- Melrose Laboratories Pty Ltd (Melrose) is committed to responsible privacy practices and to complying with the Australian Privacy Principles (APPs) contained in the Privacy Act.
- Melrose recognizes and acknowledges that protecting the privacy of individuals’ personal information is important and required under the Privacy Act.
What is personal information
- For the purposes of this policy, “personal information” includes the information set out below under “What types of personal information does Melrose collect”.
What types of personal information does Melrose collect
- The types of personal information Melrose collects from you depend on the circumstances in which the information is collected.
- Melrose may collect contact details including your name, occupation, address, email address, phone and fax numbers and your date of birth. We may collect answers you provide to questions we ask and other information in relation to your dealings with Melrose. If you purchase products or services from us, we may also collect certain transactional information and financial details to process the transaction.
- If you are an Individual Contractor to Melrose, we may also collect information relevant to your engagement with Melrose Health including qualifications, resume, reference information from your nominated referees, tax file number, bank details, insurance details, feedback from supervisors and training records.
- Melrose may collect your personal information when you apply for a role with Melrose. Such information may include your qualifications, resume, reference information from your nominated referees, tax file number, bank details. Where you are unsuccessful in an application for a role with Melrose, Melrose may request that it retains your personal information to enable Melrose to consider you for future roles that may become available at Melrose.
- Melrose may also collect information about you when you access Melrose’s website. When you use Melrose’s websites, we may collect website usage information such as the IP address you are using, your browser version, the website that referred you to us and the next website you go to, the pages you request while visiting our websites, the date and time of those requests and the country you are in.
- In certain circumstances we are required to collect government identifiers such as tax file numbers, Medicare numbers, health service provider numbers, pension numbers and Veteran's Affairs numbers. Melrose only collects, uses and discloses such information as permitted or required by law.
- In addition to the types of personal information identified above, Melrose may collect personal information as otherwise permitted or required by law.
Melrose does not collect, store or retain any credit card and other payment information in connection with products purchased from Melrose via this website. All payments for products purchased from Melrose via this website are processed through third party payment gateway providers. Melrose uses its reasonable endeavours to ensure that all purchases made through Melrose’s website are made using secure HTTP connections (you can check that the connection is secure when the URL for the “check-out” web-page commences with “https://”).
How does Melrose collect your personal information
- Melrose only collects personal information using lawful and fair means. Melrose will not collect personal information unless the information is reasonably necessary for one or more of Melrose’s functions or activities.
- Melrose Health collects personal information in a number of ways. The most common ways Melrose collects your personal information are:
- from publicly available sources;
- from forms which you complete and submit to us, including online forms;
- through mail correspondence, emails and other electronic means;
- from job applicants and staff members;
- from direct contact in the course of Melrose providing goods and/or services to you;
- in the course of Melrose conducting market research, including customer satisfaction surveys;
- in the course of answering a general inquiry regarding Melrose, the products and/or services Melrose provides;
- directly from you when you provide it to us or our agents or contractors;
- via our website or when you deal with us online (including through our social media pages);
- if you are an individual contractor to Melrose Health, from your employer or recruitment agency;
- from our related companies;
- from credit reporting agencies;
- Work program; from referees if you apply for a position as an Employee or Contractor with us); and
- from consumer feedback where it is possible we would likely get name and contact details. Some consumers provide fuller information such as the condition and treatment so that Melrose can help them with product advice.
- Subject to the foregoing, to the extent reasonably practicable and reasonable for us to do so, Melrose only collects personal information about an individual directly from that individual. Additionally, Melrose will only collect personal information where Melrose specifically requests that information, except in circumstances where personal information is volunteered to Melrose or is otherwise supplied to Melrose or disclosed to Melrose without Melrose asking for such information.
Dealing with Melrose anonymously or pseudonymously
In accordance with the requirements of the APPs, you have the option of not identifying yourself or of using a pseudonym when dealing with Melrose in relation to a particular matter. However, in accordance with the APPs, the foregoing would not apply in relation to that matter if Melrose is required or authorized by or under an Australian law, or a court or a tribunal order, to deal with individuals who have identified themselves concerning that matter. Additionally, if it is impracticable for Melrose to deal with individuals who have not identified themselves or who have used a pseudonym on a particular matter, then Melrose would not be required to provide you with the option to engage with Melrose on an anonymous or pseudonymous basis concerning that matter. For example, if you choose to interact and deal with Melrose on an anonymous or pseudonymous basis, or if you do not provide Melrose with personal information when requested, Melrose may be unable to provide you with all of the products and/or services that you seek from Melrose. Further, Melrose reserves the right to verify your identity as part of Melrose’s response to a request to access and/or correct personal information Melrose holds about you, or as part of Melrose’s complaints-handling process. If Melrose is unable to verify your identity, or if you continue to engage with Melrose in an anonymous or pseudonymous basis, then Melrose may be unable to satisfy your request or to complete its complaints-handling process.
