Link Medical Products Pty Limited ABN 73 010 971 516 (“Clinigen”) respects your privacy and is committed to protecting your Personal Information. This Privacy Statement (“Statement”) aims to give you information on how Clinigen collects, uses, discloses and handles personal Information in relation to the PV Purposes (defined below) and to tell you about your privacy rights and how the law protects you.

It is important that you read this Privacy Statement together with any other privacy notice or collection notice we may provide on specific occasions when we are collecting or handling Personal Information about you or others (such as your patients) so that you are fully aware of how and why we are using this data.

This PV privacy policy supplements the other notices/statements and is not intended to override them. We have a separate general Privacy Policy which addresses how we handle your data – see our main Privacy Policy.

Who we are

This Statement is issued on behalf of Link Medical Products Pty Limited so when we mention “Clinigen”, “we”, “us” or “our” in this Statement, we are referring to the relevant company in the Clinigen Group responsible for processing your data. Clinigen is assumed to be the controller of data collected under this Statement.

If you have any questions about this Statement, including any requests to exercise your legal rights, please contact us using the details set out below.

Link Medical Products Pty Limited

dataprivacyofficer@linkhealthcareasia.com

You have the right to make a complaint at any time to the Office of the Australian Information Commissioner (OAIC), the Australian regulator for data protection (https://www.oaic.gov.au/). We would, however, appreciate the opportunity to address your concerns with you before you approach the OAIC so please contact us in the first instance.

Pharmacovigilance

Clinigen develops and supplies medicines for human use (“Clinigen Commercial Products”). Clinigen has a legal responsibility to monitor the safety of all of its Clinigen Commercial Products in each country globally where they are supplied. This includes monitoring adverse reactions or events (side effects) associated with the use of the Clinigen Commercial Products which is called Pharmacovigilance (“PV”). PV requirements exist to allow us and competent regulatory authorities (such as the Therapeutic Goods Administration (TGA) in Australia, and other international regulatory authorities) to collate adverse events, identify new side effects, provide accurate and up to date safety information and ensure continued public health protection.

Our PV obligations require us to process certain information, which allow to directly or indirectly identify a person, (“Personal Information”) of a patient and/or the reporter of an adverse event that we receive in order to comply with strict obligations to perform benefit-/risk assessments of Clinigen Commercial Products continuously and report suspected adverse reactions or events to relevant regulatory authorities.

This Statement provides important information to you about how we process Personal Information for PV Purposes, in line with our obligations under applicable data privacy laws and in particular the Privacy Act 1988 (Cth).

All Personal Information is processed exclusively for PV Purposes and only where relevant and appropriate to do so in accordance with our PV obligations.

Why we collect Personal Information

In order to meet our PV obligations in respect of the Clinigen Commercial Products, we may process Personal Information to:

  • I. investigate the adverse event;
  • II. contact a patient or their Healthcare Professional for further information about the adverse event being reported;
  • III. collate the information about the adverse event with information about other adverse events received by Clinigen to analyse the safety of the Clinigen product, or active ingredient; and provide mandatory reports to national and/or regional competent regulatory authorities so that they can analyse the safety of a production batch, Clinigen Commercial Product, generic or active ingredient, (together the “PV Purposes”)

Therefore, we process Personal Information, including sensitive information (such as health information), in accordance with the Privacy Act 1988 (Cth) and in order to comply with legal obligations under applicable PV laws and regulations such as the Therapeutic Goods Act 1989 (Cth). PV law has been issued for reasons of substantial public interest in the area of public health and safety of medicinal products or medical devices.

Where required by law, we will collect and handle sensitive information in accordance with the Privacy Act 1988 (Cth) and Australian Privacy Principle 3, including relying on the public health and safety exceptions permitted under Australian Privacy Principle 6.2(c) and section 16B of the Privacy Act 1988 (Cth).

The data we collect

The Personal Information we may need to process (including collecting, storing or otherwise using and transferring) includes contact data and medical/health data such as the following:

I. About the Patient

  • patient name and / or initials;
  • date of birth / age group, sex, weight, height;
  • information about health, racial or ethnic origin and sexual life; medical history and status, which may for example include:
    • details of other medicines or remedies you are taking or were taking at the time of the adverse event, including the dosage you have been taking or were prescribed, the period of time you were taking that medicine, the reason you have been taking that medicine and any subsequent change to your regimen;
    • other medical history considered relevant by the reporter, including documents such as lab reports, medication histories and patient histories.
  • information of the product causing the reaction, including the dosage you have been taking or were prescribed, the reason you have been taking or were prescribed the product and any subsequent change to your usual regimen; and
  • details of the adverse reaction you suffered, the treatment you received for that reaction, and any long-term effects the reaction has caused to your health.

