Privacy Policy

First published: 1 July 2018

Last Updated: 31 May 2021

  1. INTRODUCTION

This Privacy Policy applies to each company listed in Section 12 below ("Company", "us" or "we"). It explains how we collect, use and disclose information about you.

This Privacy Policy applies to information which identifies you, or from which you can reasonably be identified, such as but not limited to your full name, postal address, telephone number and email address ("personal information").  This Policy describes how we handle the personal information we collect when we provide our services. Our services include but are not limited to: Research & Development, clinical trials, patient monitoring, drug approval processes and applications, drug manufacturing and delivery, collaborating with other organisations, raising capital, interacting with the stakeholders, share registers and employees (collectively, "Company Services").

If you are located:

  • in the European Union (“EU”), you have additional rights under the EU General Data Protection Regulation (“GDPR”); or
  • in the United Kingdom (UK), you have additional rights under the UK Data Protection Act 2018, which implements the GDPR in the UK.

Details of those additional rights and how we address them are set out at the end of our Privacy Policy.

  1. OUR PRIVACY COMMITMENT

Privacy matters to us and we understand and acknowledge the importance of keeping your personal information secure.  We are committed to protecting your privacy, keeping your information safe and ensuring the security of your personal information.

  1. PRIVACY STATEMENT

This privacy statement explains how we collect, use, disclose and protect your information.  It applies to all businesses in the Noxopharm Group listed in Section 12.  It extends to both our control and processing of your personal information.  It also incorporates our credit reporting statement.

This policy first came into effect on 1 July 2018.  It has been updated over time and we will upload any updated version of our Privacy Policy on our website.

  1. WHAT INFORMATION DO WE COLLECT?

We collect personal information to provide Company Services and for our business operations. If you choose not to provide the information we request from you, we may not be able to provide you with the services you require. We describe the main types of personal information we collect and the main reasons why we collect that information below.

Registration Information is the information you provide to the Company when you register for or acquire a Company Service. This may include information you provide us to:

  • create an account;
  • post comments; or
  • enter a competition.

Information may include, your name, delivery or postal address, email address, telephone number, account details, credit card details, gender and birthday.

We may also collect information that you give to us when you or your representatives interact with us, for example, if you contact us regarding participating in the Company’s Compassionate Use Scheme or a clinical trial.  We also collect information when you use our products and services including from call centres and on-line services.  We collect information from outside sources such as the operator of our share registry, credit reports, marketing mailing lists and public information.  This may include information gained from our partners if you have interacted with them.  This may include business and commercial partners, credit reporting bodies, wholesale and other customers. Noxopharm collects information for requests about any Company information.

Billing and credit information.  We collect information relating to your financial transactions and history with us, such as your payment history, credit history and details of any products or services acquired from the Company.

Public Information and Posts include comments or content that you post to the online Company Services and the information about you that comes with those posts. This may include your name, user name, comments, likes, tweets, status, profile information and picture(s). Public Information and Posts are available to everyone who views our websites and may be displayed in search results on external search engines, even after you cancel your account with us.

Information from third party Social Media. If you access or log-in to a Company Service through a third party social media service or connect a Company Service to your social media profile, we may also include information from that social media service. This may include:

  • your user name for that service;
  • any information or content you have permitted the social media service to share with us (such as your profile picture(s), email address, followers or friends lists); and
  • any other information you have made public (including other posts you make using your social media profile).

We do not collect your social media profile password. When you access Company Services through your social media profile, or when you connect a Company Service to your social media profile, you authorise us to collect and handle your personal information in accordance with this Privacy Policy.

Activity Information – cookies and other technologies. When you visit the Company's websites (including to access and use Company Services) we may collect information about your visit. For example, in order to connect you to the Company Services, our servers receive and record information about your computer, device, and browser, which may include your IP address, browser type, and other software or hardware information. If you access the Company Services from a mobile or other device, we may collect a unique device identifier assigned to that device, geolocation data, or other transactional information from that device.

Information from Other Sources. We may supplement the information we collect about you with information from other sources. This may include information from publicly available sources (such as other published content) and data providers, as well as information from our business partners or related and affiliated companies in Australia or internationally.

