PolyNovo Limited (“PNV”) is committed to protecting the privacy of the individuals it deals with.
- ensure PNV manages your personal information in an open and transparent way and in compliance with the Australian Privacy Principles (“Privacy Laws”)
- protect the personal information of individuals who have dealings with PNV (these individuals are described in Sect. 2.3), and
- summarise how PNV manages your personal information.
- develops and manufactures specialist medical devices in Victoria, Australia, utilising the patented bioabsorbable polymer technology Novosorb®, and
- markets and sells these medical devices globally via PNV’s subsidiaries and third-party distributors around the world.
- references to "you" or "your" refer to the individuals whose personal information PNV collects, holds, uses or discloses, and
- "handles" refers generally to PNV collecting, holding, using or disclosing your personal information.
2 How does PNV manage your personal information?
2.1 Examples of personal and sensitive information
- phone number
- email address
- if you are a health care professional, it may also include your:
- medical specialty
- photograph etc
- if you are a vendor, contractor or job applicant, it may also include your:
- work history
- qualifications etc.
- if you are a patient of a PNV customer (e.g. a hospital):
- details of your medical history, healthcare professional, device implantation/history, and
- photographs relating to device use
- if you are a health care professional, your membership of professional associations, and
- if you are a contractor or job applicant, your health information.
2.2 Privacy protections
- The security of your personal information is important to PNV. Refer to Sect. 2.8.1 for details regarding PNV’s security arrangements.
- PNV must only collect your personal information, including sensitive information, where it is reasonably necessary for PNV’s functions or activities e.g. manufacturing, sales, marketing, quality assurance, regulatory affairs, human resources, IT, company secretarial etc.
- Your sensitive information - e.g. medical details, or professional affiliations - must not be collected without your consent, unless approval is obtained from PNV’s Privacy Officer (as certain exceptions may be applicable under Privacy Laws).
- If PNV:
- collects your personal information for a particular purpose (refer to Sect. 2.5 for the purposes for which PNV collects personal information), and
- PNV wishes to use or disclose the information for another purpose, you must consent to the information being used for the other purpose (unless certain exceptions apply under Privacy Laws).
- Access to your personal information is limited to PNV staff who need to use your personal information in the course of their PNV responsibilities.
- PNV will never sell your personal information to anyone else.
- Although PNV may use your personal information to promote PNV or its products and services, you have the option to unsubscribe at any time.
- PNV is obliged to take reasonable steps to ensure the personal information it handles is accurate, up-to-date and complete. For example, PNV may ask you to confirm the accuracy of your personal information when contacting PNV.
- PNV will only disclose your personal information to organisations overseas in very limited circumstances - refer to Sect. 2.6.
- PNV has internal processes and procedures to help ensure compliance with this Policy and the Privacy Laws.
- If PNV holds your personal information and PNV:
- no longer needs the information for any purpose for which it may be used or disclosed (e.g. for the purposes disclosed in Sect. 2.5), and
- is not required by Australian law to retain it, PNV must take reasonable steps, and proactively plan, to destroy such information or to ensure such information is de-identified.
2.3 What types of individuals does PNV collect personal information from and why?
- PNV collects and holds personal information regarding its current and prospective:
- customers - e.g. health care professionals (including doctors, nurses) - and distributors
- patients of its customers, in limited circumstances
- contractors e.g. independent individual contractors engaged by PNV
- vendors e.g. suppliers of goods (e.g. raw materials) or services (e.g. IT services, professional services etc), and
- investors e.g. shareholders
for the purposes mentioned in Sect 2.5.
- PNV collects personal information in relation to individuals applying to become employees, for the purposes mentioned in Sect. 2.5. PNV may also collect personal information in relation to PNV’s employees where the information doesn’t directly relate to a current or former employment relationship.
- If PNV didn’t collect your personal information:
- PNV would not be able to enter into a contractual relationship with you e.g. regarding the supply of products to you, your employment or engagement, PNV purchasing your goods or services or you becoming an investor, and
- PNV may not be able carry out the purposes mentioned in Sect. 2.5.
- In some instances PNV may collect your personal information unknowingly - for example, within non-business (i.e. private) emails between you and PNV’s staff. Please be aware that such personal information may, also unknowingly, be stored on PNV’s IT systems and backed up by PNV, and third parties, with other business-related information.
2.4 How does PNV collect and hold your personal information?
- The main way PNV collects personal information is from you directly - typically via emails, phone calls, meetings or PNV’s websites.
- Where it is unreasonable or impracticable to collect personal information from you, PNV may, in limited circumstances, collect your personal information from someone other than you. For example, your personal information could be collected from:
- a co-worker e.g. when PNV deals with a hospital, a nurse may disclose a doctor’s personal information to PNV if the doctor is unavailable
- if you are a patient from a health care professional who is caring for you (your consent is needed if sensitive information - e.g. medical information - is collected)
- public sources - e.g. from your LinkedIn page or social media - but only for purposes that relate to PNV’s functions and activities
- others involved in your dealings with PNV e.g. from organisations you, or your employer, has a business arrangement with
- from conference organisers, who may send a list of delegates to PNV
- in the case of customers, from third-party organisations to conduct credit checks
- if you are an investor, from PNV’s Share Registry for the purposes of communicating with you in relation to your shareholdings.
- PNV does not obtain your personal information from third parties who sell lists of personal information.
- PNV holds most of your personal information in an electronic format, which is stored securely:
- on computers located at PNV’s premises
- on mobile electronic devices e.g. phones, tablets, laptops
- offsite by third-party computer storage facilities e.g. cloud services.
- PNV may also store your personal information in a physical format - e.g. within files. Personal information stored in a physical format is stored securely on PNV’s premises or archived with third parties.