Oncobeta logo

Privacy Policy

Table of Contents

1. Introduction

OncoBeta Therapeutics Pty Ltd (“OncoBeta”, “we”, “us”, “our”) values and respects the privacy of the people we deal with. We are committed to protecting your privacy and complying with the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy laws and regulations, including the Australia Privacy Principles (APPs).

This Privacy Policy (Policy) describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information.

2. Collection and use of personal information

2.1. What is personal information?

“Personal information” means any information or opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable. In general terms, this includes information or an opinion that personally identifies you either directly (e.g. your name) or indirectly.

“Sensitive information” is a subset of personal information that is given a higher level of protection under the Privacy Act. It includes health, genetic and biometric information, as well as information about an individual’s race or ethnic origin, political opinions, religious beliefs, or sexual orientation.

2.2. Your choice to provide information

You do not have to provide us with your personal information. Where possible, we will give you the option to interact with us anonymously or by using a pseudonym. However, if you choose to deal with us in this way or choose not to provide us with your personal information, we may not be able to provide you with our services, respond to your enquiries, or otherwise interact with you.

2.3. Personal information we collect

The types of personal information we collect depends on the nature of our engagement with you. Examples of personal information we may collect include:

  • General identification information: such as names, job title, occupation, date of birth and gender.
  • Contact details: such as address, email address, phone and mobile phone number.
  • Professional information: such as educational qualifications, employment history, salary and referee reports, particularly for job applicants.
  • Financial information: such as bank account details for payment, or credit-related information for stakeholders on commercial terms.
  • Government-issued identifiers: such as tax file numbers where required by law.
  • Employee and contractor information: Including payment details, superannuation and insurance arrangements, visa or work permit status and information contained in identification documents (e.g. passport, driver’s licence).

You might need to provide personal information about other individuals to us (e.g., about your spouse, dependants or other family members or employees). If so, we rely on you to have informed those individuals that you are giving their personal information to us, to have advised them about this Policy and how they can obtain a copy of it and that you have the necessary authority to provide that personal information to us.

2.3.1. Health information

As a medical device company, we collect health information that is voluntarily provided to us by healthcare professionals (HCPs) for post-market monitoring, analysis, product improvement, and investigation of complaints. This information is typically provided to us in a de-identified format where possible. We rely on HCPs to obtain the necessary patient consent for any health information shared with us. This may include:

  • Dosimetry readings and treatment protocols;
  • Lesion images and related clinical notes; and
  • Information on patient underlying conditions relevant to a complaint or adverse event.

2.4. How do we collect personal information?

We collect your personal information directly from you when you:

  • interact with us over the phone;
  • interact with us in person;
  • participate in surveys or questionnaires;
  • attend a company event;
  • apply for a position with us as an employee, contractor or volunteer;

We may also collect personal information indirectly from third parties, such as:

  • From healthcare professionals (HCPs) who use our products and may share de-identified or identified patient health information with us for regulatory, safety, or product improvement purposes, having obtained the necessary patient consent to do so.
  • From publicly available sources.
  • From recruitment agencies when you apply for a role with us.

2.4.1. Information we collect through our website

When you use our website, we may collect information that you voluntarily provide to us, including:

  • When you contact us: We collect your name, email address, and any other information you provide in your message when you fill out our website forms, so we can respond to your enquiry.
  • When you subscribe to our mailing list: We collect your name and email address to send you updates, newsletters, and other marketing communications. You can unsubscribe at any time.

We also collect certain information automatically. Please see Section 3 “Cookies and IP Address Tracking” for more details.

