Privacy Policy

1. Our Commitment to Your Privacy

The privacy of individuals, including our staff, our Clients and our business partners, is of utmost importance to PharmaCrop. This includes information or opinions about you that we collect and record which reasonably could be used to identify you. We adhere to the National Privacy Principles and the Privacy Act 1988 (Cth).

This document sets out our policies for managing personal information across our business operations in Australia. We have a Privacy Officer, whose contact details are below.

We want you to know how we may collect, use, share, and keep information about you and the choices that are available to you. When we provide products or services to you, we may also give you additional details about how we will use your personal information. 

This Privacy Policy applies to PharmaCrop websites, and services that may run on dedicated servers, smart phones, tablets, and other mobile devices (“apps”). It does not apply to those websites that have their own online privacy statements.

Not all the information described in the Privacy Policy is ‘Personal Information’ under the Privacy Act – some of the Online Information we collect does not identify you (for example, some information we collect using cookies or information that is aggregated or de-identified).

Our websites and apps are not intended for children under 18 years of age. We do not knowingly solicit data online from, or communicate online to, children under 18 years of age.

Since we may change this Privacy Policy, we recommend that you check the current version available from time to time. If we make changes to this Privacy Policy, we will update the Effective Date at the top of this page.

When this Privacy Policy mentions “we,” “us,” or “our,” it refers to PharmaCrop.

2. Purpose

This document sets out PharmaCrop’s approach for ensuring compliance with relevant data security and privacy legislation and regulations.

PharmaCrop acknowledges its responsibility to uphold our Client’s trust and confidence. A critical component of this responsibility is correctly archiving, retaining and where necessary destroying the records that we hold. It is important that all PharmaCrop employees and officers understand the basis of these responsibilities.

3. Types of Personal Information We Collect

The types of information we collect depends on which product or service you use and how you interact with PharmaCrop. However, the types of personal information we collect and hold about you may include:

  • identifying information, such as your name and date of birth;
  • contact information, such as your address, email address and telephone/mobile number;
  • financial information, such as bank account or other payment details;
  • for our employees, employee records that may contain personal information including safety information (e.g. location information, emergency contacts) and travel and right to work information (e.g. copies of passports, visas and drivers licences);
  • for employees, personal information captured in our records when using PharmaCrop systems and devices for personal use (e.g. transaction history);
  • usernames and passwords that you create when registering for an account with us;
  • your organisation and position, where your organisation has business dealing with us;
  • information about your occupation and employer organisation;
  • details of any products or services we provide to your organisation;
  • information about how you use the products or services we provide to you;
  • records of our communications with you, such as telephone, email, SMS, online and in-person communications;
  • images of you which may be captured on CCTV in PharmaCrop offices, including in Australia;
  • other information that you provide us during the course of business; and
  • other information that is capable of identifying you. 

We generally do not collect Sensitive Information (such as relating to ethnic origin, religious or philosophical beliefs, membership of a political or trade association, sexual preferences or health), but may do so with your consent and when we are providing IT services for our Clients who have obtained those required consents or we are otherwise allowed or required by law. PharmaCrop does not collect information in a way that is unfair or unlawful. The collection of information will not intrude unreasonably on the personal affairs of the individual concerned.

We may gather Online Information if you:

  • Visit or use our websites or apps; 
  • Receive or reply to electronic communications from us; 
  • View or click on our ads or other online content; and 
  • Interact with us through social media websites and other websites and apps. 

When using our products and services (including our website), we will collect information about you and about your use of our products and services, such as which services you use and how you use them.  We will collect information such as:

  • user name and password;
  • device information, such as the model and ID of the device you use, operating system, telephone number and mobile phone network;
  • server log information, such as details of how you used the products or service (including our website), IP address, hardware settings, browser type, browser language, the date and time of your use and referral URL;
  • your browser or your account using cookies (see below); and
  • real-time location information.

Our products and services (including our website) may also detect and use your IP Address or domain name for internal traffic monitoring and capacity management purposes or to otherwise administer the products and services.  The patterns of usage of visitors to the online services may be tracked for the purposes of providing improved service and content based on aggregate or statistical review of user traffic patterns.

