Privacy policy

1.0    SCOPE

This policy explains how Alphapharm Pty Ltd (trading as Mylan Australia) and Mylan Health Pty Ltd, together “Mylan Australia”, (and who are referred to in this policy as "we", "our" or "us") handle the Personal Information that we collect and hold about individuals (who are described in this policy as Data Subjects). It details the types of Personal Information we may collect, how we may use and disclose it and how a Data Subject may seek access to, and correction of it. In addition to this policy, Mylan Australia will, on occasions, provide Data Subjects with specific statements about how we use and disclose particular information that we collect from the Data Subject (including through our website) and seek consent if necessary.

This policy does not apply to the Personal Information of Mylan Australia employees or employees of other Mylan group companies.

If you have any questions relating to this privacy policy please contact our Privacy Officer using the contact details provided below at section 4.7.

2.0    PURPOSE

Mylan Australia is bound by the Privacy Act 1988 (Cth), the Australian Privacy Principles (“APPs”) in that Act and applicable State and Territory based health records legislation. Mylan Australia researches, develops and manufactures generic medicines and distributes them throughout Australia. Mylan Australia is a wholly-owned, indirect subsidiary of Mylan N.V. In the course of our business and activities, we collect, process, transmit, disclose and store Personal Information about different types of people.  

At Mylan Australia, your privacy is important to us. We are committed to ensuring that Personal Information we hold about you is held securely and that your privacy is protected.


Data Subject. Means any individual, including a patient, customer and healthcare provider, (except for Mylan Australia employees) about whom Mylan Australia collects and holds, uses, transmits, discloses, processes, or stores Personal Information.

Personal Information. Means any information or opinion about a Data Subject, or about a Data Subject who is identified or reasonably identifiable to us, whether it is true or not, or whether it is recorded in material form or not.

Privacy Officer. Means the person whose details are available in section 4.7 of this policy below and who can be contacted in relation to any enquiries, complaints or access and correction requests in connection with this policy.

Sensitive Information. A subset of Personal Information that is given a higher level of protection by law because of its sensitive nature. It includes health information, as well as Personal Information about the racial or ethnic origin, political opinions, membership of political, professional or trade associations, or trade unions, religious beliefs, sexual orientation or practices, and criminal record of a Data Subject.

4.0    POLICY

4.1    Information that Mylan Australia May Collect.

The types of Personal Information Mylan Australia may collect include a Data Subject’s name, gender, date of birth, email address(es), residential, business and postal address(es), contact telephone numbers and facsimile numbers, health information including allergies and prescription details and doctors details, website account user information and other information that may be relevant in our dealings with a Data Subject. More specifically, depending on the type of relationship we have with each Data Subject we may collect the following:

4.1.1 From a doctor or pharmacist:

  • name, profession, business address and other contact information;
  • any comments or suggestions regarding our products;
  • details gathered during calls made by our sales representatives to ensure we provide a personalised service;
  • statistical details regarding prescriptions given or filled;
  • details of samples you request from us; and
  • (for pharmacists) financial information required for purchases of our products.

4.1.2 From an individual consumer:

  • Name and contact details; and
  • any Personal Information provided to us which is relevant to a query or complaint. This may include health information provided pursuant to the Data Subject’s express consent.

4.1.3 From a job applicant:

  • Name and contact details;
  • qualifications and employment history;
  • website log in details if you apply through our website;
  • health information (if a medical examination is required);
  • the results of a criminal record check (if a criminal record check is required);
  • whether the applicant is an Australian citizen or permanent resident and if not, their visa type; and
  • whether the applicant holds a current driver’s licence.

4.1.4 From a member of a patient support program, including EpiClub® :

  • Name and contact details;
  • website account user login details;
  • gender;
  • date of birth;
  • biometric information;
  • medical history and medication details (for example: allergies, and pending expiry of an EpiPen® Auto-Injector);
  • Allergy & Anaphylaxis Australia membership; and
  • role (e.g. patient, parent/carer, school or pharmacist).

