PHEBRA WORLDWIDE

Privacy Notice

This Privacy Notice applies to Phebra Pty Ltd and all related entities (together, Phebra). Phebra is committed to safeguarding the privacy of individuals and the proper handling of personal information in accordance with the Privacy Act 1988 (Cth) and its amendments, including the Privacy and Other Legislation Amendment Act 2024, as well as the Australian Privacy Principles (APPs). As a healthcare organisation, Phebra also complies with obligations relating to the handling of sensitive health information and applicable international privacy standards, including the General Data Protection Regulation (GDPR) where relevant. This Privacy Notice explains how Phebra collects, uses, stores, and secures information that identifies individuals personally. By accessing and using Phebra’s website, you accept the terms and conditions of this Privacy Notice. References to Phebra in this Privacy Notice encompass its employees, agents and contractors.

Personal Information Phebra Collects

“Personal information” refers to any information which could identify you directly (such as your name) or indirectly (such as your date of birth). Phebra may collect and hold personal information from:

  • Healthcare professionals, including contact details, professional credentials, practice information, and involvement in clinical trials or adverse event reporting
  • Members of the public, such as through medical enquiries, product complaints, adverse event reporting, or participation in clinical studies, or where you register your interest to be informed about a Phebra product
  • Job applicants, including employment history, qualifications, police clearances, health assessments, and vaccination status where relevant to the role
  • Business contacts and suppliers, including professional contact details and payment information
  • Website visitors, including online identifiers and limited use of cookies or IP tracking for website functionality and analytics.

Where necessary, Phebra may collect sensitive information, such as health data or financial data, however, will only do so with your consent or as permitted by law.

How Phebra Collects Information

Phebra collects personal information directly from individuals where possible, including via email, phone, forms, or the Phebra website. In some cases, we may collect information from:

  • Publicly available sources (e.g. professional directories, websites)
  • Referees or previous employers (for job applications)
  • Third-party service providers (e.g. CRM systems, database suppliers)
  • Healthcare professionals or regulatory authorities, particularly for adverse event reporting.
Use of Personal Information

Phebra will only use Personal Information for legitimate business purposes or to meet legal and regulatory requirements. These uses include:

  • Managing professional relationships
  • Responding to medical enquiries or complaints
  • Regulatory reporting (e.g. adverse events)
  • Conducting recruitment and onboarding
  • Communicating product updates
  • Taking orders, fulfilling contracts and processing payments
  • Ensuring workplace and public health compliance (e.g. COVID-19 protocols)
  • Website functionality and analytics.

Phebra does not use personal data for unsolicited marketing and does not sell personal information to third parties. Information collected from the general public will not be shared with third parties for business purposes.

Automated Decision Making

In accordance with the Privacy and Other Legislation Amendment Act 2024, Phebra will notify you if it uses automated decision-making processes that may significantly affect you. Phebra acknowledges that if your personal information is subject to automated decision-making, you have the right to request human intervention, express your point of view, and contest any decision made through these automated processes.

Disclosure of Personal Information

Phebra may disclose personal information to:

  • Australian and international regulatory bodies as required for adverse event reporting or to meet other regulatory obligations
  • Third-party service providers involved in IT, order fulfilment, data processing, or auditing
  • Customer database providers (for healthcare professional information only, in compliance with contractual privacy standards)
  • Overseas partners and affiliates in jurisdictions where Phebra operates
  • Relevant authorities or agencies in the event of a public health directive or legal requirement.

Access to personal information is limited to a restricted number of Phebra employees. All third-party disclosures are governed by strict confidentiality and data protection obligations.

International Data Transfers

When personal information is transferred overseas, Phebra ensures that overseas transfers are made in compliance with applicable Australian Privacy Principles and that all such transfers are subject to appropriate safeguards.

Data Security and Retention

Phebra acknowledges that maintaining strong cybersecurity and data management practices is integral to the operation of its business and operations, and that people and organisations who conduct business or otherwise interact with Phebra have to trust that their personal information is protected. Phebra employs appropriate technical and organisational safeguards to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure so as to ensure confidentiality, integrity, availability and non-repudiation. These include maintaining secure systems with controlled access and ongoing review and enhancement of security protocols.

Personal information is retained only as long as necessary for business or legal purposes. Where possible, data is de-identified or securely deleted when no longer required.

In the unlikely event of a data breach involving your personal information that could result in serious harm, Phebra will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme.

Your Rights

You have the right to:

  • Access the personal information we hold about you
  • Request corrections if your personal information is inaccurate, outdated, or incomplete
  • Request deletion, where lawful and practicable
  • Withdraw consent to storage or use of your personal information, where applicable (e.g. for marketing or ongoing communications).

If you are a resident of the European Union, additional rights under the GDPR may apply, including data portability and the right to be forgotten.

Accessing Phebra’s website

Phebra may process your information when you contact us via our website such as submitting a question or request via the contact page, or any other additional information you may provide to us. This information typically includes name, phone number, and e-mail address.

Phebra may also record information about how individuals access the Site. This information may include device information including as Internet Protocol (IP) addresses, log information, error messages, device type, and unique device identifiers, the websites the user visited immediately prior to and upon exiting this site, the browser software the individual is using to access the site, the pages viewed, the features used, details about any links with which the user interacted, device precise location information, or device motion information.

Phebra uses cookies and other technologies on the site to enhance or improve the user experience, including customisation of content. Cookies are small data files placed on your device that help us provide website functionality, understand site usage, and remember your preferences. Types of cookies Phebra uses include essential cookies which are necessary for the website to function properly and analytics cookies which help understand how visitors interact with this website. You may accept or decline cookies through your browser settings. While declining cookies may limit some website functionality, Phebra respects your choice. For comprehensive control over your cookie preferences, you can adjust your browser settings at any time. The information collected via cookies is handled in accordance with Phebra’s Privacy Policy, this Privacy Notice and the Australian Privacy Principles. We do not, however, permit third parties to track you from our site across other sites to deliver advertising or other content.

Phebra’s website contains links to third party sites as a service to users. Phebra does not endorse or warrant anything in relation to linked third party websites. Access to linked third party websites is entirely at the individual’s risk. The privacy policy outlined here does not pertain to those external sites.

Children’s Privacy

Phebra recognises the importance of protecting children’s privacy. Where suitable, we seek to obtain verifiable parental consent before collecting personal information from children, and limit data collection to what is necessary for the specific purpose. For parents and guardians, if you believe your child has provided us with personal information without your consent, please contact our Privacy Officer at privacy@phebra.com.

Privacy Notice Changes

Phebra may change the terms of this Privacy Notice at any time. If amended, the revised Privacy Notice will be posted on this website. Phebra recommends that individuals review the Privacy Notice whenever the website is visited.

Contact Us

If you have a query, request or complaint relating to your privacy or this Privacy Notice or to request access to or correction of your personal information, please contact:

Privacy Officer
Phebra Pty Ltd
17–19 Orion Road, Lane Cove West NSW 2066, Australia
Phone: +61 2 9091 2399
Email: privacy@phebra.com

If you believe Phebra may have breached the Australian Privacy Principles, you may lodge a complaint with Phebra directly. We will investigate and respond within 30 days. If you are dissatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).