PLEASE NOTE: THIS POLICY WAS UPDATED OCTOBER 2019
Mundipharma Pty Limited (“Mundipharma”) respects and upholds your rights to privacy protection under the Privacy Act 1988 (Cth), as amended from time to time and the Australian Privacy Principles (“APPs”) (together “the Act”).
In this policy the terms “personal information” and “sensitive information” have the same meaning as in the Act. “Associates” means the companies in the global Mundipharma Group of companies.
What Information do we collect?
Personal information is any information that can be used to identify you. Mundipharma may collect personal information from you or your authorised representative. Wherever possible Mundipharma will collect your personal information directly from you. However, we may also collect personal information from other sources including:
- agents and service providers such as customer relationship management service providers and third party service providers;
- healthcare professionals or carers making adverse event reports;
- information automatically obtained when you access Mundipharma’s website, use our internal or external applications or send us emails;
- personal interactions with Mundipharma employees and/or contractors;
- databases purchased from external providers; and
- publicly available sources including directories, listings and the internet.
The information collected will vary depending on your particular interaction with Mundipharma but will be limited to that information necessary to record and manage our interaction with you. In some cases the reason for collection of the information will be indicated when it is collected and may include:
- your contact details (such as name, e-mail, phone number, date of birth and postal address).
- Any messages or comments you submit to us through email or social media.
- Any other information you provide to Mundipharma during your interaction with us.
Use of your information:
In accordance with APP 3, we will only solicit personal information where it is reasonable necessary for our functions or activities. As a general policy, and unless indicated otherwise, Mundipharma collects information for one or more of the following purposes:
- Maintaining a record of enquiries (including medical enquiries), complaints and adverse event reports relating to Mundipharma’s products.
- In accordance with regulatory obligations, Mundipharma has a systematic process in place to collect, store and process reports of adverse events experienced by patients taking a Mundipharma product. Adverse event information may be transferred to independent but related companies of Mundipharma located in the United Kingdom, Europe and USA for the purposes of processing and reporting the adverse event to the respective health authorities as per regulatory requirements. We may also use that information to contact you in relation to your report or send you product, health or other information which we consider to be of importance.
- Sending you material on Mundipharma’s activities and products or development in pharmaceutical treatments which may be of interest to you and tailoring marketing services to suit your needs.
- Supplying you with clinical samples of Mundipharma products.
- Managing online purchases of Mundipharma products.
- Managing Mundipharma competitions.
- Administering clinical trials or other research organised by Mundipharma and which you agree to participate in or be involved with.
- Administering conferences, symposia, expert panels, seminars or other meetings or events organised by Mundipharma.
- Notifying you of matters that Mundipharma may be required by law to notify you of (e.g. product recalls).
- Managing, planning and arranging meetings between you and Mundipharma’s sales representatives.
- Maintaining and monitoring Mundipharma’s social media pages (e.g. LinkedIn, Facebook, Instagram)
- Reporting obligations under the Medicines Australia Code of Conduct and internal reporting processes to associated companies of Mundipharma located in Singapore, Europe and USA.
- Monitoring and reviewing Mundipharma’s compliance with relevant regulations and codes of conduct in its dealings with you.
- Generating customer lists for the purposes of market research.
- Managing, administering reviewing and reporting on the work of contracted sales agents or individuals that represent Mundipharma.
- If you apply to Mundipharma for employment.
- Automated data collection through interaction with our websites.
Mundipharma will only use personal information for the primary purpose for which it was collected and for purposes which are directly related to one of our business functions or activities; or, to the extent:
- indicated to you at the time of collection of the information;
- you consent to a secondary use or disclosure;
- you would reasonable expect it to be used at the time of disclosing the information to a third party or publicly available source;
- required to provide you with a service or goods which you have requested or which relates to that good or services;
- required for the ordinary operation of our Website or our business (e.g. to send you information about our goods and services);
- required by compulsion of law or regulatory practice;
- expressly permitted under any agreement with you; or
- to lessen a serious threat to a person’s health or safety.
Do we disclose information to third parties?
