Editor
Privacy Policy
Last updated: 29 October 2024
This Privacy Policy describes how Myriad Pharmaceuticals Pty Ltd (ABN 15 673 269 004) (we, us, our) collect, hold, disclose, and otherwise use your personal information (you, your) if you visit or use our website, user portal (such as NVPaccess), and related services (each a service), engage with us on social media, send us a job application, if you call, email, visit or otherwise interact with us, or if your personal information is inputted/uploaded in our service by our user (e.g., a pharmacist).
Please read this Privacy Policy carefully. If you have any questions or if you do not understand anything explained in it, please contact us.
1. What personal information do we collect and hold?
“Personal information” generally means information about you that identifies you. It does not include any information that does not relate to you, is pseudonymised or anonymised, and cannot be linked back to you. Ultimately, the assessment of what constitutes your personal information will depend on the circumstances of your interaction with us and our use of the information.
For ease of reference, we have grouped information into types described in paragraph
2. Data Minimisation
We take reasonable steps to only collect personal information that is necessary for our lawful functions and activities and that is pseudonymised or anonymised, where possible. For example, for the operation of our website, display advertising, product development, and our security processes, pseudonymised information will suffice, without the need for your personal information.
We encourage you to use a pseudonym or to remain anonymous, unless this is impractical in the circumstances. For example, it will be necessary for us to know your identity if you use our user portal, make a complaint, subscribe for marketing, or exercise your data rights. Without your personal information in those circumstances, we will be unable to provide our services or respond to you.
We require our pharmacists to input minimal patient data when using our NVPaccess service to facilitate their SAS C notifications. For example, our service will not hold your identity documents viewed by the pharmacist to verify your identity or to confirm your age.
3. Why and how we collect, hold, disclose or otherwise use your personal information?
We list below some (but not all) of the purposes, functions, and activities for which we collect, hold, disclose, and otherwise use your personal information. Other purposes, functions and activities may become obvious or expected by you when we collect your personalinformation
| Purpose | Personal Information | How Collected and Held? | Consequences if Not Collected |
|---|---|---|---|
| To provide our online services, content and features. For example, when you visit our website, your browser will provide information to enable us to display our content in a compatible manner. | Device and browser details | Automated collection and use by your device and our systems. | Disabling automated processes may reduce service. |
| Creating your user account. We will ask for certain mandatory and optional information and we may verify your contact details, for example, by sending an activation link by email. | User account information | You input your information for storage and use on our systems. | Unable to create an account without receiving and verifying your information. |
| To provide technical support, assist with your enquiries and for complaints handling. For example, we collect your personal information so that we can respond to you if you request support, make an enquiry or contact us about a complaint. |
|
Receipt of your communication and storage on our systems. | Unable to respond without relevant information. |
| To provide our NVP access service that enables our pharmacists to input and upload certain limited information about their dispensing to patients to facilitate SAS C notifications to the Australian Therapeutic Goods Administration. We hold such patient data on behalf of our pharmacists. |
|
Inputted/uploaded by our pharmacy user in our service. | Unable to facilitate SAS C notifications without your information. |
| To receive and publish your reviews and testimonials of our services. We may seek information to verify you as our user before publishing your views. |
|
Receipt of your product review for storage and use on our systems. | Not willing to publish a review without confirming that the reviewer is genuine. |
| To send you service communications about the availability of our services, security messages such as password reset instructions, changes in our terms, surveys, etc. |
|
Receipt of your communication and storage on our systems. | Unable to send service communications without your information. |
| Respond to your job application. For example, upon receipt, we will consider your application based on its content, public data, your references and other information, using appropriate software tools. |
|
You send your application for storage and use on our systems. | Unable to consider your application without your information. |
| To call you or send you interest-based marketing communications (by email, text and other means) to promote us and third-party organisations and relevant products and services based on your past and predicted future activity, if you subscribed for our marketing, enquired about our services or created a user account with us, unless you opt out of our marketing. |
|
Automated collection and enhancement through cookies, pixels and similar technologies, predictive analytics, and storage in our customer management system and marketing platforms. | Unable to call you or send you relevant marketing without your information. |
| To display online advertising about our services, webinars, events, and other content on web properties that you use, for similar purposes and by similar means as described above. |
|
As above. | Unable to display relevant online advertisements without technical usage information. |
| To personalise content and features for service delivery. For example, based on your user activity in our services, we may guide you to your most recent tasks when you log in. |
|
As above. | Unable to personalise without your information. |
| To produce reports about user trends, market trends, inefficiencies, cost-saving opportunities, and other data-driven research based on aggregated data. |
|
Aggregating data and producing research records. | Unable to analyse trends without your pseudonymised or anonymised information. |
| To design, develop, and improve our services by analysing user traffic, market trends, and other aggregated data. |
