Privacy Policy - Pharma To MarketPharma To Market

1. Purpose and Scope

Pharma To Market Pty Ltd and its overseas subsidiaries (herein after termed “PTM”). is committed to protecting the privacy of personal information. This Privacy Policy explains how PTM manages the personal information that we collect, use and disclose and how to contact us if you have any further queries about our management of your personal information. This Privacy Policy does not cover personal information collected or held by PTM about its current or prior employees. This Policy does not apply to aggregated information which summarises statistical information about individuals, and which does not include name, contact information, or any other information that would allow any particular individual to be identified.

PTM is required to comply with the Australian Privacy Act 1988 (“PACT”) and thirteen Australian Privacy Principles (“APPs”) (subject to the other provisions of PACT), the New Zealand Privacy Act (2020) and its thirteen Privacy Principles (“NZ PPs”), Singapore Personal Data Protection Act (PDPA), the Malaysia Personal Data Protection Act (PDPA), the Vietnam Decree on the Protection of Personal Data (PDPD) and the Thailand Personal Data Protection Act (PDPA) (each “an Act” and collectively “the Acts”) regulating the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.

Personal information is information or an opinion, in any form and whether true or not, about an identified individual, or an individual who is reasonably identifiable.

2. Policy Statement

PTM is committed to protecting the privacy of personal information and will collect, use, disclose and manage personal information in accordance to the relevant Act(s).

Prior to the commencement of all projects that require or facilitate the disclosure of Personal or Sensitive Information from and to third parties (e.g. a patient, a Health Care Professional or a member of the general public), Pharma To Market will follow the directions in a Client Agreement, if it requires measures over and above this Privacy Policy.

3. Personal and Sensitive Information

3.1 Personal Information:

Personal information includes a broad range of information, or an opinion, that could identify an individual including but not limited to name, signature, identity card number, passport number, physical address, email address, phone number and any other contact details.

3.2 Sensitive Information:

Sensitive information is personal information that includes information or an opinion about an individual’s:

racial or ethnic origin
political opinions or associations
religious or philosophical beliefs
trade union membership or associations
sexual orientation or practices
criminal record
health or genetic information
some aspects of biometric information
other information as defined in the relevant Act(s)

3.3 Health Information:

Health information is part of Sensitive Information to relevantly include:

the health or a disability (at any time) of an individual; or
an individual’s expressed wishes about the future provision of health services to him or her; or
a health service provided, or to be provided, to an individual; that is also personal information; or
other personal information collected to provide, or in providing, a health service; or
other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual
other information as defined in the relevant Act(s)

PTM will only collect sensitive information if the individual about whom the information relates has consented to the collection of the information or if the collection is otherwise permitted under the relevant Act(s).

4. Collection of Personal Information by Pharma to Market

4.1 Informed Consent

When PTM receives Personal Information directly from an individual that is classified as sensitive information, PTM will take reasonable steps to notify the individual how and why their information has been collected; who it may be disclosed to; along with providing details regarding how the individual can access the information in the future, request a change to the information or make a complaint. Sometimes PTM will collect personal information from individuals other than those of which the information relates (e.g., a Health Care Professional or carer). In these cases, PTM will attempt to verify if consent has been provided before retaining any personal information.

If PTM cannot verify if consent has been provided or in those cases where consent has not been provided, PTM will ensure that the personal information is de-identified.

To the extent required by the Act(s):

PTM will not collect personal information about you unless that information is reasonably necessary for one or more of our functions or activities;
PTM will collect personal information only by lawful and fair means;
When PTM collects personal information directly from you, we will take reasonable steps at or before the time of collection to ensure that you are aware of certain key matters, such as the purposes for which we are collecting the information, the organisations (or types of organisations) to which we would normally disclose information of that kind, the fact that you are able to access the information and how to contact us (or example, where personal data is collected on a form, we will generally include a written privacy statement on the form which sets out these details);
PTM will collect your personal information directly from you where it is reasonable and practicable to do so. Where PTM collects information about you from a third party, we will still take reasonable steps to ensure that you are made aware of the details set out above.

5. Anonymity and/or the use of a Pseudonym

An individual may choose to remain anonymous. In these situations PTM may not be in a position or able to interact with an individual who chooses to remain anonymous or be identified using a pseudonym. PTM will generally provide individuals with the option of not identifying themselves, or of using a pseudonym, when entering transactions when it is lawful and practicable to do so.

