4.1 Information that Mylan Australia May Collect.
The types of Personal Information Mylan Australia may collect include a Data Subject’s name, gender, date of birth, email address(es), residential, business and postal address(es), contact telephone numbers and facsimile numbers, health information including allergies and prescription details and doctors details, website account user information and other information that may be relevant in our dealings with a Data Subject. More specifically, depending on the type of relationship we have with each Data Subject we may collect the following:
4.1.1 From a doctor or pharmacist:
- name, profession, business address and other contact information;
- any comments or suggestions regarding our products;
- details gathered during calls made by our sales representatives to ensure we provide a personalised service;
- statistical details regarding prescriptions given or filled;
- details of samples you request from us; and
- (for pharmacists) financial information required for purchases of our products.
4.1.2 From an individual consumer:
- Name and contact details; and
- any Personal Information provided to us which is relevant to a query or complaint. This may include health information provided pursuant to the Data Subject’s express consent.
4.1.3 From a job applicant:
- Name and contact details;
- qualifications and employment history;
- website log in details if you apply through our website;
- health information (if a medical examination is required);
- the results of a criminal record check (if a criminal record check is required);
- whether the applicant is an Australian citizen or permanent resident and if not, their visa type; and
- whether the applicant holds a current driver’s licence.
4.1.4 From a member of a patient support program, including EpiClub® :
- Name and contact details;
- website account user login details;
- date of birth;
- biometric information;
- medical history and medication details (for example: allergies, and pending expiry of an EpiPen® Auto-Injector);
- Allergy & Anaphylaxis Australia membership; and
- role (e.g. patient, parent/carer, school or pharmacist).
4.1.5 From clinical trial participants:
- Allergies, disease type or condition;
- medical history;
- test and trial results;
- biometric and genetic information (including samples);
- name of doctor or treating physician; and
- family history.
4.1.5 From participants in the Clorazil® Patient Monitoring System:
- name, date of birth, sex, blood type
- blood test results
- medical history and medication details (including adverse event reports)
- other health information that may be required for regulatory compliance purposes
- name of doctor or treating physician
We generally collect Personal Information direct from the Data Subject, such as where the Data Subject contacts us, has a conversation with a sales representative, creates an account with us, uses one of our health applications, participates in a promotion or competition, or participates in a clinical trial. However, we may collect Personal Information from a third party where it is not reasonable or practical to collect the information from the Data Subject, or the Data Subject has consented to us obtaining the information from the third party, such as a doctor or pharmacist.
4.2 Anonymous Use.
When dealing with Mylan Australia, a Data Subject may choose not to identify himself or herself, to use a pseudonym, or not to provide us with some or all of their Personal Information. However, in any of these situations, such elections may affect Mylan Australia’s ability to provide the products, services, information or assistance requested.
Where you elect to use a pseudonym or use a Mylan Australia website anonymously, we may subsequently contact you and require details of your true identity if we need them to fulfil any legal requirements.
4.3 Use and Disclosure of Personal Information.
We use Personal Information to:
- Efficiently administer, manage and deliver our products and/or services including through our websites and patient monitoring systems;
- provide information about other products and/or services that may be of benefit to the Data Subject;
- respond to any queries or complaints or reports of data security incidents;
- statistically analyse the distribution of our products;
- * facilitate our internal business operations, including fulfilment of any legal requirements (for example, submitting suspected Adverse Drug Reaction(s) to the Office of Product Review (“OPR”) in compliance with the Therapeutic Goods Administration requirements or where legally required by law enforcement agencies or government auditors;
- conduct clinical trials, with the consent of participants; and
- conduct research in a de-identified manner relevant to public health and/or safety, to compile and analyse statistics relevant to public health, all in a manner permitted by Australian law, where the information you have provided is health information.
We may disclose a Data Subject’s Personal Information:
- to our agents, contractors or third party service providers that provide financial, legal, administrative, data processing or other services in connection with the operation of our business, including the management of our patient monitoring systems for example mailing houses, software developers, IT maintenance providers and solicitors, and medical management service providers;
- together with the sale or transfer of one of Mylan Australia’s products or services, to another person or entity (to enable continuity of supply of that product or service);
- where acting in good faith, we believe that the law requires or permits us to do so (e.g., to law enforcement agencies, OPR or government auditors); or
- with the Data Subject’s consent.
