Last Updated: 18 March 2021
How we collect information
Broadly speaking, the way in which we collect personal information about you will depend on your relationship or interactions with us.
Information that you provide voluntarily
Certain parts of our Services may ask you to provide personal information voluntarily. For example, we may ask you to provide your contact details in order to register an account with us, to subscribe to marketing communications from us, or to submit enquiries to us. The personal information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your personal information.
Information that we collect automatically
When you access our Services online, we may collect certain information automatically from your device. Speciﬁcally, the information we collect automatically may include your internet protocol (IP) address, your login data, browser type and version, time zone setting and location and other technical information. We may also collect information about how your device has interacted with our Services, including what was accessed and the links clicked.
Collecting this information enables us to better understand the users of our Services, where they come from, and what content is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Services.
Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Online tracking and your choices” below.
Information that we obtain from third party sources
Where possible, we collect information directly from you. However, there may be occasions where we receive information about you from third parties, such as your healthcare professional or pharmacy if you are a patient, your patient if you are a healthcare professional, or third parties with whom we have a relationship. For example, in some countries, regulations require us to obtain relevant documents from third parties which contain patient information before we can release products.
Information we collect and why
The table below sets out the types of personal information we collect, why we use it, and where required under applicable law, the lawful basis for processing that personal information.
Lawful basis for processing
The lawful basis for processing your personal information are as follows:
- Consent: where you have given consent to the processing of your personal data for one or more speciﬁc purposes
- Performance of a contract: where processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract
- Legal obligation: where processing is necessary for compliance with our legal obligations
- Legitimate interests: where processing is necessary for a legitimate interest, and that legitimate interest is not overridden by your interests or fundamental rights and freedoms
The lawful basis for processing your sensitive personal information are as follows:
- Health or social care: where processing is necessary for the provision of healthcare or treatment
- Employment: where processing is necessary for the assessment of your working capacity
Sensitive personal information
Some of the information we collect and process may include sensitive personal information (also known as special category data).
Sensitive personal information is a subset of personal information that is generally afforded a higher level of privacy protection. It includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or afﬁliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record and some types of biometric information.
We will only collect sensitive information where it is reasonably necessary for our functions or activities, and with respect to Levin Health, where Levin Healthhas a lawful basis to do so under applicable laws as provided for in the table above.
Scientific research and statistical reporting of pseudonymised data
As set out in the table above we may also use your information for scientiﬁc research and statistical reporting. However, we have taken a number of measures to ensure that this information is pseudonymised and cannot directly identify an individual. We only have access to your medical and treatment information for this purpose only and cannot directly identify you from this information.
Online tracking and your choices
Like many websites, we may analyse log ﬁle information and other data collected through cookies, web beacons, and other tracking technology, to collect information about your browsing behaviour when you visit our websites. This includes, for example, your browser type, domains, page views, IP address, referring/exit pages, information about how you interact with our website and with third-party links, trafﬁc and usage trends on the service.
We use session cookies to keep you logged in while you use features of our website; these disappear after you close your browser. We also use persistent cookies, which stay in your browser and allow us to recognise you when you return to the website. We use this to remember your information, so you will not have to re-enter it, to better understand how you use our Services, to diagnose and ﬁx technology problems, and otherwise enhance our Services. In some of our email messages, we use a ’click-through URL’ linked to content on our website. We track this click-through data to help us measure the effectiveness of our customer communications.
We may collect analytics data directly or through third party analytics tools (including Google Analytics) to assist us with analysing and improving our service, and measure trafﬁc and usage trends for our products and services. These tools collect information sent by your browser or mobile device, including the pages you visit and other information that assists us in improving our Services.
Most internet browsers automatically accept cookies, but you may be able to change the settings of your browser to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you set your browser to reject cookies, parts of our website may not work for you. Please note, depending on your type of device or browser, it may not be possible to delete or disable all tracking mechanisms on your device.
Your selection of the ’Do Not Track’ option provided by your browser may not have any effect on our collection of cookie information for analytic and internal purposes. The only way to completely “opt out” of the collection of any information through cookies or other tracking technology is to actively manage the settings on your browser or mobile device to delete and disable cookies and other tracking/recording tools. To learn more about cookies, clear gifs/web beacons and related technologies, you may wish to visit www.allaboutcookies.org.