Information in relation to other persons who deal with us. When you apply for a job or contract with us we may collect information about you to help us decide whether to offer you the job or contract. For example, we may collect information about how to contact you, your education or work history, or other information included in your CV or résumé. We may collect this information from you, or from any recruitment consultant, your previous employers, or other referees. This Privacy Policy does not apply to our collection, use and disclosure of information:

  • we hold about you once you become an employee;
  • we keep after your employment relationship with us ends,

where that collection, use or disclosure relates to your employee relationship with us and the records we hold about you as an employee.

The Company also collects personal information about our suppliers and individuals employed by our suppliers (including service and content providers); medical institutions and contract research organisations (both of which may conduct clinical trials using the Company’s products); contractors; dealers; related companies; agents and corporate customers. We will explain why we are collecting this information and how we will use that information, unless it obvious from the circumstances.

Please note that the Company does not collect ordinarily any personal information of patients involved in clinical trials using our products.

  1. HOW DO WE USE YOUR INFORMATION?

We use the information we collect about you to provide Company Services to you. As part of our service to you we may use your personal information:

  • to fulfil administrative functions associated with these services (for example billing, credit and account management);
  • to enter into contracts with you or third parties;
  • to measure and improve Company Services and their individual features;
  • to improve your experience by delivering content we think you will find relevant, helpful or interesting;
  • to comply with our legal and regulatory requirements; and
  • to respond to your enquiries.

When we collect your information, we may explain that we will use and disclose your information in other ways.

We may also remove certain information or alter the information we collect about you so you can no longer be identified from that information. We do this so that we can use it or disclose it to third parties for other purposes.

We use the information we collect about you for the following additional purposes:

Research and data analysis. We may also use your information for research and data analysis to improve Company Services. We may do this research or engage a service provider to do this.

To allow service and content providers to assist us in providing and managing the Company Services. We may make your information available to certain third party service and content providers who help us manage or provide the Company Services or provide Company with related services. This might include our share registry operator, providers of cloud services, website hosting service providers, debt collection service providers and direct marketing service providers. These third parties may be located in a range of different countries including but not limited to the United Kingdom, United States of America, Canada, Hong Kong and Singapore. Our agreements with these third party providers require them not to use your information except for the purpose for which your information was provided. We also require them to comply with relevant privacy laws and to reasonably protect your information.

To allow social sharing functionality. If you log in with or connect a social media profile with your Company Services account, we may share your personal information (including your user name, picture, tweets, likes and posts) with other Company Services users and your friends or followers linked to your social media profile. We may also share the same information with the social media service provider.

By logging in with or connecting your Company Services account with a social media profile, you authorise us to share your personal information with the social media service provider, other users and your friends or followers. You understand that the social media service provider may handle this information in accordance with its own privacy policy. If you do not want your personal information shared in this way, please do not connect your social media profile with your Company Services account and do not participate in social sharing on Company Services.

To provide co-branded services and features. We may offer co-branded services together with a third party ("Co-Branded Services"). When this happens, we may share the information you submit in connection with the Co-Branded Service with the third party, or with our service providers who assist us to host Co-Branded Services. The third party’s use of your information will be governed by their own privacy policy. We will obtain your consent to share your personal information with the third party. If you do not provide this consent, you may not be able to access that co-branded service.

To deliver relevant content. We may combine information that we hold about you with information about you that we collect from other trusted businesses with whom you also have a relationship or from public sources and we may associate your browser and/or device with other browsers or devices you use. We may also share information we hold about you with those trusted businesses so that they can do the same thing.

To contact you. From time to time, we may send you promotional materials or other information which we think may interest you.

To share with our Company Affiliates. Company may share your information with our related companies located in Australia or in other countries, including but not limited to the United Kingdom, Hong Kong, Canada and United States of America. If we share your information with our related companies, they can use your information in accordance with this Privacy Policy. However, if you access or use a service provided by one of our related companies, you should consider the privacy policy of that company, as it may be different to this policy.

To share with business partners. Company may share your information with business partners so they can send you marketing communications. This will only happen if you have expressly agreed to this.

