Cryosite Privacy Policy

Cryosite Limited (ABN 86 090 919 476) and Cryosite Distribution Pty Ltd (ABN 32 099 301 881 (together, Cryosite, we, our or us) are committed to protecting the privacy of your personal information (including your health information).

This Privacy Policy explains how Cryosite manages the personal information that we collect, how we use and disclose it, how to seek access to and correction of the personal information we hold about you, how to contact us if you have any complaint or further queries about our management of your personal information, and how we will deal with complaints.

Cryosite is bound by the Privacy Act 1988 (Cth) (the Privacy Act) including the Australian Privacy Principles (APPs) in the Privacy Act, and applicable State and/or Territory health records legislation.

The APPs regulate the manner in which Cryosite handles personal information throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.

This Privacy Policy does not apply to personal information collected or held by Cryosite about its employees in employee records.

Definitions

In this Privacy Policy, personal information is information or an opinion, in any form and whethere true or not, about an identified individual or an individual who is reasonably identifiable.

Special provisions apply to the collection and handling of personal information which is sensitive information. This includes health information (as defined in the Privacy Act and in applicable health records legislation) and information about a person’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences and criminal history.

Collection of personal information

We collect personal information (which may, because of the context or nature of our services or products, include health information or other sensitive information) in the course of our business for various purposes explained below.

We may collect your personal information through your use of our website, when you communicate with us (either by email, telephone, in writing or in person) , when you apply for one of our products or services and when we provide products or services to you Depending on who you are, we may collect your personal information directly from you or from other individuals or organisations, such as medical services engaged by you to support services provided by us.

You are not required to provide your personal information to us. However, if you do not provide us with all the information we request, we may not be able to provide the products or services that you, or others on your behalf, have sought.

The types of personal information we collect about you depends on who you are and our relationship with you. It may include:
• name, age, gender, date of birth, address, contact phone number(s) and email address;
• credit card, banking and other payment details;
• profession, business address and financial information;
• details of products or services purchased;
• name of doctor or treating physician;
• allergies, disease type or condition;
• medical history and medication details;
• test and trial results (including blood test results);
• blood type, biometric and genetic information (including cord blood and tissue samples);
• family history;
• records of our communications with you, including any complaints, requests or queries;
• any comments, suggestions on our products and services;
• other information that may be relevant in our dealings with you.

We collect personal informationfor number of purposes in connection with our business. The main purposes are to:
• provide you with information, products or services you have requested;
• assess inquiries for the provision of our products or services;
• respond to any queries, requests, complaints and data security incidents;
• conduct or support the conduct of clinical trials;
• conduct our own research;
• communicate with you by various means;
• manage and conduct our business; and
• comply with our legal obligations.

Use and disclosure of personal information

We use and disclose the personal information we collect and hold:
• for the purposes for which it was collected, as described above;
• for related purposes that would be reasonably expected by you in the circumstances of your relationship with us or as notified to you;
• for any purpose which you have consented to, either expressly or that we can infer from your conduct and the nature of our relationship with you;
• where required or authorised by or under law, including use or disclosure is permitted by the Privacy Act or applicable health records legislation (for example, as a necessary part of an investiga tion of suspected unlawful activity).

We may disclose your personal information to our related companies, and to other organisations or individuals. These are typically individuals who are related or associated to you in connection with the provision of our products and services; and organisations we contract to provide services to us, including pathology, credit card banking, secure storage facilities, IT and other service providers (including cloud, data storage and managed services providers).

In the event of a sale of the Cryosite business (in whole or part), we may need to disclose personal information to the purchaser (as an asset of the business).

Cryosite may disclose your personal information to recipients outside of Australia when it transfers data for storage and backup purposes to its service providers whose servers are located overseas, including in the USA.

Cryosite takes reasonable steps to ensure that its service providers are bound by the same privacy laws and/or are subject to contractual obligations of confidentiality and which require them protect personal information.

