Ypsomed Australia Pty Limited

1. Introduction to our Privacy Policy

1.1 This policy applies to information collected, stored and held by Ypsomed Australia Pty Limited (ABN 98 611 300 693) (hereinafter referred to as ‘We’, ‘Us’ or ‘Our’).

1.2 We collect, use and manage personal information in accordance with the Privacy Act 1988 (Commonwealth) and Australian Privacy Principles (Privacy Laws).

1.3 As a health service provider operating in NSW Australia, We collect, hold and use health information in accordance with the Health Records and Information Privacy Act 2002 (New South Wales) (the HRIP Act).

1.4 We only collect information that is reasonably necessary for the proper performance of Our activities or functions and for a lawful purpose.

1.5 We may decline to collect unsolicited personal information from or about you and take steps to purge it from Our systems.

1.6 Our privacy policy governs how We will collect, use, disclose, store and enable access and correction of the personal and health information We hold about you.

1.7 As part of Our collection process of your personal or health information, We:

1.7.1 Check that it is reasonably necessary for Our functions or activities as a health service provider;

1.7.2 Record and hold your information on Our secure information records system which is housed locally and overseas inaccordance with this privacy policy, Privacy Laws and the HRIP Act;

1.7.3 Retrieve your information when We need to use or disclose it for Our functions and activities and in doing so cross reference the information held by Us with third party health service providers who also hold and collect your health and personal information, for the purposes of ensuring the information held by Us is correct, complete, accurate, relevant and up to date;

1.7.4 Subject to limited exceptional circumstances, will permit you to have access to the personal and health information We hold about you; and

1.7.5 Correct any records of personal information We hold about you if it is inaccurate, out of date, incomplete, irrelevant or misleading.

2. Information we collect and hold

2.1 Types of information We collect and hold
Personal information that We collect and hold is information that is reasonably necessary for the proper performance of Our functions and activities as a health service provider, medical device supply company and certified trainer of Ypsomed Australia Pty Ltd.

How and why We collect that personal information will differ depending on whether you are a Client, Trainer or Referrer.
Sensitive information is a type of information defined by the Act that due to the characteristic of the information is afforded a greater level of privacy protection.
Health information is regarded as one of the most sensitive types of personal information. The information We collect from you will relate to a health service provided or to be provided to you. We may also collect and hold information or an opinion about:

  • Your physical or mental health or disability;
  • Your express wishes about the future provision of health services;
  • Genetic information about You from a health service provided to you that predicts or could predict health of your siblings, relatives or descendants; and
  • Any other personal information that is not in itself health related but which has been collected in order to provide (or in providing) the health service to you.

2.2 Client

2.2.1 The personal information that We may collect and hold about a Client is the information that is necessary and lawful for the performance of Our functions and activities and may be deemed personal or sensitive information which includes but is not limited to:

  • Proof of identity;
  • Contact Details including name, address, telephone numbers and email addresses;
  • Gender;
  • Racial or ethnic origin;
  • Religious beliefs or opinion;
  • Sexual preferences or practices; or
  • Health information.

2.2.2 The health information that We may collect and hold about a Client is the information that is necessary and lawful for the performance of Our functions and activities including but not limited to:

  • Medicare membership number and details;
  • Diagnosis;
  • Treatment details;
  • Genetic information; or
  • All other information collected in relation to the provision of health services.

2.3 Trainer

2.3.1 The personal information that We may collect and hold about a Trainer is the information that is necessary and lawful for the performance of Our functions and activities and may be deemed personal or sensitive information which includes but is not limited to:

  • Proof of identity;
  • Contact Details including name, address, telephone numbers and email addresses;
  • Gender;
  • Racial or ethnic origin;
  • Religious beliefs or opinion;
  • Bank details and financial information;
  • Affiliations with hospitals and other health service providers;
  • Qualifications and accreditations;
  • Membership of a trade union; or
  • Employment history.

2.4 Referrer

2.4.1 The personal information that We may collect and hold about a Referrer is the information that is necessary and lawful for the performance of Our functions and activities and may be deemed personal or sensitive information which includes but is not limited to:

  • Proof of identity;
  • Contact Details including name, address, telephone numbers and email addresses;
  • Gender;
  • Affiliations with hospitals and other health service providers; or
  • Qualifications and accreditations.

3. Purpose of collection and holding

The purpose for which We collect, hold, use and disclose your personal, sensitive or health information or a combination of any of them will differ depending on whether you are a Client, Trainer or Referrer.

