EBOS Medical Technology Privacy Policy
CD-POL-1103-1
Last Updated: November 2023
About this Policy
EBOS Medical Devices Australia Pty Limited (ABN 38 635 893 720), LifeHealthcare Distribution Pty Limited (ABN 30 117 449 911), LifeHealthcare Limited (NZCN 1929585) and their respective subsidiaries (“we”, “our” and “us”) are committed to responsible privacy practices and to complying with all relevant privacy laws, including:
(a) the Privacy Act 1988 (Cth) (the “Privacy Act (AU)”); and
(b) the Privacy Act 2020 (NZ) (the “Privacy Act (NZ)”),
in each case, unless stated otherwise, the “Privacy Act”, and in particular, the privacy principles (“Privacy Principles”) and the Notifiable Data Breach schemes contained in each Privacy Act.
In addition, we are committed to complying with all applicable state and territory health records legislation such as the Health Records Act 2001 (Vic), the Health Records (Privacy and Access) Act 1997 (ACT) and the Health Records and Information Privacy Act 2002 (NSW) and the Health Information Privacy Code 2020 (NZ).Where applicable, we will handle personal information relying on the related bodies corporate exemption and the employee records exemption in the Privacy Act (AU) and any other applicable exemptions in the Privacy Act or other legislation.
This Privacy Policy sets out our policies on the management of personal information including how we collect and hold personal information, the purposes for which we use this information, and to whom this information is disclosed. We may change our Privacy Policy from time to time at our discretion. At any time, the latest version of our Privacy Policy is available from our website at www.ebosmedtech.com .
Where it is practical for us to allow you to do so, you may deal with us anonymously (for example when enquiring generally about our products and services).
What Personal Information do we collect?
Personal Information is information or an opinion about an individual who is or can reasonably be identified by us.
Sensitive Information is any information or opinion about certain things, such as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, biometric data or health information.
The types of Personal Information that we collect about you will depend on why you are interacting with us and, if applicable, the products or services that you acquire, or enquire about. It may include your name, date of birth, phone number, email address, street address, bank account details, credit card details, your treating health practitioner, the hospitals or other institutions at which you work or where you may be treated, the entity you work for and your position there, any applicable practising registration and licensing, your employer or business representative’s contact information. In some circumstances, the Personal Information that we collect may be or include Sensitive Information.
If you do not allow us to collect all of the Personal Information we reasonably request, we may not be able to deliver the products or services you require or process any other request or enquiry.
Throughout the life of any product or service you acquire, we may also collect and hold additional Personal Information about you. This may include but not be limited to, any Personal Information comprised in transactional records, records of enquiries or complaints you make and, if you make a product claim, the collation of additional information to assess the claim.
If you apply for employment with us, we may collect additional Personal Information in relation to you including your educational and employment history and information provided by your referees.
Where you are employed by us, we may collect additional Personal Information from you in the course of your employment with us which may include Sensitive Information including your health information. We may also require health information from any individuals attending our premises including immunisation status and/or Covid-19 test results.
How do we collect and hold Personal Information?
We will collect your Personal Information directly from you, whether in person, on the phone or electronically, when you voluntarily and knowingly provide it to us, or indirectly from a third party for uses relating to the supply or use of our products or services, our educational activities and marketing events or information.Circumstances where your Personal Information will be collected directly from you include where you:
- order or purchase a product or service as a healthcare provider or consumer;
- order or purchase a product or service on behalf of your employer or for use by a healthcare provider;
- subscribe to a mailing list for educational and/or marketing material;
- register for a seminar, webinar, conference or other educational event;
- seek to provide goods or services to us;
- contact us regarding one of our products, services or any other matter;
- apply for, register your interest in, or enquire about a product or service;
- visit our website or when you deal with us online (including through our product websites or social media pages);
- provide us with feedback or make a complaint; or
- talk to us, or do business with us.
