Sirtex Medical Limited ACN 078 116 122
The information below is also available as a PDF document.
Sirtex Medical Limited ACN 078 116 122 and its subsidiaries (hereinafter referred to as "we", "us", "Sirtex" and "Sirtex Medical") are committed to protecting the privacy of your information, and to handling your personal information in a responsible manner in accordance with the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles ("APPs") and relevant State and Territory privacy legislation (collectively referred to as privacy legislation).
By accessing or using our websites, or by providing your personal information to Sirtex, you:
b) consent and agree to such collection and processing.
2. Types of Personal Information Sirtex collects
The type of personal information that may be collected will depend on Sirtex's relationship with the person, and the circumstances of collection.
2.1 General Information
The information we collect from you may include your personal details, for example
- your name and gender;
- your address;
- your age, date of birth, weight and height;
- your e-mail address;
- your phone number(s) and fax number(s);
- other contact information;
- health information relating to you (including details of medical history, diagnosis, treatment and prognosis); and/or
- details of your relevant health care professional(s).
The information we collect from you may also include:
- details of any specific products, services or clinical trials you want to learn about;
- photographs/images (where authorised by you); and
- Information you provide in "free text" fields when completing information sheets and forms, such as pre-treatment evaluation forms.
2.2 Contractors, Officers & Employees
For contractors, officers and persons seeking employment with Sirtex, we may collect the following information:
- name, gender and date of birth;
- residential address, email address, contact telephone numbers and emergency contact details;
- personal resumes which may contain details of education and work history, personal interests, details of referees and other information relevant to the individual;
- documents that you provide as evidence of your skills, qualifications, training, work history, identity and legal right to work;
- bank account details, superannuation details and tax file number;employee records (including leave entitlements, salary details and performance review information); and
- doctors' certificates in the case of sick leave.
2.3 Health Professionals
If you are a healthcare professional, we may collect personal information about you including:
- your medical specialty;
- your clinical interests;
- details of the clinics you work at or own;
- details of Sirtex products you have purchased;
- your preferred language; and
- details of your education, qualifications and experience.
3. From whom do we collect personal information?
Wherever practicable we will only collect information from you personally. However, we may also need to collect information from other sources such as treating health care providers, carers and guardians.
In the case of persons seeking employment with Sirtex, information in an applicant's resume may be verified by contacting referees. Sirtex may also obtain information about an individual seeking employment from a recruiter.
Salary survey data may be collected from third parties which is used to assess and determine salaries to be paid to officers of Sirtex and staff.
We will only collect information from third parties when it is not reasonable and practical to collect the information from you directly.
4. When does Sirtex collect Personal Information?
Information may be collected by medical and non-medical staff. We collect information about you when you:
- request information about our products, services and/or clinical trials;
- telephone, email or write to us;
- use our website;
- apply to, and/or participate in a clinical trial;
- apply to, and/or participate in conducting clinical trials;
- attend one of our presentations or training sessions;
- complete a Sirtex application form or feedback form;
- apply for work experience or employment with us;
- commence employment with Sirtex; and/or
- accept an offer of employment, or enter into a contract with Sirtex.
We may also need to collect personal and sensitive information in order to comply with our legal obligations.
5. How Sirtex stores information
Personal information is stored and held in a combination of hard copy and electronic files maintained by Sirtex, and on personal devices, including laptop computers.
6. How is Personal Information Used?
6.1 Use of Personal Information
We use personal information that is reasonably necessary for one or more of our functions (the primary purpose), or for a related secondary purpose that would be reasonably expected by you, or to which you have consented.
