Last updated: 25/11/2021
INFORMATION WE COLLECT.
As described in detail below, we may collect certain personal information from you or about you in connection with your use of, or your submissions to, the Sites or through other interactions with us. We may collect personal information as follows:
1. when you communicate with us, sign up for materials or subscribe to updates, submit enquiries to us and interact with the Sites. We may collect personal information when you communicate with us or submit information or enquiries to us. We may also collect personal information from you when you interact with our Sites or use certain Site features, and when you sign up or subscribe to receive newsletters, updates or other information. This information may include, but is not limited to, your contact details (including your name, address, telephone number and email address) and other information reasonably relevant to the provision of products and services to you.
2. when we collect personal information about you from third parties or publicly available sources. In accordance with our statutory obligations, we endeavour to collect personal information about an individual from the individual concerned, except where it is unreasonable or impracticable for us to do so. In certain circumstances, we may obtain certain personal information about you from third party sources. We may combine your personal information with information we obtain from our services, other users of the Sites, and from third parties in order to enhance your experience and to improve the Sites.
ANONYMITY AND PSEUDONYMITY.
Where it is lawful and reasonable for you to do so, you have the right to deal with us on an anonymous or pseudonymous basis. As permitted by law, and subject to the following, we will give you the option of not identifying yourself, or of using a pseudonym, in dealing with us. However, if you choose to interact with us on an anonymous or pseudonymous basis, or you do not provide us with personal information on request, then we may be unable to provide you with the products or services (or the Sites) that you request.
Further, we reserve the right to verify your identity in certain circumstances. For example, we may need to verify your identity when you request that we provide certain products or services to you, in order to liaise with other service providers and in order to comply with our statutory and regulatory obligations. Additionally, when you request access to or correction of any personal information that we hold about you, or when you wish to make a complaint to us regarding how we have handled your personal information, then we reserve the right to verify your identity and contact details in order to help us fulfil your access or correction request, or to investigate and to deal with your complaint.
RECEIPT OF UNSOLICITED PERSONAL INFORMATION.
A “cookie” is a small text file that a web server stores in browser software. A browser sends cookies to a server when the browser connects with the server (e.g., when requesting a web-page from the same domain that created the cookie). The purpose of cookies is to remember the browser over time and to distinguish one browser instance (or user) from all others. Some cookies and other technologies may serve to track personal information previously entered by a web-user on the website. Most browsers permit you to control cookies, including whether or not to accept them, and how to remove them. Cookies can remember login information, preferences, and similar information.
Cookies, as well as other tracking technologies, such as HTML5 local storage and Local Shared Objects (such as “Flash” cookies) and similar mechanisms, may record information such as a unique identifier, information you enter into a form, IP address, and other categories of data.
We may also use web beacons or “pixels”, and in certain circumstances we may collect IP addresses, and information regarding screen resolution, browser software and operating system types, clickstream patterns, dates and times that the Sites are accessed, and other categories of data.
If you wish to block the use and saving of cookies from the Sites onto your computer’s hard drive, you should take the necessary steps within your web browser’s settings to block all cookies from the Sites and its external serving vendors, or use the cookie control system, if available upon first visit. Please note that if you choose to erase or block your cookies, certain parts of our Sites may not function correctly or at all. For information on how to disable cookies, please refer to your browser’s documentation.
Our Sites may also use the following technologies to implement cookies and pixels:
2. Google AdWords: As an AdWords customer, the Sites use Google conversion tracking on some pages. This means that Google AdWords places a cookie on your computer (“conversion cookie”) if you have accessed our web-page via a Google ad. These cookies become invalid after 30 days. If you visit certain pages on our Sites and the cookie has not yet expired, we and Google can recognise that someone has clicked on an ad and been directed to our page as a result thereof. Each AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information collected with the help of the conversion cookie allows us to prepare conversion statistics to optimize our products and services. AdWords customers know, for instance, the total number of customers who have clicked on their ad and been redirected to a page with a conversion tracking tag. But they do not receive any information by which users can be personally identified. If you do not want to participate in the tracking, you can prevent the placement of the necessary cookie – for instance through a browser setting that deactivates the automatic placement of cookies in general. You can also deactivate conversion tracking cookies by setting your browser to block cookies from the domain googleadservices.com.
Do-Not-Track is a public-private initiative that has developed a ‘flag’ or signal that an internet user may activate in his/her browser software to notify websites that the user does not wish to be ‘tracked’ by third parties, as defined by the initiative. The online community has not agreed on what actions, if any, should be taken by the websites that receive the ‘do-not-track’ signal, and therefore Do-Not-Track is not yet standardised. Please note that the Sites do not alter its behaviour or use practices when we receive a Do Not Track signal from your browser.