4. Why We Collect Personal Information

Generally, we collect, hold, update and use Personal Information (and sometimes Sensitive Information) about you (and your customers, employees or client) related to our functions and activities so we can establish, manage and administer the products and services provided by us, and to comply with legal and regulatory obligations. We also use, store, and process information about you to provide, understand, improve, and develop the PharmaCrop services, and to create and maintain a trusted and safer environment. We may also use and disclose your information for purposes related to those mentioned above, including:

  • to provide requested services to you, and bill you for our services and collect overdue payments;
  • to enable you to access and use the PharmaCrop services;
  • to operate, protect, improve and optimise the PharmaCrop services and experience, such as by performing analytics and conducting research;
  • to enable you to access and use the payment and delivery services;
  • to provide customer service;
  • to send you service or support messages, such as updates, security alerts, and account notifications;
  • for our research and development of new products and services;
  • for training, quality control and verification purposes (including monitoring and recording your telephone conversations with us from time to time);
  • to communicate our promotional materials to you; 
  • for record keeping, data analytics and auditing;
  • to detect and prevent fraud, spam, abuse, security incidents, and other harmful activity;
  • to conduct investigations and risk assessments;
  • to verify or authenticate information or identifications provided by you (such as to verify your address or compare your identification photo to another photo you provide);
  • to conduct checks against databases and other information sources;
  • to resolve any disputes with any of our users and enforce our agreements with third parties;
  • to meet our legal obligations.

5. How We Collect Personal Information

Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, we generally collect Personal Information directly from you or from your use of our services, in response to our direct mail, e-mail, forms that you complete and submit to us, or when you have other dealings with us, such as using our services. We may collect that information over the telephone or internet, in person (when you visit us at an PharmaCrop office) and when you write to us.

We may also collect personal information through third parties such as:

  • a third party business that provides commercial financial information; 
  • market research organisations; 
  • other credit providers; 
  • persons authorised by you (such as lawyers or accountants);
  • referees (if you give us the name of someone who can give a reference about you); and
  • publicly available sources of information.

We only collect your information from external sources if it is impractical to collect it directly from you, or when we are permitted to do so.

We also collect information through Cookies and Similar Technologies. Most Cookies and Similar Technologies will only collect De-Identified Information such as how you arrive at our website or your general location. However, certain Cookies and Similar Technologies do collect Personal Information. For example, if you click Remember Me when you log in to our website, a cookie will store your username.

We may collect information using Cookies and Similar Technologies about:

  • the device you use to access our websites or apps (for example, we may collect information about the operating system or the browser version and the type of computer or mobile device); 
  • the IP Address and information related to that IP Address (such as domain information, your internet provider and general geographic location); 
  • browsing history on our websites or apps (such as what you search for, the pages you view, how long you stay, and how often you come back); 
  • how you search for our websites or apps, and from which website or app you came from; 
  • which ads or online content from us you view, access, or click on; 
  • whether you open our electronic communications and which parts you click on (for example, which links you use); and 
  • the location of your mobile device (for example, to help prevent fraud or when you register to receive location-based content on our mobile websites or apps). 

We may also collect information made publicly available through third-party platforms (such as online social media platforms), through online databases or directories, or that is otherwise legitimately obtained.

6. How We store information

Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, we store Personal Information in a combination of secure computer storage facilities and paper based files and other record formats. We have taken a number of steps to protect the Personal Information we hold from misuse, loss and unauthorised access, modification or disclosure. We use generally accepted technology and security so that we are satisfied that your information is transmitted safely to us through the internet or other electronic means. We will take reasonable steps to securely destroy or permanently de-identify personal information when we no longer need it.

We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. However, the internet and mobile devices are not a 100% secure environment so we can’t guarantee the security of the transmission or storage of your information.

7. Legislative Context

Principal Legislation:

Privacy Act 1988 (Cth), including the Australian Privacy Principles.

Related Legislation:

  • Competition and Consumer Act 2010 (Cth) – Consumer Data Rights Scheme (CDR)
  • European Union General Data Protection Regulations

8. Collection of Solicited Personal Information

Under the privacy legislation, Personal Information may be solicited or unsolicited.

PharmaCrop is considered to have solicited Personal Information if it explicitly requests another person or entity to provide Personal Information, or it takes active steps to collect Personal Information.

PharmaCrop must only collect this solicited Personal Information where it is reasonably necessary for, or directly related to, its functions or activities (e.g. managing a PharmaCrop system containing Personal Information for a Client). In addition, this Personal Information must be collected directly from the individual concerned, unless this is unreasonable or impracticable, and must be collected by lawful and fair means (e.g. when collected by our Clients for management by PharmaCrop).

Unless an exception applies, PharmaCrop must only collect Sensitive Information (a type of Personal Information) where the above conditions are met and the individual concerned consents to the collection.

For the purposes of this policy, PharmaCrop is only collecting Personal Information when it is gathering, acquiring or obtaining Personal Information from any source and by any means.

9. Collection of Unsolicited Personal Information

Under the privacy legislation, unsolicited Personal Information is Personal Information received by PharmaCrop where the entity has taken no active steps to collect the information.