Sirtex may use your information for the following purposes:
- to establish your identity;
- to provide the products, information and/or services you request;
- to evaluate whether an individual is suitable to participate in a clinical trial;
- to evaluate whether an individual is suitable to conduct a clinical trial;
- to engage individuals to participate in clinical trials;
- to engage medical staff to conduct clinical trials;
- for medical research purposes;
- to comply with regulatory requirements, such as maintaining a record of medical queries, complaints, adverse events and recalls relating to our products;
- to contact you to satisfy any of our legal or regulatory obligations;
- to create a profile from the interactions we have with you to help us understand what information you might be interested in receiving;
- to invite you to participate in surveys and provide feedback to us;
- to deal with queries, requests or complaints;
- to provide you with a personalised experience when you interface with Sirtex;
- to contact you with information and notices related to your use of our websites;
- to improve the content, functionality and usability of our websites; andto manage the relationship between Sirtex and officers, contractors and employees (including making salary and superannuation payments, managing performance and managing a person's career with Sirtex).
6.2 Job Applicants
7. Direct Marketing
8. Sensitive Information
- necessary to lessen or prevent a serious threat to life, health or safety;
- necessary pursuant to a legal requirement;
- required for another permitted general situation (as defined in Section 16A of the Privacy Act 1988 (Cth)); or
- for a permitted health situation (as defined in Section 16B of the Privacy Act 1988 (Cth)).
9.1 Subsidiaries and Related Bodies Corporate
9.2 Third Parties
It may be necessary for us to disclose your personal information to certain third parties in order to assist us with one or more of our functions or activities, or where permitted or required by law. Third parties may include:
- clinics or hospitals (where treatment is received and/or clinical trials are performed);
- medical practitioners and related staff;
- health insurers and health service providers;
- those to whom we outsource certain functions, for example information technology support;
- auditors and insurers;
- government and law enforcement agencies and regulators; and
- entities established to help identify illegal activities and prevent fraud.
9.3 Sale of Business / Restructure
9.4 Service Providers
Our service providers are required by contract to protect the confidentiality of the personal information we share with them, and to use it only to provide services on our behalf.
9.5 When do we disclose Personal Information?
We may disclose your personal information from time to time, only if one or more of the following apply:
- you have consented;
- you would reasonably expect us to use or disclose your personal information in this way;
- we are authorised or required to do so by law;
- disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety;
- where a permitted general situation applies (as defined in Section 16A of the Privacy Act 1988 (Cth)) or a permitted health situation applies (as defined in Section 16B of the Privacy Act 1988 (Cth)); or
- disclosure is reasonably necessary for a law enforcement related activity or by a Government body or agency, or by a Court of law.
9.6 Officers, employees or contractors
Sirtex does not disclose personal information about officers, employees or contractors to any third parties (including overseas entities), unless prior consent is obtained from the relevant individual. Personal information about officers, employees or contractors may however be disclosed if required:
- pursuant to the Privacy Act 1988;
- pursuant to a legal requirement; or
- by an enforcement agency, Government body, or by a Court of law.
10. Overseas Recipients
10.1 Sirtex businesses worldwide
Sirtex Medical Limited has business operations in numerous locations worldwide. By sharing your personal information with Sirtex, your personal information may be transferred to, or be accessible by businesses in other countries that form part of the Sirtex group.
The counties in which such recipients are likely to be located are Australia, Singapore, United States & Germany.
10.2 Service Providers located outside Australia
Your information may be provided to service providers located outside Australia. The locations of the service providers may change from time to time.
The counties in which service providers are likely to be located are Australia, Singapore, United States & Germany.
10.3 Transfer of Personal Information to a Foreign Recipient
We may transfer personal information to a foreign recipient (including when an overseas entity accesses the information in Australia), only if:
- we reasonably believe that:
- the recipient is subject to law, or a binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the APPs; and
- there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme; or
- the disclosure is required or authorised by or under an Australian law or a court/tribunal order; or
- the transfer is necessary for the performance of a contract / arrangement with the individual (from which the information was collected); or
- the transfer is for the benefit of the individual (and the other APP requirements are met); or
- the individual consents to the transfer.
