HeraMED Limited (ABN 65 626 295 314) (“HeraMED”) and its related entities are committed to protecting the privacy of personal information. Personal information is defined under the Privacy Act 1988 (Cth) (“Privacy Act”). All people and organisations working with and for HeraMED are required to be familiar with and to comply with the obligations set out in this Policy. Your use of HeraMED’s web site and/or web services evidences your consent to HeraMED’s collection, use and disclosure of personal information in the manner set out below.
The personal information we collect includes, but is not limited to:
- Personal information for employment, customer and marketing purposes such as full name, postal address, phone and fax numbers and email addresses.
- Personal information relating to a person’s business or professional capacity such as ABN/ACN, position, organisation, postal address, phone and fax numbers and email addresses.
- Transactional information such as credit card details or bank details.
- Personal information for Human Resources, Finance and general entity administration purposes for employees and contractors.
- Personal information for the purpose of organising, inviting and holding an event with HeraMED or its related entities.
How we collect personal information
- Directly from the person and/or the company they represent that we are interacting with to provide advice, services, materials and/or resources, employment opportunities or company information. This information can be collected in hard copy forms, online or by email, post, facsimile, face to face, over the phone or through our reseller channel, including wholesalers and partners.
- Enquiries made to external parties in order to provide advice, services, materials and/or resources, employment opportunities or company information, for example reference checks for employment purposes.
- From publicly available information.
How we store and secure personal information
- We take reasonable steps to maintain the security of personal information to protect it from unauthorised disclosures.
- Information in hard copy format is stored in our secure offices secured by swipe passes, lock and key cabinets or rooms, and password protected rooms.
- Information in electronic format is stored securely on our secure servers or in accredited systems that meet security and privacy standards.
The use of personal information
- HeraMED will not sell, rent or lease customer lists or other personal information to third parties. Personal information will not be distributed, shared or passed on to any third party unless consent has been granted by the individual or organisation, or HeraMED is required to do so by law.
- HeraMED uses this information to provide our core services to our customers, market our services and our brand to the industry and potential customers, recruit employees, have productive working relationships with our employees, and to engage with partners and third party service providers.
- We may share personal information with HeraMED’s related entities (including our overseas subsidiaries in Israel and the United States) or to third parties such as our vendors or suppliers who provide us with goods or services, our clients (who may be located overseas) or our professional advisers, where permitted by the Privacy Act.
How to access or correct your personal information or make a privacy complaint
HeraMED is transparent and accountable for the limited personal information that we collect and aim to maintain the accuracy and quality of this information. Should you wish to access or correct your personal information we hold, please contact HeraMED via firstname.lastname@example.org or +61 2 8379 2961. You may also use these contact details to notify us of a privacy complaint if you think we have failed to comply with our obligations under the Australian Privacy Principles. If a complaint is made, it will be thoroughly assessed in a timely manner and any breach will be rectified, where practicable and possible. All complaints will be taken seriously and will feed into continual processes for reviewing and improving privacy.
HeraMED may, at its discretion, update or revise this Policy from time to time. Please check our website www.hera-med.com for the current version of this Policy.
Data Breach Reporting
The Privacy Act and General Data Protection Regulation (Regulation (EU) 2016/679) requires that reasonable and appropriate protection is made around information, including personal information and customer data (“Information”), and that certain data breaches are reported to the relevant authorities. HeraMED may collect and store Information to enable HeraMED to provide services to its customers. That Information may be held in various forms and transmitted through systems controlled by HeraMED or its customers.
In the event a data breach occurs or, a data breach is suspected, HeraMED will follow this Policy and the below Response Plan to contain, assess and respond appropriately.
- Initial notification: If personnel become aware of an actual or suspected data breach they must immediately notify the Privacy Officer with information regarding the data breach.
- Preliminary assessment: The Privacy Officer shall notify the relevant personnel to collate information regarding the data breach.
- Assessment of Risk: The Privacy Officer in conjunction with management will assess the severity of the data breach based on the information received.
- Notification: The Privacy Officer in conjunction with management will consider whether notification to the relevant authority and/or affected individuals is required and, if notification is required, make that notification.
- Review: HeraMED will undertake an internal review of the circumstances to consider if further action is required.