3.1 Client

3.1.1 Information that We collect, hold, use and disclose about a Client is used:

  • To provide the necessary validation (including from appropriate health service providers and agencies) of your diagnosis and requirement for Ypsomed Australia’s products and services;
  • To liaise with your health fund provider; or
  • In providing a health service to you.

3.2 Trainer

3.2.1 Information that We collect, hold, use and disclose about a Trainer is used for:

  • The necessary validation (including from appropriate third party sources) of your resume, curriculum vitae, nominated references, or stated qualifications, experience, training or abilities.  Where We require third party validation, We will tell you how We propose to obtain it;
  • Tests or assessments;
  • Performance and other feedback; or
  • Identification of competencies and training needs.

3.3 Referrer

3.3.1 Information that We collect, hold, use and disclose about a Referrer is used:

  • to confirm identity and authority to provider referrals of Clients;
  • for Client suitability assessment; or
  • Our marketing services to you.

4. How the information is collected

The means by which We will collect your personal information will differ depending on whether you are a Client, Trainer or Referrer. Whether you are a Client, Referrer or a Trainer, We sometimes collect information from third parties and publicly available sources when it is necessary for a specific purpose such as checking information that you have given Us or where you have consented or would reasonably expect Us to collect your personal information in this way.

For a Trainer We may collect information from third parties, including referees, previous employers, professional registration authorities, educational institutions, who may be in a position to provide Us with information that We may use to assess your suitability to be trained as a Trainer or retrain as a Trainer when it is necessary or for a specific purpose such as checking information that you have given Us or where you have consented or would reasonably expect Us to collect your personal information in this way for the necessary and lawful performance of Our functions and activities.

4.1 Client

4.1.1 Personal and health information will be collected from you when:

  • You provide it to Us personally in connection with Us providing a health service to you; and/or
  • When We receive your personal information from other health service providers or Referrers in the performance of Our functions and activities.

4.2 Trainer

4.2.1 Personal and sensitive information will be collected from you when you:

  • Provide it to Us and fill out and submit our application form to become a Trainer or provide your personal and sensitive information on any other documents or data capture forms in connection with you undertaking training with Us; or
  • When you provide it to Us for business or business related social purposes.

4.3 Referrer

4.3.1 Personal information will be collected from you when you:

  • Provide it to Us or it is contained within a referral letter regarding a Client limited to your personal information as a Referrer;
  • Provide it to Us when you attend a business event or conference that We have attended or presented at; or
  • Provide it to Us for business or business related social purposes.

4.4 Electronic Transactions

Sometimes, We collect personal information that you choose to give Us via online forms or by email, for example when you:

  • make a written online enquiry or email Us through Our website;
  • apply for Our training through Our website;

It is important that you understand that there are risks associated with use of the Internet and you should take all appropriate steps to protect your personal information. It might help you to look at the OAIC's resource on Internet Communications and other Technologies.

You can contact us by land line telephone or post if you have concerns about making contact via the Internet.

4.5 Use of Cookies

Our Internet pages use cookies to make our Internet website user-friendly, improve performance as well as guarantee safe operation. Cookies are small text files that are stored temporarily or permanently on your hard drive. Cookies allow us to analyse the use of our Internet pages and to initiate continuous improvements.

You can deactivate the storage of cookies in your browser settings in whole or in part if you want to prevent your visit to our Internet website from being tracked. However, we wish to point out that you may not be able to use all functions of the Internet website after deactivation.

4.6 Google Maps

The offer of Google Maps is also used on our website. This allows us to display an interactive map directly on the website and enables you to conveniently use the map function.

Description and scope of processing: As soon as you click on our address in the navigation of the embedded map on our website, Google Maps opens in a new tab.. Please note that you are bound to additional conditions of use for Google Maps/Google Earth including the Google privacy policy when you use Google Maps. For more information about the purpose and scope of data collection and its processing by Google, please contact Google Maps.

Google saves cookies on your terminal when using Google Maps via your Internet browser. Here we cannot exclude the possibility that Google may use servers in the USA for this purpose. However, Google has submitted to both the EU-US Privacy Shield as well as the Swiss-US Privacy Shield. According to information provided by Google, Google uses these data for the provision of the service and to ensure that the service functions properly. If you are logged in to Google, your information will be directly assigned to your Google Account. If you do not wish to be assigned to your profile on Google, you must log out before activating Google Maps. Google stores your data (even for users not logged in) as user profiles and uses them for the purposes of demand-oriented advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Purpose and legal basis of data processing: the integration of Google Maps serves solely to offer you a route planner to our business location. The use of the convenient route planner is only possible with the integration of Google Maps and the corresponding data processing. For this purpose, our legitimate interest also lies in the processing of personal data.  The legal basis for the processing of personal data is Art. 6 Sec. 1 lit. f GDPR.