To protect the rights of Company and others. We may share your information with other third parties where we are lawfully entitled or legally required to do so. This includes when we have a reasonable basis to believe that sharing your information is necessary to:

  • protect, enforce or defend the legal rights, privacy, safety, or property of Company, our related companies or their employees, agents and contractors (including enforcement of our agreements and our terms of use);
  • protect the safety, privacy, and security of users of the Company Services or members of the public;
  • protect against fraud or for risk management purposes;
  • comply with the law or legal process in any country; or
  • respond to requests from public and government authorities.

To complete a merger or sale of assets. If Company sells all or part of its business or assets, we may disclose your information to the party or parties involved in the sale transaction. We may also do this if Company is involved in a merger or transfer of all or a material part of its business. We may disclose your information prior to the sale, transfer or merger so that the party or parties involved can consider the transaction and complete any due diligence.

  1. HOW DO WE KEEP YOUR INFORMATION

We may store your information in hard copy or electronic format and keep it in storage facilities that we own and operate ourselves or that are owned and operated by service providers.

  1. HOW DO WE PROTECT YOUR INFORMATION?

We use reasonable measures to safeguard the personal information we hold about you from loss, theft and unauthorised use, disclosure or modification, including:

System security. We take reasonable steps to prevent unauthorised access to our online and computerised systems by using measures such as firewalls, data encryption, virus detection methods, and password restricted access.

Property security. At our business premises, we may engage security personnel and use ID cards to restrict access to those premises.

Staff training. We train our staff to handle your information in accordance with this Privacy Policy and applicable privacy laws.

Third parties. We take reasonable steps to ensure that third parties who store or assist us to store your personal information adopt appropriate security measures.

Periodic Reviews. We undertake periodic reviews of this Policy and take reasonable steps to ensure that it remains compliant with the relevant policies and practices.

  1. HOW CAN YOU ACCESS YOUR INFORMATION?

If you would like to access, review, correct or update your personal information, you may contact us (see Section 10). When you contact us, please provide your name and contact details (including your full name, email address, address, and telephone number) and specify clearly what information you would like to access, review, correct or update. We may need to share your information with others who can help us respond to your request. We will try to respond to your request as soon as reasonably practicable.

We may decline an access or correction request in circumstances prescribed by the Privacy Act. If complying with your request for access requires considerable time and expense on our part, we may charge you a reasonable fee for providing you with the information.

If we do refuse your access or correction request, we will provide you with written reasons for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction (if you ask us to do so).

If you are located in the EU or UK, you have the additional rights set out below. 

  1. OTHER IMPORTANT INFORMATION FOR YOU

Updates to Privacy Policy. We may modify this Privacy Policy at any time. The date at the top of this Privacy Policy tells you when it was last updated. Any changes to this Privacy Policy become effective after reasonable notice of the changes have been provided on our websites. If you do not agree with changes to this Privacy Policy, you may be able to terminate your account with us.

Location of Data. Some Company Services are hosted in and managed outside of Australia, including but not limited to in the United Kingdom, the United States of America and Singapore. In dealing with Us, you consent to this practice, understanding that your personal information may be accessible from or transmitted outside Australia.

Linked Services. Company Services (including the Company's website) may display links to sites operated by unaffiliated companies. We are not responsible for the privacy practices of these unaffiliated companies. Once you leave the Company Services or click an advertisement you should check the privacy policy of that company to understand how it will handle your information.

Data Retention. Even after you cancel your account with us, we will retain your information for as long as we reasonably need it for the purposes outlined in this Privacy Policy. For example, we may retain your information to prevent fraud, or to maintain systems security. We may also retain your information if required or allowed to by law, regulation or relevant standards and codes of conduct, or to fulfil our contractual obligations to a third party. In certain circumstances, including where we are prevented by technical or systems constraints, we may not be able to remove all of your personal information.

If you share your information with a social media service (including by posting information to that service), this information may not be removed even after you cancel your account. If you delete your account with us, your account information may still be accessible by others for a short period of time because of the way that your information is stored on the internet.

Complaint. If you think we have breached the Privacy Act 1988 (Cth) or other applicable privacy laws, you can contact us (see Section 11) to make a complaint. When you contact us, please include your name and contact details (including your email address, address, and telephone number) and clearly describe your complaint. We will need to share your information with others who can assist in responding to your complaint. We will contact you within 7 days to let you know the next steps in resolving your complaint and to obtain any further information we need to consider your complaint. As soon as reasonably practicable and in any event within 30 days, we will let you know our decision. If you are not satisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner (www.oaic.gov.au).