|
As above. | Unable to develop services without your information. |
| To ensure proper administration of our organisation, which may include keeping appropriate records, planning, accounting, troubleshooting, measuring marketing performance, resource allocation, enforcing our terms, debt collection, and similar functions and activities. |
|
As above. | Unable to perform certain administrative tasks without your information. |
| To engage our third-party service providers who may use your personal information on our behalf for the fulfilment of essential service functions which we cannot fulfil ourselves, such as analytics, cloud storage, payment processing, communications, security, web hosting, and others. |
|
Disclosing and using information with our third-party providers who use it on our behalf or for their own purposes. | Unable to provide our services without engaging third parties, which may necessitate your personal information to provide services to us. |
| To ensure the security of our systems and online services. For example, we may monitor our networks and usage data for suspicious activities, test and audit our systems, ensure compliance with our terms, and deploy appropriate security measures. |
|
Automated collection and use by our systems. | Unable to safeguard personal information without data-driven security processes. |
| To disclose information to our affiliated companies to receive intra-group services for efficient allocation of our group’s resources and for collaborations between our group companies. |
|
Received from or disclosed to our group companies. | Unable to share resources and collaborate without receipt or disclosure. |
| To disclose information to another organisation for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, or similar event relating to our organisation. |
|
Received from or disclosed to another entity to pursue related purposes. | Unable to act in the best interest of our shareholders without receipt or disclosure of personal information. |
| To assist law enforcement and other public authorities in detecting, preventing, and investigating crime or breach of the law in accordance with good practice and the law. |
|
Received from and disclosed to law enforcement and public authorities. | Unable to assist public authorities without receiving or disclosing your personal information. |
| To collect, use, hold, or disclose personal information as required for compliance with the law, exercising legal rights, and defending legal claims. |
|
Collected from you, third-party sources, or by automated means, for use on our systems. | Unable to comply with the law, exercise rights, or defend legal claims without the use and disclosure of your personal information. |
We will update this Privacy Policy to include any new purposes from time to time and we will obtain your prior consent for such new purposes where we are required to do so at law. We may not require your prior consent if the secondary purpose is related to our primary purpose and reasonably anticipated by you or otherwise authorised or required by law (for example, if a so called ‘permitted general situation’ arises).
4. Cookies, pixels and similar technologies
We may use cookies, pixels and similar technologies as described above. A cookie is a small text file that the website may place on your device to read and store information about your online activity. Pixels or tags are tiny graphics files that are downloaded when you interact with our online services and alert us about your activities, such as email opened, or content viewed. Tracking URLs are custom generated links that help us understand which page you come to us from and later go to. Local storage session storage and similar technologies are used to more efficiently manage the storage of information that allows you to access our online services on your device. Digital fingerprint is used to recognise your device based on your device and browser data without relying on cookies.
We may use temporary session trackers or persistent trackers which remain on your device even after you close your browser. Some help speed up your future use of our website or app or help display content in a compatible manner. Others are used to display relevant advertisements to you, develop your marketing profile or measure ad and marketing performance. Some of our trackers deployed by third parties include Google Analytics and others.
You may refuse to use trackers by selecting the appropriate settings on your browser. Please be aware that if you opt-out of certain trackers, some or all of the functionality of our online services may be reduced or unavailable.
If you clear cookies in the browser on your device, the next time you visit our online services, cookies and similar technologies will be deployed again. However, you can prevent this by permanently blocking them in your browser.
5. Cross-border disclosure of personal information
Generally, we do not disclose your personal information to overseas recipients and your personal information will stay in Australia, except where:
- we engage with our affiliate VEC Limited T/a VAPO in New Zealand which may provide certain services to us;
- we engage third party service providers to use and hold your personal information on our behalf. Such engagement may not constitute a “disclosure” because we retain control over how your personal information is used, but your information may be held abroad, for example, in the US;
- where you engage with third party services, such as plug ins (e.g. Instagram like button), on our web properties, you may be consenting to sharing your personal information with third parties (e.g. Meta in the US);
- where we engage third parties outside Australia to provide services to us, such as consultancy, which may include a disclosure of your personal information to them; and in other circumstances.
As required by law, before any disclosure to an overseas recipient we endeavour to satisfy ourselves that your information will be protected in a way that, overall, is at least substantially similar to the way it is protected under Australian law. For example, we may enter into an appropriate cross-border data transfer agreements with our recipients.
6. How do we store and protect your personal information?
We will take such steps as are reasonable in the circumstances to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
We will store personal information in computer systems and databases operated by either us or our external service providers. We require our users to enable multi-factor authentication to access their user accounts.
