Capital Chemist provides pharmaceutical and other health and beauty related goods and services to the public and to other businesses. In providing these goods and services, we may collect, use and disclose personal information. Personal information is information or an opinion, in any form and whether true or not, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.
Collection of personal information by us
We will only collect your personal information where it is reasonably necessary for or directly related to the conduct of our functions or activities. We will typically collect personal information in the course of providing goods and services to customers and in other dealings with those customers and prospective customers. We may also collect personal information as we determine necessary from time to time for any purpose in connection with the general conduct of our business, for example, in dealing with suppliers, service providers and contractors.
Where we collect your personal information we, will do so only by lawful and fair means and not in an unreasonably intrusive way. Where we collect your personal information, and it is reasonable and practicable to do so, we will collect it directly from you. There may be occasions where we receive or collect personal information about you from a third party. Where it is lawful or practical to do so, you may choose to deal with us anonymously, or using a pseudonym (for example, when enquiring about our goods and services generally).
Kinds of information collected and held
The kinds of personal information we collect and hold will depend upon the reasons for, or circumstance of, its collection. It may include, amongst other things:
· your name and contact details;
· health related information, which may include medication history, disease history and information related to those histories;
· personal information relating to your entitlement to prescription subsidies through the PBS and other health insurance providers;
· personal information from the ‘My Health Record’ system and/or from an electronic prescription;
· other personal information you give us when you request a good or service from us. This information may include: your requirements with respect to specific goods or services; your opinion or preferences with respect to any of our goods or services, payment details, or your preferred payment method;
· information contained in any communications between you and us;
· information contained in an application form or other document given to us;
· payment and transactional information about your acquisition and use of our goods and services;
· activity with our digital or online services;
· activity within our Loyalty Matters program;
· information related to your employment with, or application for employment with us, and
· any information we are required to collect by law.
How your personal information will be collected and held
We may collect your personal information in relation to your interactions and transactions with us, including having prescriptions dispensed, using our loyalty cards; making a purchase; placing orders; participating in a promotion or competition; registering for or using any of our services; using related digital services.
We may monitor and record your communications with us (including email and telephone) for security, dispute resolution, and training purposes and we also operate video and audio surveillance devices in our premises. We may also collect personal information from third parties including public sources, information service providers, providers who administer our products and services such as insurance, and anyone authorised to act on your behalf.
We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We implement a range of measures to protect the security of that personal information. We also take measures in respect of destroying or de-identifying personal information that is no longer needed for any lawful purpose. Unfortunately the internet is not a secure place and we cannot guarantee security of your personal information.
Analytics and Cookies
We use Google Analytics and Cookies to monitor, analyse and improve your interaction with our website. Google Analytics collects information (such as your device IP address, type, and geographic location), whilst Cookies are small files transferred onto a computer for record keeping and enhancing functionality. Both of these processes are done for the sole purpose of improving your website experience.
We will not collect, use or disclose sensitive information about you unless it is necessary to provide you with a good or service and we have your consent or unless we are legally required to collect, use or disclose that information.
Sensitive information is any information about a person's, racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional, trade or political association or union, sexual orientation, criminal history or health information (including biometric and genetic information) about an individual that is not otherwise health information.
Use and disclosure of your personal information for primary purposes
We collect your personal information so that we can use it for or in connection with our functions and activities which may include, amongst other things:
· confirming your identity when you contact us;
· accepting and processing your prescriptions, purchases and/or orders;
· to input information into your ‘My Heath Record’ as required;
· providing you with any of our goods and services or information about those goods or services;
· being aware of any special good or service requirements you may have;
· providing you with electronic confirmation of your orders (where applicable) and advising you of any changes to our goods and services;
· delivering orders;
· providing refunds or discounts;
· communicating directly with you (including direct marketing) and providing marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (e.g. email), our digital services and other means
· maintaining and updating our records;
· working with our service providers;
· administering and managing the provision of our goods and services to you, including billing and debt collection;
· conducting reviews or checks of your credit worthiness;
· addressing any queries, feedback or complaints we receive from you;
· developing, improving and marketing our goods and services;
· managing the employment of our staff and individuals who have applied to join our staff;
· complying with relevant laws, regulations and Codes; and
· using your personal information for any other purpose that it was collected for or any related purpose for which we are entitled to use your personal information.
Where we are not able to collect personal information that we require to conduct particular functions or activities, it may restrict or limit our ability to conduct or perform that function or activity.
Use and disclosure of your personal information for secondary purposes
If we use or disclose your personal information for a purpose (the "secondary purpose") other than the main reason for which it was originally collected (the "primary purpose"), to the extent required by law, we will ensure that:
· the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that we would use or disclose your information in that way;
· you have consented to the use or disclosure of your personal information for the secondary purpose;
· the use or disclosure is required or authorised by or under law; or
· the use or disclosure is otherwise permitted by law (for example, as a necessary part of an investigation of suspected unlawful activity).
At times we may use personal information collected for the purposes of marketing our goods and services. If you receive a marketing email of this nature you may opt out of being contacted at any time by clicking the unsubscribe link in the email. If you have chosen to unsubscribe you will not be contacted again in the future.