For what purposes does Melrose collect, use and disclose your personal information
- The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it. Whenever practical Melrose will take reasonable steps to inform you why Melrose is collecting your personal information, how Melrose intends to use that information and to whom Melrose intends to disclose it at the time we collect your personal information.
- Melrose may use or disclose your personal information:
- for the purposes for which Melrose collected it (and certain secondary purposes where permitted by law); - for other purposes to which you have consented; and - as otherwise authorised or required by law.
- In general Melrose collects, uses and discloses your personal information so that we can do business together and for purposes connected with our business operations such as Melrose providing you with information useful to your needs.
- Some of the specific purposes for which Melrose collects, uses and discloses personal information are:
- to respond to you if you have requested information (including via our websites or via an email or other correspondence you send to us);
- to provide goods or services to you or to receive goods or services from you;
- to process transactions and to administer customer accounts;
- to administer and manage services, including charging, billing and collecting debts;
- to enable you to participate in any research or marketing or competitions or similar programs that Melrose conducts from time to time;
- to improve products and services and keep you up to date on such improvements;
- to understand Melrose’s customers better and help improve Melrose’s products and services;
- to allow performance reporting and benchmarking of our business, if applicable;
- to contact you (directly or through Melrose’s service providers) to obtain your feedback, to find out your level of satisfaction with our products and services and for other market research activities;
- to verify your identity;
- to enable and manage all Melrose's contracts, including Melrose's supplier, contractor or consultant relationships;
- to address any issues or complaints that we or you have regarding our relationship;
- to directly market Melrose’s products and services to current and prospective customers (including through direct mail and direct email to current and to prospective customers), provided that such recipients have not opted out of receiving such communications from Melrose; and
- to contact you regarding the above, including via electronic messaging such as SMS and email, by mail, by phone, by fax or in any other lawful manner.
- Melrose may also use and/or disclose personal information it collects about an individual for one or more of the following purposes:
- assessing an opportunity to provide Melrose’s products and services to a current or prospective customer;
- to comply with Melrose’s obligations with any law or statute that binds Melrose;
- to comply with Melrose’s obligations under a contract into which Melrose has entered;
- to assess the suitability of an individual applying for a job with Melrose; and
- to assess and to manage the supply of goods and/or services to Melrose by a contractor or service provider.
What happens if you don't provide personal information
- Generally, you have no obligation to provide any personal information requested by us. However, if you choose to withhold requested personal information, we may not be able to provide you with products and services that depend on the collection of that information.
- Individuals while seeking employment with Melrose Health, who fail to provide any lawfully requested personal information, may experience delays in the consideration of their application for employment or it may result in their application for employment being unsuccessful.
To whom does Melrose disclose personal information
- Generally, Melrose will use its reasonable endeavours to disclose de-identified information to third parties. However, Melrose may disclose personal information it collects to third parties but only on an as-needs basis and in order to facilitate the fulfilment of one or more purposes for which the information was collected, or any secondary purpose related to the primary purpose for which Melrose may be permitted to disclose such information by law.
- This may include disclosing your personal information to the following types of third parties:
- We may disclose your personal information to third parties in connection with the purposes described in section 5.
- Melrose’s related companies, such as Orchard Pty Ltd;
- Melrose’s agents, suppliers, contractors and other third parties that provide goods and services to Melrose (including suppliers, marketing agencies, data analysis specialists, data processing organisations, billing and debt recovery providers, website and data hosting providers and other IT suppliers) in order to enable them to provide products and/or services to Melrose which may directly or indirectly benefit the individual from whom Melrose collected the information;
- Melrose’s customers, where Melrose is required to disclose personal information under contracts entered into with any of Melrose’s customers;
- Melrose’s accountants, insurers, lawyers, auditors and other professional advisers;
- government and regulatory authorities, courts, tribunals and other bodies as required or authorised by law;
- any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees);
- in the event that Melrose or its business and assets may be acquired or considered for acquisition by a third party, that third party and its advisors;
- carefully selected third parties with whom Melrose has data sharing arrangements;
- third parties that require the information for law enforcement or to prevent a serious threat to public safety; and - otherwise as permitted or required by law.