Some of this information is classified as “sensitive information” under the Privacy Act 1988 (Cth). This includes any information about a person’s:

  • health;
  • racial or ethnic origin;
  • religious beliefs or affiliations; and
  • sexual orientation or practices.

This information is only processed where relevant and necessary to document your reaction properly and for the purpose of meeting our pharmacovigilance, safety and any other legal requirements. These requirements exist to allow us and competent authorities to evaluate adverse events and make efforts to prevent similar events from happening in the future.

II. About the Reporter:

We collect information about you when you provide us with information in relation to an adverse event you report.

Pharmacovigilance laws require us to ensure that adverse events are traceable and available for follow-up. As a result, we must keep sufficient information about reporters to allow us to contact you once we have received the report. The Personal Information we collect about you when you report an adverse event is your:

  • name;
  • contact details (which may include your address, e-mail address, phone number or fax number);
  • profession (this information may determine the questions you are asked about an adverse event, depending on your assumed level of medical knowledge); and
  • relationship with the subject of the report.

Where you are also the subject of a report, this information may be combined with the information you provide in relation to your reaction.

How is Personal Information collected and used?

We use different methods to collect Personal Information in order to fulfil our PV obligations, these include gathering information received via emails, phone calls, completion of website forms, regulatory authorities.

Personal Information is used solely to enable us to comply with our PV obligations. This means we may use Personal Information by sharing and/or disclosing Personal Information:

  • within Clinigen in order to analyse and process a reported adverse event;
  • with competent regulatory authorities, in respect of a suspected adverse reaction;
  • with third party service providers of Clinigen; these service providers may include safety database providers, call centre operators, and in the event that you disclose details of your suspected adverse reaction to our market researchers, that particular market research provider;
  • with other pharmaceutical companies who are our co-marketing, co-distribution, or other license partners where PV obligations for a Clinigen Commercial Products require such exchange of safety information or to respond to their questions about the product;
  • with a third party successor in business in the event of a sale, assignment or transfer of a specific Clinigen Commercial Products;
  • when publishing information about adverse events (such as case studies and summaries); in such cases, we will remove identifiers from any publication to keep an individual’s identity private.

We require all third parties to respect the security of Personal Information and to treat it in accordance with the law. We do not allow our third-party service providers to use Personal Information for their own purposes and only permit them to process Personal Information for specified purposes and in accordance with our instructions.

We do not sell your Personal Information.

International transfers

Whilst we do not routinely do so, we may share Personal Information within the Clinigen Group. This will involve transferring your data outside Australia.

We ensure Personal Information is protected by requiring all our group companies to follow the same rules when processing Personal Information.

Many of our external third parties are based outside Australia, and as a result their processing of Personal Information will involve a transfer of data outside Australia. Whenever we transfer Personal Information out of Australia, we will take reasonable steps to ensure that a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • we will only transfer Personal Information to a country where there is an applicable finding that such country provides an adequate level of protection for Personal Information.
  • entering into agreements with overseas recipients to ensure they handle Personal Information in a way that is consistent with the Privacy Act 1988 (Cth).

Please contact us if you want further information on how we protect Personal Information when transferring Personal Information Data out of Australia.

How secure is my data?

We have put in place appropriate security measures to prevent Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to Personal Information to those employees, agents, contractors and other third parties who have a legitimate business need to know. They will only process Personal Information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so under the Privacy Act 1988 (Cth), including under the Notifiable Data Breaches Scheme.

How long will you use my Personal Information for?

We will only retain Personal Information for as long as reasonably necessary to fulfil the PV Purposes, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of Personal Information, the purposes for which we process Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. For PV related information, mandatory requirements oblige us to archive PV information which may include Personal Information at least for the duration of the product life-cycle and for an additional ten years after the respective medicinal product has been taken from the market.

In some circumstances we may anonymise Personal Information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

How to exercise your rights

If you wish to exercise any of the other rights set out above, please contact dataprivacyofficer@linkhealthcareasia.com.

You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee to cover administrative costs if your request is clearly unfounded, repetitive or excessive. In certain cases, we may refuse to comply with your request where we are permitted to do so under the Privacy Act 1988 (Cth).

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Information (or to exercise any of your other rights). This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. Any Personal Information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification (unless we notify you otherwise and obtain your approval accordingly).

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Where to seek further advice

If you have any questions regarding this Privacy Statement or any related issue, you should contact dataprivacyofficer@linkhealthcareasia.com