regulatory requirements but not accessible to us N/A
Pharmacists Contact information: such as your name, email address and pharmacy contact details To add your pharmacy details to the “find a pharmacy” directory on our Services
  • Consent

    To facilitate contact from one of our representatives where you request such a visit
  • Consent

  • Our legitimate interests
    To provide you with information about our products, educational platform and other services on your request
  • Consent
  • Our legitimate interests
    To deliver orders to you and provide you with information relevant to ordering our Services
  • Performance of a contract
  • Our legitimate interests
  Professional Information: such as your professional registration number To verify your details with the relevant regulatory body
  • Legal obligation

  • Our legitimate interests
  Financial Information: such as information regarding your financial viability To conduct credit enquiries relating to your dispensing pharmacy application
  • Legal obligation
  • Our legitimate interests
Visitors or users of our Services Contact information: such as name, email, telephone number, address, content of free text To respond to your queries and requests, to register you, and/or book a consultation
  • Our legitimate interests
  Technical information: such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug - in types and versions, operating system and platform To understand how you interact with our Services, as well as our content to enable us to improve service and functionality
  • Our legitimate interests
  Information you disclose to us: any information you disclose to us through your communications with us which may include sensitive personal information To respond to you including your questions in relation to our products and services
  • Consent
Shareholders Shareholding information: such as your name, address and number of shares held To register and verify your interest in our securities, and manage any shareholding you may have in Myopharm Limited
  • Legal obligation

  • Our legitimate interests
Job applicants Identification data: such as your name, gender, photograph, date of birth, national identifiers To identify you as the individual applying for a role with us
  • Performance of a contract

  • Our legitimate interests
  Contact information: such as home address, telephone number, email address To contact you about your application to us and invite you to participate in any assessments and interviews with respect to the role you have applied for
  • Performance of a contract

  • Our legitimate interests
  Employment details: such as employment history, application for role, third party references To assess your job application to us and your suitability for the role
  • Performance of a contract

  • Our legitimate interests
  Background information: such as academic or professional qualifications, education, CV criminal records data (for vetting purposes, where permissible and in accordance with applicable law) To assess your job application to us and your suitability for the role
  • Performance of a contract

  • Our legitimate interests

  • Employment (for the assessment of your working capacity)

Lawful basis for processing

The lawful basis for processing your personal information are as follows:

  • Consent: where you have given consent to the processing of your personal data for one or more specific purposes
  • Performance of a contract: where processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract
  • Legal obligation: where processing is necessary for compliance with our legal obligations
  • Legitimate interests: where processing is necessary for a legitimate interest, and that legitimate interest is not overridden by your interests or fundamental rights and freedoms

The lawful basis for processing your sensitive personal information are as follows:

  • Health or social care: where processing is necessary for the provision of healthcare or treatment
  • Employment: where processing is necessary for the assessment of your working capacity Sensitive personal information

Some of the information we collect and process may include sensitive personal information (also known as special category data).

Sensitive personal information is a subset of personal information that is generally afforded a higher level of privacy protection. It includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record and some types of biometric information.

Data sharing

  • To persons for whom we have your consent to share your personal information.
  • To our group companies for the purposes for which we are entitled to process your personal information under this Privacy
  • To third party service providers who work for us in the provision of our services and with whom we have contractual relationship. Your data may also be processed by a third party if required to deliver a service you have requested. For example, to a dispensing pharmacy in order to fulfil an order, regulatory bodies and healthcare professionals.
  • To any competent law enforcement body, regulatory, government agency, court or other third party where we believe it is necessary (i) as a matter of applicable law or regulation; (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person. For example, we are required under the Australian Corporations Act 2001 (Cth) to maintain a register of shareholders and make it available for inspection by the public. We may also be required to disclose information about your shareholding to regulatory bodies such as the Australian Securities and Investments Commission and the Australian Taxation Office.
  • To an actual or potential buyer (and its agents and advisors) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, provided that we inform the buyer it must use your personal information only for the purposes set out in this Privacy Policy.

We will check any third party that we use to ensure that they can provide sufficient guarantees regarding the confidentiality and security of your personal information.

We will have written contracts with them which provide assurances regarding the protections that they will give to your personal information and their compliance with our data security standards and international transfer restrictions.