4.1.5 From clinical trial participants:

  • Allergies, disease type or condition;
  • medical history;
  • medication;
  • test and trial results;
  • biometric and genetic information (including samples);
  • name of doctor or treating physician; and
  • family history.

4.1.5 From participants in the Clorazil® Patient Monitoring System:

  • name, date of birth, sex, blood type
  • blood test results
  • medical history and medication details (including adverse event reports)
  • other health information that may be required for regulatory compliance purposes
  • name of doctor or treating physician

We generally collect Personal Information direct from the Data Subject, such as where the Data Subject contacts us, has a conversation with a sales representative, creates an account with us, uses one of our health applications, participates in a promotion or competition, or participates in a clinical trial.  However, we may collect Personal Information from a third party where it is not reasonable or practical to collect the information from the Data Subject, or the Data Subject has consented to us obtaining the information from the third party, such as a doctor or pharmacist.

4.2    Anonymous Use.

When dealing with Mylan Australia, a Data Subject may choose not to identify himself or herself, to use a pseudonym, or not to provide us with some or all of their Personal Information. However, in any of these situations, such elections may affect Mylan Australia’s ability to provide the products, services, information or assistance requested.

Where you elect to use a pseudonym or use a Mylan Australia website anonymously, we may subsequently contact you and require details of your true identity if we need them to fulfil any legal requirements.

4.3    Use and Disclosure of Personal Information.

4.3.1 Generally.

We use Personal Information to:

  • Efficiently administer, manage and deliver our products and/or services including through our websites and patient monitoring systems;
  • provide information about other products and/or services that may be of benefit to the Data Subject;
  • respond to any queries or complaints or reports of data security incidents;
  • statistically analyse the distribution of our products;
  • * facilitate our internal business operations, including fulfilment of any legal requirements (for example, submitting suspected Adverse Drug Reaction(s) to the Office of Product Review (“OPR”) in compliance with the Therapeutic Goods Administration requirements or where legally required by law enforcement agencies or government auditors;
  • conduct clinical trials, with the consent of participants; and
  • conduct research in a de-identified manner relevant to public health and/or safety, to compile and analyse statistics relevant to public health, all in a manner permitted by Australian law, where the information you have provided is health information.

We may disclose a Data Subject’s Personal Information:

  • to our agents, contractors or third party service providers that provide financial, legal, administrative, data processing or other services in connection with the operation of our business, including the management of our patient monitoring systems for example mailing houses, software developers, IT maintenance providers and solicitors, and medical management service providers;
  • together with the sale or transfer of one of Mylan Australia’s products or services, to another person or entity (to enable continuity of supply of that product or service);
  • where acting in good faith, we believe that the law requires or permits us to do so (e.g., to law enforcement agencies, OPR or government auditors); or
  • with the Data Subject’s consent.

4.3.2 Overseas disclosures

The collection, use, and disclosure of information contemplated in this Privacy Policy may involve a disclosure or transfer of the information to other countries.

Mylan Australia shares Personal Information with Mylan N.V. based in the Netherlands and the UK and its affiliates. These affiliates include Mylan Inc., which is based in the United States. These companies are in countries which may not offer the same level of protection for Personal Information as  Australian privacy laws. However, Mylan Australia does take reasonable steps to ensure that Personal Information is transferred, stored and processed in a secure manner, and that the rights of Data Subjects are respected in a manner that is consistent with Australian Privacy Principles.

Mylan Australia may transfer or disclose Personal Information to recipients outside of Australia, including, but not limited to, Singapore, India, United Kingdom, Ireland, the United States and Germany. This includes for the purposes of hosting its databases and storing its data on third party servers. If this happens, you will be informed of and where necessary, asked to consent to such transfers and disclosures in accordance with this Privacy Policy.

