Telix’s commitment to maintaining your privacy

Telix is committed to protecting the privacy of all individuals with whom it deals in accordance with applicable laws. This Global Privacy Policy (“Policy”) describes how Telix Pharmaceuticals Limited, and its affiliate or subsidiary companies worldwide (together referred to as “Telix” “us,” “our,” or “we”), collects, uses, discloses, protects, and stores certain personal information collected, and what choices and rights you have with respect to that information.

We take the privacy and security of your personal information very seriously and we are committed to ensuring that we collect, use, disclose and store your personal information in accordance with applicable data protection and privacy laws worldwide. 

1. Background and purpose

Telix is a biopharmaceutical company focused on the development and commercialisation of diagnostic and therapeutic products using Molecularly Targeted Radiation. Telix is headquartered in Melbourne, Australia with regional offices in Belgium, Switzerland, Japan, and the United States. Telix collects and holds personal information necessary for us to carry out our business. We collect, use, and disclose your personal information in accordance with this Policy.

As an Australian-headquartered business, we are committed to protecting the privacy of information and to handling personal information in a responsible manner in accordance with Australian privacy laws legislation, including the Privacy Act 1988 (Cth) (as amended), the Australian Privacy Principles, and relevant Australian State and Territory privacy laws (collectively the Australian Privacy Law).  Telix and its subsidiaries also act in accordance with applicable privacy laws in other countries and regions in which Telix operates, including but not limited to the General Data Protection Regulation 2016/679 (GDPR),  UK Data Protection Act 2018 (amended 2020) (UK DPA),  Swiss Federal Act on Data Protection (FADP), US Health Insurance Portability and Accountability Act of 1996 (HIPAA), relevant U.S. State comprehensive privacy laws if and as applicable (such as the California Consumer Privacy Act (CCPA)),and the Japanese Act on the Protection of Personal Information (APPI), collectively referred to as Privacy Laws).  These laws apply directly or pursuant to contract with relevant contractual partners.

2. Scope

This Policy applies to our processing of personal information at a corporate level worldwide and via this website and any affiliate websites, including our careers portal. This includes handling of personal information or personal data regarding patients, healthcare professionals, customers, other third-party business associates, candidates seeking work with us, employees, and others and to the management of that personal information (collectively referred to as Personal Information). While this Policy is intended to establish a standard for our information processing activities globally, the laws of a particular country may limit the types of Personal Information we can collect or the manner in which we process that Personal Information. In those instances, Telix will comply with relevant local laws and regulations.

Where required by applicable Privacy Laws (particularly GDPR, UK DPA and FADP), we may also supplement this Policy with specific collection, processing, transfer and purpose privacy statements in the specific context. For example, specific collection or processing notices may be included in contracts, communications or other interactions you may have with Telix. This Policy is then intended to be supplemental to any such statements. 

If you reside in California, please find additional disclosures required by California law in our California section below and for Californian residents, the California section is intended to supersede to this Policy to the extent of any inconsistency.

3. Policy

3.1 What information do we collect?

The types of Personal Information that we collect, and process may vary depending on your relationship with us as well as by jurisdiction based on applicable law.  The term “Personal Information” under this Policy refers to information about an identifiable individual, and may include:

  • Contact details: including your name, address, telephone numbers, email addresses and social media handles/usernames.
  • Demographic information: such as gender, citizenship, date of birth, race, ethnicity, veteran status, disability status.
  • Personal information in reports you submit to us: if you submit information about our products and services through our websites (for example, through a suspected adverse event reporting form), we will collect any Personal Information you include within your report.
  • Health information: for example, health information is collected by or on our behalf where you or your healthcare professional report an adverse event to report safety events under applicable regulations. We may also collect health information or COVID vaccination status to ensure health and safety while visiting Telix’s premises (where permitted by Privacy Laws) or if you submit healthcare information to us reporting adverse events relating to our products.
  • Clinical trials: we may collect your Personal Information in the course of conducting clinical trials including the information provided when completing information sheets and forms, such as pre-treatment evaluation forms and patient consent forms.
  • Potential employee or contractor candidate information: if you apply for a job with us, we will collect information such as your employment history, references, aptitude and psychometric testing and anything else you may include in the job application form or in any attachments such as CVs in accordance with the detailed privacy policy available on our careers page (also available here).
  • Employment information: Personal information such as general demographic information, tax ID information or other government identification necessary to administer the employment relationship, including to pay salary and benefits, to process health information for insurance or leave purposes, performance management and development, administer any transfer or termination of employment.
  • Records of your discussions with us: when you contact us using the contact options on our websites (whether by email, phone, an online form or through social media (such as throughLinkedIn)), we may keep a record of the information you provide when doing this.
  • Social media sites: we may collect aggregate statistical data and information you choose to share with us on social media (e.g., LinkedIn, Facebook, YouTube).
  • How you use our websites: we may collect information about the pages you look at and how you use them through the use of Cookies (please refer to the Cookies Policy available on Telix website).
  • Location information: your smartphone or computer’s IP address may tell us your approximate location when you connect to our websites.