Circumstances where your Personal Information will be collected from a third party include where:
- a health practitioner or a healthcare provider orders a product or service specifically for you as a patient;
- you are seeking employment and a recruiter or referee provides us with your Personal Information;
- your Personal Information is provided to us by a labour hire company or other provider of contracted services;
- your Personal information is obtained from media and publications or other publicly available sources or registers or from cookies;
- your Personal Information is provided to us by the organiser of an educational event that we sponsor or support;
- your health practitioner reports to us on how you have responded to the use of one of our products or services as a patient;
- you are represented by a third party, for example, your legal adviser, insurance advisor, guardian, trustee, or attorney;
- you complete an online form or survey provided by us or a third party on our behalf;
- you deal with other organisations which, jointly with us, provide products or services to you or with whom we partner to provide products or services to you; or
- you comment publicly over Instagram, LinkedIn or any other social media platform that we use.
If we receive Personal Information about you that we did not request directly from you or from another party, we will decide whether we could have collected the information in accordance with this Privacy Policy and applicable privacy and health information laws including the Australian Privacy Principals (“APPs”). If we decide that we could have collected it, we will keep it and handle it in accordance with this Privacy Policy and applicable privacy and health information laws including the APPs. If we decide that we could not have collected the Personal Information, we will destroy or de-identify the information if it is lawful and reasonable to do so.
Each time you visit our websites or social media platforms, we may collect information about you which may include Personal Information (which we will generally de-identify) and may include the following:
- the date and time of visits;
- the pages viewed and your browsing behaviour;
- how you navigate through the site and interact with pages (including fields completed in forms and media posts);
- general location information;
- information about the device used to visit our website (including your tablet or mobile device) such as device IDs; and
- IP addresses. Your IP Address is a number that is automatically assigned to the device that you are using by your Internet Service Provider.
Where reasonable and practicable to do so, we will collect your Personal Information only from you. When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Most information that we hold about you will usually be stored electronically. We may store some of your information in secure data centres that are located in Australia or in other secure data centres of our contracted service providers (including cloud storage providers), that may be located outside Australia, including in the USA. We may also store some information that we hold about you securely in paper files or other hardcopy formats.
We may collect Sensitive Information where it is reasonably necessary to provide you with a specific product or service or required for the design, manufacture or supply of our products, including where your health information is required for the specifications of a medical device to be provided for you.
Use of Cookies
We may collect information about you using cookies when you use our websites or social media platforms. Cookies are small pieces of information stored on your hard drive or in memory. One of the reasons for using cookies is to offer you increased security. They can also record information about your visit to our websites, allowing us to remember you the next time you visit and provide a more meaningful experience.
We may also collect information from third party websites, applications or platforms containing our interactive content or that interface with our own websites and forms. Our websites may use Google Analytics. Details of how Google uses data collected from sites that use Google Analytics are available at this link: How Google uses information from sites or apps that use our services – Privacy & Terms – Google.
Our websites may contain links to other sites. This Privacy Policy applies to our websites and not any linked sites which are not operated or controlled by us. We encourage you to read the privacy policy of each website that collects your Personal Information.
If you prefer not to receive cookies, you can adjust your Internet browser to refuse cookies or to warn you when cookies are being used. However, our websites may not function properly or optimally if cookies have been turned off.
For what purposes do we Collect, Use and Disclose Personal Information?
The purposes for which we use and disclose your Personal Information will depend on the circumstances in which we collect it. Whenever practical we endeavour to inform you why we are collecting your Personal Information, how we intend to use that information and to whom we intend to disclose it at the time we collect your Personal Information.
The primary purpose for which we collect, use, hold and disclose your Personal (including Sensitive) Information is to provide you with products and services (including where applicable, third party products and services). We may use your Personal Information for related secondary purposes that you would reasonably expect, such as the administration and running of our business, any subsequent medical treatment you may need support with, processing any other request or enquiry you or your healthcare provider may have and responding to any questions or complaints in relation to the supply of your product or device.