- Where we disclose your personal information to third parties we will use take reasonable steps to ensure that such third parties only use your personal information as reasonably required for the purpose we disclosed it to them and in a manner consistent with the APPs.
- If you post information to public parts of Melrose’s websites or to its social media pages, you acknowledge that such information (including if it includes your personal information) may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.
- Without limiting the foregoing, we Melrose may disclose personal information about an individual when required by law or court order, or other governmental order or process to disclose, where Melrose believes in good faith that the law compels Melrose to disclose the information.
- Melrose may disclose personal information of an individual where Melrose considers (in good faith) that it is reasonably necessary for Melrose to do so in order to identify, contact or bring legal action against an individual whom Melrose suspects or knows is causing harm to Melrose, its business or operations.
Disclosure of information outside the State/Territory/Nation of collection
- Some recipients of information Melrose discloses from time to time may be located outside Australia. The countries in which such third parties are located will depend on the circumstances. For example, we may disclose personal information to our related companies overseas and to our overseas service providers.
- In the ordinary course of business we may transfer to, or store personal information at, overseas parties (for example, offshore data centres located in the US and Asia). All transfer of information is encrypted, and Melrose takes reasonable commercial technical measures to ensure data security using contemporary storage and cryptographic techniques. Melrose ensures processes are in place to ensure information is only shared with parties with a legitimate requirement to carry out services outlined in this policy.
- Except in some cases where we may rely on an exception under the Privacy Act or other law, we will take reasonable steps to ensure that such overseas recipients do not breach the APPs in relation to such information.
Use or disclosure of personal information for the purpose of direct marketing
Melrose reserves the right to use and disclose your personal information for the purpose of direct marketing to you where:
- you have consented to us doing so;
- where Melrose collected your personal information directly from you, in circumstances where you would reasonably expect us to use and/or disclose your personal information for the purpose of direct marketing or
- it is otherwise permitted by law.
Direct marketing involves communicating directly with you for the purpose of promoting goods or services to you and to provide you with special offers. Direct marketing can be delivered by a range of methods including mail, fax, telephone, email or SMS. You can unsubscribe from our direct marketing, or change your contact preferences, by exercising the opt-out mechanism included with each direct marketing communication or through contacting us (see section 15).
In directly marketing Melrose’s products and services to you, Melrose will comply with other laws relevant to marketing, including the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and the Competition and Consumer Act 2010 (Cth) (including the Australian Consumer Law). All direct marketing communications which Melrose may send will include an easy opt-out mechanism if at any time you wish to stop receiving direct marketing communications from Melrose.
How does Melrose protect personal information
- Melrose will take reasonable steps to keep any personal information we hold about you secure from misuse, interference and loss, and from unauthorized access, modification and disclosure. Please notify us immediately if you become aware of any breach of security.
- Melrose regularly reviews and updates its physical and data security measures in light of current technologies and threats. Unfortunately, no data transmission over the Internet or over mobile data and communications services can be guaranteed to be totally secure.
- In addition, Melrose’s employees and contractors who provide services to Melrose or who have access to personal information Melrose collects and holds are obliged to respect the privacy of any personal information Melrose holds.
- Melrose does everything reasonably within its power and control to prevent unauthorized use or disclosure of personal information Melrose collects and holds.
- However, to the maximum extent permitted by law, Melrose is not responsible for events arising from unauthorized use of or access to personal information except to the extent that such unauthorized use or access is as a result of Melrose’s failure to comply with its legal obligations concerning the steps taken to secure the personal information Melrose collects and holds.
- Additionally, in accordance with Melrose’s statutory obligations, it will take reasonable steps to destroy or to de-identify personal information when the information is no longer required for the purpose(s) for which the information as collected.
- Where Melrose destroys or de-identifies personal information, Melrose will endeavor to do so via a secure means.
Accuracy of the personal information we hold
- Melrose will take reasonable steps to maintain your personal information as accurately as reasonably possible. However, Melrose relies on the accuracy of personal information as provided to us both directly (from you) and indirectly.
- You may contact us if the personal information we hold about you is incorrect or to notify us of a change in your personal information. Our contact details are set out below.
- Corrections will be made to any incorrect information or, in the event of a correction being refused, a reason will be provided.
- Where information about an individual is corrected, and the information has previously been disclosed to third parties, Melrose will take reasonable steps to notify third parties of the correction.