  1. HOW YOU CAN CONTACT US

If you have questions about this Privacy Policy, or to request a hard copy, please contact our Privacy Officer at:

Email: info@noxopharm.com

Mail: National Privacy Officer, Noxopharm Limited, PO Box  292, Gordon NSW 2072 AUSTRALIA

Tel: +61 2 9144 2223

  1. LIST OF INCLUDED COMPANIES

Noxopharm Limited (ACN 608 966 123), Pharmorage Pty Limited (ACN 641 047 403)

  1. EU and UK RESIDENTS

How we use your personal information

We can only collect and use your personal information if we have a valid lawful reason to do so. Our reasons are:

  • Consent – you have consented to our processing of your personal information for a specific purpose
  • Contract – we process your personal information to fulfil a contract you have with us or, alternatively, because you have requested us to take specific steps before you enter into a contract with us
  • Legitimate interests – we process your personal information for our legitimate interests (or a third party’s legitimate interests) unless the legitimate interests are overridden by a good reason to protect your personal information
  • Legal obligations – we process your personal information in order for us to comply with the law (which does not include complying with contractual obligations)

Personal information uses

Our reasons

To provide and administer our products and services

  • contract performance
  • legitimate interests (to allow us to perform our obligations and provide services to you)

For marketing purposes

  • legitimate interests (in order to market to you)
  • consent (which can be withdrawn at any time)

To manage our relationship with you

  • consent
  • contract performance
  • legal obligations
  • legitimate interests

To provide customer support

  • contract performance
  • legal obligation
  • legitimate interests (to allow us to communicate with you in connection with our services)

To comply with our legal obligations

  • legal obligation
  • legal claims
  • legitimate interests (to cooperate with law enforcement and regulatory authorities)

To prevent and detect fraudulent activity

  • legal claims
  • legitimate interests (to prevent, detect and take action in response to fraudulent activity, including fraudulent transactions)

To conduct market, consumer and other research

  • legitimate interest (to ensure that we understand our customers’ requirements)

To ensure content is relevant

  • legitimate interests (to allow us to provide you with the content and services on our website)

 Individual Rights

If you are located in the EU or the UK, you have the following additional rights:

  • The right to information – you can request confirmation about the following: whether your personal information is being processed by us; the purpose of processing; the categories of personal information which are processed; the recipients (or types of recipients) who may receive the personal information; the anticipated retention period of the personal information; and your rights to rectification, erasure, to restrict (or object) to processing and to lodge a complaint with a data protection supervisory authority in the EU or the UK.
  • The right to object to our processing of your personal information for (i) direct marketing purposes; (ii) for scientific, historical research or statistical purposes; or (iii) where our processing is based on legitimate interest grounds or because it is in the public’s interest. We will respond to your objection request within a month. However, there may be some circumstances where we are not required to stop processing your personal information. If this is the case, we will provide you with a written explanation.
  • The right to restrict processing – in some circumstances, you can request us to restrict our use of your personal information in which case we will not use or disclose your personal information while it is restricted. We will respond to your restriction request within a month.
  • The right to erasure – you can request us to erase your personal information where it is no longer required for a purpose for which it was collected or where, for example, you have exercised successfully your right to object to processing. We will respond to your erasure request within a month. However, where there are legal or other reasons for us to retain your personal information, we will provide you with a written explanation.
  • The right to data portability – you can request us to provide you with a copy of the personal information you have provided to us. We are required to provide it to you in an electronic format that can be reused easily. You can also request us to transfer your personal information in an electronic format to another entity.  

You can exercise any of these rights by contacting us using the contact details above.

You also have the right to:

  • access your personal information and request the correction of your personal information (see “HOW YOU CAN ACCESS YOUR INFORMATION” above); and
  • lodge a complaint with a data protection authority if you are unhappy with the outcome of a privacy complaint. The “Complaint” section above explains our complaints handling process. A list of EU data protection authorities is available at https://ec.europa.eu/. The UK data protection authority is the Information Commissioner’s Office (https://ico.org.uk).