The privacy of individuals, including our staff, our Clients and our business partners, is of utmost importance to PharmaCrop. This includes information or opinions about you that we collect and record which reasonably could be used to identify you. We adhere to the National Privacy Principles and the Privacy Act 1988 (Cth).
This document sets out our policies for managing personal information across our business operations in Australia. We have a Privacy Officer, whose contact details are below.
We want you to know how we may collect, use, share, and keep information about you and the choices that are available to you. When we provide products or services to you, we may also give you additional details about how we will use your personal information.
This Privacy Policy applies to PharmaCrop websites, and services that may run on dedicated servers, smart phones, tablets, and other mobile devices (“apps”). It does not apply to those websites that have their own online privacy statements.
Not all the information described in the Privacy Policy is ‘Personal Information’ under the Privacy Act – some of the Online Information we collect does not identify you (for example, some information we collect using cookies or information that is aggregated or de-identified).
Our websites and apps are not intended for children under 18 years of age. We do not knowingly solicit data online from, or communicate online to, children under 18 years of age.
Since we may change this Privacy Policy, we recommend that you check the current version available from time to time. If we make changes to this Privacy Policy, we will update the Effective Date at the top of this page.
When this Privacy Policy mentions “we,” “us,” or “our,” it refers to PharmaCrop.
This document sets out PharmaCrop’s approach for ensuring compliance with relevant data security and privacy legislation and regulations.
PharmaCrop acknowledges its responsibility to uphold our Client’s trust and confidence. A critical component of this responsibility is correctly archiving, retaining and where necessary destroying the records that we hold. It is important that all PharmaCrop employees and officers understand the basis of these responsibilities.
The types of information we collect depends on which product or service you use and how you interact with PharmaCrop. However, the types of personal information we collect and hold about you may include:
We generally do not collect Sensitive Information (such as relating to ethnic origin, religious or philosophical beliefs, membership of a political or trade association, sexual preferences or health), but may do so with your consent and when we are providing IT services for our Clients who have obtained those required consents or we are otherwise allowed or required by law. PharmaCrop does not collect information in a way that is unfair or unlawful. The collection of information will not intrude unreasonably on the personal affairs of the individual concerned.
We may gather Online Information if you:
When using our products and services (including our website), we will collect information about you and about your use of our products and services, such as which services you use and how you use them. We will collect information such as:
Our products and services (including our website) may also detect and use your IP Address or domain name for internal traffic monitoring and capacity management purposes or to otherwise administer the products and services. The patterns of usage of visitors to the online services may be tracked for the purposes of providing improved service and content based on aggregate or statistical review of user traffic patterns.
Generally, we collect, hold, update and use Personal Information (and sometimes Sensitive Information) about you (and your customers, employees or client) related to our functions and activities so we can establish, manage and administer the products and services provided by us, and to comply with legal and regulatory obligations. We also use, store, and process information about you to provide, understand, improve, and develop the PharmaCrop services, and to create and maintain a trusted and safer environment. We may also use and disclose your information for purposes related to those mentioned above, including:
Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, we generally collect Personal Information directly from you or from your use of our services, in response to our direct mail, e-mail, forms that you complete and submit to us, or when you have other dealings with us, such as using our services. We may collect that information over the telephone or internet, in person (when you visit us at an PharmaCrop office) and when you write to us.
We may also collect personal information through third parties such as:
We only collect your information from external sources if it is impractical to collect it directly from you, or when we are permitted to do so.
We also collect information through Cookies and Similar Technologies. Most Cookies and Similar Technologies will only collect De-Identified Information such as how you arrive at our website or your general location. However, certain Cookies and Similar Technologies do collect Personal Information. For example, if you click Remember Me when you log in to our website, a cookie will store your username.
We may collect information using Cookies and Similar Technologies about:
We may also collect information made publicly available through third-party platforms (such as online social media platforms), through online databases or directories, or that is otherwise legitimately obtained.
Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, we store Personal Information in a combination of secure computer storage facilities and paper based files and other record formats. We have taken a number of steps to protect the Personal Information we hold from misuse, loss and unauthorised access, modification or disclosure. We use generally accepted technology and security so that we are satisfied that your information is transmitted safely to us through the internet or other electronic means. We will take reasonable steps to securely destroy or permanently de-identify personal information when we no longer need it.
We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. However, the internet and mobile devices are not a 100% secure environment so we can’t guarantee the security of the transmission or storage of your information.
Principal Legislation:
Privacy Act 1988 (Cth), including the Australian Privacy Principles.
