Privacy Policy

1  Purpose

Pharma To Market Pty Ltd (Pharma To Market) is committed to protecting the privacy of personal information (also referred to as personal data). This Privacy Policy explains how Pharma To Market collects, uses, discloses, and manages personal information across its operations, including how individuals can access their data or make privacy-related complaints.

2  Scope

This Privacy Policy does not apply to information collected from current or former employees of Pharma To Market, nor does it apply to de-identified or aggregated data that cannot reasonably be linked to an identifiable individual.

This policy applies to personal information collected from:

• • • • Existing and prospective clients
      • Event participants (Pharma To Market-hosted or third-party)
      • Consumers, patients, health care professionals, and other individuals reporting adverse events or requesting medical information.

In the event of a conflict between applicable laws, precedence is given to the law of the jurisdiction from which the personal information originates.

3  Objectives

The objectives of this policy are to:

• • • • Ensure that Pharma To Market collects, uses, stores, discloses, and destroys personal information in compliance with all applicable privacy laws, including the Australian Privacy Act 1988 (Cth), the New Zealand Privacy Act 2020, the EU GDPR, and the UK GDPR.
      • Set clear expectations for team members, contractors, vendors, and clients on how personal information must be handled across all business operations.
      • Protect individuals’ privacy by promoting lawful, transparent, and secure information-handling practices.
      • Provide individuals with easy-to-understand information about how Pharm To Market manages personal data and how they may access, correct, or lodge complaints in relation to their personal information.

4  Responsibility

Directors

• • • • Ensure that Pharma To Market complies with applicable privacy legislation and relevant contractual obligations.
      • Approve the Privacy Policy and oversee its effectiveness as part of Pharma To Market’s governance framework.
      • Monitor privacy risks and ensure that Pharma To Market maintains adequate resources, systems, and controls to protect personal information.
      • Review significant privacy incidents, data breaches, and corrective actions where required.

Managers

• • • • Promote the Privacy Policy within their departments and ensure team members understand and comply with privacy requirements.
      • Ensure appropriate privacy controls are embedded into business processes, systems, client projects, and vendor arrangements.
      • Assess and manage privacy risks associated with new services, technologies, and data-handling activities (e.g., using AI, international transfers, event registrations).
      • Report suspected privacy incidents or data breaches immediately and support investigations, corrective actions, and notifications.

Team Members

• • • • Handle personal information in accordance with this Privacy Policy, relevant procedures, client agreements, and any applicable legislation.
      • Only collect, access, use, or disclose personal information where it is necessary for their role and authorised.
      • Immediately report any privacy concerns, errors, or suspected data breaches to the Business Operations Manager or a Co-Director.
      • Use approved systems and follow internal IT security requirements (e.g., MFA, secure storage, safe emailing).
      • Participate in privacy and security training as required.

5  Policy Statement

Pharma To Market is committed to protecting your personal information and handles it according to all relevant privacy laws.

Before starting any project that involves sharing personal or sensitive information with third parties (such as patients, healthcare professionals, or the public), Pharma To Market will follow the terms of the Client Agreement—especially if it includes extra privacy requirements beyond this policy.

6  Personal and Sensitive Information

6.1  Personal Information:

Personal information includes information or an opinion, true or otherwise, about an identified individual or one who is reasonably identifiable. Examples include names, email addresses, phone numbers, and physical addresses.

6.2  Sensitive Information:

Sensitive information is a subset of personal information that includes information or an opinion about an individual’s:

• • • • racial or ethnic origin
      • political opinions or associations
      • religious or philosophical beliefs
      • trade union membership or associations
      • sexual orientation or practices
      • criminal record
      • health or genetic information
      • marital status
      • tax identification numbers
      • some aspects of biometric information
      • other information as defined in the relevant Act(s)

6.3  Health Information:

Health information is considered Sensitive Information when it includes personal details such as:

• • • • A person’s health condition or disability (past, present, or future)
      • Their wishes about future health care
      • Any health service they have received or will receive
      • Information collected while providing a health service
      • Details related to donating body parts, organs, or substances
      • Genetic information that could predict the person’s or a relative’s health
      • other information as defined in the relevant Act(s)

Pharma To Market will only collect and use sensitive information with explicit consent or where required or permitted by law.

7  Collection of Personal Information by Pharma To Market

7.1  Informed Consent

If we collect sensitive personal information directly from you, we’ll take reasonable steps to let you know why we’re collecting it, who we might share it with, how you can access or update it, and how to make a complaint.

Sometimes, we may get your information from someone else (like a healthcare professional or carer). In those cases, we’ll try to confirm that you gave consent before keeping your information.

For non-sensitive personal information, we’ll only collect and use it with your consent (including implied consent if allowed by law), especially when you provide it in a report—like a safety or medical report about someone else. In such cases, we might share your contact details with our Client so they can follow up as required by law.

If we can’t confirm that consent was given, or if it wasn’t given, we’ll make sure the information is de-identified.