5.1 Potential Consequences of not providing personal information

If individuals don’t provide personal information to PTM, PTM may not be able to:

provide the required service levels agreed with the Client;
provide our products or services to the individual or his/her organisation
verify an individual’s identity or protect against fraud;
respond to, handle, and process queries, requests, applications, complaints, and feedback from the individual

6. Use and Disclosure of Personal Information by Pharma to Market

6.1 General

If PTM uses or discloses your personal information for a purpose (the “secondary purpose”) other than the main reason for which it was originally collected (the “primary purpose”), to the extent required by the relevant Act(s), we will ensure that:

the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that PTM would use or disclose your information in that way; or
you have consented to the use or disclosure of your personal information for the secondary purpose; or
the use or disclosure is required or authorised by or under law; or
the use or disclosure is otherwise permitted by the relevant Act(s) (for example, as a necessary part of an investigation of suspected unlawful activity).

6.2 Access and use of PTM Website and transmission of personal information to PTM via email or website

Our corporate website at www.pharmatomarket.com allow a user to submit queries, requests, event registrations and feedback to us (including personal information) via webforms. We will use that personal information respond to, handle, and process queries, requests, registrations, and feedback from the user. We will not use a user’s personal information for any other purpose, unless consent has been given by selecting the “tick” box(es) on the webform.

6.2.1 Use of Cookies

Our Website may place and access certain cookies on your computer and/or any other electronic device used to access the Website. We use cookies to improve your experience, monitor browsing preferences and help us analyse data about webpage traffic in order to make website improvements and for statistical analysis purposes. Most internet browsers allow you to turn off or delete cookies. Should you do so, you may not be able to experience all of the features of our website.

Users of our Website are advised that if they wish to deny the use and saving of cookies from our Website onto their computers and/or other electronic devices, they should take the necessary steps within their internet browsers’ security settings to block all cookies from the Website.

6.2.2 IP Addresses

When you visit our website, our website server may record your IP address together with the date, time and duration of your visit. We may use this information to compile statistical data on the use of our website to track how users navigate through this website.

6.2.3 Third Party Websites

Our website may contain links to third party sites whose data protection and privacy practices may differ from ours. PTM is not responsible for any information that is submitted to or collected by these third parties. PTM is not responsible for the content and privacy practices of these other websites. You are advised to read the privacy policy or statement of such third party websites before using them.

6.3 Events

Personal information collected from attending or exhibiting at conferences, tradeshows or training sessions or from conducting on-site or virtual events will be handled in accordance with this Privacy Policy.

6.4 Our customers and our vendors

In accordance with commonly accepted business practices, we collect and use the contact details of individuals who are employees, vendors, customers, and contractors of our corporate and other organisational customers. We use this information to provide requested services to them and to advise those individuals of additional products, services and information that may be of interest, if consent has been obtained.

6.5 Product enquiries during delivery of services

PTM offers product enquiry phone line(s) during delivery of services for PTM’s Clients. If you call any of such phone lines we will collect personal information from you to answer your enquiry and to contact you later if that is necessary. We will not disclose identifiable personal information about you to any other person except where required by law, or in order to provide the services as per agreement with Clients.

6.6 Collection and use of unsolicited personal information

Individuals may choose to share personal information that has not been requested by PTM during an interaction (referred to as ‘unsolicited information’), or it may have been shared with PTM in error.

If PTM receive unsolicited Personal Information, PTM will ascertain if the information is deemed necessary to carry out PTM services on behalf of any PTM’s Client. If the information is deemed necessary, it will be treated as per this privacy policy. If the information is not deemed necessary it will be deleted, destroyed or de-identified.

6.7 Personal Information of EU Citizens

Any personal data received from EU-citizens will be handled in accordance with the General Data Protection Regulation (GDPR). EU citizens can submit your request in writing or via email to PTM at the contact details provided below at any time to:

Ask what personal data we are collecting and how it is being used (“Right to be Informed”)
Unsubscribe from any of our emails at any time (“Right to Object”)
Access the personal data we have collected about you (“Right to Access”)
Ask us to correct any inaccurate personal data (“Right to Rectification”)
Request we export your personal data in an electronic format (“Right to Data Portability”)
Request us to restrict processing of specific types of personal data (“Right to Restrict Processing”)
Opt out of having your personal data used for profiling and in automated systems (“Rights in Relation to Data Profiling”), and
Ask for your personal data to be deleted (and be provided with an audit trail if requested) and third parties to stop using the data (“Right to be Forgotten”)

7. Data Quality and Security

To the extent required by the relevant Act(s), PTM will take reasonable steps to:

make sure that the personal information that we collect, use and disclose is accurate, complete and up to date.
protect the personal information that are in our possession or under our control from misuse, interference and loss and from unauthorised access, modification or disclosure; and
destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the relevant Act(s).

