Privacy Policy and GDPR Statement

Florey Medical Pty Ltd trading as FloMedical ABN 61 140 771 106

Updated August 2018

FLOMEDICAL understands that your privacy is important to you and is committed to complying with the GDPR, Privacy Act 1988 (Cth) and the Australian Privacy Principles in relation to all Personal Information that we collect from you. This policy describes our Privacy and Information handling practices.

This privacy policy:

  • Sets out how FLOMEDICAL stores, uses and discloses personal information
  • Relates to personal information collected by any means and by any technology
  • Outlines how FLOMEDICAL makes the personal information it holds available for access to and correction by an individual.

If you have any questions about this policy, please direct them to the FLOMEDICAL Privacy Officer at mflorey@flomedical.com.au.

FLOMEDICAL welcomes the EU General Data Protection Regulation (GDPR) in streamlining data protection requirements across the EU and to the extent applicable, will comply with applicable GDPR regulations.

The types of personal information that we may collect and hold

In the normal course of business activities, we will collect Personal Information from you.

The following are the types of your Personal Information that we may collect and hold:

  • personal details such as name, postal and email addresses, date of birth, contact details, or any other type of information that can reasonably identify an individual, either directly or indirectly;
  • If you subscribe to our website flomedical.com.au or register your interest, we will collect Personal Information such as your name, postal and email address, date of birth, contact details. We may also collect your details such as your name if you contact us through one of our social media pages.
  • If you order any products from us, we will also collect payment details, financial information for the purposes of processing your order. We do not keep a record of this information on file, nor use it for subsequent orders. The financial information is only used to process the order for which the information was provided for.

Although it is not our usual business practice, we may, on occasion, collect information from you that is considered to be Sensitive Information. Where this information is collected, it will only be used for the sole and specific purpose for which it was collected. FloMedical will not use Sensitive Information collected from you for any other purpose except with your express written consent.

How we collect Personal Information

We will only collect Personal Information by lawful and fair means.  Personal Information may be collected directly from you or your authorised representative, or may be collected from a third party such as a licensee or representative authorised by us to provide services to you.  You may supply your Personal Information to us when communicating with us in person, via social networks and other online channels.

We do not collect Personal and Sensitive information unless the information is reasonably necessary for our business functions or activities. We will obtain your consent before collecting any Sensitive Information.

By providing us with personal information, you consent to the supply of that information subject to the terms of this Privacy Policy.

The purposes for which the information is collected and held

We collect, hold and use your Personal Information so that we can provide our services to you.

Collection of your Personal Information allows us to provide you with information about our products or services. We may also make you aware of new and additional products, services and opportunities available to you.

We will use personal information only for the purposes that you consent to. This may include to:

  • provide you with products and services during the usual course of our business activities;
  • administer our business activities;
  • manage, research and develop our products and services;
  • provide you with information about our products and services;
  • communicate with you by a variety of measures including, but not limited to, by telephone, email, sms or mail; and
  • investigate any complaints.

If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.

The way in which we use and disclose Personal Information

We will use or disclose your Personal Information only for the purposes for which it was collected. We will use or disclose your information for a secondary purpose only if you have consented or if you would reasonably expect us to do so or as required by law.

We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this privacy policy.

We may use your Personal Information for the purposes of our own direct marketing, however we will ensure you have an ability to opt out of future such communications.

We may disclose your personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, legal proceedings or in response to a law enforcement agency request.

If we do disclose your personal information to a third party, we will protect it in accordance with this privacy policy.

If we experience a Data Breach

If FloMedical experiences a cybersecurity attack or a data breach, it will:

  1. immediately initiate its Data Breach Response Plan;
  2. take steps to protect your personal information from further disclosure;
  3. notify you of the breach as soon as practicable; and

notify the Office of the Australian Information Commissioner where required by law.

General Data Protection Regulation (GDPR) for the European Union (EU)

We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.  We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.