THE PURPOSES FOR WHICH WE COLLECT PERSONAL INFORMATION AND ITS USES.
We are obliged to only use and disclose personal information for the primary purpose(s) for which the information was collected, any secondary purpose that is related to the primary purpose for which you would reasonably expect us to use or disclose that personal information, and as otherwise permitted or required by law. We may collect, use and process personal information for a number of different purposes as set out in further detail below. Subject to applicable law, the purposes for which we collect, use and process personal information, and (where the GDPR applies) the legal basis for such processing, are set forth below:
1. For our legitimate interests. To operate our business and to provide the Sites, including:
1.1 to maintain the Sites, including for technical support;
1.3 to verify your identity, to address and to respond to your requests, inquiries and complaints;
1.4 to develop, provide and improve the Sites, including to better tailor the features, performance, security and support of the Sites, and for statistical and analytics purposes;
1.5 for our direct marketing purposes;
1.6 for fraud, loss and other crime prevention purposes;
1.7 to assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights and safety of third parties;
1.9 to comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process;
1.10 subject to applicable contractual or legal restrictions, in connection with a contemplated reorganisation or an actual reorganisation of our business, in connection with financing, a sale or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction; and
1.11 to maintain a safe working environment for our staff and contractors.
2. To deal with a request or complaint. To deal effectively and efficiently with a request or complaint made to us.
3. For the performance of a contract. To perform our contractual obligations owed to you or to an organisation that employs you, including to administer and fulfil your request for products or services, to contact you in relation to any issues with our products or services, where we need to provide your personal information to our service providers, or to take steps in response to information or inquiries you may submit prior to entering into a contract or partnership with us.
4. To comply with legal obligations. To comply with laws, regulators, court orders, or other legal obligations, or pursuant to legal process. This may include, but is not limited to, using and disclosing personal information to generate aggregated and de-identified statistical information for the purpose of reporting to governmental regulatory agencies.
5. To protect data subjects’ vital interests. To protect the vital interests of you or of another person.
In some cases, where we are not already authorised to process the personal information under applicable law, we may ask for your consent to process your personal information.
6. Special categories of personal information. We generally do not collect or require special categories of personal information (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information, biometric data, or sexual orientation) in order to access our Sites. In the event we may need to collect such information to provide a specific product or service to you, we will obtain your consent as required by law. In certain circumstances, subject to applicable law, we may process or otherwise disclose special categories of personal information without consent, such as to protect the vital interests of you or of another person.
TO WHOM DO WE DISCLOSE PERSONAL INFORMATION.
We may disclose personal information collected from you to third parties but only on an as-needs basis and only in order to fulfil one or more of the purposes for which the personal information was collected, and any secondary purpose related to the primary purpose(s) of collection or otherwise as required or authorised by law.
2. Service Providers. We may disclose personal information to business partners, distributors, service providers, marketing providers, and vendors in order to maintain the Sites and to provide, improve and personalise our products and services. We may also share personal information for other technical and processing functions, such as sending emails on our behalf, technical support, or otherwise operating the Sites, for analytics, and for marketing purposes. Such third parties may have access to personal information only as needed to perform their functions for us, and they may not use personal information for other purposes.
5. Professional advisers, insurers and auditors. We may also disclose personal information to any of our professional advisers (including our lawyers and accountants), our insurers and our auditors for the purpose of our advisers, insurers and auditors completing their obligations owed to us.
LINKS TO OTHER SITES.
EUROPEAN UNION DATA SUBJECT RIGHTS.
Data subjects in the European Economic Area and certain other jurisdictions may have certain rights under applicable data protection law (including the EU General Data Protection Regulation (GDPR)), including the right to request confirmation from us as to whether or not we are processing your personal information. Where we are processing your personal information, subject to the GDPR, you also have the right to:
1. Request access to, modification or rectification, or deletion. You may have the right to request access to, modification of, or deletion of your personal information we maintain.
2. Request restriction of processing. You may have the right to request that we restrict processing of your personal information in certain circumstances, such as where you believe that the personal information we hold about you is inaccurate or our processing is unlawful.
4. Data portability. In certain circumstances, you may have the right to receive the personal information concerning you that you provided to us or to request that we transmit your personal information to another data controller.
5. Lodge a complaint. You have the right to lodge a complaint with a supervisory authority.
To exercise your rights, you may contact us at firstname.lastname@example.org. As permitted by law, certain data elements may not be subject to access, modification, portability, restriction and/or deletion. Furthermore, where permissible, we may charge for this service. We will respond to reasonable requests as soon as practicable and as required by law. To protect your privacy and security, we may take steps to verify your identity in order to respond to your request.