8. Notification of Data Breaches

If a data breach occurs, PTM will action the appropriate steps to reduce or prevent the chance that the individual(s) experience any harm.

If PTM is successful in resolving the data breach, and the data breach is not likely to result in serious harm, the individual(s) will not necessarily be informed of the data breach as per OAIC and New Zealand Privacy Commissioner or local equivalent authorities/agencies’ guidelines.

Examples of serious harm include:

identity theft, which can affect your finances and credit report
financial loss through fraud
a likely risk of physical harm, or intimidation, such as by an abusive ex-partner, including family violence
psychological, or emotional harm
serious harm to an individual’s reputation

Pharma To Market will inform the client regarding the data breach within 1 business day of identification. A CAPA will be developed to document investigation and corrective & preventive action.

8.1 Australia

In Australia, under the Notifiable Data Breaches scheme, PTM will, within 30 days, notify affected individuals and the OAIC (Office of the Australian Information Commissioner) of any data breach that is likely to result in serious harm to an individual(s) whose personal information is held by PTM.

8.2 New Zealand

In New Zealand, under the Privacy Act 2020, PTM will, within 72 hours, notify affected individuals and the Privacy Commissioner of any data breach that is likely to result in serious hard to an individual(s) whose personal information is held by PTM.

8.3 Singapore

In Singapore, PTM will assess whether the data breach is notifiable under the Personal Data Protection Act (“PDPA”) within 30 calendar days.

Upon determining that the data breach is notifiable under the PDPA, PTM will:

notify to the Personal Data Protection Commission (“PDPC”) as soon as practicable, but in any case, no later than 3 calendar days and
where required, notify affected individuals under the Data Breach Notification Obligation as soon as practicable, at the same time or after notifying the PDPC.

8.4 Vietnam

In Vietnam, PTM will notify the Cybersecurity Department within 72 hours of the occurrence of any data breach. PTM will also notify affected organizations and individuals of the data breach if the data breach causes significant loss to the legitimate rights and interests of the affected Vietnamese persons.

8.5 Thailand

In Thailand, PTM will report the data breach to the Regulator without undue delay, and in any event, if feasible, within 72 hours of becoming aware of it. PTM will also, without undue delay, notify the data subjects of the breach and the remedial measures if the breach is likely to result in high risks to the rights and freedoms of individuals.

9 Transfer of Personal Information Overseas

If PTM transfers your personal information outside of Australia, New Zealand, Singapore, Malaysia, or Thailand as may be necessary for any of the purposes stated above, we will comply with requirements of the relevant Act(s) that relate to transborder data flows. Requisite obligations to comply with relevant legislation concerning personal information transferred to such third parties are mentioned in agreements signed with them.

If personal information transferred to overseas client sites because of the delivery of services for a PTM’s Client, information will be transferred according to the PTM Client’s instructions and/or agreements signed with the Client. In cases where there is no clear guidance on how to transfer personal data to overseas client sites, PTM redacts personal information before sharing with overseas client sites.

The corporate and product websites administered by PTM use servers that are hosted in Australia that are controlled by one or more related bodies corporate of PTM. Those related bodies corporate provide information technology assistance to PTM and will not use any personal information stored on those servers for any other purpose of their own.

10. Storage of Personal Information

PTM stores documents containing personal information in hard copy and in electronic format. PTM will take reasonable steps to protect personal information from unauthorised access or disclosure, misuse, interference, modification or loss.

PTM has specific document storage security policies and employs security measures to protect personal information in our possession or under our control, including:

Requiring all employees to sign employment agreements with personal information protection obligations and to follow PTM’s IT policies
Keeping up to date with the latest advice from Australian Cyber Security Centre or local equivalent
Securing mobile phones, laptop, data storage devices and remote desktop clients
Ensuring all devices, VPNs and firewalls are updated regularly with most recent security patches
Using work/official email account not personal accounts for all work-related emails
Implementing multi-factor authentication for remote access systems and resources

In some cases, PTM uses third-party data storage providers. In these cases, PTM requires that contractual arrangements are in place with the providers to ensure that the provider takes or has taken appropriate measures to protect that information.