We may share your personal information to the following categories of recipients:
- To persons for whom we have your consent to share your personal information.
- To third party service providers who work for us in the provision of our services and with whom we have contractual relationship. Your data may also be processed by a third party if required to deliver a service you have requested. For example, to a dispensing pharmacy in order to fulﬁl an order, regulatory bodies and healthcare professionals.
- To any competent law enforcement body, regulatory, government agency, court or other third party where we believe it is necessary:
- i) as a matter of applicable law or regulation;
- (ii) to exercise, establish or defend our legal rights, or
- (iii) to your vital interests or those of any other person. For example, we are required under the Australian Corporations Act 2001 (Cth) to maintain a register of shareholders and make it available for inspection by the public. We may also be required to disclose information about your shareholding to regulatory bodies such as the Australian Securities and Investments Commission and the Australian Taxation Ofﬁce.
We will check any third party that we use to ensure that they can provide sufﬁcient guarantees regarding the conﬁdentiality and security of your personal information.
We will have written contracts with them which provide assurances regarding the protections that they will give to your personal information and their compliance with our data security standards and international transfer restrictions.
Third-party sites and features
Data security and retention
We take security seriously and care about the integrity of your personal information. We use commercially reasonable physical, administrative, and technological methods to secure your personal information and protect it from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
In order to deliver our core functions and to ensure we meet our legal data protection and privacy obligations, we will retain your information for at least as long as your account is active, as needed to provide you services, as long as is needed to fulﬁl the purpose for which it was collected (and any other linked purpose) or as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
When we have no ongoing legitimate business need to process your personal information (as described above), we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.
Personal information collected from interactions with Levin Health is stored securely within Australia. We will not transfer data collected and stored within Australia to any country outside of Australia that is not recognised as ensuring an adequate level of protection, without compliance with the relevant legal or regulatory requirements. We may disclose information outside of Australia where we have a legal right to do so and to its group companies located overseas in the normal course of its business. Our policy is to comply with the requirements of the applicable laws which apply to cross border disclosure of personal information.
You have the following data protection rights:
- If you wish to access of your personal information, you can do so at any time by contacting us using the contact details provided under the “Contact Us” section below.
- If you wish to correct or update your personal information you can do this by accessing the proﬁle sections of our Services, or by using the contact details provided under the “Contact Us” section below.
Where Levin Health is the controller of your personal information, you also have the following additional rights:
- You can request deletion of your personal information by contacting us using the contact details provided under the
- “Contact Us” section below.
- You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contact Us” section below.
- You can opt out of marketing communications we send you at any time by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact us using the contact details provided under the “Contact Us” section below.
- If we have collected and process your personal information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information.
Where you exercise your data protection rights, our response will depend on our role as a controller or processor, our legal basis for processing and whether or not any exemptions are available under applicable privacy or data protection laws. If you wish to exercise any of these rights in relation to personal information provided to us by your healthcare professional and for which we are a processor, please contact your healthcare professional directly.
We respond to all requests we receive from individuals wishing to exercise their rights in accordance with applicable privacy and data protection laws. In order to comply with a request, we may ask you to identify yourself. In such a situation, we will only request information to the extent required to conﬁrm your identity. You also have the right not to identify yourself when dealing with us where it is lawful and practicable for us to allow it. However, if you don’t provide us with your personal information when requested, we may not be able to respond to your request or provide you with the Service that you are seeking.
If you have a question, comment or complaint about how we have collected or handled your personal information, please contact our privacy ofﬁcer using the contact information below and provide details of the incident so that we can investigate it.
If you are making a complaint, we will treat your complaint conﬁdentially, investigate your complaint and aim to ensure that we contact you and your complaint is resolved within a reasonable time (and in any event within the time required by applicable law).
You also have the right to complain to the regulator, and to lodge an appeal if you are not happy with the outcome of a complaint.
In Australia, please contact the Ofﬁce of the Australian Information Commissioner.
If you have any questions please contact our head ofﬁce at:
Suite 2-3, Level 6
289 Flinders Lane
Melbourne Vic 3000