WITHDRAWING YOUR CONSENT.
If you would like to stop receiving newsletters or other marketing or promotional messages, notifications, or updates, you may do so by following the unsubscribe instructions that appear in our e-mail or other communications to you. Alternatively, you may contact us at email@example.com to opt out of direct marketing. Please be advised that you may not be able to opt out of receiving certain service or transactional messages from us, including legal notices and certain communications related to the provision of the products and/or services to you.
Please note that if you do not provide consent, if you withdraw your consent, or object to processing, or if you choose not to provide certain personal information, we may be unable to provide you some or all of our products or services.
TRANSFER OF PERSONAL INFORMATION.
Please note that we may store, process or back up personal information on servers (including servers offered through third party service providers under contract to Firebrick) that are located in a jurisdiction outside Australia.
If you communicate with us via email, through a social network service or through some other electronic process, the communication may be routed through servers that are located outside Australia and, in relation to a message sent through a social network service (such as Twitter or Facebook), the social network provider and its partners may collect, hold and process personal information in a jurisdiction outside Australia.
If you are covered by the GDPR, please note that some countries outside the United Kingdom or the European Union do not have the same data protection laws as the United Kingdom or the European Union. We will ensure that any transfer to such countries of personal information in cases where the GDPR applies to such transfer, either by us or by any third party supplier to whom we provide your personal information, will (unless the European Commission considers their laws to be adequate) be subject to appropriate or suitable relevant safeguards to the extent required under the GDPR that are required to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
DATA RETENTION, DATA SECURITY AND DATA QUALITY.
We will retain your personal information for as long as is necessary to provide our products and/or services to you, or for such longer period as may be required or permitted by applicable law. We will also retain your personal information for as long as is necessary to comply with our legal obligations, resolve disputes, and enforce our agreements and rights.
We take all reasonable steps to protect all personal information which we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Firebrick uses technical and organisational security measures designed to secure and protect personal information. Please note, however, that we cannot fully eliminate security risks associated with the storage and transmission of personal information.
ACCESS TO AND CORRECTION OF PERSONAL INFORMATION.
We will provide access to your personal information within a reasonable period of time following our receipt of your request, unless an exception applies. The exceptions include where the access poses a serious threat to the life or health or safety of the individual, public health or public safety, where the request is frivolous or vexatious, where the request relates to existing or anticipated legal proceedings or to current negotiations between you and us, the request is unlawful, would impede or prejudice any investigation of unlawful activity, or where we are required or authorised by or under Australian law or a court/tribunal order to not comply with the request. Where we do not provide you with access to your personal information, we will explain to you the reason for denying access and to provide details in relation to the relevant complaint process, should you not agree with our reasons. While we will not charge a fee for making an access request, we reserve the right to charge a reasonable fee to cover the costs we incur in providing you with access to your personal information that we hold.
If you can establish that the personal information we hold about you is not accurate, complete or up-to-date, or is irrelevant or misleading, then we will take reasonable steps to correct the information. If we have disclosed inaccurate, incomplete, out-of-date, irrelevant or misleading information to a third party, then we will take reasonable steps to ensure that the recipient is aware of the correction to the personal information.
We may request from you information in order to verify your identity and your connection to the individual about whom you request personal information (if you are not the individual about whom personal information has been collected). Further, we reserve the right (to the maximum extent permitted by law) to redact information included in the personal information, in order to protect the privacy of other individuals.
Please note that if the GDPR applies to you, then you will have additional rights (see “EU Data Subject Rights” above) and where those rights are different, then we will respect those rights in preference to the rights above.
To make a complaint about how we have handled your personal information, please write to us, at the details set out below. We will provide a response to you within a reasonable time period following receipt in accordance with applicable law. We reserve the right to verify the identity of the person making the complaint and to seek (where appropriate or reasonable) further information from the complainant about the circumstances of the complaint. We reserve the right to refuse to investigate or to otherwise deal with a complaint where permitted by law. For example (without limitation), we may refuse to investigate or to otherwise deal with a complaint if we consider the complaint to be vexatious or frivolous.
If you are not satisfied by our determination, you may escalate the complaint to the Office of the Australian Information Commissioner. Please note that where the GDPR applies to you, the GDPR also gives you the right to lodge a complaint with a supervisory authority, in particular in the EU (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at firstname.lastname@example.org or by mail to the following address:
Firebrick Pharma Limited
Level 10, 440 Collins Street
Melbourne VIC 3000