Third-party sites and features

Our websites may contain links to other websites operated by third parties and may include social media features such as Facebook and Twitter buttons (such as “Like,” “Tweet” or “Pin”). These third-party sites may collect information about you if you click on a link and the social media sites may automatically record information about your browsing behaviour every time you visit a website that has a social media button. Your interactions with these features are governed by the privacy policy of the company providing the feature, not by this Privacy Policy. We do not control what information these third parties collect. Please review your privacy settings on your social media sites and think carefully before clicking on links which may take you to a third-party website.

Data security and retention

Security

We take security seriously and care about the integrity of your personal information. We use commercially reasonable physical, administrative, and technological methods to secure your personal information and protect it from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.

In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

Data retention

In order to deliver our core functions and to ensure we meet our legal data protection and privacy obligations, we will retain your information for at least as long as your account is active, as needed to provide you services, as long as is needed to fulfil the purpose for which it was collected (and any other linked purpose) or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

When we have no ongoing legitimate business need to process your personal information (as described above), we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.

International transfers

Personal information collected from interactions with Myopharm UK is stored securely within the UK.

We will not transfer data collected and stored within the EEA (including the UK) to any country outside of the EEA that is not recognised as ensuring an adequate level of protection, without compliance with the relevant legal or regulatory requirements. These include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies, which require all group companies to protect personal information they process from the EEA or the UK in accordance with European Union data protection law. In addition, where required, we have implemented similar appropriate safeguards with our third-party service providers. Further details on our international transfer safeguards are available on request.

Personal information collected from interactions with one of our entities in Australia is stored securely in Australia. We may disclose information outside of Australia where we have a legal right to do so and to its group companies located overseas in the normal course of its business. Our policy is to comply with the requirements of the applicable laws which apply to cross border disclosure of personal information. 

Your rights

You have the following data protection rights:

  • If you wish to access of your personal information, you can do so at any time by contacting us using the contact details provided under the “Contact Us” section below.
  • If you wish to correct or update your personal information you can do this by accessing the profile sections of our Services, or by using the contact details provided under the “Contact Us” section below.

Where Myopharm UK is the controller of your personal information, you also have the following additional rights:

  • You can request deletion of your personal information by contacting us using the contact details provided under the “Contact Us” section below.
  • You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contact Us” section below.
  • You can opt out of marketing communications we send you at any time by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Contact Us” section below.
  • If we have collected and process your personal information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. 

Where you exercise your data protection rights, our response will depend on our role as a controller or processor, our legal basis for processing and whether or not any exemptions are available under applicable privacy or data protection laws. If you wish to exercise any of these rights in relation to personal information provided to us by your healthcare professional and for which we are a processor, please contact your healthcare professional directly.

We respond to all requests we receive from individuals wishing to exercise their rights in accordance with applicable privacy and data protection laws. In order to comply with a request, we may ask you to identify yourself. In such a situation, we will only request information to the extent required to confirm your identity. You also have the right not to identify yourself when dealing with us where it is lawful and practicable for us to allow it. However, if you don’t provide us with your personal information when requested, we may not be able to respond to your request or provide you with the Service that you are seeking.

Contact us

If you have a question, comment or complaint about how we have collected or handled your personal information, please contact our privacy officer using the contact information below and provide details of the incident so that we can investigate it.

If you are making a complaint, we will treat your complaint confidentially, investigate your complaint and aim to ensure that we contact you and your complaint is resolved within a reasonable time (and in any event within the time required by applicable law).

You also have the right to complain to the regulator, and to lodge an appeal if you are not happy with the outcome of a complaint.

  • In Australia, please contact the Office of the Australian Information Commissioner
  • In the UK, please contact the Information Commissioner’s Office 
  • In Germany, please contact the relevant data protection authority in your federal state.  Non-EEA countries (including Australia and EEA (including the UK)
info@myopharm.com.au
Myopharm Limited
Melbourne VIC
Australia

Changes to this Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical or business developments. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

You should check our website frequently to see any recent changes. Unless otherwise stated, our current Privacy Policy applies to all information that we have about you. We will not materially change our policies to make them less protective of personal information collected in the past without the consent of those affected.