Privacy Policy

 

ROCHE PRODUCTS PTY LIMITED PRIVACY POLICY


Introduction
Roche Products Pty Limited ("Roche") is committed to protecting your privacy. This applies to all personally identifiable information we receive, such as your name, address and telephone number. It also extends to sensitive information, such as information relating to a medical condition.

We take this stance not just to fulfill our legislative obligations under the Privacy Act 1988 ("the Act"), but also because we value your trust and our ongoing relationship.

This policy describes how we will abide by the National Privacy Principles ("NPPs") that form part of the Act. These principles relate to:

  1. Collection
  2. Use and Disclosure
  3. Data Quality
  4. Data Security
  5. Openness
  6. Access and Correction
  7. Identifiers
  8. Anonymity
  9. Transborder Data Flows
  10. Sensitive Information
  11. Contact

NPP 1. Collection
From time to time, it may be necessary to collect personal and/or sensitive information about you to fulfill one or more of our functions or activities. We will always undertake such collection by lawful and fair means and not in an unreasonably intrusive way.

Wherever reasonable and practicable, we will collect personal information directly from you. We will:

  1. identity ourselves
  2. explain to you why we have collected this information
  3. tell you with whom we might share this information
  4. inform you of how to gain access to any information we hold on you, including providing you with our contact details
  5. notify you if we are obliged to collect this information by law
  6. inform you of any major consequences to you if you do not provide all or part of the information required.

If we collect personal information about you from someone else, we will take reasonable steps to ensure that you are made aware of the matters listed above, in accordance with the provisions of the NPPs.

NPP 2. Use and disclosure
In certain circumstances, we will use or disclose your personal information for a purpose other than the main reason it was collected (i.e. a secondary purpose). These circumstances are when:

  1. the secondary purpose is related to the primary purpose of collection and you would reasonably expect us to use or disclose the information for that secondary purpose; or
  2. you have consented to the use or disclosure; or
  3. the information is not sensitive information and the secondary purpose is direct marketing and:
    • it is impracticable for us to seek your consent before that particular use; and
    • you have not requested that we do not send you direct marketing communications;
    • we provide you with the express opportunity to decline any further direct marketing communications at the time of first contact and thereafter upon request, and at no cost to you; or
  4. we reasonably believe that the use and/or disclosure is necessary to lessen or prevent a serious and imminent threat to an individual's life or health; or
  5. we have reason to suspect that unlawful activity has been, is being or may be engaged in, and we use the personal information as a necessary part of our investigation of the matter or in reporting our concerns to relevant persons or authorities; or
  6. it is required or specifically authorised by law; or
  7. it is reasonably necessary for the enforcement of the criminal law, a law imposing a pecuniary penalty, or for the protection of the public revenue.

NPP 3. Data Quality
We will take reasonable steps to make sure that the personal information we collect, use or disclose is accurate, complete and up-to-date.

NPP 4. Data security
We will take reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure.

If we no longer require personal information for any of the purposes for which it may legally be used or disclosed, we will take reasonable steps to destroy or permanently de-identify it.

NPP 5. Openness
In accordance with the Act, we have prepared this document which clearly expresses our policies on the management of personal information. We will continue to make it available to anyone who requests it.

Upon request, we will take reasonable steps to let you know, generally, what sort of personal information we hold on you, for what purposes, and how we collect, hold, use and disclose that information.

NPP 6. Access & Correction
In most circumstances, where we hold personal information about you, we will provide you with access to the information upon your request. The following are permissible exceptions under the Act:

  1. providing access would pose a serious and imminent threat to the life or health of any individual; or
  2. providing access would have an unreasonable impact upon the privacy of other individuals; or
  3. the request for access is frivolous or vexatious; or
  4. the information relates to existing or anticipated legal proceedings between us and yourself, and the information would not be accessible by the process of discovery in those proceedings; or
  5. providing access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations; or
  6. providing access would be unlawful; or
  7. denying access is required or authorised by or under law; or
  8. providing access would be likely to prejudice an investigation of possible unlawful activity; or
  9. providing access would be likely to prejudice:
    • the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; or
    • the enforcement of laws relating to the confiscation of the proceeds of crime; or
    • the protection of the public revenue; or
    • the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or
    • the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of its orders; by or on behalf of an enforcement body; or
  10. an enforcement body performing a lawful security function asks the organisation not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.

