Privacy Policy
This Privacy Policy sets out how PolyNovo Limited manages your personal information in the USA.
Contents
- Introduction
- How does PNV manage your personal information?
- 2.1 Examples of personal and sensitive information
- 2.2 Privacy protections
- 2.3 What types of individuals does PNV collect personal information from and why?
- 2.4 How does PNV collect and hold your personal information?
- 2.5 What are the purposes for which PNV collects, holds, uses and discloses your personal information?
- 2.6 Overseas recipients
- 2.7 Access, correction, complaints and other rights
- 2.8 Other information
- Help
- Monitoring & review
1 Introduction
PolyNovo Limited (“PNV”) is committed to protecting the privacy of the individuals it deals with.
This Privacy Policy (“Policy”) helps:
- ensure PNV manages your personal information in an open and transparent way and in compliance with applicable privacy principles (“Privacy Laws”)
- protect the personal information of individuals who have dealings with PNV (these individuals are described in Sect. 2.3), and
- summarise how PNV manages your personal information.
PNV:
- develops and manufactures specialist medical devices in Victoria, Australia, utilising the patented bioabsorbable polymer technology Novosorb®, and
- markets and sells these medical devices globally via PNV’s subsidiaries and third-party distributors around the world.
In this Policy:
- references to "you" or "your" refer to the individuals whose personal information PNV collects, holds, uses or discloses, and
- "handles" refers generally to PNV collecting, holding, using or disclosing your personal information.
2 How does PNV manage your personal information?
2.1 Examples of personal and sensitive information
The personal information PNV may collect includes your:
- name
- address
- phone number
- email address
- unique browser identifiers (i.e., cookies)
- if you are a health care professional, it may also include your:
- title
- medical specialty
- photograph etc
- if you are a vendor, contractor or job applicant, it may also include your:
- work history
- qualifications etc.
- if you are a patient of a PNV customer (e.g. a hospital):
- details of your medical history, healthcare professional, device implantation/history, and
- photographs relating to device use
- if you are a health care professional, your membership of professional associations, and
- if you are a contractor or job applicant, your health information.
Personal information includes sensitive information, and the latter receives greater protection under Privacy Laws.
Examples of sensitive information include:
At any time, you have the right to request that PNV disclose the types (as well as specific pieces) of your personal and sensitive information PNV has collected, as well as the types of third parties to whom PNV has disclosed your personal and sensitive information.
2.2 Privacy protections
PNV seeks to protect your personal information in a variety of ways, including the following:
- The security of your personal information is important to PNV. Refer to Sect. 2.8.1 for details regarding PNV's security arrangements.
- PNV must only collect your personal information, including sensitive information, where it is reasonably necessary for PNV’s functions or activities, e.g. manufacturing, sales, marketing, quality assurance, regulatory affairs, human resources, IT, company secretarial etc., or where PNV has obtained your consent.
- Your sensitive information – e.g. medical details, or professional affiliations – must not be collected without your consent, except as may be permissible under Privacy Laws and where the PNV Privacy Officer has so authorized in compliance with such Privacy Laws). Your sensitive information will not be sold or shared, except where you grant PNV express permission to do so or where required or otherwise permissible under Privacy Laws.
- If PNV:
- collects your personal information for a particular purpose (refer to Sect. 2.5 for the purposes for which PNV collects personal information), and
- PNV wishes to use or disclose the information for another purpose, you must consent to the information being used for the other purpose (unless certain exceptions apply under Privacy Laws).
- Access to your personal information is limited to PNV staff who need to use your personal information in the course of their PNV responsibilities.
- PNV will never sell your personal information to anyone else.
- Although PNV may use your personal information to promote PNV or its products and services, you may opt out of having your information used for such activities (including but not limited to targeted advertising, sale of personal information or individual profiling) at any time.
- PNV is obliged to take reasonable steps to ensure the personal information it handles is accurate, up-to-date and complete. For example, PNV may ask you to confirm the accuracy of your personal information when contacting PNV.
- PNV will only disclose your personal information to organisations overseas in very limited circumstances – refer to Sect. 2.6.
- PNV has internal processes and procedures to help ensure compliance with this Policy and the Privacy Laws.
- If PNV holds your personal information and PNV:
- no longer needs the information for any purpose for which it may be used or disclosed (e.g. for the purposes disclosed in Sect. 2.5), and
- is not required by Privacy Laws to retain it,
- At any time, you have the right to request that PNV delete your information from PNV’s files.