10.4 Assessment of Foreign Privacy Laws
When disclosure is to be made to a known overseas entity, we will take reasonable steps to assess the privacy laws of the country where information will be disclosed to determine whether the overseas recipient is required to comply with privacy laws that are at least as stringent as the APP requirements in relation to information. Our service providers are required to enter into a contract pursuant to which they agree to protect the confidentiality of the personal information we share with them, and to use the information only to provide services on our behalf.
11. Cookies and similar technologies
12. Data Quality
We take all reasonable steps to ensure the personal information we hold, use and disclose is accurate, complete and up-to-date. These steps include ensuring that the personal information is accurate, complete and up-to-date at the time of collection, and when using or disclosing the personal information.
On an ongoing basis we maintain and update personal information when we are advised by you or when we become aware through other means that your personal information has changed.
Please contact us if any of the details you have provided to us change. You should also contact us if you believe that the personal information we have about you is not accurate, complete or up-to-date.
Employee personal information is retained in secure hard copy and electronic files, and is only accessible by human resources staff, accounts staff and directors on a need to know basis.
Whilst we endeavour to take all appropriate measures, Sirtex cannot guarantee the security of personal information sent online. Please bear this in mind when providing personal information online to Sirtex.
14. Information that is no longer required
If Sirtex no longer needs the personal information for any purpose for which it may use or disclose the information (for example when an employee has been terminated), and the information is not otherwise required to be kept under an Australian law or court order, Sirtex will take reasonable steps to destroy or permanently de-identify the information as appropriate.
15. Unsolicited Information
Sometimes we may be provided with your personal information without having sought it through our normal means of collection. We refer to this as "unsolicited information". Where we collect unsolicited information we will only hold, use and or disclose that information if we could otherwise do so had we collected it by normal means. If that unsolicited information could not have been collected by normal means then we will destroy, permanently delete or de-identify the information as appropriate.
16. How to gain access to your personal information we hold
You may request access to the personal information we hold about you, or request that we change and/or update the personal information we hold, by contacting us.
Upon request, we will give you access to the personal information held about you, unless specific limitations apply (for example, if the request is frivolous or vexatious, or providing access would be unlawful).
We will respond to a request for access to personal information within a reasonable period after the request is made, and give access to the personal information in the manner requested by you, if it is reasonable and practicable to do so.
If we do not agree to provide you with access, or to amend your personal information as requested, you will be notified accordingly. Where appropriate we will provide you with the reason/s for our decision, and the mechanisms available to complain about the refusal. If the rejection relates to a request to change your personal information you may make a statement about the requested change and we will attach this to your record.
If you have a complaint about the privacy of your personal information, we request that you contact us in writing by email, letter, and facsimile or by personal delivery to any one of our contact details as set out below. You may also make a complaint verbally. Upon receipt of a complaint we will consider the details and attempt to resolve the matter in accordance with our complaints handling procedures.
We will respond to your complaint within a reasonable time (usually no longer than 30 days), and we may seek further information from you in order to provide you with a full and complete response.
If you are dissatisfied with our handling of a complaint or the outcome, you may make an application to the Office of the Australian Information Commissioner by calling them on 1300 363 992, contacting them online at www.oaic.gov.au, or by writing to the Office of the Australian Information Commissioner at GPO Box 5218 Sydney NSW 2001, or the Privacy Commissioner in your State or Territory.
18. Overseas Transfer of Data
If you choose to provide us with personal information, you understand and consent to the transfer of your information to Sirtex' locations and systems in Australia and around the world.
19. Links to other websites
Our website may contain links to other websites. We do not share your personal information with those websites, and we are not responsible for their privacy practices. Sirtex is not responsible or liable for, and does not endorse, the data privacy practices or the content of any other linked sites.
- Emailing privacy-APAC@sirtex.com, privacy-EMEA@sirtex.com , privacy-Americas@sirtex.com ; or
- Calling +61 2 9964 8400;
If practical, you can contact us anonymously (i.e. without identifying yourself) or by using a pseudonym. However, if you choose not to identify yourself, we may not be able to give you the information or provide the assistance you might otherwise receive if it is not practical to do so.