We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

Your rights under the GDPR

If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used.  We will comply  with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU

Except as otherwise provided in the GDPR, you have the following rights:

  • to be informed how your personal information is being used;
  • access your personal information (we will provide you with a free copy of it);
  • to correct your personal information if it is inaccurate or incomplete;
  • to delete your personal information (also known as “the right to be forgotten”);
  • to restrict processing of your personal information;
  • to retain and reuse your personal information for your own purposes;
  • to object to your personal information being used; and
  • to object against automated decision making and profiling.

Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.

We may ask you to verify your identity before acting on any of your requests.

Hosting and International Data Transfers

Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. This may include, but is not limited to the United States of America.

The hosting facilities for our website are situated in Utah, USA. Transfers to this county will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from our Data Protection Officer.

Our Suppliers and Contractorsare situated in United States of America, India, Israel, France and Romania. Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from our Data Protection Officer.

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

The steps we take to protect and keep secure the Personal Information we hold

We take reasonable steps to protect the Personal Information we hold against interference, loss, unauthorised access, use, modification or disclosure, and other misuse.

The steps we take include:

  • maintenance of computer technology, people and process based security measures for example firewalls, network security configurations, use of passwords and other appropriate measures where information is held in electronic form;
  • regular updates to security systems and configurations to protect our systems from malicious activity;
  • restriction of access to data to only those staff that need access to carry out our business activities;
  • training and ensuring that all our employees are required, as a condition of employment, to treat Personal Information held by us as confidential.

However, you should be aware that if you submit information to us electronically the internet is not a secure environment. We take reasonable steps to provide a secure channel for receiving information but cannot absolutely protect Personal Information before it reaches us.

When the Personal Information that we collect is no longer required, we will destroy, delete it in a secure manner, or ensure that the information is de-identified in accordance with our information destruction and de-identification policy, unless we are required by law to retain a copy of the Personal Information or the information is contained in a Commonwealth record.

Access and correction of Personal Information held by us

You have the right to seek access to any of your Personal Information held by us unless there is a valid reason under the Privacy Act for us to withhold the information.

If your personal details change, or you believe the information we hold about you is incorrect, incomplete or out-of-date, please contact us so that we can correct our records.

Requests for access or correction to Personal Information should be made under the Privacy Act and addressed to The FLOMEDICAL Privacy Officer. All requests for access or correction to Personal Information will be responded to in writing within a reasonable period of time. As part of this process we will verify the identity of the individual requesting the information prior to providing access or making any changes. If access or correction to your Personal Information is refused we will provide reasons for our refusal.

Mechanisms for complaint

We have procedures in place to deal with your inquiries or complaints.

If you have any questions about our policy or any complaint regarding the treatment of your privacy by us, please contact us at the respective addresses below.

The Privacy Officer
mflorey@flomedical.com.au

We will endeavour to respond to you within a reasonable time.  If you are still not satisfied with the way your complaint is handled by us, you are entitled to have your complaint reviewed under the Privacy Act.

Updates to this Policy

We reserve the right to amend this Policy from time to time.  Any revisions to the Policy will be posted on this website.

Google Analytics

We use Google Analytics to measure and analyse its internet usage to ensure the site meets business objectives with advertisers and users. Individual privacy is protected but we gain insights on how to make the site more useful for advertisers as well as our users.

Data collected from this analysis include:

  • the number of page views (or page impressions) that occur on our sites;
  • the number of unique visitors;
  • how long these unique visitors (on average) spend on our sites;
  • common entry and exit points to our sites;
  • files downloaded from the site; and
  • forms filled in on the site.

Cookies

Cookies are small data files that are sent from a website and stored in a user’s web browser. This website uses cookies to improve the user’s web browsing experience (e.g. language preference or selected locality).

If you wish to disable the cookies on this website you will need to follow the steps required for your preferred browser (e.g. In Internet Explorer 10 and 11 this can be found in the Privacy tab under Internet Options).

We currently advertise with Third party vendors, including Google, displaying ads on sites on the internet. These third party vendors, including Google use cookies to serve ads based on a user’s prior visits to our website. Some of the information gathered such as age, gender and interests might be used for marketing purposes. Users may opt out of Google’s use of cookies by visiting the Google advertising opt-out page  http://www.google.com/settings/ads