Duration of storage: the data you enter in the route planner will not be stored by us. If you wish to have your data deleted by Google, please go to Google privacy policy to obtain information.

4.7 Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc. ("Google") on our Internet pages. Google Analytics uses cookies and stores them on your system. The cookies allow us to analyse how you use our Internet pages.

The information generated by cookies about your use of the Internet pages is transferred to a Google server in the USA where it is stored. Google evaluates the information about your use of our Internet pages on our behalf, compiles reports on the activities on our Internet pages and provides us with other services related to the use of the Internet. The IP address transmitted by your browser within the context of Google Analytics will not be merged with other Google data.

You can disable Google Analytics by clicking on the following link: Deactivate Google Analytics. This will set an opt-out cookie that prevents future collection of your data when you visit this website. In addition, you can prevent Google from collecting and processing the data generated by the cookie (including your IP address) by installing the browser plugin.

4.8 Use of social media plug-ins

Our Internet pages contain social media plug-ins, e.g. for Facebook, Twitter or XING. The plug-ins can be recognised by their respective logos. With the aid of these plug-ins you can share the contents of our Internet pages or recommend products to others.

Plug-ins provide a direct connection between your browser and the social networks. The plug-in informs the social network that you have visited our Internet website as a user. Regardless of whether you are a member of these social networks, the data (IP address, date and time of your visit, etc.) are transferred to the respective provider. As soon as you are logged in to a social network, this can assign your visit to our Internet website to your account. Your interactions with the plug-ins, for example, if you click on the Facebook button "Like" or leave a comment, will be transmitted directly to the social network by the browser and processed according to the rules applicable there. If you wish to prevent social networks from linking this information to your account, please log out of the social network before visiting our Internet website.

Plug-ins can be deactivated. Information on this topic is provided on the support pages of your browser.

5. How your Personal Information is held

5.1 Our Information Record System
Personal electronic data is held in Our secured and controlled databases (Information Record System) with appropriate protection against viruses or other unauthorised access. The relevant computers and associated equipment are protected in the same manner as the hard copy files.

Hard copy documents containing personal information are held securely within our head office located at 602/20 Bungan St Mona Vale, NSW 2103, which negate the possibility of casual access by unauthorised persons. Our premises are protected by appropriate security systems during non-business hours.

We do not adopt a government related identifier in the storage and management your personal information.

5.2 How long is your personal information held by Us

Personal information is held by Us in our Information Record System until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for Us to do so.

5.3 Range of Measures

5.3.1 We take a range of measures to protect your personal information from:

  • misuse, interference and loss; and
  • unauthorised access, modification or disclosure.

5.3.2 There are a range of measures We take to ensure your personal information is protected, which include but are not limited to:

  • Firewalls and access logging tools that protect against unauthorised access to your information and Our network;
  • Secure server and closed network environments;
  • Virus scanning tools;
  • Management of access privileges, including password protection, to ensure that only those who really need too can see your personal information;
  • Policies on the use and security of laptops, mobile phones and portable storage devices;
  • Ongoing staff training; and
  • Disposal of personal information through secure processes.

6. Disclosures

6.1 We may disclose your personal information for any of the purposes for which it is primarily held or for a lawful related purpose.

6.2 We may disclose your personal information where We are under a legal duty to do so.

6.3 Disclosure will be:

6.3.1 to Ypsomed AG, Our parent company incorporated in Switzerland who house our ERP system;

6.3.2 to a Client, Trainer or Referrer where appropriate to do so and in connection with Us providing a health service to you;

6.3.3 to referees for suitability and screening purposes;

6.3.4 to Our insurers;

6.3.5 to a professional association or registration body that has a proper interest in the disclosure of your personal and sensitive information;

6.3.6 to Our contractors and suppliers – e.g. our I.T. contractors, internet service suppliers and database designers, some of whom may be off shore (CSPs);

6.3.7 to a parent, guardian, holder of an enduring power of attorney (or like authority) or next of kin whom We may contact in any case in which consent is required or notification is to be given and where it is not practicable to obtain it from or give it directly to you; or

6.3.8 to any person with a lawful entitlement to obtain the information.

6.4 We have safeguards in place and have taken reasonable steps to ensure that Our parent company incorporated in Switzerland does not breach the Australian Privacy Principles in using your personal information in accordance with this privacy policy and for the primary purpose.