11. Retention of Personal Information

PTM only stores Personal information for as long as it is required in order to meet contractual obligations or to meet obligation in relation to regulatory guidelines or legislation. PTM is also required by health legislation to retain some personal information for a specified time period (e.g., Health Records Act in Australia).

As soon as it is reasonable to assume that the purpose for which that personal information was collected is no longer being served by retention of the personal information; and retention is no longer necessary for legal or business purposes, PTM shall cease to retain our documents containing personal information by using a secure destruction procedure, or remove the means by which the personal information can be associated with particular individuals.

If the personal information is in PTM’s possession because of the delivery of services for a PTM’s Client, all personal information is returned to the client or disposed or de-identified according to the PTM Client’s instructions.

12. Access and Correction of your Personal Information

Please contact PTM if you would like to access or correct the personal information that we hold about you. PTM will generally provide you with access to your personal information if practicable and will take reasonable steps to amend any personal information that is incorrect. In some circumstances, PTM may not permit access to your personal information (Retrieval fee may apply), or may refuse to correct your personal information, in accordance with relevant law.

PTM Clients may not provide access to Personal Information of projects when:

there is perceived threat to life or public safety
access would be deemed unlawful
the information wouldn’t be ordinarily accessible because of legal proceedings
there is an unreasonable impact on other individuals
it would be likely to harm the activities of an enforcement body (e.g., the police)
the request is frivolous or
it would harm the confidentiality of PTM’s commercial information.

13 Contact PTM

Please contact PTM if you have any queries about the personal information that PTM holds about you or the way we handle that personal information:

Australia

Email: info@pharmatomarket.com

Address:

Pharma To Market Pty Ltd

Level 2, 8 Clunies Ross Ct,

Brisbane Technology Park,

Queensland 4113, Australia

Contact Number: +61 (0)7 3122 9979

Singapore Data Protection Officer

Email: info@pharmatomarket.com

Address:

Pharma To Market Pte. Ltd.

230 Victoria Street, #15-01/08, Bugis Junction Towers, Singapore 188024

Contact Number: +65 9148 8958

Malaysia Data Protection Officer

Email: info@pharmatomarket.com

Address:

Pharma To Market Sdn. Bhd.

19B, Jalan Tapah Off Jalan Goh Hock Huat, 41400 Klang, Selangor, Malaysia

Contact Number: +60 11 5682 3357

Thailand Data Protection Officer

Email: info@pharmatomarket.com

Address:

Pharma To Market Co., Ltd.

1108/31 Sukhumvit Road, Phrakanong, 10110 Klongtoei, Bangkok 10110, Thailand

Contact Number: +65 9148 8958

Vietnam Data Protection Officer

Email: info@pharmatomarket.com

Address:

THE REPRESENTATIVE OFFICE OF PHARMA TO MARKET PTE. LTD. IN HO CHI MINH

Room 4.57, 4th Floor, block OT-X0 Sunrise City North Building, no.27, Nguyen Huu Tho Str.,Tan Hung Ward, Dist.7, Ho Chi Minh City, Vietnam

Contact Number: +65 9148 8958

14. Further Information

Further information about the Acts can be found at:

Australia: website of the Office of the Australian Information Commissioner, at http://www.oaic.gov.au
New Zealand website of the Privacy Commissioner, at https://www.privacy.org.nz/privacy-act-2020/privacy-principles/.
Singapore: website of the Personal Data Protection Commission, at http://www.pdpc.gov.sg
Malaysia: website of the Department of Personal Data Protection, at http://www.pdp.gov.my
Thailand: Personal Data Protection Act at https://www.mdes.go.th/mission/82

15. Complaints

Please contact PTM using the above details if you have any concerns or complaints about the manner in which your personal information has been collected or handled by PTM.

16. Changes to Privacy Policy

PTM may change this Privacy Policy from time to time. PTM also reserves the right to update this Privacy Policy as we expand our services and products.

17. Monitoring and Review

This Privacy Policy is reviewed on a biennial basis. It is to be tabled at the appropriate Management Meeting prior to the next review date, for input from management on items such as: opportunities for improvement; changes to legislations and, the effectiveness of the policy and its objectives.