4.3.2 Overseas disclosures
Mylan Australia shares Personal Information with Mylan N.V. based in the Netherlands and the UK and its affiliates. These affiliates include Mylan Inc., which is based in the United States. These companies are in countries which may not offer the same level of protection for Personal Information as Australian privacy laws. However, Mylan Australia does take reasonable steps to ensure that Personal Information is transferred, stored and processed in a secure manner, and that the rights of Data Subjects are respected in a manner that is consistent with Australian Privacy Principles.
4.3.3 Direct marketing and opting out
Mylan Australia may, after obtaining express prior consent or in appropriate circumstances via inferred consent, use and disclose information, including Personal Information, to communicate with a Data Subject (for example, via email, SMS or phone) about its current or new products and services that may be useful or relevant to recipients. Mylan Australia does not rent, sell or share Personal Information about Data Subjects with other people or non-affiliated companies for their direct marketing purposes. Any Data Subject who does not wish to receive direct marketing from Mylan Australia in the future may opt out of receiving such communications at any time by following the opt out instructions set out in the relevant communication or by contacting the Privacy Officer using the details set out in section 4.7.
4.4 Information Security
We take reasonable steps to protect your Personal Information from misuse, loss, unauthorised access, modification or disclosure.
Personal Information is stored securely whether in an electronic or physical form. For example, only staff needing access to the information are allowed access. Personal Information is stored in secured premises or in electronic databases requiring logins and passwords. Personal Information will be permanently de-identified or destroyed if it is no longer required for any purpose set out in section 4.3 or for which we may otherwise use or disclose it, or when we are no longer required to keep it. Some information, particularly health information, must be kept for a number of years to comply with legal requirements, such as health records legislation.
If a Data Subject believes that any of their Personal Information that we may hold about them has been the subject of a data breach or has otherwise been unlawfully accessed, used or disclosed, you should notify us immediately so that we can take appropriate steps to ensure its security.
4.5 Access and Correction
We try to ensure that all the Personal Information about you that we collect, hold, use or disclose, is relevant, accurate, complete and current. Data Subjects must promptly notify us if there are any changes to their Personal Information.
Data Subjects can at any time request access to or correction of their Personal Information by contacting our Privacy Officer on the details in section 4.7 below. Mylan Australia will process such requests within a reasonable time without charge. Data Subjects may also ask to correct or delete Personal Information that they believe is irrelevant to the purposes set out in section 4.3, inaccurate, incomplete or out-of-date.
Mylan Australia may need to verify a Data Subject’s identity before giving access to or correcting their Personal Information. We will respond to such requests in a reasonable time, usually within 30 days.
Mylan Australia will provide Data Subjects with access to their Personal Information unless an exception in the Privacy Act or applicable health records legislation applies.
Mylan Australia will generally correct Personal Information on request or if we are otherwise satisfied the information is inaccurate, incomplete, out-of-date, irrelevant, or misleading. If we refuse a Data Subject access to or correction of their Personal Information in response to a request, we will notify the Data Subject in writing of our decision and our reasons (unless it would be unreasonable to do so) and how to appeal such decision. If we refuse to correct Personal Information, the Data Subject may ask us to record a statement with that Personal Information indicating what they believe is incorrect.
4.6 Questions or Complaints
Data Subjects wishing to make a complaint in relation to the handling of their Personal Information or access or request refusals should contact our Privacy Officer on the details in section 4.7 below. Mylan Australia will need details about the nature of the complaint and will need to verify the Data Subject’s identity. We will investigate your complaint and respond within a reasonable period and generally within 30 days. We may need to request more information.
Data Subjects who are not satisfied with our response to a complaint can contact the Office of the Australian Information Commissioner on the details below:
Office of the Australian Information Commissioner
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
Online form: www.oaic.gov.au (Privacy Complaint Form)
4.7 Contact Details
C/ General Counsel Australia and New Zealand
PO Box R1462
Royal Exchange Post Office
Tel 02 9298 3999
Fax 02 9566 4686