Related Legislation:
Under the privacy legislation, Personal Information may be solicited or unsolicited.
PharmaCrop is considered to have solicited Personal Information if it explicitly requests another person or entity to provide Personal Information, or it takes active steps to collect Personal Information.
PharmaCrop must only collect this solicited Personal Information where it is reasonably necessary for, or directly related to, its functions or activities (e.g. managing a PharmaCrop system containing Personal Information for a Client). In addition, this Personal Information must be collected directly from the individual concerned, unless this is unreasonable or impracticable, and must be collected by lawful and fair means (e.g. when collected by our Clients for management by PharmaCrop).
Unless an exception applies, PharmaCrop must only collect Sensitive Information (a type of Personal Information) where the above conditions are met and the individual concerned consents to the collection.
For the purposes of this policy, PharmaCrop is only collecting Personal Information when it is gathering, acquiring or obtaining Personal Information from any source and by any means.
Under the privacy legislation, unsolicited Personal Information is Personal Information received by PharmaCrop where the entity has taken no active steps to collect the information.
For unsolicited Personal Information, PharmaCrop must decide whether it could have collected the information as a collection of solicited Personal Information above.
If PharmaCrop determines that the information could not have been collected as solicited Personal Information, the unsolicited Personal Information must be destroyed or de-identified as soon as practicable if it is lawful and reasonable to do so, unless the unsolicited Personal Information is contained in a ‘Commonwealth Record’.
Under the privacy legislation, when collecting Personal Information, PharmaCrop must take reasonable steps to either notify the individual of certain matters or to ensure the individual is aware of those matters, before or at the time of collection, or if this is not practicable, reasonable steps must be taken as soon as practicable after collection.
These matters include:
Under the privacy legislation, PharmaCrop must only use or disclose Personal Information for a purpose for which it was collected (known as the ‘primary purpose’), or for a secondary purpose if an exception applies. The intent is that an entity will generally use and disclose an individual’s personal information only in ways the individual would expect or where one of the exceptions applies.
The exceptions include where:
Generally, we may disclose personal information about you in the following circumstances:
We may de-identify information about you so that the information can no longer be used to identify you. We may use and disclose de-identified personal information in the course of our business (including in any promotional or marketing material).
We may aggregate information on the use of our products and services (including our website) in such a way that the information can no longer be related to the identifiable individuals. We may use and disclose aggregated information in the course of our business (including in any promotional or marketing material).
We may disclose your Personal Information:
Direct marketing involves the use or disclosure of Personal Information (other than Sensitive Information) to communicate directly with an individual to promote PharmaCrop goods and services through a variety of channels such as telephone, SMS, email and online advertising.
Examples of direct marketing by PharmaCrop include:
Examples of marketing that is not direct (and where this policy doesn’t apply) by PharmaCrop include:
Under the privacy legislation, PharmaCrop must not use or disclose Sensitive Information it holds for the purpose of direct marketing, and it also must not use or disclose Personal Information it holds for the purpose of direct marketing unless an exception applies.
The exceptions include where:
Both of these exceptions require PharmaCrop to provide a simple means by which an individual can request not to receive direct marketing communications (also known as ‘opting out’) and if a person makes such a request, then the above exceptions no longer apply.
A simple means for opting out should include:
However, in the circumstances where PharmaCrop has not obtained Personal Information directly from the individual, or the individual would not reasonably expect their Personal Information to be used in this way, there are additional requirements to ensure that the individual is made aware of their right to opt out of receiving direct marketing communications from PharmaCrop. In such cases, in each direct marketing communication with the individual, PharmaCrop must include a prominent statement, or otherwise draws the individual’s attention to the fact that the individual may make such a request (referred to as an ‘opt out statement’).
Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, PharmaCrop must not disclose Personal Information to an overseas recipient (not in Australia) unless it is being disclosed for the primary purpose for which it was collected and before disclosing the Personal Information PharmaCrop must take reasonable steps to ensure that the recipient does not breach the privacy legislation in relation to that information. Where PharmaCrop discloses personal information to an overseas recipient, it is accountable for an act or practice of the overseas recipient that would breach the privacy legislation.
PharmaCrop discloses personal information where it makes it accessible to others outside the entity and releases the subsequent handling of the information from its effective control.
Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, PharmaCrop must take reasonable steps to ensure that the Personal Information it collects is accurate, up-to-date and complete. In addition, PharmaCrop must take reasonable steps to ensure that the Personal Information it uses and discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.
The reasonable steps that PharmaCrop should take will depend upon circumstances that include:
the practicability, including time and cost involved.