We may use the Personal Information that we collect about you to:
- check whether you are eligible for the product or service;
- supply you with a medical device purchased by you or on your behalf;
- contact you for information relating to a medical device purchased by you or on your behalf;
- provide you with information about a product or service you have purchased, or which has been purchased on your behalf;
- facilitate support for subsequent medical treatment you may need relating to a medical device purchased by you or to facilitate the processing of any other request, enquiry, question or complaint you may have relating to the medical device;
- provide any educational and marketing information you may agree to receive;
- provide educational services requested by you or, that you may be invited to including seminars, webinars and conferences;
- consider and respond to any proposal or offer you may provide to us, including an application of employment;
- consider any proposal to use your personal services;
- respond to any question, request or complaint received from you or your healthcare practitioner;
- help us develop insights and conduct data analysis to improve the delivery of products, services, enhance our customer relationships and to effectively manage risks;
- understand your interests and preferences so we can tailor our digital content;
- for any other purposes to which you have consented to; or
- for any other purposes required or authorised by law or a court/tribunal order or by a regulatory body.
We may also use your Personal Information for secondary purposes closely related to the primary purpose for which it was collected, in circumstances where you would reasonably expect such a use or disclosure.
We may disclose Personal Information that we collect from you to a third party as follows:
- to meet the purpose for which it was collected, such as to disclose it to manufacturers and suppliers for the design, manufacture and/or supply of a medical device;
- if we have your consent to disclose the information;
- if we are required or authorised by law to disclose the information, including for example to comply with a court subpoena;
- to provide products or services related to those that we have agreed to provide to you, for example, catering services at a seminar or conference; or
- to enable us and the relevant manufacturer or supplier (who may be located outside of Australia or New Zealand, for example in Germany or the USA), to deal with any concern, issue or complaint you or your healthcare practitioner have raised with us, including a complaint about a medical device.
Where we have de-identified the information and if it is lawful and reasonable to do so, this Privacy Policy will generally not apply to our use of de-identified information. However, we will continue to safeguard this de-identified information so that it is secure and not reidentified. Where we use de-identified information together with other information (including Personal Information) and in doing so, we are able to identify you, that information will be treated as Personal Information in accordance with this Privacy Policy and applicable privacy and health information laws including the APPs.
We may use or disclose your information to comply with our legislative or regulatory requirements in any jurisdiction where we are subject to relevant laws and to prevent fraud, criminal or other activity that may cause you, us or others harm including in relation to our products or services.
Generally, we use contracted service providers to help us in our business activities. For example, they may help us provide you with products and services, deliver technology or other support for our business systems, refer us to new customers, or assist us with marketing and data analysis. These organisations may include:
- our agents, contractors and contracted service; providers (for example, mailing houses, technology service providers and cloud storage providers);
- authorised representatives who sell or arrange products and services on our behalf;
- insurers and health care providers;
- payment systems operators (for example, merchants receiving card payments);
- other organisations, who jointly with us, provide products or services to you, or with whom we partner to provide products and services to you;
- debt collectors;
- professional advisors such as our financial advisers, legal advisers and auditors;
- your representatives (including your legal adviser, accountant, mortgage broker, financial adviser, executor, administrator, guardian, trustee, or attorney);
- fraud bureaus or other organisations to identify, investigate or prevent fraud or other misconduct;
- external dispute resolution schemes; and
- regulatory bodies, government agencies and law enforcement bodies in any jurisdiction.
Where your Sensitive Information is collected, it will only be used and disclosed by us consistent with this Privacy Policy for:
- the primary purpose for which it was obtained;
- a secondary purpose that is directly related to the primary purpose;
- a purpose you have consented to; or where required authorised by law.
For example, we may use and disclose health information about you to process a claim under a product warranty or to assess a product related claim, including a complaint, or verify your identity or authorise transactions.
Disclosure of Personal Information interstate and overseas
Your Personal Information may be transferred to and stored in all states and territories of Australia, where it is held securely in accordance with this Privacy Policy and the Australian Privacy Principles.
To supply you with medical devices that you may purchase, or which have been purchased on your behalf, we may disclose your Personal Information that we collect to the relevant third-party supplier located outside of Australia or New Zealand (these recipients are likely to be located in countries such as Germany and the USA) so that they can prepare your medical device. We may also disclose your Personal Information to them if you need subsequent medical treatment or to process any other request or enquiry you or your healthcare provider may have.
We may also disclose your Personal Information to our cloud services provider that stores our data. They will usually be located in Australia, but some information may be transferred to the USA.
In such circumstances, we will take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information.