Where providing access would reveal evaluative information generated within Roche in connection with a commercially sensitive decision-making process, we may give you an explanation for the commercially sensitive decision rather than direct access to the information.

If we provide you with such an explanation and you believe that direct access to the evaluative information is necessary to provide a reasonable explanation of the reasons for the decision, we will, at your request, undertake a review of the decision. The review will be undertaken by personnel other than the original decision maker.

Wherever the provision of direct access is impractical or inappropriate, Roche and you should consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.

If we levy charges for providing access to personal information, those charges will not be excessive and will not apply to lodging a request for access.

If we hold personal information about you and you are able to establish that the information is not accurate, complete and up to date, we will take reasonable steps to correct the information so that it is accurate, complete and up to date.

If you and Roche disagree about whether the information is accurate, complete and up to date, and you ask us to associate with the information a statement claiming that the information is not accurate, complete or up to date, we will take reasonable steps to do so.

We will provide reasons for denial of access or correction.

NPP 7. Identifiers
We will not adopt as our own identifier an identifier that has been assigned by a government agency (or by an agent of, or contractor to, a government agency acting in its capacity as agent or contractor).

NPP 8. Anonymity
Wherever it is lawful and practicable, you will have the option of not identifying yourself when entering into transactions with us.

NPP 9. Transborder data flows
We will not transfer personal data outside Australia unless:

  1. we reasonably believe that the recipient of the information is subject to a statute, binding scheme or contract which effectively upholds principles for fair information handling that are substantially similar to these rules; or
  2. you consent to the transfer; or
  3. the transfer is necessary for the performance of a contract between you and Roche, or for the implementation of pre-contractual measures taken in respect to your request; or
  4. the transfer is necessary for the conclusion or performance of a contract concluded in your interest between Roche and a third party; or
  5. the transfer is for your benefit and, whilst it is not practicable to obtain your consent to that transfer, you would give consent if it were practicable; or
  6. we have taken reasonable steps to ensure that the information which we have transferred will not be collected, held, used or disclosed by the recipient of the information inconsistently with these rules.

NPP 10. Sensitive Information
We will not collect personal information about you which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or details of health, disability or sexual activity or orientation unless:

  1. you have consented; or
  2. the collection is required or specifically authorised by law; or
  3. the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the subject of the information is physically or legally incapable of giving consent; or
  4. the collection is necessary for the establishment, exercise or defence of a legal claim.

Despite the above, we are still allowed collect health information about you under the Act if:

  1. the information is necessary to provide a health service to you;and
  2. the information is collected as required by law (other than this Act) or in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality binding to us.
  3. the collection is necessary for any of the following purposes:
    • research relevant to public health or public safety;
    • the compilation or analysis of statistics relevant to public health or public safety;
    • the management, funding or monitoring of a health service; and
  4. that purpose cannot be served by the collection of information that does not identify you or from which the your identity cannot reasonably be ascertained; and
  5. it is impracticable for us to seek your consent to the collection; and
  6. the information is collected:
    • as required by law (other than this Act); or
    • in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation; or
    • in accordance with guidelines approved by the Commissioner under section 95A for the purposes of this subparagraph.

Contact Details
Should you wish to contact us in relation to any of the information contained within this Privacy Policy, or to seek access to information we may hold on you, you may do so by the following means:

By mail:
Privacy Officer
Roche Products Pty Limited
PO Box 255
DEE WHY NSW 2099


Links | Contact Us | Disclaimer | Privacy Policy