Privacy Policy | Nanosonics

1. Purpose of this policy

The purpose of this policy is to provide an outline of Nanosonics’ stance on privacy. This policy explains how and why Nanosonics manages your Personal Information.

2. Nanosonics' Privacy Statement

Nanosonics ("Nanosonics", "we", "our", "us") is committed to protecting the privacy and security of all Personal Information provided to it. Nanosonics will only collect, use and disclose Personal Information in accordance with its Privacy Policy and applicable data protection laws. Nanosonics complies with applicable data protection laws, including (where relevant) the General Data Protection Regulation (GDPR), the Australian Privacy Act 1988 (Cth), the California Consumer Privacy Act (CCPA) and equivalent privacy laws in the territories in which Nanosonics operates.

Please note: If you are an individual to whom the GDPR or the CCPA applies, the additional provisions appearing in the Country Specific Addendums to this policy also apply to you.

For the purposes of the GDPR, Nanosonics is the data controller. Our contact details are set out below.

3. Scope

Where relevant, this policy applies to personal information regarding healthcare professionals, customers, other third party business associates, all members of the Nanosonics Group and Nanosonics Staff and others. Additional policies may apply to other jurisdictions.

4. Definitions

Term	Definition / Description
Nanosonics or Nanosonics Group	Nanosonics Limited (ABN 11 095 076 896) and its controlled entities.
Nanosonics Staff	Any of the following individuals: past and present directors, officers and employees of the Nanosonics Group; and contractors and consultants (and any employees of any contractor or consultant) to the Nanosonics Group whose terms of engagement apply this policy to them.
Personal Information	Means, in general, information about an identified individual, or about an individual who is directly or indirectly identifiable. Personal information may be further defined under applicable laws. For example, in Australia, Personal Information includes an opinion about an identified individual, or about an individual who is reasonably identifiable.
Sensitive Information	Means a sub-set of Personal Information, and in general includes information about an individual’s racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, sexual orientation or practices, and includes health information, biometric information and genetic information. Sensitive Information may be further defined under applicable laws. For example, in Australia, Sensitive Information includes information or an opinion about the characteristics described above, as well as about an individual's political associations, religious affiliations, professional memberships or associations and criminal record.

5. Nanosonics Privacy Policy

What types of Personal Information might Nanosonics collect?

The types of Personal Information that we process (which varies depending on your relationship with us) may include the following:

Contact information, including full names, residential and postal addresses, email addresses, phone numbers and fax numbers.
Business contact information, including job title, medical specialty, department and name of organisation.
Names, usernames and passwords to use Nanosonics' product and services.
Other information, including language preference and dates of birth.

There may be instances in which the Personal Information we collect, use or store includes Sensitive Information. We do not intend to collect Sensitive Information about visitors to our websites and will only collect information if and to the extent permitted or required by applicable law. Further, we do not intend, and our products and services are designed to minimise the possibility of, collecting any medical records related to any patients who ultimately benefit from the use of our products and services.

You are not required to provide personal information to us, but in some instances, we might not be able to provide all of our services to you without your personal information.

How Nanosonics collects Personal Information

Nanosonics may collect Personal Information directly from you, or your authorised representative, including by collecting the information:

via our website;
via your use of Nanosonics apps and services;
via interactions with you in person (such as events or trade shows);
if you contact us, correspond with us or otherwise provide information to us; and
if you purchase and use products and services from us.

If we receive Personal Information from a third party that we have not requested (e.g. from a service provider), we will first determine whether or not we could have collected the Personal Information under this Policy. If we determine that we are entitled to collect the Personal Information under this Policy, we will keep the information and deal with it in accordance with this Policy. If we determine that we could not have collected the information under this Policy, we will destroy or anonymise the information as soon as practicable if it is lawful and reasonable to do so in the circumstances.

