We take reasonable steps to protect personal data that we hold from unauthorised access, modification and disclosure and implement technical and organisational measures to ensure a level of protection appropriate to the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed, as follows:
- We perform security testing (including penetration testing of our websites), and maintain other electronic (e- security) measures for the purposes of securing personal information, such as passwords, anti-virus management, multi-factor authentication, firewalls and antivirus software
- We maintain physical security measures in our buildings and offices such as door and window locks and visitor access management, cabinet locks, surveillance systems and
- We require all of our employees and contractors to comply with privacy and confidentiality terms and conditions in their employment contracts and subcontractor agreements that we enter into with
- We carry out security audits of our systems which seek to find and eliminate any potential security risks in our electronic and physical infrastructure as soon as possible
- If appropriate in the circumstances, taking into account the state of the art, the costs of implementation and the nature, scope, content and purpose of the processing, we pseudonymize and/or encrypt personal data
- We implement passwords and access control procedures into our computer systems
- We have a Data Breach Response Plan in place
- We have data backup, archiving and disaster recovery processes in place
- We have anti-virus and security controls for email and other applicable computer software and systems in place.
If you refuse to provide us with personal data
We do not send “junk” or unsolicited e-mail in contravention of the Spam Act 2003 (Cth). We will, however, use e-mail in some cases to respond to inquiries, confirm purchases, or contact clients. These transaction-based e-mails are automatically generated. Anytime a client or visitor receives e-mail it does not want from us they can request that we not send further e-mail by contacting us via email at: [email protected] or using any ‘unsubscribe’ tool contained in any communication we send. Upon receipt of any such request, we will ensure that they cease to receive automated emails from us.
Offshore data transfers for personal data
We may transfer your personal data entered into our websites to our contractors and service providers such as Microsoft Azure, who assist us with providing our products and services to you, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance.
Provided that we comply with applicable law, including the provisions of Australian Privacy Principle 8 (Cross-border disclosure of personal information), and the GDPR – in relation to GDPR Data, we may transfer personal data that we collect to our offshore contractors and service providers as well, who may be located outside the European Union (EU) or the European Economic Area (EEA). Our offshore contractors and service providers are currently located in the EU and United States of America.
Retention and de-identification of personal data
It is our policy to retain personal data in a form which permits identification of any person only as long as is necessary for the purposes for which the personal data was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law. We will only process personal data that you provide to us for the minimum length of time permitted by applicable law and only thereafter for the purposes of deleting or returning that personal data to you (except where we also need to retain the data in order to comply with our legal obligations, or to retain the data to protect your or any other person’s vital interests). Where you require personal data to be returned, it will be returned to you at that time, and we will thereafter delete all then remaining existing copies of that personal data in our possession or control as soon as reasonably practicable thereafter, unless applicable law requires us to retain the personal data in which case we will notify you of that requirement and only use such retained data for the purposes of complying with those applicable laws.
Your rights under the GDPR
Under the GDPR, you have a number of rights, including:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and
Please contact us if you wish to exercise any of your rights under the GDPR. We will handle all such requests in accordance with our legal obligations. If you withdraw your consent for processing, object to the processing of your personal data or request us to erase your personal data and as a result it is not possible or practical for us to continue providing you with our services, we may elect to terminate our business relationship with you.
How to access and correct personal data held by us
Our contact details
We are Macquarie Medical Systems Pty Ltd ABN 65 002 237 676 of 301 Catherine St, Leichhardt, NSW 2040. If you wish to contact us for any reason regarding our privacy practices or the personal data that we hold about you, please contact us at the following address:
Privacy Officer, Macquarie Medical Systems 301 Catherine St, Leichhardt, NSW 2040 [email protected]
We will use our best endeavours to resolve any privacy complaint within ten (10) business days following receipt of your complaint. This may include working with you on a collaborative basis to resolve the complaint or us proposing options for resolution.
If you are not satisfied with the outcome of a complaint or you with to make a complaint about a breach of the Australian Privacy Principles you make refer the complaint to the Office of the Australian Information Commissioner (OAIC) who can be contacted using the following details:
Call: 1300 363 992
Email: [email protected]
Address: GPO Box 5218, Sydney NSW 2001
In relation to GDPR Data, you may lodge a complaint with any relevant supervisory authority.