1. Purpose of this policy
The purpose of this policy is to provide an outline of Nanosonics’ stance on privacy. This policy explains how and why Nanosonics manages Personal Information about you.
2. Nanosonics' Privacy Statement
If you are an individual to whom the GDPR or the California Consumer Privacy Act applies, you are subject to the additional provisions appearing in the Country Specific Addendums to this policy.
For the purposes of the GDPR, Nanosonics is the data controller. Our contact details are set out below.
Where relevant, this policy applies to all members of the Nanosonics Group and Nanosonics Staff. Additional policies may apply to other jurisdictions.
|Term||Definition / Description|
|Nanosonics or Nanosonics Group||Nanosonics Limited (ABN 11 095 076 896) and its controlled entities.|
Any of the following individuals:
|Personal Information||Means, in general, information about an identified individual, or about an individual who is directly or indirectly identifiable. Personal information may be further defined under applicable laws. For example, in Australia, Personal Information includes an opinion about an identified individual, or about an individual who is reasonably identifiable.|
|Sensitive Information||Means a sub-set of Personal Information, and in general includes information about an individual’s racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, sexual orientation or practices, and includes health information, biometric information and genetic information. Sensitive Information may be further defined under applicable laws. For example, in Australia, Sensitive Information includes information or an opinion about the characteristics described above, as well as about an individual's political associations, religious affiliations, professional memberships or associations and criminal record.|
The types of Personal Information that we process (which varies depending on your relationship with us) may include the following:
- Contact information, including full names, residential and postal addresses, email addresses, phone numbers and fax numbers.
- Business contact information, including job title, medical specialty, department and name of organisation.
- Names, usernames and passwords to use Nanosonics' product and services.
- Other information, including language preference and dates of birth.
There may be instances in which the Personal Information we collect, use or store includes Sensitive Information. We do not intend to collect Sensitive Information about visitors to our websites and will only collect information if and to the extent permitted or required by applicable law. Further, we do not intend, and our products and services are designed to minimise the possibility of, collecting any medical records related to any patients who are the ultimate users of our products and services.
5.1 How Nanosonics collects Personal Information and data
Nanosonics may collect Personal Information directly from you, or your authorised representative, including by collecting the information:
- via our website;
- via interactions with you in person (such as events or trade shows);
- if you contact us, correspond with us or otherwise provide information to us; and
- if you purchase and use products and services from us.
If we receive Personal Information from a third party that we have not requested (e.g. from a service provider), we will first determine whether or not we could have collected the Personal Information under this Policy. If we determine that we could have collected the Personal Information under this Policy, we will keep the information and deal with it in accordance with this Policy. If we determine that we could not have collected the information under this Policy, we will destroy or de-identify the information as soon as practicable if it is lawful and reasonable to do so in the circumstances.
5.2 How does Nanosonics use Personal Information
Nanosonics may use your Personal Information for the following business purposes:
- Administration: To perform administrative and operational tasks, which may include processing your purchase orders, customer care, providing you with access to our products and services, providing you with clinical training on our products and services, file management, risk management, and staff training.
- Clinical trials and scientific testing: For clinical trials, we may collect and use certain institutional details, clinical details, professional and practice details. This information is processed to administer and run such trials and testing, to make legally required notifications, to comply with regulatory requirements and other product regulations.
- Compliance with laws: Nanosonics may process Personal Information in order to comply with applicable law and regulation, including in connection with monitoring and reporting of adverse events and incidents, or to comply with other legal and regulatory requirements.
- Employment: Nanosonics may process Personal Information during the course of recruitment processes or to conduct reference checks. This is in order to provide Nanosonics with relevant information about the applicant. Consent will be sought and granted from the applicant prior to conducting any reference checks.
- Marketing and sales: Provided consent is obtained (where required by applicable law), to promote Nanosonics’ products and services in the market.
- Payment: To process payments in respect of goods and services provided.
- Product features: To enable traceability features and other product functionality (for example, using Personal Information to filter different users and present data relating to that user).
Where Personal Information needs to be used for any other purposes, including for sharing with the public or a third party for marketing purposes, Nanosonics will first ask for your consent.