For unsolicited Personal Information, PharmaCrop must decide whether it could have collected the information as a collection of solicited Personal Information above.

If PharmaCrop determines that the information could not have been collected as solicited Personal Information, the unsolicited Personal Information must be destroyed or de-identified as soon as practicable if it is lawful and reasonable to do so, unless the unsolicited Personal Information is contained in a ‘Commonwealth Record’.

10. Notification of the Collection of Personal Information

Under the privacy legislation, when collecting Personal Information, PharmaCrop must take reasonable steps to either notify the individual of certain matters or to ensure the individual is aware of those matters, before or at the time of collection, or if this is not practicable, reasonable steps must be taken as soon as practicable after collection. 

These matters include:

  • PharmaCrop identity and contact details;
  • the fact and circumstances of collection;
  • whether the collection is required or authorised by law;
  • the purposes of collection;
  • the consequences if personal information is not collected;
  • the entity’s usual disclosures of personal information of the kind collected by the entity;
  • information about Privacy Policy; and
  • whether the entity is likely to disclose personal information to overseas recipients, and if practicable, the countries where they are located.

11. Use or Disclosure of Personal Information

Under the privacy legislation, PharmaCrop must only use or disclose Personal Information for a purpose for which it was collected (known as the ‘primary purpose’), or for a secondary purpose if an exception applies. The intent is that an entity will generally use and disclose an individual’s personal information only in ways the individual would expect or where one of the exceptions applies.

The exceptions include where:

  • the individual has consented to a secondary use or disclosure;
  • the individual would reasonably expect PharmaCrop to use or disclose their Personal Information for the secondary purpose, and that purpose is related to the primary purpose of collection, or, in the case of sensitive information, directly related to the primary purpose;
  • the secondary use or disclosure is required or authorised by or under an Australian law or a court/tribunal order;
  • a permitted general situation exists in relation to the secondary use or disclosure; or
  • PharmaCrop reasonably believes that the secondary use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

Generally, we may disclose personal information about you in the following circumstances:

  • to comply with our legal obligations (we notify you any time we are required to produce information in this way unless we are prohibited by court order or law or there is suspicion of fraud and/or criminal activity);
  • where we suspect that unlawful activity has been or may be engaged in and the personal information is a necessary part of our investigation or reporting of the matter;
  • where we are satisfied on reasonable grounds that disclosure is necessary to lessen or prevent a serious threat to the life, health, safety or welfare of an individual or to public health, safety or welfare;
  • the disclosure is necessary for research or the compilation or analysis of statistics in the public interest, but does not involve the publication of the personal information in a form which would identify an individual; 
  • financial advisers, brokers and other parties authorised by us; 
  • other areas and organisations within the PharmaCrop group that provide financial and other services, for reasonable business purposes; 
  • anyone authorised by you or to whom you have provided your consent (either expressly or impliedly).

We may de-identify information about you so that the information can no longer be used to identify you.  We may use and disclose de-identified personal information in the course of our business (including in any promotional or marketing material).

We may aggregate information on the use of our products and services (including our website) in such a way that the information can no longer be related to the identifiable individuals.  We may use and disclose aggregated information in the course of our business (including in any promotional or marketing material).

We may disclose your Personal Information:

  • to your representatives, advisers and others you have authorised to interact with us on your behalf;
  • to related entities within our corporate group;
  • to our employees and third parties including business partners, consultants, contractors, suppliers, service providers, professional advisors and agents who need the information to assist us with conducting our business activities;
  • to payment system operators and financial institutions;
  • to prospective purchasers of all or part of our business or shares in our company or a related entity;
  • to government agencies or authorities, regulators, law enforcement agencies and other parties where authorised or required by law who ask us to disclose that information and to which we are legally required to disclose your personal information;
  • to comply with legal process and to respond to claims asserted against PharmaCrop;
  • to respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability;
  • for fraud investigation and prevention, risk assessment, customer support, product development and debugging purposes;
  • to protect the rights, property or personal safety of PharmaCrop, its employees, or members of the public;
  • to parties identified at the time of collecting your Personal Information or as otherwise authorised by you.

12. Use or Disclosure of Personal Information for Direct Marketing

Direct marketing involves the use or disclosure of Personal Information (other than Sensitive Information) to communicate directly with an individual to promote PharmaCrop goods and services through a variety of channels such as telephone, SMS, email and online advertising. 