Social Media and Capital Chemist
Images included on our Social Media websites will only be of a general nature and will follow the Pharmacy Board of Australia's guidelines for Healthcare Professionals on Social Media, available at http://www.pharmacyboard.gov.au/Codes-Guidelines/Social-media-policy.aspx
Capital Chemist’s postings on Social Media will comply with confidentiality and privacy obligations to ensure that patient privacy and security of personal information is protected. Capital Chemist will not discuss patients or post images of procedures, case studies, patients, or sensitive material which may enable patients to be identified, unless specific consent has been obtained.
Government Related Identifiers
We are required to collect certain government related identifiers from you (including Medicare, Veteran Affairs and Centrelink details).
Unsolicited Personal Information
If we receive any personal information which we did not solicit, we will contact the sender in the first instance, followed by the individual whom the information concerns, to determine if we are required to collect or retain the information. If we are unable to contact a relevant individual, we will retain the information for a reasonable period of time, following which it will be destroyed.
Disclosure of personal information to third parties
Where permitted by the Privacy Act, personal information we collect about you may be disclosed to third parties as we determine necessary from time to time for any purpose reasonably necessary or directly in connection with the conduct of our business, including, but not limited to:
· any service provider we engage to carry out our business functions and activities;
· our professional advisors and other contractors (for example IT consultants, research agencies and mailing houses);
· any person who introduces you to us, or who is acting as your referee or guarantor;
· your authorised agents or your executor, administrator or legal representative;
· an organisation that is in arrangement or alliance with us (for example, for the purpose of promoting or using our respective goods or services or conducting a seminar or promotion);
· our business associates and others for purposes directly related to the purpose for which the personal information is collected;
· our related companies;
· organisations that are involved in a transfer or proposed sale of our business or assets
· any entity to which we are required or authorised by or under law to disclose such information (for instance, Federal or State law enforcement agencies and investigative agencies, courts and various other Federal or State government bodies); and
· others that you have been informed of at the time any personal information is collected from you.
We take steps to ensure that third party recipients are obliged to protect the privacy and security of your personal information and use it only for the purpose for which it is disclosed.
Transborder data flows
It is unlikely that Capital Chemist will be involved in the exchange of data across a national border. In the event that it becomes necessary to do so, we will only transfer personal information to someone who is in a foreign country if:
· we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the Privacy Act;
· you consent to the transfer;
· the transfer is necessary for the performance of a contract between you and us, or for the implementation of pre-contractual measures taken in response to your request;
· the transfer is necessary for the conclusion or performance of a contract concluded in the interest of you between us and a third party;
· all of the following apply:
o we have taken reasonable steps to ensure that the information transferred will not be held, used or disclosed by the recipient of the information inconsistently with the Privacy Act.
Security of your personal information
We protect any personal information that we collect and hold about you from misuse, interference or loss. We also protect it from unauthorised access, modification or disclosure. Where we need to disclose your personal information to a service provider or other agent or contractor, we prohibit them from using the personal information except for the specific purpose that we have provided it.
We will take reasonable steps to destroy or de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed in accordance with the Privacy Act.
Any data breaches will be dealt with in accordance with our Data Breach Response Plan, as amended from time to time.
Keeping your personal information up-to-date and correcting your personal information
We take reasonable steps to ensure that any personal information collected by us is accurate and up-to-date at the time of collecting, using and disclosing that information. We will take reasonable steps as necessary to correct personal information that we identify as inaccurate, out of date, incomplete, irrelevant or misleading.
If you learn that personal information we hold about you is inaccurate, incomplete or out-of-date, you should contact us.
You also have a right to request that a statement be attached to your personal information if we disagree with your request to correct the information.
Access to your personal information
You can ask to obtain access to personal information that we hold about you, although in some circumstances, the law may not permit us to provide such information to you. If we are not able to provide you with access to any of your personal information held by us, we will tell you the reasons why this is the case. We may ask you to put your request in writing and pay a reasonable fee to us before providing requested access.
Access and correction under the Privacy Act operates alongside and does not replace other legal procedures by which an individual can be provided with access to, or correction of, their personal information, including under the Freedom of Information Act 1982.
How to contact us
If you wish to contact us, for example, to access or correct your personal information, you may contact us at:
The Pharmacy that holds the information (see www.capitalchemist.com.au for addresses and links to contact the member pharmacy)
Capital Chemist Pty LtdThe Privacy OfficerPO Box 4407 Manuka ACT 2603
If you have any feedback or a complaint about the way we have dealt with your personal information, please contact us using the contact information above, or via the “contact us” link on the website http://www.capitalchemist.com.au. We will make all reasonable attempts to respond to your complaints or requests.
Complaints and enquiries will be handled in the first instance at your local pharmacy level. Only if required, complaints may then be referred to our head office for further attention. If you are not satisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner at:Website: www.oaic.gov.auPhone: 1300 363 992Further information about the application of privacy law to the private sector generally can be found by contacting the Office of the Australian Information Commissioner (details above).