PHARMENGAGE

Privacy Policy

PharmEngage Pty Ltd

Privacy Policy

General introduction

The Privacy Act 1988 (Privacy Act) provides protection to individuals against the mishandling of personal information and applies to organisations which include individuals, partnerships, corporations and unincorporated associations. It does not apply to individuals in a non-business capacity.

Amendments were passed to the Privacy Act in November 2012 with the new privacy regime taking effect from 12 March 2014. This new regime, including the adoption of a single set of 13 Australian Privacy Principles (APPs), applies to Government agencies and private sector organisations (‘APP entities’). The APPs set out what can and cannot be done with an individual’s personal and health information. Details of each APP are available from www.oaic.gov.au

This Privacy Policy is drafted in line with the APP guidelines and leading bodies in the healthcare community industry. PharmEngage strongly supports consistency in privacy matters and thus policies.

APPLIED PRIVACY POLICY

Scope

This Privacy Policy applies to personal information collected by PharmEngage Pty Ltd, PDLA Pharmacy Pty Ltd, PDLA Research Pty Ltd and PDLA Health Pty Ltd.
In this document we has adopted the Layered Privacy Notice format and provides a succinct overview of how we handles personal information.

Our complete privacy policy can be accessed from all our websites:

  • www.pharmengage.com
  • www.pdla.com.au

We may decide to now and then adopt changes in the privacy policy. Such changes will be made available on our websites.

Personal Information Handling Practices

Collection

PharmEngage (PE) collects personal information through its products and services for the purpose of operating such services.

PE usually collects personal information about individuals directly from those individuals or their authorised representative.

PE sometimes collects personal information from a third party or from a publicly available source, but only if the individual has consented to such collection or would reasonably expect us to collect their personal information in this way.

PE only collects personal information for purposes which are directly related to our functions or activities, and only when it is necessary for or directly related to such purposes.

Use and disclosure

PE will only use personal information for the purposes for which PE collected it – purposes which are directly related to one of its functions or activities.

PE does not give personal information about an individual to other Government agencies, private sector organisations or anyone else unless one of the following applies:

  • the individual has consented
  • the individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies
  • it is otherwise required or authorised by law
  • it will prevent or lessen a serious and imminent threat to somebody’s life or health, or
  • it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty,
    or for the protection of public revenue.
Data security

PE takes steps to protect the personal information it holds against loss, unauthorised access, use, modification or disclosure, and against other misuse.

When the personal information it collects is no longer required, PE will destroy or delete it in a secure manner.
Create a PharmEngage ‘Record Management Policy’ to relate back from the sentence above

Access

An individual can access the personal information that PE holds about them, and can request PE to correct the personal information it holds about them. For more information, see PE’s complete privacy policy – access and correction – what you can find below.

If listed on one or more of PE’s media or network email lists an individual can opt out at any time by using the ‘unsubscribe’ options noted in PE’s emails.

PE’s obligations
PE is bound by the Privacy Act 1988 (Privacy Act) which legislate the way PE collects, stores, provides access to, uses and discloses personal information.

For more information see PE’s complete privacy policy.

How to contact PE:

For further information contact [email protected] or alternatively you can write to PharmEngage Pty Ltd at PO Box 212, Seaforth, NSW 2092, Australia.

COMPLETE PRIVACY POLICY

Purpose

The purpose of this Privacy Policy is to:

  • clearly communicate the personal information handling practices of PE
  • enhance the transparency of PE’s operations, and
  • give individuals a better and more complete understanding of the sort of personal information that PE

holds, and the way PE handles that information.
If you don’t have time to read the whole policy we may recommend considering the following information!
If all that is required is a snapshot of PE’s personal information handling practices, refer to PE’s condensed Privacy Policy. This offers an easy to understand summary of:

  • how PE collects, uses, discloses and stores personal information, and
  • how an individual can contact PE to access or correct personal information PE holds about them.
  • If, in search of a more comprehensive explanation of PE’s information handling practices, then this document is appropriate. This document forms the ‘detailed’ layer of PE’s privacy policy.
Outline of this policy

Part A – Personal Information Handling Practices – explains PE’s general information handling practices across the organisation including information about how PE collects, uses, discloses and stores personal information.

Part B – Files – offers further detail by explaining PE’s personal information handling practices in relation to specific PE products, services, functions or activities.

