Privacy Policy

Date of Last Revision: 12 November 2014

1. Background

HPS Services Pty Ltd (ACN 160 438 559) (HPS, we, us, our) provides pharmacy services to health facilities around Australia, including public and private hospitals, cancer centres, correctional facilities, fertility and IVF clinics and veterinary clinics.

We are a separate organisation to the network of HPS pharmacies that provide products and services (such as pharmaceutical products and medical equipment) to patients. Our network of pharmacies have their own privacy policy, which we encourage you to read.

HPS is committed to protecting privacy, in accordance with applicable Australian privacy laws.

This Policy is designed to give you a greater understanding of how we collect, use, disclose and otherwise handle personal information. For users of our website (at www.hps.com.au), this Privacy Policy is deemed to be incorporated into the HPS website terms and conditions of use, which should be read together with this Privacy Policy.

A copy of this Privacy Policy is available on our website or you can request a copy by contacting our Privacy Officer (details under heading 11 below).

Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable (for example, your name, email address and phone number).

We are required to comply with the Australian Privacy Principles (APPs) in the Privacy Act. The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, security, accessibility and disposal.

We are also required to comply with more specific privacy legislation in some circumstances, such as:

  • applicable State and Territory health privacy legislation when we collect and handle health information in the relevant jurisdiction; and
  • the Spam Act and the Do Not Call Register Act.

We are generally exempt from the Privacy Act when we collect and handle employee records and this Privacy Policy does not apply to that information. However, where State or Territory health privacy legislation applies, we are still required to protect the privacy of employee health information. This Privacy Policy will apply in those circumstances. [/spoiler]

2. What we collect

The type of personal information that we collect about you depends on the type of dealings you have with us. For example, if you:

  • represent a corporate client (such as a hospital, correctional service facility, oncology centre, fertility or IVF service, veterinary clinic or health facility), we will collect your name, address, contact details (including phone number and email address), details of your organisation, payment details and details of the products and services we have supplied to your business
  • supply goods or services to us, we will collect your name, position, organisation, address, contact details (including phone number and email address) and payment details
  • attend one of our seminars or conferences, we will collect your name, organisation, contact details and a record your attendance at the relevant event
  • send us an enquiry or provide us with feedback, we may collect your name, contact details, details of your enquiry or feedback and information about our response
  • apply for a job with us, we will collect the information you include in your job application, including your cover letter, resume, contact details and referee reports

Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection, such as health information and information about professional membership. We only collect sensitive information where it is reasonably necessary for our functions or activities and either:

  • the individual has consented; or
  • we are required or authorised by or under law (including applicable privacy legislation) to do so.

For example, we may collect information about dietary preferences or disability needs if you attend one of our seminars or conferences.

When you visit our website, some of the information that is collected about your visit is not personal information, as it does not reveal your identity.

Site visit information
For example, we record your server address, the date and time of your visit, the pages you visited, any documents you downloaded, the previous site you visited and the type of device, browser and operating system you used.

We use and disclose this information in anonymous, aggregated form only, for purposes including statistical analysis and to assist us to improve the functionality and usability of our website. You are not individually identified, however we reserve the right to use or disclose this information to try to locate an individual where we reasonably believe that the individual may have engaged in any unlawful or inappropriate activity in connection with our website, or where we are otherwise required or authorised by law to do so.

Cookies
Our website uses ‘cookies’, which are small strings of information that a website transfers to your browser for identification purposes. Cookies may be used by us for a variety of purposes. For example, to recognise a computer which has previously visited our website and customise the website according to previous preferences and site behaviour. Cookies may also be used to manage security and store information about the type of browser being used.

The cookies we use do not identify individual users, although they do identify the user’s internet browser. We only use non-persistent cookies. That is, they are held on your browser’s memory only for the duration of your session.

Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website. More information about cookies can generally be found in the “Help” or similar section of your computer’s internet web browser.

Web beacons
Like many websites, our website may also use web beacons (also known as pixel tags, spotlight tags or web bugs) to improve our understanding of site traffic, visitor behaviour, and to respond to promotional campaigns. These are a supplement to our server logs and other methods of traffic and response measurement. We may also implement pixel tags provided by other companies, for the same purpose. Information collected through the use of web beacons on our website is not linked to personal information.

We will provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name.

For example, you can access our website and make general phone queries without having to identify yourself.

In some cases however, if you don’t provide us with your personal information when requested, we may not be able to provide you with the product or service that you are seeking.

3. How we collect personal information

We collect personal information in a number of ways, including:

  • in person (for example, in a meeting with you)
  • through our website (for example if you complete our “Feedback” or “Contact our Customer Service Team” form)
  • over the telephone
  • through written correspondence (such as letters, faxes and emails)
  • on hard copy forms (for example, surveys)
  • through surveillance cameras

Where we collect personal information about you, we will take reasonable steps to provide you with certain details about that collection (such as why we are collecting the information and who we may share it with). We will generally include this information in a collection notice.

Collection notices provide more specific information than this Privacy Policy. The terms of this Privacy Policy are subject to any specific provisions contained in collection notices and in the terms and conditions of particular offers, products and services.

Unsolicited personal information is personal information we receive that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement).

