Privacy

Privacy Policy

1. General

1.1 Northpharm is committed to protecting your privacy and complying with its obligations under the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) and other laws that apply in respect of handling Personal Information

1.2 This Privacy Policy sets out how your Personal Information is collected, used, and disclosed by each of our entities, including:

(a) Kakadu Holdco Pty Ltd ACN 055 610 583;

(b) Kakadu Bidco Pty Ltd 682 917 228;

(c) Northpharm Pty Ltd ACN 091 327 123;

(d) Northpharm Services Pty Ltd (formerly known as Nhulunbuy Pharmacy Pty Ltd) ACN 670 424 370;

(e) Kongvic Palmerston No 2 Pharmacy Pty Ltd ACN 649 154 889.

(together, Kakadu, we, us, our).

1.3 We will update this Privacy Policy from time to time.  The current version will always be available on our website at https://northpharm.com.au/. 

1.4  In this Privacy Policy, we use the terms:

(a) ‘customers’ to refer to individuals who engage us to provide goods and services;

(b) ‘employees’ to refer to individuals who are employed by us to provide goods or services;

(c) ‘custodial patients’ to refer to individuals who receive our goods and services via our agreements with custodians, such as correctional facilities and mental health facilities;

(d) ‘suppliers’ to refer to individuals who provide us with goods or services, and individuals at businesses who provide us with goods or services;

(e) ’visitors’ to refer to individuals who engage with us on our website, or who enquire about our functions or activities via electronic means;

(f) ‘applicants’ to refer to individuals who apply for employment or other engagement with us; and

(g) we use the term ‘client’ to refer to businesses who engage us to provide goods and services and:

(i) ‘client personnel’ to refer to individuals at these businesses; and

(ii)  ‘client customers’ to refer to individuals who are patients or other customers of these businesses.

1.5 Most of our clients are independently owned and operated pharmacy businesses, who provide services direct to patients and other customers.

1.6 In some circumstances, you may belong to more than one of these groups, and multiple sections of this Privacy Policy will then apply to you.

2. What is Personal Information, and what do we collect?

2.1 ‘Personal Information’ is any information or opinion about you which personally identifies you or may reasonably be used to personally identify you, even if the information is not true, and whether or not it is in physical form.

2.2 ‘Sensitive Information’ is a subset of Personal Information and includes information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information, and biometric information (that is, data derived from your physical characteristics, such as a fingerprint) and biometric templates (that is, a stored digital template of biometric information, such as a fingerprint or retina scan).

2.3 The kinds of Personal Information we collect about you depends on our relationship with you, and we limit the information we collect to what is reasonably necessary for one or more of our functions or activities.  Generally, we will collect your name, commentary or opinion about you, and other information relevant to providing you with the information, goods and services (as applicable) you or someone on your behalf are seeking.

2.4 If you are a customer, we will also collect your contact details, business name, ABN (for sole traders and partnerships), date of birth, billing information, information about your role, marketing and communications preferences, and information related to your interactions with us.  We will also collect health information, including information about your existing medical conditions, allergies, family history, your current and formerly prescribed medications, Medicare details and private health care coverage.

2.5 If you are a custodial patient, we will also collect your date of birth and health information, including information about your existing medical conditions, allergies, family history, your current and formerly prescribed medications, Medicare details and private health care coverage.

2.6 If you are a supplier, we will also collect your contact details, ABN (for sole traders and partnerships), business name, bank account details (for payment of your invoices), and information about your role.

2.7 If you are a visitor, we will also collect your email address, information about your use of our website and the device you are using (including numbers that identify your device, IP address, geographic location of your IP address and device where that is relevant to the services and information we are providing, cookie information, and user preferences).  You may choose to enable or disable information you share with us via the website in your browser or device settings.  Disabling the sharing of some information may affect your ability to use certain features of the website, and your visitor experience generally.

2.8 If you are an applicant, depending on your potential or actual position with us, we will also generally collect your Personal Information contained within an application and CV/resume, employment history, personal information derived from a reference, personal information derived from an interview, personal information derived through testing (including psychometric or aptitude testing, as applicable), licences and other certificates and qualifications, and information included in a passport, birth certificate, visa or other documentation demonstrating your right to work in Australia.