We carry out regular information security risk assessments which inform our security policy. Our staff will have limited access privileges to ensure your personal information is accessed on a “need to know” basis. Our staff are required to comply with our information security policies, attend training and participate in regular audits.
We also seek to ensure our third-party service providers do the same. We only appoint service providers under appropriate contract who provide sufficient guarantees about data security in accordance with applicable law.
However, while we take reasonable steps to maintain secure internet connections, the transmission of information on the internet is never completely secure.
7. How long will we keep your personal information?
We will take such steps as are reasonable in the circumstances to destroy, anonymise or pseudonymise your personal information if no longer needed for our purposes, unless its continued retention is otherwise required by law.
For example, your user account information may be retained for 7 years after account closure. The details of your enquiry may be retained for the duration of your account but no longer than 7 years after receipt of the enquiry. Patient data will be retained for 3 months of SAS C notification submission or deleted earlier as instructed by our pharmacist.
8. Your data privacy rights
Subject to certain exemptions and verification of your identity, as appropriate, you have the following data privacy rights in respect of your personal information:
- Right to information provided by us in this Privacy Policy.
- Right to access your personal information held by us. You may access your personal information in your user account or by contacting us.
- Right to correction of your personal information held by us. We will take reasonable steps in the circumstances to ensure your personal information is accurate, up-to-date, complete, relevant and not misleading in the context of each relevant purpose.
- Right to opt out from marketing by using the unsubscribe facility in our communications or by contacting us.
We will respond within a reasonable time, typically, within one month, following your request. If we need more time, we will let you know why and when you can expect our response.
We may refuse requests on certain grounds, for example, if they are unreasonably repetitive, disproportionately demanding, impracticable or otherwise exempt. If we refuse your request, we will explain our lawful reason for doing so.
Generally, we will handle your requests free of charge. However, in some circumstances, we may recover from you our reasonable costs of supplying you with access to your personal information in accordance with the law.
9. Types of personal information
We use the following types of information which may constitute your personal information depending on the circumstances of your interaction with us and our use of the information.
| Types of Information | Description |
|---|---|
| Details of your enquiry | Enquiry, complaint, or other communication from you. |
| Device and browser information | Device ID, IP address, online identifiers, operating system, browser type, language, time zone setting, location, date and time of access, and other information automatically provided by your device. |
| General details | Your name, date of birth, address, email, telephone number, and similar information. |
| Job application information | Application information, employment history, references from your previous employer, referees, and other third parties. |
| Patient data | Patient personal information including health data as is necessary for SAS-C notifications made by pharmacists and facilitated by our service, limited to patient name initials, date of birth, gender, date of supply, product details, and duration of treatment. |
| Preferences and interests | Information about the circumstances of your business and your preferences and interests known, observed, or inferred from various sources including public data, from our advertising and analytics partners, generated by predictive algorithms, or information collected through cookies and other forms of online tracking technologies. |
| Public data | Publicly available information about you. |
| Security information | Security logs, activity, behavioural patterns, usage and engagement information, device and browser information, and similar information recorded or generated by security systems. |
| Usage and engagement information | Downloads, log data, scrolling, clicks, mouse-overs, active time spent, clickstream data with URLs visited previously, methods used to browse away, email open rates, content click rates, view rates, ‘likes’ on social media platforms, survey feedback, product review information, and similar engagement information, typically collected through cookies and other forms of online tracking technologies by us and third parties. |
| User account information | Username, password, pharmacy name, contact details, pharmacist name, AHPRA number, submission history, user account settings, and preferences, and similar information provided by you. |
10. Third Party Services
Third party applications, features, plugins, integrations, and other services accessed from our website and other services may collect and use your personal information. Our pharmacy users use your patient data for their own purposes and preferred duration. For example, the pharmacy user will receive an email summary of all SAS C notifications and use and retain such information in accordance with the pharmacy’s privacy policy. Please familiarise yourself with the relevant privacy policies beforehand, as we are not responsible for third party services.
11. Queries and Complaints
For any enquiry or complaint, please contact us through the channels referred to on our website.
We will endeavour to respond to any queries about data privacy within 14 days of receipt. If we receive a complaint from you about how we have handled your personal information, we will determine what (if any) action we should take to resolve the complaint and endeavour to respond to your complaint within 30 days of receipt.
If we cannot resolve a complaint related to your personal information or you are dissatisfied with the outcome or handling of your complaint, you may wish to contact the Office of the Australian Information Commissioner (OAIC) directly. See www.oaic.gov.au for further information.
12. Changes to our Privacy Policy
If we make any changes to our Privacy Policy, you will be able to see them on this page. You should regularly check for updates, as indicated by the “Last updated” date at the bottom.
If you do not agree with the changes, please do not continue using our online and offline services. Of course, if any such changes significantly affect you, we will ask for your prior consent where we are required to do so by law.