Part C – Online – explains PE’s personal information handling practices when visiting its website(s).

Part A — Personal Information Handling Practices

Obligations under the Privacy Act

This privacy policy sets out how PE complies with its obligations under the Privacy Act 1988 (Privacy Act).
As an ‘APP entity’, PE is bound by the Australian Privacy Principles (APPs) in the Privacy Act which regulate how APP entities may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them.

In this Privacy Policy, ‘personal information’ has the same meaning as defined by section 6 of the Privacy Act:
information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Collection

It is PE’s usual practice to collect personal information directly from the individual or their authorised representative.

Sometimes PE collects personal information from a third party or a publicly available source, but only if the individual has consented to such collection or would reasonably expect PE to collect their personal information in this way, or if it is necessary for a specific purpose such as the investigation of a privacy complaint.
In limited circumstances PE may receive personal information about third parties from individuals who contact
PE and supply PE with the personal information of others in the documents they provide to us.
PE only collects personal information for purposes which are directly related to our functions or activities under the Privacy Act or Freedom of Information Act 1982 (FOI Act) and only when it is necessary for or directly related to such purposes.

Enquiries:

  • when an individual contacts PE asking for information or advice about PE’s functions and its operations.
    Market research:
  • when PE has contact with officers in Australian, State and Territory Government agencies, private sector
    organisations or individuals for the purpose of analysis and advice
  • when PE plans consultation with stakeholders who it believes will want to be consulted
  • when PE research healthcare services issues.

Communication and education:

  • when people ask to be on an email or mailing list so that PE can send them information about its activities
    and publications
  • when PE conduct events, or deliver training.

Administrative activities:

  • when PE processes pharmacy members of the PE services, applications and renewals
  • when PE processes healthcare professional (HCP) members of the PE services, applications and renewals
  • when PE processes healthcare consumer members of the PE services, applications and renewals
  • when PE processes HCP’s subject to the PE services, applications and renewals
  • when PE processes healthcare suppliers supportive to the PE services, applications and renewals
  • when PE manages its personnel and corporate service functions.

For more detailed information about these purposes and the information handling practices that apply to them, see Part B – Files.

PE also collects personal information (including contact details) as part of its normal communication processes directly related to those purposes, including:

  • when an individual emails PE staff members
  • when an individual telephones PE
  • when an individual provides PE with their business card.
Use and disclosure

PE only uses personal information for the purposes for which it was given to PE, or for purposes which are directly related to one of PE’s functions or activities, and PE does not give it to other organisations, government agencies, or anyone else unless one of the following applies:

  • the individual has consented
  • the individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies
  • it is otherwise required or authorised by law
  • it will prevent or lessen a serious and imminent threat to somebody’s life or health
  • it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty,
    or for the protection of public revenue.
Data quality

PE strives to ensure that the personal information it collects is accurate, up to date and complete. This includes maintaining and updating personal information when PE is advised by individuals that their personal information has changed, and at other times as necessary.

Data security

PE strives to protect the personal information it holds against loss, unauthorised access, use, modification or disclosure, and against other misuse. This includes password protection for accessing our electronic IT system securing paper files in locked cabinets and physical access restrictions. If no longer required, personal information is destroyed in a secure manner.

Access and correction

If an individual requests access to the personal information PE holds about them, or requests that PE change that personal information, PE will allow access or make the changes unless PE considers there is a sound reason under the Privacy Act, FOI Act or other relevant law to withhold the information, or not make the changes.

If PE does not agree to provide access to personal information or to amend or annotate the information it holds about them, the individual can pursue the matter further with the Office of the Australia Information Commissioner.
Individuals can obtain further information about how to request access or changes to the information PE holds about them by contacting PE (see details below).