2.9 If you are client personnel, we will also collect your contact details and information about your role.

2.10 If you are a client customer, we will also collect your date of birth and health information, including information about your existing medical conditions, allergies, family history, your current and formerly prescribed medications, Medicare details and private health care coverage.

2.11 We support your ability to make decisions about the Personal Information you provide to us, however if you choose not to provide us with the information requested, or it’s incomplete or inaccurate, we may not be able to provide you with the information, goods, and services you are seeking.  If you are an applicant, refusal to provide Personal Information may mean we are unable to process your application.

3. How we collect your Personal Information

3.1 We will generally collect Personal Information directly from you when you interact with us, such as in person, by email, by phone, by enquiry or feedback form, or via our website, social media channels, interviews (via any method), any of our standard forms (including application forms), contract negotiation, our employment and engagement application process, our surveys (where applicable), or any other means when you provide us with your Personal Information.

3.2 We may also need to collect Personal Information about you from third parties from time to time where it is necessary for us to do so and it is unreasonable or impractical to collect directly from you, where you have consented to us doing so, or where we are otherwise required to or authorised to by law.  Those third parties include:

(a) if you are a customer or custodial patient: from your medical practitioners, My Health Records, your private health fund, and third parties who are responsible for, or assist you with, your healthcare;

(b)  if you are a custodial patient: from the relevant custodian;

(c) if you are a customer or supplier: publicly available records such as the Australian Securities Investment Commission, Australian Business Register;

(d) if you are a visitor: technology service providers and social media platforms;

(e)  if you are an applicant: referees when they provide references, academic institutions or training and certification providers, providers of licence and background-checking services, recruiters and other service providers who assist in the engagement process, and other publicly available sources such as social media platforms; and

(f) if you are client personnel or a client customer from the client who is engaging us to provide goods and services.

3.3 If you provide us with Personal Information about someone else, you must ensure that you are authorised to disclose that information to us and that, without us taking any further steps required by applicable privacy laws, we may collect, store, use and disclose such information for the purposes described in this Privacy Policy.  Where we request you to do so, you must assist us with any requests by the individual to access or update the Personal Information you have collected from them and provided to us.

3.4 Except as otherwise permitted by law, we only collect Sensitive Information (which includes health information) about you if you consent to the collection of the information and if it is reasonably necessary for the performance of our functions and activities.  Consent may be implied by the circumstances existing at the time of collection.  There may also be circumstances under which we may collect Sensitive Information without your consent, as required or authorised by law.

3.5 We may interact with and collect Personal Information from vulnerable segments of the community.  We acknowledge and understand that vulnerable populations face unique privacy risks which may reinforce inequalities in our communities.

4. Why do we collect, hold, use and disclose your Personal Information?

4.1  We will generally collect, hold, use, and disclose your Personal Information if it is reasonably necessary for or directly related to the performance of our functions and activities and:

(a) to facilitate our internal business operations, including:

(i) establishing our relationship with you;

(ii) maintaining and managing our relationship with you, and communicating with you in the ordinary course of that relationship;

(iii) supplying you with information, goods and services;

(iv) updating your Personal Information, including destroying or de-identifying it when it is no longer relevant (to the extent applicable);

(v) fulfilling our legal requirements, both at law and under our contractual arrangements with you and others;

(vi) analysing our goods and services, and customer and supplier needs with a view to developing new or improved goods, services, and business operations;

(vii) conducting market research and monitoring use of our goods and services;

(viii) contacting you to ask for your feedback or a testimonial;

(ix) if you are a supplier: purchasing goods or services from you, and enquiring about your products and services;

(x) if you are a visitor or customer: streamlining and personalising your experience within our website, and tailoring our information, goods and services for you; and

(xi) if you are an applicant, considering your application with us.