We may disclose your personal information to third party service providers that we use in the ordinary operation of our business. We will only provide your personal information to reputable third parties, on a confidential basis, and where we are satisfied that those third parties have robust information security policies and practices in place and will similarly comply with the Act. Where practicable we will contractually oblige such third parties to comply with the Act and the terms of this policy. For example these third parties may include:- :
- entities engaged by us to perform functions or provide products and services on our behalf, such as:
- distributors of our products;
- customer management system providers
- event and educational organisers and travel agents;
- hosting, data storage or archiving service providers, payment processing and debt collection services;
- marketing, research and advertising organisations and agencies;
- webpage providers; and
- fulfilment houses
- clinical research organisations engaged in medical research;
- healthcare data aggregators that supply syndicated databases of healthcare professionals and their practices;
- customer database providers that assist Mundipharma to provide services to healthcare professionals. To ensure that we have access to the most up to date information, we may disclose some information about healthcare professionals and their practices to our customer database provider(s). The information we disclose is limited to professional information about healthcare professionals and their practices. The information is used for commercial purposes. The customer database provider makes that information available to all parties who also have access to our customer database provider’s database, including other pharmaceutical companies; and
- as part of a sale (or proposed sale) of all or part of our business; or
- other third parties as required by law.
We impose obligations on any external organisations with which we share your personal information to maintain the integrity and security of that information.
Data Transfer Abroad
Some organisations to which we disclose personal information may be located outside Australia. We will not disclose your personal information to an overseas recipient without taking such steps as are reasonable in the circumstances to ensure that the overseas recipient will not breach the Act. Such a disclosure could include use of an overseas data processing facility like an email server in USA.
Mundipharma may transfer your deidentified personal and health information to an associated company in USA and/or Europe for the specific purpose of reporting adverse events. We will ensure we comply with our obligations under the Act with respect to that transfer.
Anonymity and Pseudonymity
Unless we are required by an Australian law or a court/tribunal order, or it is otherwise impractical to deal with individuals who have not identified themselves, all individuals have the option of not identifying themselves, or using a pseudonym, when dealing with us in relation to a particular matter.
Information collected through our websites
We do not collect personally-identifiable information from you, unless you provide it to us voluntarily and knowingly. This means you are under no obligation to provide personal information when visiting our websites. However, if you specifically agree to follow-up contacts by us or ask to be put on our mailing list, we may require your personal information in order to contact you from time to time.
There are some features of our websites that require you to sign up to use. If you do sign up, we use the information you supply for the purpose of providing products, product information or services you request.
When you visit any of our online resources, our metric tools may collect the following information about your visit for statistical purposes:
- server address
- top level domain name (for example .com, .gov, .au, .uk etc.)
- the date and time of your visit to the site
- the pages you accessed and documents downloaded during your visit
- the previous site you visited
- if you’ve visited our site before
- the type of browser used.
We record this data to maintain our server and improve our services. We do not use this information to personally identify anyone.
Notification of the Collection of Personal Information
If we collect personal information about you, we will take reasonable steps to notify you of:
- our identity and contact details;
- the fact and circumstances of collection;
- whether the collection is required or authorised by law;
- the purposes of the collection;
- the consequences if personal information is not collected;
- our usual disclosures of personal information of that kind;
whether we are likely to disclose the information to overseas recipients.
We will only use or disclose personal information to communicate directly with you to promote a good or service:
- if we collected the information directly from you, and you would reasonably expect the information to be used in this way;
- if the information was collected by a third party, or if we collected the information directly from you but and you did not reasonably expect the information to be used by us in this way we will only communicate with you if;
- you have consented to the use or disclosure for that purpose; or,
- it is impractical to obtain that consent:
- we provide a simple way of you opting out of such communications from us;
- each communication to you will contain a prominent statement to the fact that you can complete an opt out statement; and,
- you have not previously made such an opt out request of us.
You will generally be given the opportunity to “opt out” of receiving marketing or promotional communications from us. Instructions for opting out will typically be included somewhere on the communication. You can also opt out of receiving marketing or promotional materials at any time by emailing email@example.com.
Sensitive information is subject to greater restrictions
Some personal information collected by Mundipharma is considered ‘sensitive’. Sensitive information which Mundipharma may collect includes a person’s state of health and medical history.
In accordance with Australian Privacy Principle 3, we will only collect your sensitive personal information with your consent unless such use or disclosure is required by law or to prevent a serious and imminent threat to life or health to you.