7.2  Lawful Basis for Processing:

We only collect and use your personal information when we have a legal reason to do so—this could include your consent, fulfilling a contract with you, or meeting legal obligations. We won’t collect your information unless it’s needed for our services or activities.

We’ll try to make sure you know why we’re collecting your information, who we might share it with, that you have the right to access it, and how you can contact us. For example, if we collect information through a form, we’ll usually include a privacy statement explaining these details. 

We prefer to collect your information directly from you when possible. If we get your information from someone else, we’ll still do our best to let you know the same key details.

8  Anonymity and/or the use of a Pseudonym

You may choose to stay anonymous or use a different name when dealing with Pharma To Market. However, in some cases, this means we may not be able to interact with you or provide certain services.

We will offer the option to remain anonymous or use a pseudonym when it’s legal and practical to do so.

8.1  Potential Consequences of not providing personal information

If you don’t share your personal information with us, we may not be able to:

• • • • Deliver the agreed level of service to our clients
      • Provide our products or services to you or your organisation
      • Confirm your identity or protect against fraud
      • Handle your questions, requests, applications, complaints, or feedback

9  Use and Disclosure of Personal Information by Pharma To Market

9.1  Using Your Information for Other Purposes

If we use your personal information for something different than why we first collected it, we’ll only do so if:

• • • • It’s related to the original reason (and directly related if the information is sensitive), and you would reasonably expect it;
      • You’ve given us permission;
      • It’s required or allowed by law; or
      • The law permits it, such as when we investigate illegal activity.

9.2  Website Use and Information You Send to Us

If you use our website www.pharmatomarket.com to submit questions, register for events, or give feedback, we’ll only use your personal information to respond to and process your request. We won’t use it for anything else unless you give us permission by ticking a box on the form

The corporate website administered by Pharma To Market uses servers that are hosted in Australia and are controlled by the PTM approved vendor.  The vendor provides web hosting and web design assistance to Pharma To Market and will not use any personal information stored on those servers for any other purpose of their own.

9.2.1  Use of Cookies

For more information, please request a copy of the Cookies Policy

9.2.2  Third Party Websites

Our website may contain links to third party sites whose data protection and privacy practices may differ from ours. Pharma To Market is not responsible for any information that is submitted to or collected by these third parties. Pharma To Market is not responsible for the content and privacy practices of these other websites.  You are advised to read the privacy policy or statement of such third party websites before using them.

9.3  Events

If you attend one of our events (like conferences, training sessions, or trade shows), we’ll handle your personal information in accordance with this privacy policy

9.4  Our customers and our vendors

In accordance with commonly accepted business practices, we collect and use contact details of people who work for our clients, suppliers, and partners. This helps us deliver services and let them know about products or updates—if they’ve agreed to receive them.

9.5  Product enquiries during delivery of services

When you call our product enquiry phone lines, we may collect your personal information to respond to your question and follow up if needed.

We won’t share your personal details with anyone unless required by law or as part of our service agreement with our clients.

For safety and quality activities (like Adverse Events, Medical Information, and Product Quality Complaints), our team may collect patient details such as initials, phone number, address, medical history, and test results. Sometimes, this information is sent to us by a reporter via email and may include full names or dates of birth.

Before we share any of this data with global safety teams, we remove or redact personal identifiers.

9.6  Unsolicited Information

If you give us personal information we didn’t ask for, we’ll check if it’s relevant to our work.

• • • • If it is, we’ll handle it according to this privacy policy.
      • If not, we’ll delete or de-identify it.

10  Personal Information from EU and UK Citizens

If you’re a citizen of the EU or the UK, we follow the General Data Protection Regulation (GDPR) and UK GDPR. You have the right to:

• • • • Know what personal data we collect and why
      • Unsubscribe from our emails
      • Access or correct your personal data
      • Ask us to send your data to you in a digital format
      • Limit how we use your data
      • Opt out of automated decisions or profiling
      • Request deletion of your data and stop others from using it

You can contact us anytime using the details in this policy to exercise these rights.

11  Transfer of Personal Information Overseas

Pharma To Market may transfer personal data across borders, in accordance with applicable laws and with Pharma To Market Client’s instructions and/or agreements signed with the Client.

• • • • For EU/UK data, Pharma To Market uses Standard Contractual Clauses, International Data Transfer Agreements, or other legally valid mechanisms.
      • For Australia/NZ, Pharma To Market complies with transborder data flow requirements of the relevant Acts.
      • Where no specific client instruction exists, Pharma To Market redacts personal information before international transfers.

All third parties receiving personal data are contractually required to ensure its protection.

12  Use of Artificial Intelligence (AI)

Pharma To Market may use AI and measures are taken to ensure the privacy of data before, during and after the use of such technology.  Fundamentally the following guidelines will be followed:

• • • • No personal/sensitive data is to be entered into AI tools unless approved and compliant with data protection requirements.
      • All AI-generated outputs must be validated by staff.

For more information, please request a copy of the Use of Artificial Intelligence Policy

13  Data Quality and Security

To the extent required by the relevant Act(s), Pharma To Market will take reasonable steps to:

• • • • Keep your personal information accurate, complete and up to date.
      • Protect your personal information from being misused, lost, or accessed, change or shared without permission and
      • Delete or de-identify personal information that is no longer needed for as permitted by the relevant Act(s).