2.5. Why do we collect, use and disclose personal information?

We collect, hold, use and disclose personal information for purposes necessary to carry out our function and activities, including:

  • To provide and improve our services: To supply our services, manage our relationship with you, and analyse usage to deliver enhanced services, often through the use of de-identified health information.
  • Regulatory compliance and safety: To comply with our legal and regulatory obligations, including mandatory reporting of adverse events to the Therapeutic Goods Administration (TGA) and other relevant authorities.
  • General business operations: To manage, operate and develop our business, including communicating with the community, government and other stakeholders, managing our employees and contractors, and for administrative purposes.
  • Recruitment: To assess your application for employment or engagement as a contractor. This may include the collection of sensitive information, which will only be collected with your explicit and informed consent.
  • Credit reporting: The company provides certain services to stakeholders on commercial terms. The company may need to handle personal information about stakeholder’s credit worthiness in connection with those arrangements, known as “credit–related personal information”.
  • Marketing and communication: To contact you about our services and events, unless you have opted out of receiving such communications.

2.6. Disclosing personal information

For the purposes described in this policy, we may disclose personal information to:

  • any of our related companies, including our global head office OncoBeta GmbH in Germany;
  • our suppliers, contractors, professional advisers and agents who assist us in our business operations;
  • government, regulatory, or law enforcement agencies, including the Therapeutic Goods Administration (TGA), as required or authorised by law (for example, for mandatory reporting of adverse events). In such instances, we take reasonable steps to de-identify information where permissible, only providing identifiable information when legally mandated for safety and compliance;
  • anyone to whom our assets or business (or any part of it) is transferred;
  • where an individual to whom the personal information relates has otherwise consented.

2.6.1. Overseas disclosure of personal information

Some of the third parties to whom we disclose personal information may be located overseas, including our parent company in Germany. We take reasonable steps to ensure that any overseas recipient of your personal information will handle it in accordance with the APPs and other applicable privacy laws. These steps may include entering into legally binding data transfer agreements that contain protections for your personal information.

3. Cookies and IP address tracking

The website may use cookies for site administration purposes. Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes and to improve your website user experience.

Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing the website.

Our Website may also detect and use an individual’s IP address or domain name for internal traffic monitoring and capacity purposes or to otherwise administer the website. No personal information is obtained, rather the patterns of usage of visitors to the Website may be tracked for the purposes of providing improved service and content based on aggregate or statistical review of user site traffic patterns.

4. Security

The company implements a number of physical and electronic measures to protect personal information, including sensitive health information, from misuse, interference, loss, unauthorised access, modification or disclosure. Please note, however, that the internet is not a secure environment and although reasonable care is taken, we cannot guarantee the security of information provided to us via electronic means.

5. Links to other sites

Our website may contain links to other websites. We are not responsible for the privacy practices or the content of such other websites. The privacy policies applicable to such other websites may differ substantially from this Policy, so we advise individuals to read them before using those websites. We will not be liable for any use of those websites.

6. Access, corrections, complaints and retention

6.1. Access and correction

You have a right to request access to the personal information we hold about you and to request its correction. We will provide you with access to your personal information, subject to certain exceptions permitted by law. If you believe that any personal information we hold about you is inaccurate, incomplete or out-of-date, please contact our Privacy Officer (contact details below) and we will take reasonable steps to ensure that the information is corrected.

6.2. Complaints

If you wish to make a complaint about the way we have handled your personal information, you may do so to our Privacy Officer via the details below. Please include your contact details and clearly describe the complaint. Our Privacy Officer will investigate the complaint and respond promptly. If you consider that we have failed to resolve the complaint satisfactorily, you can complain to the Office of the Australian Information Commissioner (OAIC).

6.3. Erasure and retention

We will not keep your personal information for longer than is necessary for the purposes for which it was collected. In most cases, this means we will retain your personal information for the duration of your relationship with us and for a period afterwards to comply with applicable laws. However, we may be required to retain it to comply with our legal obligations, for example, record-keeping requirements under the Therapeutic Goods Act.

7. Mandatory reporting obligations

We have procedures in place to identify, assess, and report eligible data breaches in a timely manner, consistent with our obligations under the Privacy Act. In the event of a data breach that is likely to result in serious harm, we will assess and respond promptly in line with the requirements contained in the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) and other applicable laws.

8. Further information

For further information about the company’s privacy policies or practices, please contact our Privacy Officer at admin-au@oncobeta.com