We may keep records of unsolicited personal information if the Privacy Act permits it (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

4. Why we collect personal information

The main purposes for which we collect, hold, use and disclose personal information are to:

    • provide products and services to our clients
    • charge clients for the products and services we provide
    • obtain products and services from you if you are a supplier to us, including paying you for those products and services
    • monitor the quality and safety of our services and products
    • meet our legal and regulatory obligations (for example, by reporting adverse events as required under the Therapeutic Goods Act 1989 so that those events can be entered into the Australian Adverse Drug Reactions System)
    • conduct seminars or conferences and provide educational information
    • promote ourselves and our products and services, including through direct marketing, events and competitions (see under heading 4.2 below)
    • distribute our publications (including our fortnightly e-newsletters, Drugline and Knowledge Centre, our quarterly magazine, Newsline and the as required e-bulletin, DrugAlert)
    • perform research and statistical analysis, including for customer satisfaction and product improvement purposes
    • facilitate our internal business operations, including research, planning, product and service development and testing
    • protect the security of our offices, staff, clients and the property held on our premises
    • answer queries and resolve complaints
    • recruit staff and contractors

We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or:

  • which are required or authorised by or under law (including, without limitation, privacy legislation); and
  • for which you have provided your consent.

We may use your personal information to let you know about us and our products and services (including promotions, special offers and events), either where we have your express or implied consent, or where we are otherwise permitted by law to do so. We may contact you for these purposes in a variety of ways, including by mail, email, SMS, telephone, online advertising or facsimile.

Opting out
Where you have consented to receiving marketing communications from us, your consent will remain current until you advise us otherwise. However, you can opt out at any time, by:

  • contacting us (details under heading 10 below)
  • advising us if you receive a marketing/sales call that you no longer wish to receive these
  • using the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMSes)

Notification of source
If we have collected the personal information that we use to send you marketing communications from a third party (for example a direct mail database provider), you can ask us to notify you of our source of information, and we will do so, unless this would be unreasonable or impracticable.

5. Who we may share your personal information with

We may share your personal information with third parties where appropriate for the purposes set out under heading 4, including:

  • our related bodies corporate
  • relevant regulatory authorities (such as the Therapeutic Goods Administration and State and Territory health authorities)
  • financial institutions for payment processing
  • referees whose details are provided to us by job applicants
  • third parties acquiring or wishing to acquire, or making inquiries in relation to acquiring, an interest in HPS or pharmacies in the HPS network
  • our contracted service providers, including:
    • information technology and data storage providers
    • function and event organisers
    • marketing and communications agencies
    • research and statistical analysis providers
    • call centres
    • mail houses
    • delivery and shipping providers
    • external business advisers (such as recruitment advisors, accountants, auditors and lawyers)

In each case, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.

6. Cross border disclosure of personal information

We do not currently disclose personal information to third parties located overseas. If this changes at some time in the future, we will comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information and this Privacy Policy will be amended accordingly.

7. Data quality and security

We hold personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in drawers and cabinets. Paper files may also be archived in boxes and stored offsite in secure facilities. We take reasonable steps to:

  • make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
  • protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
  • destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs.

You can help us keep your information up to date, by letting us know about any changes to your details, such as your address, email address or phone number.

The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our corporate premises, policies on document storage and security, personnel security (including restricting access to personal information on our systems to staff who need that access to carry out their duties), staff training and workplace policies.

Online credit card payment security
We process online credit card payments using a secure online BPOINT payment portal. All transactions processed by us meet industry security standards to ensure payment details are protected.

Website security
While we strive to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us by telephone or post (details under heading 11 below).

Third party websites
Links to third party websites that are not operated or controlled by us are provided for your convenience. We are not responsible for the privacy or security practices of those websites, which are not covered by this Privacy Policy. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.

8. Access and correction

Please contact our Privacy Officer (details under heading 11 below) if you would like to access or correct the personal information that we hold about you. We may require you to verify your identity before processing any access or correction requests, to make sure that the personal information we hold is properly protected.

9. Complaints

If you have a complaint about how we have collected or handled your personal information, please contact our Privacy Officer (details under heading 11 below), who will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week. If your complaint can’t be resolved at the first instance, we will ask you to submit the complaint in writing.

Complaints process
We will endeavour to acknowledge receipt of your written complaint within 5 business days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the relevant facts, locating and reviewing relevant documents and speaking to relevant individuals.

In most cases, we expect that complaints will be investigated and a response provided within 30 days of receipt of your written complaint. If the matter is more complex and our investigation may take longer, we will write and let you know, and tell you when we expect to provide our response.

If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner.

10. Our contact details

Please contact us if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details are set out below.

Mail:
HPS Privacy Officer
Morgan House
29 Alexander Avenue
Ashford
SA 5035

Email: privacy@hps.com.au

Telephone: 08 8177 8200

Further general information about privacy is available on the website of the Office of the Australian Information Commissioner at www.oaic.gov.au or by calling the OAIC’s enquiry line at 1300 363 992.

11. Changes to this policy

We may amend this Privacy Policy from time to time. The current version will be posted on our website and a copy may be obtained by contacting our Privacy Officer (details above).

Questions
If you have any questions about our Privacy Policy, please contact us.