(b) if it is necessary to lessen or prevent a serious threat to a customer’s life, health or safety or public health or safety;

(c) to provide you with information about other goods and services that we or our related entities and other affiliated organisations offer that may be of interest to you. You may unsubscribe from our mailing/marketing lists at any time by using the unsubscribe feature on any emails we send, or otherwise by contacting us in writing.  We do not use your Sensitive Information for direct marketing purposes;

(d) to de-identify and aggregate Personal Information about you and your use of our goods and services to improve the quality of our goods and services, and for research purposes.  After we delete Personal Information, we may retain de-identified and anonymised information (that can no longer be associated with you) and may continue to use this de-identified data indefinitely without further notice to you; and

(e) for any other purpose identified at the time of collection.

4.2 We may use or disclose Personal Information for secondary purposes where it would be reasonable to expect us to do so, and that secondary purpose is related (or directly related in the case of Sensitive Information) to the primary purpose set out above.

5. What happens if you do not provide your Personal Information?

5.1 If you do not provide us with certain information about yourself, we may be unable to provide a product or service to you. Please let us know if you have any concerns about providing personal information so that we can explain why we are collecting it and tell you about our privacy policy and information management practices.

6. Third party content

6.1 From time to time, we may include third party content on our websites, including third party links to websites, applications or resources, as well as embedded media such as videos, images and articles. We take reasonable measures to ensure we only include content from third parties who handle your personal information in a manner that meets or exceeds the standards required by the Privacy Act.  However, if you access third party content, you acknowledge that you do so at your own risk, and we cannot make representations or warranties regarding third parties’ privacy practices.  We encourage you to read the privacy policies and privacy collection notices of any third party resource you access via our website.

7. Use of cookies

7.1 Our website uses cookies.  A “cookie” is a small data file placed on your machine or device which lets our digital service store information.  The main purpose of cookies is to identify users to create a personal record of when a customer visits our website and to prepare customised web pages for them so that we may serve customers more effectively.  We may also use cookies to monitor the use of our website and digital services, like the numbers and frequency of visitors to our website, to help us improve our services by learning what our customers use and don’t use.  The information can also help us identify if there are any problems with our services that need fixing. 

7.2 Our websites also use a number of third party services that also utilise cookies. Use of your personal information by these third parties is also subject to their own privacy policies.  Please visit the relevant third party’s website for details on how they use your personal information collected from cookies.

7.3 You may refuse to accept cookies by selecting the appropriate setting on your internet browser.  However, please note that if you do this, you may not be able to use the full functionality of our websites.

8. Who we disclose Personal Information to

8.1 We generally disclose your Personal Information for the purposes for which it was collected (set out above).  We may disclose Personal Information about you to:

(a) our related entities;

(b) our employees, contractors, consultants and other parties who require the information to assist us with the purposes for which it was collected, and with establishing, maintaining or terminating our relationship with you;

(c) government departments and agencies where required by law;

(d)  third party service providers who assist us in operating our business and providing information, resources, goods and services to you or someone else on your behalf (including insurers, IT and technology service providers, recruitment providers, and professional advisers such as lawyers, accountants, and auditors);

(e) third parties to whom you have agreed we may disclose your information and where the information was collected from you (or from a third party on your behalf) for the purposes of passing it on to the third party;

(f) if you are a customer or custodial patient: your medical practitioners;

(g) if you are a custodial patient: the relevant custodian;

(h) if you are client personnel or a client customer: to the client who has engaged us to provide goods and services; and

(i) any other entity as otherwise required or authorised by law, including regulatory bodies.

8.2 We may expand or reduce our business, and this may involve the sale and/or transfer of control of all or part of our business. Personal Information, where it is relevant to any part of the business for sale and/or transfer, may be disclosed to a proposed new owner or newly controlling entity for their due diligence purposes, and upon completion of a sale or transfer, will be transferred to the new owner or newly controlling party to be used for the purposes for which it was provided.

9. Direct marketing

9.1 We will only send you direct marketing communications and information about our goods and services via mail or email with your consent (which may be implied in some circumstances).

9.2 If you do not provide your consent to receive direct marketing communications, you may opt-out of receiving marketing communications from us by contacting us at the details below or by using the opt-out facilities provided in our communications. 

9.3 If you opt-out from receiving any or all direct marketing communications, we will still communicate with you if required by law, or in relation to the products and services we provide to you.