PNV must take reasonable steps, and proactively plan, to destroy such information or to ensure such information is de-identified. PNV will not retain sensitive personal information for longer than is reasonably necessary to meet its intended purpose for collection of that information.
2.3 What types of individuals does PNV collect personal information from and why?
- PNV collects and holds personal information regarding its current and prospective:
- customers – e.g. health care professionals (including doctors, nurses) – and distributors
- patients of its customers, in limited circumstances
- contractors e.g. independent individual contractors engaged by PNV
- vendors e.g. suppliers of goods (e.g. raw materials) or services (e.g. IT services, professional services etc), and
- investors e.g. shareholders
for the purposes mentioned in Sect 2.5.
- PNV collects personal information in relation to individuals applying to become employees, for the purposes mentioned in Sect. 2.5. PNV may also collect personal information in relation to PNV’s employees where the information doesn’t directly relate to a current or former employment relationship.
- You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
- If PNV didn't collect your personal information:
- PNV would not be able to enter into a contractual relationship with you e.g. regarding the supply of products to you, your employment or engagement, PNV purchasing your goods or services or you becoming an investor, and
- PNV may not be able carry out the purposes mentioned in Sect. 2.5.
- PNV will not sell the above categories of information about you, unless you explicitly authorize PNV to do so. PNV may share such categories of information about you for the purposes described herein in compliance with Privacy Laws.
2.4 How does PNV collect and hold your personal information?
2.4.1 Collection
- The main way PNV collects personal information is from you directly – typically via emails, phone calls, meetings or PNV’s websites.
- In limited circumstances, PNV may collect personal information from someone with a right to access and share that information. For example, your personal information could be collected from:
- if you are a patient from a health care professional who is caring for you (your consent is needed if sensitive information – e.g. medical information – is collected)
- information you share from public sources, e.g. from your LinkedIn page or social media for purposes that relate to PNV’s functions and activities
- others involved in your dealings with PNV e.g. from organisations you, or your employer, has a business arrangement with
- from conference organisers, who may send a list of delegates to PNV
- in the case of customers, from third-party organisations to conduct credit checks
- if you are an investor, from PNV's Share Registry for the purposes of communicating with you in relation to your shareholdings.
- PNV does not obtain your personal information from third parties who sell lists of personal information.
2.4.2 Holding
- PNV holds most of your personal information in an electronic format, which is stored securely:
- on computers located at PNV's premises
- on mobile electronic devices e.g. phones, tablets, laptops
- offsite by third-party computer storage facilities e.g. cloud services.
- PNV may also store your personal information in a physical format - e.g. within files. Personal information stored in a physical format is stored securely on PNV's premises or archived with third parties.
2.5 What are the purposes for which PNV collects, holds, uses and discloses your personal information?
PNV handles the personal information of individuals for the following purposes:
Individuals with current dealings with PNV
- In the case of all individuals PNV currently has ongoing dealings with e.g. if you are a current customer, contractor, vendor or investor:
- to fulfil PNV's contractual and legislative obligations to you and help satisfy the reason why personal information has been given to PNV e.g.:
- to market and deliver PNV’s products and services to customers
- to engage, manage and assess vendors and contractors
- to make payment and enable any tax withholding
- for communication
- to respond to queries and requests
- to manage your dealings with PNV
- for record keeping
- for internal reporting, etc
- to maintain and improve PNV's relationship with you e.g. to securely record your details
- to provide a medical assessment of any feedback provided to PNV relating to your use or involvement with PNV products
- in relation to your attendance at PNV conferences or other events, and
- to comply with regulatory requirements, such as:
- maintaining a record of medical queries, complaints, adverse events and recalls relating to PNV's products
- ASX listing rules e.g. regarding the reporting of PNV's top 20 shareholders.
- to fulfil PNV's contractual and legislative obligations to you and help satisfy the reason why personal information has been given to PNV e.g.:
- For example, if you are a prospective customer, contractor, vendor or investor or a job applicant:
- to communicate with you, respond to your queries and requests, manage your dealings with PNV and help satisfy the reason why you have given personal information to PNV, and
- to help decide whether to enter into a contract with you e.g. by performing credit checks on prospective customers, background checks regarding job applicants, contractors or vendors.
- Where PNV is required or permitted to:
- by law e.g. to record your vaccination status, or
- by a court or tribunal, include any proceedings before a court or tribunal.