How to contact PE:

Individuals can obtain further information in relation to this privacy policy, or provide any comments, by contacting PharmEngage Pty Ltd:

PO Box 212, Seaforth, New South Wales 2092, Australia
Email: [email protected] Phone: 1300 172 151

Part B – Files: how PE handles specific types of files that contain personal information
PE Customer Relation Management System (CRMS)
Purpose
PE, through its CRMS collects personal information to:

  • Manage information about their customers, clients or members
  • Manage interactions with their customers, clients or members
  • Manage business relationships and connections between customers, clients or members
  • Facilitate workflow and business processes
  • Organise and manage the data and perform analytics>
  • Interface between PE products and services and systems, such as Accounting and ‘Find a PE Pharmacy’

applications and more

  • Support applications which connect healthcare consumer’s with pharmacies
  • Share information with related organisations and ICT systems
  • PE collects personal information through its CRMS to enable PE to perform the following specific functions:

    • Member Record Management
    • Pharmacy Record Management
    • Activity Record Management
    • Invoicing and Payment Management
    • Navigation and Search
    • Geo Location
    • Reporting
    • Bulk Editing
    • Auditing
    • Managing Business Units
    • Security and Access
    • Marketing and promotion
    • Correspondence
    • Locate healthcare centres like pharmacies and HCP centres near a client
    Collection

    PE collects personal information directly from their customers, clients or members, or their authorized representatives.

    PE may also collect personal information about customers, clients or members from third parties, when it is relevant to functions listed above.

    Use and disclosure

    PE only uses the personal information it collects to carry out the functions listed above.

    PE may use the personal information it holds to make contact with the clients or constituent and any other relevant individual, agency or organisation.

    Data quality

    PE maintains and updates the personal information it holds as necessary or when advised by individuals that their personal information has changed.

    Data security

    The personal information collected is held in electronic databases. Some personal information is also held in paper files.

    PE staff members have access to the databases with access restricted based on their roles as:

    • IT Managers
    • Account Managers
    • Product Managers
    • General users

    The CRMS database maintains audit trails whenever personal information is amended or deleted on the database.
    The CRMS database does not allow records to be deleted, but made inactive. This is specifically to be able to maintain an ownership and membership history.

    Access and correction

    For information about how to access or correct personal information held in enquiries files review Part A of this document – Access and Correction.

    Customer/Market Research Files

    Purpose

    The purpose of research files is to store research correspondence, analysis, working papers and other documents that relate to PE’s functions to:

    • draft and define strategy recommendations
    • examine and analyse recommendations
    • maintain a register of stakeholder consultation.

    The personal information in research files relates to correspondence and submissions from people with an interest in health, community pharmacy and HCP centres, healthcare suppliers, healthcare payers, and people working for or representing organisations with an interest in healthcare.

    Collection

    PE collects personal information in research files directly from individuals or their agencies or organisations, or from publicly available sources such as websites or telephone directories.

    Use and disclosure

    Personal information in research files is only used for the purpose of undertaking customer and market research, deriving strategic direction or exercising our business functions.

    The personal information on research files is not disclosed to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

    Data quality

    PE maintains and updates personal information in its policy files as necessary or when it is advised by individuals that their personal information has changed.

    Data security

    Research files are stored in either password protected electronic media or in locked cabinets in paper form. If no longer required, personal information in policy files is destroyed in a secure manner.
    PE staff members have access to the research files with access restricted based on their roles as:

    • Directors
    • Communication, marketing and education management staff
    • IT staff
    • Accounts and records management staff
    • General staff
    Access and correction

    For information about how to access or correct personal information in research files please review Part A of this document – Access and Correction.
    Communication, Education and Promotion Files

    Purpose

    The purpose of communication, education and promotion files is to record details of communication,
    educational and promotion activities, such as compliance and adherence to medication programs, medication management programs and services, disease and medication awareness programs, primary, secondary and tertiary prevention programs, promotion of healthcare services and products, contact with the media, event management, surveys, and the preparation of papers and publications.

    The limited personal information in communication and education files relates to HCP’s, healthcare suppliers, healthcare consumers, healthcare and patient organisations, individuals, media representatives, members, and service providers.

    Collection

    It is PE’s usual practice to collect personal information in communication, education and promotion files directly from individuals.

    Sometimes PE may collect personal information from an individual’s representative or from publicly available sources such as websites or telephone directories.