Links, cookies and use of Melrose Health websites and applications
- Melrose uses "cookies" and similar technology on its websites and in other technology applications. The use of such technologies is an industry standard, and helps us monitor the effectiveness of our advertising and how visitors use our websites/applications. We use such technologies to generate statistics, measure your activity, improve the usefulness of our websites/applications and to enhance the customer experience.
How can you access and correct personal information Melrose Health holds about you
- You may seek access to personal information which Melrose holds about you by contacting us as described below.
- Melrose will provide access to that information in accordance with the APPs, subject to certain exemptions which may apply. As noted above, Melrose reserves the right to require that the person requesting access provide suitable identification (to ensure that Melrose does not inadvertently release or disclose personal information to an individual not entitled to access such information) and where permitted by law Melrose may charge a reasonable fee to cover Melrose’s costs incurred in providing access to your personal information.
- Further, Melrose reserves the right to redact information it makes available in response to an access request, to protect the privacy of other individuals.
- From to time, Melrose may refuse to provide access to the information held about an individual, in accordance with the APPs. Where Melrose refuses access, Melrose will explain the reasons for refusal in writing and provide details in relation to the relevant complaint process.
- As noted above, Melrose takes reasonable steps to ensure that the information Melrose collects, holds, uses and discloses about an individual is complete, up-to-date and accurate. However, if at any time you believe or become aware that any personal information we hold about you is incorrect or if you wish to update your information, you have the right to request that Melrose amends or updates such information. If Melrose refuses the correction request, Melrose will provide written reasons and information about the complaints process should you not be satisfied with Melrose’s resaons.
Queries, comments and complaints about our handling of personal information
- When contacting Melrose please provide as much detail as possible in relation to your question, comment or complaint.
- Melrose will promptly acknowledge receipt of your complaint and Melrose will endeavor to deal with your complaint and to provide you with a response within a reasonable time period following Melrose’s receipt of your complaint (generally within 30 days of receipt).
- Where the complaint requires a more detailed investigation, it may take longer to resolve. If this is the case, then Melrose will endeavor to provide you with progress reports.
- Melrose will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner. We request that you co-operate with Melrose during this process and provide us with any relevant information that Melrose may need.
- Melrose reserves the right to verify your identity and to seek (where appropriate) further information from you in connection with your complaint.
- Where required by law, Melrose will provide its determination on your complaint to you in writing.
- Please note that, in accordance with the APPs, Melrose reserves the right to refuse to investigate or to otherwise deal with a complaint if Melrose considers your complaint to be vexatious or frivolous, or as otherwise permitted by law.
- If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner or other relevant regulators at http://www.oaic.gov.au/.
How can you contact Melrose?
- Please address all privacy complaints and requests to update or access information to:- Attention: Melrose Health Customer Service 16-18 Lionel Road, Mount Waverley, VIC Australia 3149 OR email: firstname.lastname@example.org. Any requests to access, update or correct your health information should be made in writing.
- To unsubscribe from our direct marketing, you can also contact us at email@example.com and set out the contact details that you no longer want used for direct marketing.
SUPPLEMENT IN RELATION TO THE GENERAL DATA PROTECTION REGULATION
Last updated: July 2018
This supplement applies whenever you visit this website, including any mobile website (together, the “Website”) from a location within the European Union or when a resident of the EU provides personal data to Melrose.
For the purposes of the GDPR, Melrose confirms that the data controller of this Website is Melrose Laboratories Pty Ltd, a company registered under the laws of Australia, whose registered office is located at 16-18 Lionel Road, Mount Waverley, Victoria 3149 Australia.
What personal data does Melrose collect about you and from whom?
Use of your personal data
Where the GDPR applies to the personal data Melrose collects, Melrose uses and processes personal data according to the requirements and restrictions of the GDPR. In particular, Melrose will only use and/or disclose your personal data if Melrose has a permitted lawful basis on which to use and/or disclose your personal data.
Generally, Melrose collects your personal data because it is necessary for:
- performing Melrose’s contract for the provision of products and/or services to you;
- the pursuit of Melrose’s legitimate interests (as detailed further below); or
- complying with Melrose’s legal obligations.
Melrose may also rely on your consent to use your personal data, including for marketing purposes (see “Marketing Communications” below).
You may withdraw your consent to these activities at any time. If you withdraw your consent, unless another lawful basis applies, Melrose will cease to process the affected data. Please note that withdrawal of consent may result in Melrose being unable to provide you with certain features of the Website and/or the products that you have ordered and paid for through the Website.