We will take reasonable steps to make sure that the Personal Information we collect, use or disclose is accurate, complete and up-to-date. If your personal details change, such as your telephone number or billing address, please contact us so that we can continue to provide you with our services.
Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, PharmaCrop must take reasonable steps to protect the Personal Information it holds from misuse, interference and loss, as well as unauthorised access, modification or disclosure.
Where PharmaCrop no longer needs Personal Information for any purpose for which the information may be used or disclosed, PharmaCrop must take reasonable steps to destroy the information or ensure that it is de-identified.
The ‘reasonable steps’ that PharmaCrop should take to ensure the security of Personal Information will depend upon the circumstances.
Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, PharmaCrop must give an individual access to that person’s Personal held by PharmaCrop on request. Access may be refused in certain circumstances, however, it is open to PharmaCrop not to rely on any such ground and to provide access upon request, unless disclosure is prohibited. Before relying on any of these grounds PharmaCrop may consider whether redacting some information would enable access to be provided (for example, redacting Personal Information about another person).
The grounds for refusal include:
PharmaCrop Privacy Policy (external) provides details of how an individual may access Personal Information about the individual.
Following a request, we will provide you with a copy of personal information which we hold about you in accordance with our obligations under the Privacy Act. We may charge a fee for retrieving this information (we will inform you of the fee before providing the information).
Please note that there are some circumstances set out in the Privacy Act where we may refuse your request.
We will promptly acknowledge and investigate any complaints about the way we manage Personal Information.
Subject to any contractual requirements we may have with you prescribing or imposing additional safeguards or higher standards, PharmaCrop must take reasonable steps to correct Personal Information to ensure that, having regard to the purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading. This applies when PharmaCrop is satisfied the Personal Information is inaccurate, out-of-date, incomplete, irrelevant or misleading, having regard to a purpose for which it is held, and when the individual requests the entity to correct the Personal Information.
We may update our policies and this Privacy Policy from time to time. The latest version is published on our web site at https://www.pharmacrop.com and is available in print at PharmaCrop offices, or by contacting us using the details below.
Contacting us If you have any questions about our policies, or if you wish to update or access the information we hold about you, wish to make a related complaint, opt out of receiving direct marketing material, or to receive a copy of our most current Privacy Policy, please telephone us on:
+61 1 300 053 533
or write to us at:
The Privacy Officer
PharmaCrop Pty Ltd
Unit 1, 2994 Logan Road
Underwood QLD 4119
Australia
If PharmaCrop takes more than 30 days to respond to your privacy complaint, or if you are dissatisfied with the outcome, you can make a complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner. The OAIC can be contacted on 1300 363 992 or at www.oaic.gov.au.
Clients means any entity, individual client, customer, and their respective employees and clients to which PharmaCrop may conduct business.
Cookies and Similar Technologies – a cookie is a small data file that an app or website transfers to your computer’s hard drive. We may place cookies when you use our websites or apps or where you use another company’s website and apps that our ads appear on. We may also place cookies when you request or personalize information, or register for certain services. If you accept these cookies, you may give us access to information about your interests. We may use that information to personalize your experience. Similar technologies such as web beacons, pixels, gifs, and tags also do the same thing. We use the term Cookies and Similar Technologies in this statement to refer to all technologies that collect information in this way.
Data Breach means when Personal Information is accessed or disclosed without authorisation or is lost.
Data Privacy Officer means PharmaCrop’s Chief Commercial Officer.
De-identified means a process which involves the removal or alteration of information that identifies a person or is reasonably likely to identify them, as well as the application of any additional protections required to prevent identification.
Deletion is the process of removing, erasing or obliterating recorded information from a medium.
Destruction is the process of eliminating or deleting records that do not have continuing value, beyond any possible reconstruction (such as incineration, shredding, pulping or deletion).
Disposal is when records are sold, transferred or destroyed.
Identification Information means name, address, date or birth, and other identifying information.
IP Address – a number assigned to a device when connecting to the Internet.
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Record is any form of recorded information, both received and created in the course of business with the Client. A record is not dependent on the medium used and includes:
For the purpose of this policy, this document only refers to Records being specifically held by PharmaCrop. Emails and documents received from the Client that are not being held in an PharmaCrop system will remain the responsibility of the Client.
Sensitive Information includes information or opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, health information, sexual orientation or criminal record, provided the information or opinion otherwise meets the definition of personal information.
Unit 1, 2994 Logan Road,
Underwood, Qld 4119, Australia