6.5 We take reasonable steps to ensure that terms of service with Our CSPs recognise that We are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause Us to breach those obligations.

6.6 We will not use or disclose your sensitive information for direct marketing unless You consent for Us to do so in writing.

7. Rights and Choices

Subject to some exceptions set out in Privacy Laws, you can gain access to your personal information that We hold. This is subject to some important exceptions which include:
(a) evaluative opinion material obtained confidentially in the course of Our performing checks with Referrers; and
(b) access that would impact on the privacy rights of other people.

In many cases evaluative material contained in references that We obtain will be collected under obligations of confidentiality that the person who gave Us that information is entitled to expect will be observed. We do refuse access if it would breach confidentiality to the Referrer.

7.1 Access

7.1.1 If you wish to obtain access to your personal information you should contact Us and make a request in writing, such request must include your contact details, which part of your personal information you wish to see and the reasons for requesting the information (Request for Access).

7.1.2 In order to make a Request for Access, you will need to be in a position to verify your identity.

7.1.3 We may charge an administration fee of $20 where it is reasonable to do so, for giving you access to the requested personal information.

7.1.4 You will receive acknowledgement of your request having been received within 10 business days and a response within 30 business days.

7.1.5 If the information is not available, or cannot be disclosed to you, a written explanation will be provided.

7.2 Correction

7.2.1 If you find that personal information that We hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask Us to correct it by contacting Us.

7.2.2 We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.

7.2.3 If We have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask Us to notify the third parties to whom We made the disclosure and We will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.

7.2.4 We will acknowledge receipt of your request within 10 business days to correct information and will make corrections as soon as possible within 30 business days.

7.2.5 If We are not able to correct the information a written explanation will be provided.

8. How to make a Complaint

8.1 If you are making a complaint about Our handling of your personal information, it should first be made to Us in writing.

8.2 You can make complaints about Our handling of your personal information to Our Privacy Coordinator, who can be contacted by emailing info@Ypsomed.com.au

8.3 You can also make complaints to the Office of the Australian Information Commissioner and to the industry associations of which We are a member.

8.4 The industry associations you may contact to make a complaint about Our conduct include the Medical Technology Association of Australia (MTAA) and IVD Australia (IVD).

8.5 MTAA represents companies in the medical technology industry including manufacturers and suppliers of medical technology used in the diagnosis, prevention, treatment and management of disease and disability. The MTAA code of practice includes a complaints process which can be used by you.

8.6 IVD is a therapeutic goods industry association which represents manufacturers of in vitro diagnostics and administers a code of conduct for the professional and ethical conduct of its members. The IVD Code of Conduct includes a complaints process which can be used by you.

8.7 If you are unable to resolve a matter with Us directly and wish to lodge a complaint please contact MTAA or IVD who will confirm the requirements of submitting a complaint to them.

8.8 Complaints made to IVD must be in writing and outline the issues of complaint or non-compliance with the relevant code of conduct and include relevant supporting documentation.

8.9 You should contact MTAA about the requirements of submitting a complaint about Our conduct to them.

8.10 For the avoidance of doubt, the IVD Code of Conduct and the MTAA code do not constitute recognised external dispute resolution schemes for the purposes of the Australian Privacy Principles but are primarily designed to regulate the good conduct of their members.

8.11 When We receive your complaint:

8.11.1 We will take steps to confirm the authenticity of the complaint and the contact details provided to Us to ensure that We are responding to you or to a person whom you have authorised to receive information about your complaint;

8.11.2 Upon confirmation We will write to you to acknowledge receipt and to confirm that We are handling your complaint in accordance with Our policy.

8.11.3 We may ask for clarification of certain aspects of the complaint and for further detail;

8.11.4 We will consider the complaint and may make inquiries of people who can assist Us to establish what has happened and why;

8.11.5 We will require a reasonable time (usually 30 days) to respond;

8.11.6 If the complaint can be resolved by procedures for access and correction of the personal information We holdwe will suggest this to you a solution;

8.11.7 If We believe that your complaint may be capable of some other solution We will suggest that solution to you, on a confidential and without prejudice basis in Our response.

8.12 If the complaint cannot be resolved by means that We propose in Our response, We will suggest that you take your complaint to any recognised external dispute resolution scheme to which We belong or to the Office of the Australian Information Commissioner.

9. Contact Us

9.1 You can email Us about your privacy concerns by emailing info@ypsomed.com.au
9.2 Alternatively, you can write to Us at 602/20 Bungan St Mona Vale, NSW 2103.

Ypsomed Australia Pty Ltd ABN 98 611 300 693