How does Nanosonics use Personal Information

Nanosonics may use your Personal Information to the extent necessary to provide products and services for our customers, employees, and others. Subject to applicable laws, we may collect, use, process and disclose relevant portions of your personal information for the following business purposes:

Administration: To perform administrative and operational tasks, which may include processing your purchase orders, customer care, providing you with access to our products and services, providing you with clinical training on our products and services, file management, risk management, and staff training.
Clinical trials and scientific testing: For clinical trials, we may collect and use certain institutional details, clinical details, professional and practice details. This information is processed to administer and run such trials and testing, to make legally required notifications, to comply with regulatory requirements and other product regulations.
Compliance with laws: Nanosonics may process Personal Information in order to comply with applicable law and regulation, including in connection with monitoring and reporting of adverse events and incidents, or to comply with other legal and regulatory requirements.
Employment: Nanosonics may process Personal Information during the course of recruitment processes or to conduct reference checks. This is in order to provide Nanosonics with relevant information about the applicant. Consent will be sought and granted from the applicant prior to conducting any reference checks.
Marketing and sales: With your consent (where required by applicable law), to promote Nanosonics’ products and services to you such as contacting you with offers and other information related to our products, services and events that we think you may be interested in.
Payment: To process payments in respect of goods and services provided.
Product features: To enable traceability features and other product functionality (for example, using Personal Information to filter different users and present data relating to that user).

Where Personal Information needs to be used for any other purposes, including for sharing with the public and/or a third party for marketing purposes, Nanosonics will seek your consent expressly in accordance with applicable laws.

How does Nanosonics use cookies

‘Cookies’ are very small text files that are stored on your computer when you visit a website. We use cookies for a variety of purposes and to enhance your online experience on our website. Nanosonics may use cookies to record the date and time that the Nanosonics websites were accessed. Some cookies are essential to ensure website functionality, whilst all others can be disabled. The Nanosonics website remains accessible when non-essential cookies are disabled.

Please see our separate cookies policy available at: https://www.nanosonics.com/policies/cookies.

How does Nanosonics disclose Personal Information

Nanosonics may disclose Personal Information to the following recipients:

third parties who assist in providing our products and services and administering our business. These include IT and marketing technology hosting suppliers, sales platform providers, communication tool providers and service consultants;
our auditors, and professional and legal advisors;
organisations to whom we are required to disclose your Personal Information by law (for example, we may be required to disclose Personal Information to the police, regulators, government agencies or to judicial or administrative authorities). This may be for the purposes of monitoring and reporting of adverse events and incidents as required by law.
third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our rights or protect your rights or those of others;
to the extent you are a healthcare professional, to your facility, medical institution or your professional association or accrediting body and if you are involved in clinical trials or scientific testing, research ethics committees and regulators connected to such trial or testing; or
with the Nanosonics Group, including our controlled entities, in order to administer our services and products, process your payments, send you information about products and services that may be of interest to you, and conduct the other activities described in this Privacy Policy.

Third party material

Nanosonics’ websites may contain links to other sites for ease of reference. These links may have different security settings and privacy policies about the collection and use of Personal Information. Nanosonics does not take any responsibility for the security settings and privacy policies on these websites.

International data processing

Like most international businesses, certain aspects of our data processing activities will result in the transfer of your personal information from one country to another. The jurisdictions where that information will be processed may or may not have laws that seek to preserve the privacy of personal information. Nevertheless, whenever your personal information is transferred within Nanosonics, your personal information will be processed in accordance with the terms and conditions of this Policy and all applicable laws.

We will store your data in Australia, the United States, and/or Japan. The data protection laws of Australia, the United States and Japan may not be equivalent to those in your country of residence. If your Personal Information is accessed from or transferred to locations outside the jurisdiction in which you provide it, we will implement appropriate measures to ensure that your Personal Information remains protected and secure and otherwise comply with applicable data protection laws. Where relevant, we enter into European Union (EU) standard contractual clauses (or equivalent measures) with a party outside the EEA receiving the Personal Information. Transfer of data between Nanosonics entities is covered by standard contractual clauses that are in place between all Nanosonics entities that share and process Personal Information.

The period for which your Personal Information will be stored

We will only retain your Personal Information for as long as it is necessary for the purpose for which that information was collected and to the extent permitted by applicable laws.