9.4 We do not provide your Personal Information to other organisations for the purposes of their direct marketing and will not sell, rent, or lease our customer lists to third parties. Our practices in regard to our emails are designed to be compliant with anti-spam laws, including Australia’s Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).  If you believe you have received mail in violation of these laws or any other anti-spam law, please contact us using the contact information in this Privacy Policy

10. Overseas disclosure

10.1  We are assisted by a variety of external service providers to operate our business and to provide you or someone else on your behalf with the information and services sought.  Some of these service providers may be located overseas, and while there are too many to name, they include Microsoft located in the USA, and an outsourced business process provider in the Philippines.

10.2 We take reasonable steps to ensure these service providers have appropriate security for your Personal Information and use it only for the purposes for which it was collected.

11. How we store and protect Personal Information

11.1 We store your Personal Information in different ways, including in paper and electronic form.  We take all reasonable measures to ensure your Personal Information is stored on secure servers (which may be based in Australia or overseas) in a manner that reasonably protects it from interference, misuse and loss and from unauthorised access, modification or disclosure, including electronic and physical security measures, including:

(a) limiting access to the Personal Information we collect about you;

(b) only providing access to Personal Information once proper identification has been given; and

(c) requiring third party providers to have acceptable security measures to keep Personal Information secure.

11.2 When we no longer need your Personal Information for the purpose for which we collected it, we will take reasonable steps to destroy or permanently de-identify your Personal Information.  However, most of the Personal Information is or will be stored and kept by us for a minimum of seven years (unless legislation requires us to destroy or permanently de-identify it sooner).

11.3 Despite the reasonable steps we take to secure your Personal Information, if you provide any Personal Information to us via our website, email or social media accounts, or if we provide Personal Information to you by such means, the privacy, security and integrity of your Personal Information cannot be guaranteed during its transmission unless we have indicated beforehand that a particular transaction or transmission of information will be protected (for example, by encryption).

12. Accessing or correcting your Personal Information

12.1 You may access the Personal Information we hold about you, subject to certain exceptions.  If you wish to access your Personal Information, please contact us via the below:

• Email: contact@northpharm.com.au

• Phone: (08) 8945 4999

• Address: PO Box 42223 Casuarina NT 0811 Northpharm – Main Entrance Royal Darwin Hospital Rocklands Drive Tiwi NT 0810

12.2 There are no charges for requesting access to or the correction of your Personal Information, however we reserve our rights to charge you any reasonable administration fees associated with your request. We will notify you in advance of any applicable fees.

12.3 We endeavour to respond to those requests within 30 days, but will otherwise respond within a reasonable period. We may decline a request for access to Personal Information in circumstances prescribed by the Privacy Act.  If we decline a request for access, where reasonable, we will provide you our reasons and information about your ability to complain about such refusal.

12.4 If you are a custodial patient, client personnel, or a client customer, we may not be able to provide you with the requested information and in those circumstances will recommend that you contact the relevant custodian or client.

12.5 In order to protect the confidentiality of your Personal Information, details of your information will only ever be passed on to you where we are satisfied that the information relates to you.  Accordingly, we may request documentation from you which confirms your identity before passing on any Personal Information which relates to you.

12.6 We try to maintain your personal information as accurately as reasonably possible. We rely on the accuracy of personal information as provided to us both directly from you and indirectly.

12.7 If you believe the information we hold about you is incomplete, not up to date, or is inaccurate, please advise us as soon as practicable.  We will take reasonable steps to correct the information if we agree that it is incomplete, out of date, or inaccurate.  We will strive to process any request within 30 days.

13. Making a complaint

13.1 Complaints about our Privacy Policy or the way we handle your Personal Information should first be directed to us at the details set out above.

13.2 We will investigate and attempt to resolve your complaint in accordance with the Privacy Act. If you are not satisfied with the outcome of this process, then you may contact the Office of the Information Commissioner, Australia. To lodge a complaint, visit the ‘Complaints’ section of the Information Commissioner’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.

14. Further information

14.1  If you require any further information or have any queries regarding our Privacy Policy, please contact our Privacy Officer at the details set out above.

14.2 Should you wish to read more information on the Privacy Act, we recommend that you visit the website of the OAIC at www.oaic.gov.au.