HARTMANN is required by the Privacy Act 1988 (Cth) (the “Privacy Act”) to comply with ten National Privacy Principles ("NPPs") or (on and after 12 March 2014) the thirteen Australian Privacy Principles ("APPs") (subject to the other provisions of that Act). The NPPs and APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.
Personal information is information or an opinion, in any form and whether true or not, about an identified individual, or an individual who is reasonably identifiable.
Special provisions apply to the collection of personal information which is sensitive information. This includes health information and information about a persons' race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual orientation and criminal history.
Health information is defined in the Privacy Act to relevantly include:
(a) information or an opinion about:
(i) the health or a disability (at any time) of an individual; or
(ii) an individual's expressed wishes about the future provision of health services to him or her; or
(iii) a health service provide, or to be provided, to an individual;
that is also personal information.
An example of health information is information contained in a patient's hospital records.
HARTMANN will only collect sensitive information if the individual about whom the information relates has consented to the collection of the information or if the collection is otherwise permitted under the Privacy Act.
The type of sensitive information HARTMANN may collect can include (but is not limited to) a patient's medical condition. We collect this type of information to allow us to provide the correct product from our range.
Any health information we receive about patients is collected and held in strict confidence. HARTMANN trains its employees and distributors who handle personal information to respect the confidentiality of customer information and the privacy of individuals. HARTMANN regards breaches of your privacy very seriously and will impose appropriate penalties, including dismissal. HARTMANN has relevant staff members who ensure that HARTMANN's management of personal information (including sensitive information) is in accordance with this Policy and the Privacy Act.
HARTMANN will comply with all applicable State and Territory privacy laws.
Collection of personal information by HARTMANN
To the extent required by the Privacy Act:
HARTMANN will not collect personal information about you unless that information is reasonably necessary for one or more of our functions or activities.
HARTMANN will collect personal information only by lawful and fair means.
When HARTMANN collects personal information directly from you, we will take reasonable steps at or before the time of collection to ensure that you are aware of certain key matters, such as the purposes for which we are collecting the information, the organisations (or types of organisations) to which we would normally disclose information of that kind, the fact that you are able to access the information and how to contact us (or example, where personal information is collected on a form, we will generally include a written privacy statement on the form which sets out these details);
HARTMANN will collect your personal information directly from you where it is reasonable and practicable to do so. Where HARTMANN collects information about you from a third party, we will still take reasonable steps to ensure that you are made aware of the details set out above.
Use and disclosure of personal information by HARTMANN
If HARTMANN uses or discloses your personal information for a purpose (the “secondary purpose”) other the main reason for which it was originally collected (the “primary purpose”), to the extent required by the Privacy Act, we will ensure that:
the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that HARTMANN would use or disclose your information in that way; or
you have consented to the use or disclosure of your personal information for the secondary purpose; or
the use or disclosure is required or authorised by or under law; or
the use or disclosure is otherwise permitted by the Privacy Act (for example, as a necessary part of an investigation of suspected unlawful activity).
If you are an employee of one of our commercial customers, we collect the following information about you (contact details including name, address and position, products supplied) and we will use it to administer our supplies and accounts to our commercial customer (your employer).
If you are an individual to whom we deliver health products, we collect the following information about you (name and address details) and we will use it to deliver products to you as ordered.
Data quality and security
To the extent required by the Privacy Act, HARTMANN will take reasonable steps to:
make sure that the personal information that we collect, use and disclose is accurate, complete and up to date;
protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Privacy Act.
Anonymity and pseudonymity
HARTMANN will generally provide individuals with the option of not identifying themselves, or of using a pseudonym, when entering transactions when it is lawful and practicable to do so.
Use of Commonwealth government identifiers
HARTMANN will not use Commonwealth government identifiers (“Identifiers”) (such as Medicare numbers) as its own identifier of individuals unless required or authorised by or under law or as specifically permitted under the Privacy Act. We will only use or disclose Identifiers in the circumstances permitted by the Privacy Act.
Transfer of personal information overseas
If HARTMANN transfers your personal information outside Australia, we will comply with requirements of the Privacy Act that relate to transborder data flows.
HARTMANN may transfer your personal information to its related bodies corporate for internal administrative purposes and to facilitate the provision of HARTMANN'S services to you or the organisation for which you work.
The related bodies corporate of HARTMANN to which HARTMANN may transfer your personal information are located in Germany.
Access and correction of your personal information
Please contact HARTMANN if you would like to access or correct the personal information that we hold about you. HARTMANN will generally provide you with access to your personal information if practicable (although a fee may be imposed), and will take reasonable steps to amend any personal information that is incorrect. In some circumstances, HARTMANN may not permit access to your personal information, or may refuse to correct your personal information, in which case we will provide you with reasons for this decision.
Please contact us if you have any queries about the personal information that HARTMANN holds about you or the way we handle that personal information. Our contact details for privacy queries are set out below.
HARTMANN Privacy Officer: Harris Hourmouzis (Chief Financial Officer)
(02) 8762 7000
Further information about the NPPs and the APPs and the application of the Privacy Act to the private sector generally can be found at the website of the Office of the Australian Information Commissioner, at http://www.oaic.gov.au.
Please contact us the HARTMANN Privacy Officer using the above details if you have any concerns or complaints about the manner in which your personal information has been collected or handled by HARTMANN.