Personal Information of a Nanosonics’ customer is retained for a period of 30 days from the date when the customer notifies us that they are no longer a customer and requests their Personal Information to be removed. During this period, Nanosonics will communicate with the customer giving notice that their Personal Information will be removed and will provide options to the customer if the customer wishes to obtain a copy of the Personal Information Nanosonics holds about them. If Nanosonics does not receive a response from the customer within 7 days of Nanosonics communicating with the customer, Nanosonics will remove the customer’s Personal Information, unless we are required to retain it for legal reasons.

Otherwise, when we no longer need to use your Personal Information, we will remove it from our systems and records and / or take steps to promptly anonymise it so that you can no longer be identified from it (unless we need to keep your Personal Information to comply with legal or regulatory obligations to which we are subject).

Information security

Nanosonics is committed to protecting your Personal Information against unauthorised use or disclosure. Personal Information that Nanosonics deals with can only be accessed by authorised personnel within Nanosonics. Personal Information may be stored in hardcopy or electronically. Nanosonics has technical and organisational security measures in place including locks and security systems, and computer and network security such as passwords and controlled access.

Access and accuracy

Nanosonics will provide you with reasonable access to your Personal Information so you can review and correct it, or request that we do not use it. Nanosonics does not usually charge for this service and will respond to reasonable requests in an appropriate timeframe. If you wish to exercise your rights in accordance with applicable law, or to assist us to keep our records up-to-date, please contact us at [email protected].

Data breaches

If we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach in accordance with the timeframe and protocols required by applicable law. Where it is ascertained that a breach has actually occurred and where required by law, we will notify the applicable regulatory body or person and affected individuals as soon as practicable after becoming aware that such data breach has occurred.

Complaint

We have procedures in place for dealing with complaints and concerns about our practices. Where relevant, we will respond to your complaint in accordance with applicable laws.

If we fail to respond to a complaint in accordance with applicable laws or if you are dissatisfied with our response, you should discuss your concerns with an independent adviser or contact your national data protection authority or privacy regulator.

Contact us

For any questions about this policy and how Nanosonics has collected, used, held or disclosed Personal Information please contact our Data Protection Officer at [email protected] or call (+61) 2 8063 1600.

6. Compliance

A copy of this policy is provided to all Nanosonics Staff. This policy is reviewed regularly. Any report of any breaches under this policy will be investigated.

Country Specific Addendum – UK and EU GDPR

1. Legal bases for processing

1.1. We may process your Personal Information for the purposes set out in the "How Does Nanosonics Use Personal Information" section above. If you are located in the UK or EEA, we are also required to identify a legal basis for holding and using your Personal Information for each purpose. These legal bases are:

(a) our legitimate interests in administering and operating our business, and enhancing the experience of our customers and users;

(b) performance of a contract to which you are subject or in order to take steps at your request prior to entering into a contract;

(d) to the extent we send you marketing and promotional material, we will obtain your consent before doing so.

1.2 To the extent Nanosonics may process your Sensitive Information, we will do so on one of the following legal bases:

(a) the establishment, exercise or defence of legal claims;

(b) your explicit consent; or

(c) for reasons on public interest in the area of public health, such as ensuring high standards of quality and safety of health care and of medical devices, on the basis of law.

2. Your rights

2.1. You have the general rights in respect of your Personal Information that are set out in the "Access and accuracy" section above. If the GDPR applies to the processing of your Personal Information by us, you also have the following rights to your Personal Information:

(a) Access. You have the right to request a copy of the Personal Information we are processing about you, which we will provide back to you in electronic form. This right may be subject to certain limitations.

(b) Rectification. You have the right to have incomplete or inaccurate Personal Information that we process about you rectified.

(c) Deletion. You have the right to request that we delete Personal Information that we process about you. However, this right does not apply in certain circumstances, such as if we need to retain such information in order to comply with a legal obligation or to establish, exercise or defend legal claims.

(d) Restriction. You have the right to request that we restrict our processing of your Personal Information where you believe such information to be inaccurate, our processing is unlawful or that we no longer need to process such information for a particular purpose. Where we are not able to delete the Personal Information due to a legal or other obligation or because you do not wish for us to delete it, we would take steps to restrict the processing of this Personal Information.