Examples of direct marketing by PharmaCrop include:

  • sending an individual a catalogue in the mail addressed to them by name;
  • displaying an advertisement on a social media site that an individual is logged into, using Personal Information, including data collected by cookies relating to websites the individual has viewed;
  • sending an email to an individual about a sale or products, or other advertising material relating to the sale or products, using Personal Information provided by the customer in the course of signing up for a promotion.

Examples of marketing that is not direct (and where this policy doesn’t apply) by PharmaCrop include:

  • PharmaCrop sends catalogues by mail to all mailing addresses in a particular location, addressed ‘To the householder’ (that is, where recipients are not selected on the basis of Personal Information);
  • PharmaCrop hand delivers promotional flyers to the mailboxes of local residents;
  • PharmaCrop displays advertisements on its website, but does not use Personal Information to select which advertisements are displayed.

Under the privacy legislation, PharmaCrop must not use or disclose Sensitive Information it holds for the purpose of direct marketing, and it also must not use or disclose Personal Information it holds for the purpose of direct marketing unless an exception applies.

The exceptions include where:

  • the Personal Information has been collected directly from an individual, and the individual would reasonably expect their Personal Information to be used for the purpose of direct marketing; and
  • the Personal Information has been collected from a third party, or from the individual directly, but the individual does not have a reasonable expectation that their Personal Information will be used for the purpose of direct marketing and it is impractical to obtain that consent. Sources of third party data include data list providers, third party mobile applications, third party lead generation and enhancement data.

Both of these exceptions require PharmaCrop to provide a simple means by which an individual can request not to receive direct marketing communications (also known as ‘opting out’) and if a person makes such a request, then the above exceptions no longer apply. 

A simple means for opting out should include:

  • a visible, clear and easily understood explanation of how to opt out, for example, instructions written in plain English and in a font size that is easy to read;
  • a process for opting out, which requires minimal time and effort;
  • an opt out process that uses a straightforward and accessible communication channel, or channels. For example, the same communication channel that the organisation used to deliver the direct marketing communication. However, in some circumstances, a straightforward and accessible communication channel may be a different channel to that used to deliver the direct marketing communication, such as telephone and email, where the original channel was post; and
  • an opt out process that is free, or that does not involve more than a nominal cost for the individual, for example, the cost of a local phone call, text message or postage stamp.

However, in the circumstances where PharmaCrop has not obtained Personal Information directly from the individual, or the individual would not reasonably expect their Personal Information to be used in this way, there are additional requirements to ensure that the individual is made aware of their right to opt out of receiving direct marketing communications from PharmaCrop. In such cases, in each direct marketing communication with the individual, PharmaCrop must include a prominent statement, or otherwise draws the individual’s attention to the fact that the individual may make such a request (referred to as an ‘opt out statement’).

13. Cross-border disclosure of Personal Information

Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, PharmaCrop must not disclose Personal Information to an overseas recipient (not in Australia) unless it is being disclosed for the primary purpose for which it was collected and before disclosing the Personal Information PharmaCrop must take reasonable steps to ensure that the recipient does not breach the privacy legislation in relation to that information. Where PharmaCrop discloses personal information to an overseas recipient, it is accountable for an act or practice of the overseas recipient that would breach the privacy legislation.

PharmaCrop discloses personal information where it makes it accessible to others outside the entity and releases the subsequent handling of the information from its effective control. 

14. Accuracy of Personal Information

Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, PharmaCrop must take reasonable steps to ensure that the Personal Information it collects is accurate, up-to-date and complete. In addition, PharmaCrop must take reasonable steps to ensure that the Personal Information it uses and discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.

The reasonable steps that PharmaCrop should take will depend upon circumstances that include:

  • the sensitivity of the personal information (i.e. more rigorous steps may be required if the information collected, used or disclosed is ‘sensitive information’);
  • the extent to which PharmaCrop operates through distributors, or gives database and network access to contractors;
  • the possible adverse consequences for an individual if the quality of Personal Information is not ensured. More rigorous steps may be required as the risk of adversity increases;

the practicability, including time and cost involved.

We will take reasonable steps to make sure that the Personal Information we collect, use or disclose is accurate, complete and up-to-date. If your personal details change, such as your telephone number or billing address, please contact us so that we can continue to provide you with our services.

15. Security of Personal Information

Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, PharmaCrop must take reasonable steps to protect the Personal Information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

Where PharmaCrop no longer needs Personal Information for any purpose for which the information may be used or disclosed, PharmaCrop must take reasonable steps to destroy the information or ensure that it is de-identified.

The ‘reasonable steps’ that PharmaCrop should take to ensure the security of Personal Information will depend upon the circumstances.