    Use and disclosure

    PE will only use the personal information in communication, education and promotion files for the purposes of undertaking communication, education and promotion initiatives and managing public relations.
    The personal information on communication, education and promotion files is not disclosed to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

    Data security

    Communication, education and promotion files are stored in password protected electronic media. If no longer required, personal information in communication, education and promotion files is destroyed in a secure manner.
    PE staff members have access to the in communication, education and promotion files with access restricted based on their roles as:

    • Directors
    • Communication, marketing and education management staff
    • IT staff
    • Accounts and records management staff
    • General staff
    Access and correction

    For information about how to access or correct personal information in communication, education and promotion files please review Part A of this document – Access and Correction.
    Contact, customer, client and member Lists

    Purpose

    PE maintains contacts lists which include contact information about individuals who may have an interest in the healthcare community, are involved in healthcare business activities and media representatives, or are member of PE services and products. PE uses these contacts lists to distribute information about its activities and publications.

    Collection

    It is PE’s usual practice to collect personal information in contacts lists directly from individuals, for example, where they have asked to be added to a contact, customer, client, member list.

    Sometimes PE collects personal information from a third party or from a publicly available source such as a website or telephone directory. PE usually collects personal information in this way if the individual would reasonably expect us to, or has given their consent. For instance, PE might collect this information if it believes that the individual (or the organisation they work for) would like to receive information about PE services and products, or that they might be likely to consider information about PE and the work it does.

    Use and disclosure

    PE only uses personal information in contact, customer, client, member lists for the purpose of operating PE services and products contributing to health outcomes and healthcare consumer benefits.

    PE does not give personal information about an individual to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

    PE uses a number of online channels, including social networking services, to communicate with individuals and organisations with an interest in the healthcare community and activities. The use of these services is governed by the online channel’s Terms and Conditions and Privacy Policies. Users may be required to supply some personal information such as name and email address to use these channels to communicate with PE. Using these services to communicate with PE may make some personal information visible to PE and third parties.

    Data quality

    PE maintains and update personal information in its contact, customer, client, and member lists when advised by individuals that their personal information has changed. PE also regularly audit contacts lists to check the currency of the contact information and will remove contact information of individuals who advise us that they no longer wish to be contacted.

    Data security

    The personal information in the contact, customer, client, member lists is stored in password protected electronic media. When no longer required, personal information in contact, customer, client, member lists are destroyed in a secure manner.

    Routine access to contact, customer, client, member lists is limited to PE’s database operators who have responsibility for maintaining the contact, customer, client, member lists. Other staff members have access to the personal information in contact, customer, client, member lists on a need to know basis.

    Access and correction

    For information about how to access or correct personal information in our contact, customer, client, member lists see ‘Access and correction’ in Part A of this document.

    Part C — Information collected online by PE

    Collection

    It is PE’s usual practice to collect information about all visitors to and members or clients of our online resources.

    Sometimes PE use third party platforms to deliver information. These are sites hosted and managed by organisations other than ourselves. Before deciding if you want to contribute to any third party site you should read their privacy policy.

    There are several methods and packages that PE uses to collect visitor behaviours on each of our online platforms. PE uses Google Analytics on our websites. Information and data collected through Google Analytics is stored by Google on servers in the United States of America, Belgium and Finland. You can opt out of the collection of information via Google Analytics by downloading the Google Analytics Opt-out browser add on.
    When visiting any of our online resources, our metric tools may collect the following information about your visit for statistical purposes:

    • server address
    • top level domain name (for example .com, .gov, .au, .uk etc.)
    • the date and time of your visit to the site
    • the pages you accessed and documents downloaded during your visit
    • the previous site you visited
    • if you’ve visited our site before
    • the type of browser used.

    PE records this data to maintain its server and improve its services. PE does not use this information to personally identify anyone.

    When visiting any of our online resources we will collect and store on behalf of members / users, information that members / users have provided to their digital platform or has been collected for them on their request.

    Cookies

    Most of PE’s online platforms use sessions and cookies. The core functionality on these platforms will be largely unaffected if cookies are disabled in the user’s internet browser but this may also disable access to some advanced functions.

    Use and disclosure

    PE does not give personal information collected online to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

    Data quality

    PE will delete or correct any personal information that its hold about an individual on request.
    If on one of PE’s automated email lists, an individual may opt out of further contact from PE by clicking the ‘unsubscribe’ link at the bottom of the email.

    Data security

    There are inherent risks in transmitting information across the internet and PE does not have the ability to control the security of information collected and stored on third party platforms. In relation to its own servers, PE takes all reasonable steps to manage data stored on our servers to ensure data security.

    Access and correction

    For information about how to access or correct personal information collected on our website please review Part A of this document – Access and Correction.

    TOP