(e) Portability. You have the right to obtain Personal Information we hold about you, in a structured, electronic format, and to transmit such data to another data controller in certain circumstances, including where this is Personal Information which you have provided to us and if we are processing that information on the basis of your consent.

(f) Objection. Where the legal basis for our processing of your Personal Information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the Personal Information for the establishment, exercise or defence of a legal claim.

(g) Withdrawing Consent. Where we process Personal Information on the basis of your consent, you have the right to withdraw your consent. This withdrawal will not affect the lawfulness of our processing prior to any withdrawal.

3. GDPR Representatives

UK GDPR Representative:	EU GDPR Representative:
Nanosonics Europe Limited Unit 2, Linfit Court, Colliers Way Clayton West, Huddersfield West Yorkshire HD8 9WL United Kingdom Email: [email protected]	Nanosonics Europe GmbH Poppenbütteler Bogen 66 22399 Hamburg Germany Email: [email protected]

UK GDPR Representative:

EU GDPR Representative:

Nanosonics Europe Limited
Unit 2, Linfit Court, Colliers Way
Clayton West, Huddersfield
West Yorkshire HD8 9WL
United Kingdom

Email: [email protected]

Nanosonics Europe GmbH
Poppenbütteler Bogen 66
22399 Hamburg
Germany

Email: [email protected]

Country Specific Addendum - USA

California Privacy Rights

1. California “Shine the Light” law

1.1 California Civil Code Section 1798.83, also known as California’s “Shine the Light” law, permits residents of California to request certain details about their Personal Information we may disclose to third parties for direct marketing purposes. If you are a California resident and would like to request this information, please contact us as stated in the “Contact us” section.

2. California Consumer Privacy Act (“CCPA”)

The CCPA requires us to provide additional privacy-related information to residents of California.

CCPA Disclosures

2.1. CA Personally Identifiable Information. Consistent with the “What types of Personal Information might Nanosonics collect?” section above, we collect certain categories and specific pieces of information about individuals that are considered “Personal Information” in California under the CCPA (“CA Personal Information”). Specifically, we may collect the following types of CA Personal Information:

(a) Identifiers: including: full name, residential and postal addresses, email addresses, phone numbers and fax numbers, dates of birth; and

(b) Other personal information: including: business contact information, including job title, medical specialty, department and name of organisation; usernames and passwords to use Nanosonics' product; medical records; information about contractual dealings with other third parties; language preference, gender, family status, credit reports.

2.2. Sources. We may collect certain categories of CA Personal Information from you, your authorised representative and your device(s) via your use of our website and products and via interactions with you in person as described in the “How Nanosonics collects Personal Information” section above. We may also receive CA Personal Information about you from third parties.

2.3 Purposes. We collect CA Personal Information for the business purposes described in the “How does Nanosonics use Personal Information” section above. We also share and/or disclose your CA Personal Information as follows:

(a) Sharing your CA Personal Information for business purposes. As described in the “How does Nanosonics disclose Personal Information” section above, we may share the categories of your CA Personal Information listed above with third parties for our business purposes. Examples of business purposes include the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law, the protection of the public revenue, and preparation for, or conduct of, proceedings before any court or tribunal.

(b) We do not share your CA Personal Information with the parties listed in this Privacy Policy in a manner that constitutes a “sale” under California law.

2.4 California Consumer Rights

(a) Subject to certain exceptions and qualifications, as a California resident, you have the right to: (i) request access to your CA Personal Information; (ii) request deletion of your CA Personal Information; (iii) request information about the CA Personal Information about you that we have “sold” (as such term is defined under California law), if any, to third parties within the past 12 months; and (iv) opt-out of the “sale” of your CA Personal Information (if applicable). To exercise your rights, or to have an authorized agent exercise them on your behalf, please contact us as stated in the “Contact us” section or as instructed below. Please note that, for your security, we will take steps to help verify your identity and/or the authorization of your authorized agent.

(b) Exercising California Consumer Rights. Should you wish to request the exercise of your rights as detailed above with regard to your CA Personal Information, we will not discriminate against you by offering you different pricing or products, or by providing you with a different level or quality of products, based solely upon this request. Please contact us as stated in the “Contact us” section if you have questions or would like to exercise such rights.