4.3.3 Direct marketing and opting out

Mylan Australia may, after obtaining express prior consent or in appropriate circumstances via inferred consent, use and disclose information, including Personal Information, to communicate with a Data Subject (for example, via email, SMS or phone) about its current or new products and services that may be useful or relevant to recipients. Mylan Australia does not rent, sell or share Personal Information about Data Subjects with other people or non-affiliated companies for their direct marketing purposes. Any Data Subject who does not wish to receive direct marketing from Mylan Australia in the future may opt out of receiving such communications at any time by following the opt out instructions set out in the relevant communication or by contacting the Privacy Officer using the details set out in section 4.7.

4.4    Information Security

We take reasonable steps to protect your Personal Information from misuse, loss, unauthorised access, modification or disclosure.

Personal Information is stored securely whether in an electronic or physical form. For example, only staff needing access to the information are allowed access. Personal Information is stored in secured premises or in electronic databases requiring logins and passwords. Personal Information will be permanently de-identified or destroyed if it is no longer required for any purpose set out in section 4.3 or for which we may otherwise use or disclose it, or when we are no longer required to keep it. Some information, particularly health information, must be kept for a number of years to comply with legal requirements, such as health records legislation.

If a Data Subject believes that any of their Personal Information that we may hold about them has been the subject of a data breach or has otherwise been unlawfully accessed, used or disclosed, you should notify us immediately so that we can take appropriate steps to ensure its security.

4.5    Access and Correction

We try to ensure that all the Personal Information about you that we collect, hold, use or disclose, is relevant, accurate, complete and current. Data Subjects must promptly notify us if there are any changes to their Personal Information.

Data Subjects can at any time request access to or correction of their Personal Information by contacting our Privacy Officer on the details in section 4.7 below. Mylan Australia will process such requests within a reasonable time without charge. Data Subjects may also ask to correct or delete Personal Information that they believe is irrelevant to the purposes set out in section 4.3, inaccurate, incomplete or out-of-date.

Mylan Australia may need to verify a Data Subject’s identity before giving access to or correcting their Personal Information. We will respond to such requests in a reasonable time, usually within 30 days.

Mylan Australia will provide Data Subjects with access to their Personal Information unless an exception in the Privacy Act or applicable health records legislation applies.

Mylan Australia will generally correct Personal Information on request or if we are otherwise satisfied the information is inaccurate, incomplete, out-of-date, irrelevant, or misleading. If we refuse a Data Subject access to or correction of their Personal Information in response to a request, we will notify the Data Subject in writing of our decision and our reasons (unless it would be unreasonable to do so) and how to appeal such decision. If we refuse to correct Personal Information, the Data Subject may ask us to record a statement with that Personal Information indicating what they believe is incorrect.

4.6    Questions or Complaints

Data Subjects wishing to make a complaint in relation to the handling of their Personal Information or access or request refusals should contact our Privacy Officer on the details in section 4.7 below. Mylan Australia will need details about the nature of the complaint and will need to verify the Data Subject’s identity. We will investigate your complaint and respond within a reasonable period and generally within 30 days. We may need to request more information.

Data Subjects who are not satisfied with our response to a complaint can contact the Office of the Australian Information Commissioner on the details below:

Office of the Australian Information Commissioner
Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
Online form: (Privacy Complaint Form)

4.7    Contact Details

If you have any questions, concerns or complaints about our privacy policy or practices you're your privacy, or would like more information please contact Mylan Australia’s Privacy Officer by post, phone or email at:

Privacy Officer
C/ General Counsel Australia and New Zealand
Mylan Australia
PO Box R1462
Royal Exchange Post Office
NSW 1225
Tel 02 9298 3999
Fax 02 9566 4686


Mylan Australia may amend and update this Privacy Policy at any time including to reflect changes to its legal obligations, business or information handling practices. Any amendments will apply when the revised version of this Privacy Policy is posted on our website (or when the amendments are otherwise notified to you, if earlier). The continued use and/or accessing of our website, systems, services or products after the posting (or notification) of the new version of the Privacy Policy will be deemed to indicate your acceptance of it. Mylan Australia may in certain circumstances provide you with a separate privacy collection notice which may also reflect the amendments.

Last Updated  30/10/2018