- for promoting, marketing and advertising Melrose’s products and services;
- for statistical and demographic analysis, in order to understand the behaviour, activities, preferences and needs of Melrose’s customers;
- for improving the Website, to improve existing products and services and to develop new products and services;
- to protect Melrose’s brand, reputation and goodwill in the marketplace, by taking appropriate legal action against third parties who have infringed Melrose’s rights or otherwise are in breach of their legal obligations owed to Melrose;
- to effectively and efficiently handle and resolve any legal claims or regulatory enforcement proceedings taken against Melrose;
- to generally operate the Website and for internal business operations; and
- to monitor and to record telephone calls for training purposes.
Where you have consented to receive marketing communications directly from Melrose, then you agree that Melrose may use your information to contact you by your selected method of communication regarding new products, competitions, events, items or related activities which Melrose anticipates you may find useful, together with communications regarding similar products and services offered by Melrose. Melrose does not sell, trade or rent your personal data to other companies or partners.
You may always revoke that consent at any time by exercising the “unsubscribe” option in any marketing communications which you receive from us.
To whom Melrose discloses your personal data
Generally, Melrose will use its reasonable endeavours to disclose de-identified information to third parties. However, Melrose may disclose personal data it collects to third parties. Such disclosures will occur only on an as-needs basis and only in order to facilitate the fulfilment of one or more of the reasons for which your personal data is being processed.
You agree that if Melrose transfers ownership or management of the Website or of Melrose’s business and/or assets to a third party in the event that Melrose sells, trades or licenses any part of its business or assets, then Melrose may also transfer your personal data or other personal data you provided to Melrose as part of those assets. This includes, but is not limited to, all sensitive personal data and any other information about you.
How long does Melrose keep hold of personal data
Melrose keeps your personal data for as long as it is reasonably necessary to meet the relevant purposes for which Melrose collected your personal data, including for the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate length of time for holding your personal data, Melrose takes into account the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use and/or disclosure of your personal data, the purpose(s) for Melrose processes your personal data and whether Melrose can achieve those purposes through other means, together with legal requirements imposed on Melrose.
As a general rule, Melrose generally retains personal data relating to products purchased from the Website for up to seven years following the transaction.
Is personal data transferred outside the European Union?
As Melrose is located in Australia, all personal data collected from you will be collected and held in Australia.
Melrose has implemented appropriate safeguards in connection with the protection of personal data transferred from the European Union into Australia, into Melrose’s control. Melrose will use its best endeavours to ensure that any third party recipient located outside the European Union will take steps to safeguard the personal data transferred or disclosed by Melrose to the recipient.
Security of personal data
- to the maximum extent permitted by law, Melrose makes no representation or warranty, nor give any guarantee to you that your access to the Website and/or to the content accessible on the Website will be secure, uninterrupted or error free; and
- data transmission over the internet can be completely secure and, to the maximum extent permitted by law, Melrose cannot give an absolute assurance or guarantee that the information you provide to Melrose will be secure at all times.
Melrose takes reasonable steps to protect the personal data Melrose holds from misuse and loss, and from unauthorised access, modification or disclosure. To prevent unauthorised access, to maintain accuracy, and to ensure proper use of personal information, Melrose has deployed physical, electronic and managerial processes to safeguard and to secure the personal data collected.
Your rights in respect of your personal data
Under certain circumstances, you have rights under the GDPR and the Privacy Act 1988(Cth) in relation to the personal data that Melrose holds about you. You can request to:
- access information held about you, subject to Melrose verifying your identity and subject to Melrose’s right to charge you a reasonable administrative fee to cover Melrose’s costs incurred in relation to any repetitive, manifestly unfounded or excessive requests for access – where Melrose refuses your request to exercise this right, Melrose will give you reasons for its refusal and to outline the process by which you can complain about Melrose’s refusal;
- rectify any incorrect or incomplete data that Melrose holds about you, subject to Melrose verifying your identity;
- delete, restrict or remove personal data Melrose holds about you, subject to the relevant provisions in the GDPR;
- transfer any personal data that Melrose holds about you to another party, subject to the relevant provisions in the GDPR; and
- object to any further processing of your personal data, subject to the relevant provisions in the GDPR.
You can make all such requests to: Attention: Melrose Health Customer Service 16-18 Lionel Road, Mount Waverley, VIC Australia 3149 OR email: firstname.lastname@example.org.
Please note that in respect of all these rights, Melrose reserves the right to refuse your request based on the exemptions set out in the GDPR.
Updates to this supplement