We will take all reasonable steps to maintain the security and integrity of your personal information including the use of computer and phone access passwords, lock-up cabinets, privacy policies & procedures and firewalls. Mundipharma uses and maintains industry standard technology and cybersecurity precautions, rules and other procedures to protect your personal information from unauthorised access, improper use, disclosure, loss, modification, interference or destruction.
Links and Third Party Platforms
Websites operated by Mundipharma may contain links to other sites operated by third parties. Mundipharma makes no representations or warranties as to the privacy practices of any third party site and is not responsible for the Privacy Policies of other sites.
Information collected through Employment Applications
In processing applications for employment, Mundipharma collects resumes, references, certificates of graduation and qualification and other personal information about candidates. All applications for employment that we receive are stored in our Human Resources Division. A member of our Human Resources team will review your application. Alternatively, we may provide your application to a recruitment agency or contractor who assists in reviewing applications that we receive.
Resumes sent to Mundipharma as part of an application for an advertised position, or sent generally to ascertain whether any positions are available, will be used to match applicants with available opportunities. If we consider that your application may be suitable to our current requirements, we, or a party acting on our behalf, will contact you to request that you attend an interview. We may also ask you to provide us with contact information for individuals who will act as professional and personal referees. We may contact these individuals and ask them questions we feel are relevant to your possible employment with us. We may contact you again to request that you attend further interviews or to inform you of whether we are able to offer you a position with us.
If your application is not suitable to our current requirements, but we feel that there may be a position in the future for you with us, we will a keep a record of your application and may contact you again if a suitable position becomes available.
How you can access, correct and complain about your personal information
You can always seek access to your personal information and ask us to correct or delete any inaccurate, incomplete or out of date information. Contact the Privacy Officer at firstname.lastname@example.org if you want access to, or want to correct, or make a complaint in relation to the personal information we hold about you. We will contact you in relation to your request or complaint.
Your request should provide as much detail as possible to assist us to identify information relevant to you, such as your name and contact details, any former names and the information you believe Mundipharma may hold about you. You do not have to provide a reason for requesting access. Where Mundipharma holds information that you are entitled to access, we will endeavour to provide you with a suitable range of choices to how you may access it (eg emailing or mailing it to you). In any event we will acknowledge receipt of your request within a reasonable period of time and endeavour to respond to your request within 30 days of receipt.
If you believe the personal information Mundipharma holds about you is incorrect, incomplete or in accurate then you may request we amend it. We will consider if the information requires amendment. If Mundipharma does not agree that there are grounds for amendment, then we will add a note to the personal information we hold stating that you disagree with it.
Mandatory Data Breach Reporting
If, despite our best efforts, the security of your personal information is potentially compromised due to an actual or suspected data breach, Mundipharma will follow the procedures outlined in its data breach response plan, including:
- containing the data breach;
- conducting a risk assessment to assess the severity of a suspected or known data breach; and
- assessing whether an eligible data breach has occurred.
If an eligible data breach has occurred, Mundipharma may report the data breach to third parties such as:
- Mundipharma’s financial services provider
- police or law enforcement bodies
- the Office of the Australian Information Commissioner (OAIC)
- the Australian Securities & Investments Commission (ASIC)
- the Australian Taxation Office (ATO)
- the Australian Transaction Reports and Analysis Centre (AUSTRAC)
- the Australian Cyber Security Centre (ACSC)
- the Australian Digital Health Agency (ADHA)
- the Department of Health
- State or Territory Privacy and Information Commissioners
- insurance providers
Provided that Mundipharma has your contact details, Mundipharma will notify you if you have been personally impacted by an eligible data breach.
European general data protection regulation (“GDPR”)
Some of Mundipharma’s Associates are subject to the GDPR. Although many of the privacy principles of the GDPR are similar to the Act and other Australian privacy laws, there are some differences. If you are a European resident, Mundipharma may be subject to GDPR in relation to personal information it holds about you. Accordingly, we request that you notify us if you are a European resident when you transfer your personal information to us or if you are aware that we are collecting your personal information. Your personal information will still be subject to the same information security standards as are applied to all personal information held by Mundipharma and its global Affiliates. However, we may manage your personal information in a different manner to take account of data portability entitlements and other GDPR-specific requirements.
Last updated: October 2019