- To allow your movement into, out of and around PNV's buildings.
- For:
- security reasons
- IT purposes e.g. backups
- disclosure to PNV's professional advisers, including PNV's accountants, auditors and lawyers.
- Where it is reasonably necessary for PNV's functions or activities e.g.:
- in relation to PNV’s dealings with advisers, agents, contractors and subcontractors – yours and PNV’s – in relation to you, including individuals whose personal information may also be collected
- to communicate with you via social media websites and applications e.g. LinkedIn, Twitter, Facebook
- photographs and other personal information may be collected by PNV of current and prospective customers and other individuals at PNV's seminars or events for inclusion in PNV's social media or other reporting.
- If you are a user of PNV's websites and accept cookies, or similar technologies, on those websites, information may be collected and used by PNV to improve your website experience.
- If you have dealings with PNV which have ended, PNV may continue to hold your personal information to enable PNV to use that information if:
- a dispute or query arises
- PNV's relationship with you recommences in the future, or
- PNV wishes to send promotional material to you regarding PNV or PNV's products and services (note you always have the option to unsubscribe).
- If you are a current customer or vendor:
- to conduct surveys, product evaluation and research
- to contact you, work with you and disclose your details to others regarding medical device trials, investigations, training or educational programs you may present for PNV, and
- in connection with possible adverse events involving PNV's medical devices, customer complaints or feedback:
- to convey details to relevant staff within PNV
- to contact you should PNV require information on adverse events, complaints or other feedback, and
- where necessary, to send adverse events reports to regulators.
- If you are a current or prospective customer, personal information may be used for PNV's business purposes, including:
- promoting PNV and its products and services (note you always have the option to opt out of PNV’s use of information for such purposes)
- assessing your suitability for PNV's products and services, and
- disclosing the information to a PNV subsidiary to help achieve your purpose in providing personal information to PNV – e.g. if you have a query regarding the sale of a PNV product overseas.
- At any time, you have the right to direct that PNV not sell or share your personal or sensitive information, or to limit PNV’s use of your personal or sensitive information to that use which is necessary to perform services for you or provide goods to you.
- If you are a current contractor:
- to record your attendance, train you and monitor your work (including your emails), and
- PNV may be obliged to report your personal information to regulatory agencies, e.g. the Australian Taxation Office.
- If you are a patient of a PNV customer (e.g. a hospital) and you are using, contemplating using or have used PNV’s products or services, in limited situations PNV may handle your personal information, including sensitive information with your consent (e.g. health information) - for example:
- to assist and support hospitals and their health care professionals in relation to you or another patient
- to respond to your queries or requests e.g. requests for information
- in relation to marketing activities regarding PNV and its products and services, and
- to disclose to relevant PNV staff for their assessment of the information and for training purposes.
Individuals who wish to have dealings with PNV in the future
Generally regarding all the above individuals
Customers and vendors
Contractors
Patients
2.6 Overseas recipients
- 2.6.1 When is your personal information disclosed to an overseas recipient?
Although the circumstances are limited, PNV may disclose your personal information to an overseas recipient – i.e. a recipient of personal information who is not in Australia. For example:
- where PNV:
- collects your personal information in Melbourne e.g. relating to a request to supply goods or services overseas, and
- discloses that information to a subsidiary overseas,
- your personal information could be shared with PNV's overseas vendors e.g. IT service providers
- personal information collected from you during clinical trials may be shared overseas with a PNV subsidiary or with a Clinical Research Organisation
- if you are a patient, personal information collected from you may be shared with PNV subsidiaries overseas and used for training or marketing purposes overseas, where the patient has consented to this in the case of sensitive information
- if PNV receives a complaint or feedback from you, PNV could potentially share your personal information overseas e.g. with PNV's subsidiaries, PNV's distributors and regulators
- much of PNV's electronic data, which would include your personal information, is stored with secure computer storage facilities (both internal and external to PNV)
- if you are a user of PNV's websites, information may be collected from you using google analytics and disclosed to Google Inc. in the USA, which may be used by Google Inc. to create reports for PNV about its website activities, and
- to satisfy overseas regulatory requirements, personal information that PNV collects about you regarding adverse events may be reported to regulators overseas.
- where PNV:
- 2.6.2 In which countries are these overseas recipients located?