Data quality and security of your personal information

Cryosite takes reasonable steps to ensure the personal information that we collect, use and disclose is accurate, complete and up to date, and to protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure.

Measures we take include facility security (includes alarms, swipe cards, security monitoring, locked cabinets) and secure offsite storage for hard copies of records. Electronic records are secured via secure servers, password protections with restricted access, firewalls and encryption.

If you believe that any of the personal information we hold about you has been the subject of a data security breach or has otherwise been compromised in any way, please let us know as soon as possible so we can investigate the incident.

You can help Cryosite to keep the personal information that we hold about accurate, complete and up to date, by letting us know about any changes to your personal information, such as your name and address.

Anonymity

Cryosite will provide individuals with the option of remaining anonymous or using a pseudonym when dealing with us when it is lawful and practicable to do so. However, in many cases Cryosite will not be able to provide this option, as we must be able to identify individuals in order to provide most of our services, for example, storage of therapeutic products and to provide our cord blood storage services.

Access and correction of your personal information

You can access and seek correction of the personal information that we hold about you at any time by contacting the Cryosite Privacy Manager on the details below. We will need to verify your identity. You will need to explain the information you wish to access and in what form and if you wish to amend your information, what information you wish to amend and why. We may charge a reasonable fee to give you access and will advise you of the fee before we do.

We will take reasonable steps to amend any personal information that we determine is incorrect (either because it is out of date, incomplete, inaccurate, irrelevant or misleading). In some circumstances we may not provide access to some or all the personal information you have requested if an exception in the Privacy Act or applicable health records legislation applies. If we refuse your request for access or to correct your personal information,we will provide you with written reasons for our decision and explain how you can complain if you are not satisfied.

Cryosite’s contact details

If you have any queries about the personal information that Cryosite holds about you or the way we handle that personal information, if you wish to make a complaint or to seek access to or correction of your personal informationor if you wish to opt out of receiving direct marketing communications from us, please contact us using the details set out below:

Attention:
Cryosite Privacy Manager
Address: 13a Ferndell St, South Granville NSW 2142
Telephone: +61 2 8865 2000
Facsimile: +61 2 8865 2090
Email: privacy@cryosite.com

Further information about the application of the Privacy Act and the APPs and your rights can be found at the website of the Office of the Australian Information Commissioner (OAIC) at http://www.oaic.gov.au.

Complaints

Please contact the Cryosite Privacy Manager at the details above if you have any concerns or complaints about the manner in which your personal information has been collected or handled by Cryosite. We will need to verify your identity and may request further information from you to investigate a complaint. We will aim to respond to complaints with our proposed resolution within 21 days. If Cryosite cannot resolve your complaint, you can make a complaint to the OAIC at:

Phone: 1300 363 992.
Email: enquiries@oaic.gov.au.
Fax: +61 2 9284 9666.
Post: GPO Box 5218, Sydney, NSW 2001

You can also makea complaint to the NSW Privacy Commissioner.

Changes to this Privacy Policy

We may change this Privacy Policy from time to time to reflect updated or new privacy practices or legal obligations. Any changes will be published on our website. Any amendments will apply when the revised version of this Privacy Policy is posted on our website (or when the amendments are otherwise notified to you, if earlier).

By continuing to use or access our website, products or services after the posting or notification of an updated version of our Privacy Policy, you agree to that updated version. You may also obtain a copy of our latest Privacy Policy by contacting us at the contact details set out above.

Any questions?

Please contact us if you have any queries about the personal information that Cryosite holds about you or the way we handle that personal information. Our contact details for privacy queries are set out below.

Cryosite Privacy Manager
13a Ferndell Street South Granville NSW 2142

Facsimile +612 8665 2092
Email privacy@cryosite.com

Further information about the NPPs and the application of the Privacy Act to the private sector generally can be found at the website of the Office of the Australian Information Commissioner, at www.oaic.gov.au.