In respect of health information covered by health records legislation, unless otherwise required or permitted by law, we will only disclose your health information to a third party outside the state/territory of collection if we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which upholds principles for fair handling of the information that are substantially similar to those in the applicable health records legislation.
In respect of Personal Information collected or held in New Zealand, we will only disclose that information to a third party outside New Zealand if we reasonably believe that the recipient of the information is subject to comparable safeguards to those in the Privacy Act (NZ). If your Personal Information will not be protected by comparable safeguards to those in the Privacy Act (NZ), we will tell you that this is the case, and only disclose your Personal Information with your consent.
Direct marketing
We may use your Personal Information to directly offer you products and services we believe may be of interest and value to you, but we will not do so if you tell us not to. We may offer you products and services by various means, including by mail, telephone, email, SMS or other electronic means.
When we market products and services to you, we will comply with applicable laws to obtain your consent if required.
We may also disclose your Personal Information to companies who assist us to market products and services to you. If you do not want to receive direct marketing offers from us or our affiliates or service providers, please contact us using the contact details below or opt-out facility provided to you.Anonymity
In most circumstances, we do not require Personal Information for you to gain access to our website and, in some circumstances, you may choose not to identify yourself or use a pseudonym when providing your Personal Information to us. However, we may require your Personal Information in some other circumstances. For example, if you are a healthcare practitioner or healthcare provider, we require your Personal Information to verify your identity before we provide you with access to our website. Our ability to provide our products or services to you or process any request or complaint by you may be adversely affected if you do not give us the requested Personal Information, or if the information you give us is incomplete or inaccurate.
Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the Personal Information we hold. For example:
- access to our information systems is controlled through identity and access management controls;
- employees and our contracted service providers are required to keep information secure; and
- all employees are required to complete training about privacy and information security.
If you have reason to believe that your interaction with us is no longer secure - for example, if you feel that the security of any information you have with us has been compromised, please immediately contact us (see Privacy Policy Complaints and Enquiries section below).
When your Personal Information is no longer needed for the purpose for which it was obtained, or for legal record-keeping purposes, we will take reasonable steps to destroy or permanently de-identify your Personal Information. Some of the Personal Information we collect is or will be stored and kept by us for a minimum of 15 years.
Access to your Personal Information
You may access the Personal Information we hold about you and update and/or correct it, subject to certain exceptions. For example, we are not required to give you access to your Personal Information where giving you access would pose a serious threat to any person’s life, health or safety, or to public health or safety, where giving access would be unlawful, where giving access would have an unreasonable impact on other people’s privacy or where we reasonably conclude your request is frivolous or vexatious.
We will take reasonable steps to make sure that your Personal Information is accurate, complete and up to date when we collect, use or disclose it. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality products and services to you.
Any requests for access to, or correction of, your Personal Information should be made directly by contacting us using the details provided below.
If we refuse to give you access to or to correct your Personal Information, we will give you a notice explaining our reasons except where it would be unreasonable to do so. If we refuse your request to correct your Personal Information, you also have the right to request that a statement be associated with your Personal Information noting that you disagree with its accuracy. If we refuse your request to access or correct your Personal Information, we will also provide you with information on how you can complain about the refusal.
Policy Updates
We may need to update this Privacy Policy from time to time to reflect changes to our information handling practices, activities or legal obligations. Any changes to this Privacy Policy will be posted on our website at www.ebosmedtech.com . Unless stated otherwise, changes will be effective immediately upon being placed on the website.
Privacy Policy Complaints and Enquiries
If you have any queries or complaints about our Privacy Policy, please contact us first by using the contact details provided below:
Attention: Privacy Officer
LifeHealthcare Distribution Pty Limited
Level 8, 15 Talavera Road,
North Ryde NSW 2113
Telephone: 1800 060 168
privacy@lifehealthcare.com.au
OR
privacy@ebosgroup.com
If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner (visit: https://www.oaic.gov.au/privacy/privacy-complaints ) or the New Zealand Privacy Commissioner (visit: https://www.privacy.org.nz/your-rights/making-a-complaint/ ) or other relevant regulators.
Complaints can also be made in relation to health information we collect and handle to Commissioners responsible for administering State or Territory health information laws.
END DOCUMENT