In relation to the overseas recipients mentioned in Sect. 2.6.1:- the PNV subsidiaries are located in the UK, EU, Switzerland, USA and Singapore
- overseas vendors – e.g. IT service providers – might be located in the UK, EU, Switzerland, USA and Singapore
- Clinical Research Organisations are usually located in the country where the investigation is being conducted
- the external computer storage facilities are located in the USA
- regulators are located in approximately 20 countries and regions around the world, but the main countries and regions include: Australia, New Zealand, USA, Singapore, UK and Europe.
- 2.6.3 Compliance with Privacy Laws
PNV takes such steps as are reasonable and required to ensure the overseas recipients mentioned in Sect. 2.6.1 do not breach Privacy Laws.
2.7 Access, correction, complaints and other rights
- 2.7.1 How can your personal information be accessed and/or corrected?
- 2.7.1.1 You have the right to:
- request access to, or
- request the correction of
- 2.7.1.2 Regarding requests for access, the Privacy Officer will:
- respond to your request within a reasonable time
- give access in a portable and readily usable manner (or otherwise in the manner requested by you if it is reasonable and practicable to do so), and
- act in accordance with Privacy Laws, which also set out situations where access can be refused and what PNV needs to do if it refuses access.
- 2.7.1.3 Regarding requests for correction, the Privacy Officer will:
- respond to the request within a reasonable time
- take such steps (if any) as are reasonable in the circumstances to correct the information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading, and
- act in accordance with Privacy Laws, which also set out what PNV needs to do if it refuses a correction or if PNV refuses to include with the information a note relating to your concerns.
personal information about you that is held by PNV by contacting the Privacy Officer. The Privacy Officer's contact details are set out in Sect. 3.2.
- 2.7.1.1 You have the right to:
- 2.7.2 Complaints
If you have a complaint about how PNV has handled your personal information or consider that PNV may have breached its obligations under Privacy Laws, please contact the Privacy Officer (whose contact details are set out in Sect. 3.2). The Privacy Officer will respond to your complaint within a reasonable time. - 2.7.3 Other rights
Anonymity and pseudonymity
In all your dealings with PNV, you have the option of not identifying yourself or of using a pseudonym unless:- it is impracticable for PNV e.g. if PNV needs to contract with you, or
- PNV is required or authorised by an Australian law, or a court or tribunal, to deal with identified individuals.
2.8 Other information
- 2.8.1 Security
PNV takes reasonable steps to protect your personal information:- from misuse, interference and loss, and
- from unauthorised access, modification or disclosure, including personal information PNV doesn't physically hold but controls. For example, PNV has:
- IT security procedures e.g. passwords, authentication protocols, firewalls and limiting/monitoring staff access to data
- security procedures regarding accessing PNV's premises and moving around its premises
- procedures to keep physical files secure
- confidentiality rules which bind PNV's employees, officers and contractors. In addition, PNV strives to ensure that:
- the above security measures are continually improved in accordance with technological developments
- where third parties hold your personal information, their security measures are appropriate, and
- PNV's employees and officers do not store your personal information on portable storage devices e.g. USBs or external data banks.
Although PNV has appropriate security measures in relation to the transfer of your personal information to PNV via the “Contact Us” and “Subscribe” sections of PNV's websites, or via email or other means, the risk of unauthorised access to that information by a third party cannot be excluded.
- 2.8.2 Links to third-party websites
- PNV's websites include links to social media applications - e.g. LinkedIn, Twitter, Facebook - which may collect your personal information.
- Even though you may access or interact with these third-party applications via PNV's websites, PNV has no control over these third-party applications and is not responsible for how they manage your personal information, including how they keep your personal information secure.
- You should visit the third party's website to obtain information regarding the third party's privacy practices and your individual rights.
3 Help
- 3.1 If you have any questions regarding the content or application of this Policy, please contact PNV's Privacy Officer.
- 3.2 The contact details of PNV's Privacy Officer are as follows:
- Email: [email protected]
- Address:
- Head office:
- 2/320 Lorimer Street, Port Melbourne, Victoria 3207, Australia
- Phone: +61 (0) 3 8681 4050
-
US Headquarters - PolyNovo North America LLC:
- 2121 Palomar Airport Road, Ste 350, Carlsbad, CA 92011
- Phone: (302) 268-6163
4 Monitoring & review
- 4.1 PNV will:
- periodically review the contents of this Policy, rectify any issues in a timely way and publish any revised policy on PNV's website, and
- monitor the effectiveness of this Policy and implement improvements where appropriate.