5.5 How does Nanosonics disclose Personal Information
Nanosonics may disclose Personal Information to the following recipients:
- third parties who assist in providing our products and services and administering our business. These include IT and marketing technology hosting suppliers, sales platform providers, communication tool providers and service consultants;
- our auditors, and professional and legal advisors;
- organisations to whom we are required to disclose your Personal Information by law (for example, we may be required to disclose Personal Information to the police, regulators, government agencies or to judicial or administrative authorities). This may be for the purposes of monitoring and reporting of adverse events and incidents as required by law. We may also disclose your Personal Information to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our rights or protect your rights or those of others;
- to the extent you are a healthcare professional, to your facility, medical institution or your professional association or accrediting body and if you are involved in clinical trials and scientific testing, research ethics committees and regulators connected to such trial or testing; or
5.6 Third party material
Nanosonics’ websites may contain links to other sites for ease of reference. These links may have different security settings and privacy policies about the collection and use of Personal Information. Nanosonics does not take any responsibility for the security settings and privacy policies on these websites.
5.7 International data processing
We will store your data in Australia, the United States and Japan. The data protection laws of Australia, the United States and Japan may not be equivalent to those in your country of residence. If your Personal Information is accessed from or transferred to locations outside the jurisdiction in which you provide it, we will implement appropriate measures to ensure that your Personal Information remains protected and secure and otherwise comply with applicable data protection laws. Where relevant, we enter into European Union (EU) standard contractual clauses (or equivalent measures) with a party outside the EEA receiving the Personal Information. Transfer of data between Nanosonics entities is covered by EU standard contractual clauses that are in place between all Nanosonics entities that share and process Personal Information.
5.8 The period for which your Personal Information will be stored
We will only retain your Personal Information for as long as it is necessary for the purpose for which that information was collected and to the extent permitted by applicable laws. When we no longer need to use your Personal Information, we will remove it from our systems and records and / or take steps to promptly anonymise it so that you can no longer be identified from it (unless we need to keep your Personal Information to comply with legal or regulatory obligations to which we are subject). Customer data is retained for a period of 30 days from the date when a customer ceases to be a customer. During this period, Nanosonics will communicate with the customer giving notice that the customer’s data will be removed and will provide options to the customer if the customer wishes to obtain a copy of the data Nanosonics holds about them. If Nanosonics does not receive a response from the customer within 7 days of Nanosonics communicating with the customer, Nanosonics will remove the customer’s data.
5.9 Information security
Nanosonics is committed to protecting Personal Information against unauthorised use or disclosure. Personal Information can only be accessed by authorised personnel within Nanosonics. Personal Information may be stored in hardcopy or electronically. Nanosonics maintains physical security such as locks and security systems, and computer and network security such as passwords and controlled access.
5.10 Access and accuracy
Nanosonics will provide you with reasonable access to your Personal Information so you can review and correct it, or request that we do not use it. Nanosonics does not usually charge for this service and will respond to reasonable requests in an appropriate timeframe. If you wish to exercise your rights in accordance with applicable law, or to assist us to keep our records up-to-date, please contact us at [email protected].
5.11 Data breaches
If we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach in accordance with the timeframe and protocols required by applicable law. Where it is ascertained that a breach has actually occurred and where required by law, we will notify the applicable regulatory body or person and affected individuals as soon as practicable after becoming aware that a data breach has occurred.
We have procedures in place for dealing with complaints and concerns about our practices. Where relevant, we will respond to your complaint in accordance with applicable laws. If we fail to respond to a complaint in accordance with applicable laws or if you are dissatisfied with our response, you should discuss your concerns with an independent adviser or contact your national data protection authority or privacy regulator.
5.13 Contact us
For any questions about this policy and how Nanosonics has collected, used, held or disclosed Personal Information please contact us at [email protected] or call (+61) 2 8063 1600.
A copy of this policy is provided to all Nanosonics Staff. This policy is reviewed regularly. Any report of breaches under this policy will be investigated.
Country Specific Addendum - UK
1. Legal bases for processing
1.1 We may process your Personal Information for the purposes set out in the "How Does Nanosonics Use Personal Information" section above. If you are located in the UK or EEA, we are also required to identify a legal basis for holding and using your Personal Information for each purpose. These legal bases are:
(a) our legitimate interests in administering and operating our business, and enhancing the experience of our customers and users;
(b) performance of a contract to which you are subject or in order to take steps at your request prior to entering into a contract;
(c) compliance with legal obligations to which we are subject; and
(d) to the extent we send you marketing and promotional material, we will obtain your consent before doing so.