16. Access to Personal Information

Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, PharmaCrop must give an individual access to that person’s Personal held by PharmaCrop on request.  Access may be refused in certain circumstances, however, it is open to PharmaCrop not to rely on any such ground and to provide access upon request, unless disclosure is prohibited. Before relying on any of these grounds PharmaCrop may consider whether redacting some information would enable access to be provided (for example, redacting Personal Information about another person).

The grounds for refusal include:

  • PharmaCrop reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
  • giving access would have an unreasonable impact on the privacy of other individuals;
  • the request for access is frivolous or vexatious;
  • the information relates to existing or anticipated legal proceedings between the organisation and the individual, and would not be accessible by the process of discovery in those proceedings;
  • giving access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations;
  • giving access would be unlawful;
  • denying access is required or authorised by or under an Australian law or a court/tribunal order;
  • PharmaCrop has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to PharmaCrop functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
  • giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
  • giving access would reveal evaluative information generated within PharmaCrop in connection with a commercially sensitive decisionmaking process.

PharmaCrop Privacy Policy (external) provides details of how an individual may access Personal Information about the individual.

Following a request, we will provide you with a copy of personal information which we hold about you in accordance with our obligations under the Privacy Act. We may charge a fee for retrieving this information (we will inform you of the fee before providing the information).

Please note that there are some circumstances set out in the Privacy Act where we may refuse your request.

We will promptly acknowledge and investigate any complaints about the way we manage Personal Information.

17. Correction of Personal Information

Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, PharmaCrop must take reasonable steps to correct Personal Information to ensure that, having regard to the purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading. This applies when PharmaCrop is satisfied the Personal Information is inaccurate, out-of-date, incomplete, irrelevant or misleading, having regard to a purpose for which it is held, and when the individual requests the entity to correct the Personal Information.

18. About this APP Privacy Policy

We may update our policies and this Privacy Policy from time to time. The latest version is published on our web site at https://www.pharmacrop.com and is available in print at PharmaCrop offices, or by contacting us using the details below.

Contacting us If you have any questions about our policies, or if you wish to update or access the information we hold about you, wish to make a related complaint, opt out of receiving direct marketing material, or to receive a copy of our most current Privacy Policy, please telephone us on:

+61 1 300 053 533

or write to us at:

The Privacy Officer

PharmaCrop  Pty Ltd

Unit 1, 2994 Logan Road

Underwood QLD 4119
Australia

If PharmaCrop takes more than 30 days to respond to your privacy complaint, or if you are dissatisfied with the outcome, you can make a complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner. The OAIC can be contacted on 1300 363 992 or at www.oaic.gov.au.

19. Definitions

Clients means any entity, individual client, customer, and their respective employees and clients to which PharmaCrop may conduct business.

Cookies and Similar Technologies – a cookie is a small data file that an app or website transfers to your computer’s hard drive. We may place cookies when you use our websites or apps or where you use another company’s website and apps that our ads appear on. We may also place cookies when you request or personalize information, or register for certain services. If you accept these cookies, you may give us access to information about your interests. We may use that information to personalize your experience. Similar technologies such as web beacons, pixels, gifs, and tags also do the same thing. We use the term Cookies and Similar Technologies in this statement to refer to all technologies that collect information in this way. 

Data Breach means when Personal Information is accessed or disclosed without authorisation or is lost.

Data Privacy Officer means PharmaCrop’s Chief Commercial Officer.

De-identified means a process which involves the removal or alteration of information that identifies a person or is reasonably likely to identify them, as well as the application of any additional protections required to prevent identification.

Deletion is the process of removing, erasing or obliterating recorded information from a medium.

Destruction is the process of eliminating or deleting records that do not have continuing value, beyond any possible reconstruction (such as incineration, shredding, pulping or deletion).

Disposal is when records are sold, transferred or destroyed.

Identification Information means name, address, date or birth, and other identifying information.

IP Address – a number assigned to a device when connecting to the Internet.

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Record is any form of recorded information, both received and created in the course of business with the Client. A record is not dependent on the medium used and includes:

  1. anything on which there is writing – either electronically or physically;
  2. anything on which there are marks, figures, symbols or perforations having a meaning for persons, including persons qualified to interpret them;
  3. anything from which sounds, images or writing can be reproduced with or without the aid of anything else; or
  4. a map, plan, drawing or photograph.

For the purpose of this policy, this document only refers to Records being specifically held by PharmaCrop. Emails and documents received from the Client that are not being held in an PharmaCrop system will remain the responsibility of the Client.

Sensitive Information includes information or opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, health information, sexual orientation or criminal record, provided the information or opinion otherwise meets the definition of personal information.