If collected as part of services provided to a client, personal data is returned, destroyed, or de-identified per Client instructions.

14  Data Breaches

If a data breach occurs, Pharma To Market (PTM) will act quickly to reduce the risk of harm to anyone affected.

If the issue is resolved and the breach is not likely to cause serious harm, individuals may not be notified, following guidelines from the OAIC (Australia), New Zealand Privacy Commissioner, or other local authorities.

Examples of serious harm include:

• • • • Identity theft (e.g. stolen bank or credit details)
      • Fraud or financial loss
      • Risk of physical harm or threats (e.g. domestic violence)
      • Emotional or psychological distress
      • Serious damage to a person’s reputation

If the incident is a data breach and meets ‘serious harm’ criteria above PTM will inform clients within 1 business day of reporting to the Australian Cyber Security Centre (ACSC).

A Corrective and Preventive Action (CAPA) plan will be created to investigate the breach and prevent it from happening again.

14.1  Country-Specific Requirements

14.1.1  Australia

Under the Notifiable Data Breaches scheme, PTM will notify:

• • • • Affected individuals, and
      • The Office of the Australian Information Commissioner (OAIC) within 30 days, if the breach is likely to cause serious harm.

14.1.2  New Zealand

Under the Privacy Act 2020, PTM will notify:

• • • • Affected individuals, and
      • The New Zealand Privacy Commissioner within 72 hours, if serious harm is likely.

14.1.3  United Kingdom

Under the UK GDPR, if a breach is likely to risk the rights or freedoms of individuals, PTM will notify:

• • • • The UK Information Commissioner’s Office (ICO) within 72 hours, and
      • Affected individuals without delay, if there is a high risk of harm.

14.1.4  European Union

Under the EU GDPR, PTM will notify:

• • • • The relevant EU Data Protection Authority within 72 hours, and
      • Affected individuals without undue delay, if the breach is likely to result in a high risk to their rights or freedoms.

15  Storage of Personal Information

Pharma To Market keeps personal information electronically only. We take reasonable steps to protect your information from unauthorized access, misuse, loss, or changes.

To keep your information safe, we:

• • • • Require employees to agree to protect personal data and follow PTM’s  IT rules
      • Follow the latest advice from cybersecurity experts
      • Secure mobile phones, laptops, and storage devices
      • Keep all devices and security systems up to date with the latest updates
      • Use work email accounts only for work purposes
      • Use multi-factor authentication for remote access

Sometimes, we use third-party storage providers. When we do, we make sure they have contracts to protect your information properly.

16  Retention of Personal Information

We will only keep your personal information for as long as needed to fulfill contracts or follow laws and regulations. For example, some health laws in Australia require us to keep certain records for a set time.

When we no longer need your personal information for legal or business reasons, we will securely destroy it or remove any details that link it to you.

If we hold your personal information while providing services for a client, we will return it to the client or securely dispose of or anonymize it based on their instructions.

17  Access and Correction of your Personal Information

If you want to see or correct the personal information we hold about you, please contact Pharma To Market. We will usually give you access and fix any mistakes if it’s possible.

Sometimes, we may not allow access or correction, following the law (a fee may apply).

Our clients may refuse to share personal information in certain cases, such as:

• • • • If it could threaten life or public safety
      • If sharing would be illegal
      • If the information is part of legal proceedings and not normally available
      • If it would unfairly affect other people
      • If it could harm police or other enforcement work
      • If the request is unreasonable or pointless
      • If it would reveal confidential business information.

18  Contact PTM

Please contact Pharma To Market if you have any queries about the personal information that Pharma To Market holds about you or the way we handle that personal information:

Australia

Email: info@pharmatomarket.com

Address:
Pharma To Market Pty Ltd
Level 2, 8 Clunies Ross Ct,
Brisbane Technology Park,
Queensland 4113, Australia

Contact Number: +61 (0)7 3122 9979

19  Further Information

Further information about the applicable privacy laws can be found at:

• • • • Australia – Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au
      • New Zealand – Privacy Commissioner: www.privacy.org.nz/privacy-act-2020/privacy-principles
      • European Union (EU) – General Data Protection Regulation (GDPR): https://eur-lex.europa.eu/eli/reg/2016/679/oj
      • United Kingdom (UK) – UK GDPR: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/

20  Complaints

Please contact Pharma To Market using the above details if you have any concerns or complaints about the manner in which your personal information has been collected or handled by PTM.

21  Changes to Privacy Policy

Pharma To Market may change this Privacy Policy from time to time in accordance with legislative updates. Pharma To Market also reserves the right to update this Privacy Policy as we expand our services and products.

22  Monitoring and Review

This Privacy Policy is reviewed on a biennial basis.  It is to be tabled at the appropriate Management Meeting prior to the next review date, for input from management on items such as: opportunities for improvement; changes to legislations and, the effectiveness of the policy and its objectives.