1.2 To the extent Nanosonics may process your Sensitive Information, we will do so on one of the following legal bases:
(a) the establishment, exercise or defence of legal claims;
(b) your explicit consent; or
(c) for reasons on public interest in the area of public health, such as ensuring high standards of quality and safety of health care and of medical devices, on the basis of law.
2. Your rights
2.1 You have the general rights in respect of your Personal Information that are set out in the "Access and accuracy" section above. If the GDPR applies to the processing of your Personal information by us, you also have the following rights to your Personal Information:
(a) Access. You have the right to request a copy of the Personal Information we are processing about you, which we will provide back to you in electronic form. This right may be subject to certain limitations.
(b) Rectification. You have the right to have incomplete or inaccurate Personal Information that we process about you rectified.
(c) Deletion. You have the right to request that we delete Personal Information that we process about you. However, this right does not apply in certain circumstances, such as if we need to retain such information in order to comply with a legal obligation or to establish, exercise or defend legal claims.
(d) Restriction. You have the right to request that we restrict our processing of your Personal Information where you believe such information to be inaccurate, our processing is unlawful or that we no longer need to process such information for a particular purpose. Where we are not able to delete the Personal Information due to a legal or other obligation or because you do not wish for us to delete it, we would take steps to restrict the processing of this Personal Information.
(e) Portability. You have the right to obtain Personal Information we hold about you, in a structured, electronic format, and to transmit such data to another data controller in certain circumstances, including where this is Personal Information which you have provided to us and if we are processing that information on the basis of your consent.
(f) Objection. Where the legal basis for our processing of your Personal Information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the Personal Information for the establishment, exercise or defence of a legal claim.
(g) Withdrawing Consent. Where we process Personal Information on the basis of your consent, you have the right to withdraw your consent. This withdrawal will not affect the lawfulness of our processing prior to any withdrawal.
Country Specific Addendum - USA
California Privacy Rights
1. California “Shine the Light” law
1.1 California Civil Code Section 1798.83, also known as California’s “Shine the Light” law, permits residents of California to request certain details about Personal Information we may disclose to third parties for direct marketing purposes. If you are a California resident and would like to request this information, please contact us as stated in the “Contact us” section.
2. California Consumer Privacy Act (“CCPA”)
The CCPA requires us to provide additional privacy-related information to residents of California.
2.1 CA Personally Identifiable Information. Consistent with the “What types of Personal Information might Nanosonics collect?” section above, we collect certain categories and specific pieces of information about individuals that are considered “Personal Information” in California under the CCPA (“CA Personal Information”). Specifically, we may collect the following types of CA Personal Information:
(a) Identifiers: full name, residential and postal addresses, email addresses, phone numbers and fax numbers, dates of birth; and
(b) Other personal information: business contact information, including job title, medical specialty, department and name of organisation; usernames and passwords to use Nanosonics' product; medical records; information about contractual dealings with other third parties; language preference, gender, family status, credit reports.
2.2 Sources. We may collect certain categories of CA Personal Information from you, your authorised representative and your device(s) via your use of our website and products and via interactions with you in person as described in the “How the company collect Personal Information and data” section above. We may also receive CA Personal Information about you from third parties.
2.3 Purposes. We collect CA Personal Information for the business purposes described in the “How does Nanosonics use Personal Information” section above. We also share and/or disclose your CA Personal Information as follows:
(a) Sharing your CA Personal Information for business purposes. As described in the “How does Nanosonics disclose Personal Information” section above, we may share the categories of your CA Personal Information listed above with third parties for our business purposes. Examples of business purposes include the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law, the protection of the public revenue, and preparation for, or conduct of, proceedings before any court or tribunal.
2.4 California Consumer Rights
(a) Subject to certain exceptions and qualifications, as a California resident, you have the right to: (i) request access to your CA Personal Information; (ii) request deletion of your CA Personal Information; (iii) request information about the CA Personal Information about you that we have “sold” (as such term is defined under California law), if any, to third parties within the past 12 months; and (iv) opt-out of the “sale” of your CA Personal Information (if applicable). To exercise your rights, or to have an authorized agent exercise them on your behalf, please contact us as stated in the “Contact us” section or as instructed below. Please note that, for your security, we will take steps to help verify your identity and/or the authorization of your authorized agent.
(b) Exercising California Consumer Rights. Should you wish to request the exercise of your rights as detailed above with regard to your CA Personal Information, we will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of products, based solely upon this request. Please contact us as stated in the “Contact us” section if you have questions or would like to exercise such rights.