Some Personal Information may also be considered “sensitive” for which higher levels of privacy protection are provided under applicable Privacy Laws, including information or an opinion about an individual’s:

  • racial or ethnic origin;
  • political opinions;
  • membership of a political association;
  • religious beliefs or affiliations;
  • philosophical beliefs;
  • membership of a professional or trade association;
  • membership of a trade union;
  • sexual preferences;
  • criminal record;  or
  • health information and genetic information that is not otherwise health information.

Telix does not generally collect sensitive information other than health information in very limited circumstances in relation to a clinical trial or reasonably necessary to ensure the health and safety of its personnel at Telix premises around the world or to provide products or services to you (including where Telix may be booking travel for business meeting on your behalf).

3.2 How does Telix collect Personal Information

We collect the above Personal Information from the following sources:

From you

We collect Personal Information that you provide directly to us. Personal Information is required to invite you to collaborate on Telix activities, to use certain online or service features, for example, to create online accounts, purchase products or services, contact us via email, phone, or our Contact Us form (where we may retain the content of your message and our response), submit job application materials, receive, or request product data from us (e.g., catalogues and newsletters), and respond to communications from us (e.g., surveys and promotional offers).

From Third Parties

We may obtain Personal Information and other data from various third party companies and public sources.  Some of this Personal Information and other data may be collected automatically through Cookies (see our Cookie Policy) or through data vendors in the marketplace.  We may combine that data with Personal Information or other data we collect. This enhances our existing Personal Information about our users, improves our ability to contact you, and enhances our marketing capabilities.

From Cookies and Online Trackers

We automatically collect certain information from you when you access our websites. This information includes:

  • your activity on our Websites, such as search queries, traffic data and other communication data;
  • your interactions with our emails and texts, and with our messages through push and online messaging channels;
  • details of your interactions with our customer service department, such as the date, time, and reason for contacting us, transcripts of any chat conversations, and if you call us, your phone number and call recordings;
  • resettable device identifiers (also known as advertising identifiers), such as those on mobile devices, tablets, and streaming media devices that include such identifiers;
  • device and software characteristics (such as type and configuration), connection information including type (Wi-Fi, cellular), statistics on page views, referring source (for example, referral URLs), IP address (which may tell us your general location), operating system, and browser and standard web server log information; and
  • information collected via the use of cookies, web beacons and other technologies, including ad data (such as information on the availability and delivery of ads, the site URL, as well as the date and time).

The above types of data help us to improve our websites and to deliver a better and more personalised website, including by enabling us to estimate our audience size and usage patterns, store information about your preferences to customise our websites according to your individual interests, and to speed up your searches.

We may tie automatically collected information to Personal Information about you that we collect from other sources or that you have previously provided to us.  For more information see our Cookie Policy.

3.2 How does Telix use Personal Information?

Telix collects and uses Personal Information to the extent necessary to conduct our business and pursue our legitimate business interests. Subject to applicable laws, we may collect, use, process and disclose relevant portions of your Personal Information in order to:

  • administer, operate, facilitate and manage Telix’s business and your relationship with Telix, including communicating with you in relation to our business, products and services;
  • fulfil a contract we may have with you, such as where you have made a purchase from us;
  • facilitate our internal business operations, including fulfilling our legal and regulatory requirements;
  • undertake medical research, including the recruitment of study participants and operation of clinical trials;
  • review survey and research data and insight on how users perceive our services or products;
  • enable you to report serious adverse events in relation to any of our products;
  • to keep accurate and up to date records of individuals who access, visit, purchase, or otherwise interact with our services and offerings;
  • protect the rights, property, or safety of Telix, our customers or others. This includes exchanging information with other companies and organisations for the purposes of preventing, detecting, and investigating potentially prohibited or illegal activities, including fraud, assisting in the investigation of suspected illegal or wrongful activity;
  • enable you to apply for jobs or other opportunities at Telix;
  • administer, operate and manage any Telix website or microsite (including this Site), including to contact any person in relation of the use of Telix websites and to create a personalised experience when using Telix websites; and/ or
  • respond to any communications, comments or complaints you send us.
3.4 Disclosure of information

Telix will not disclose your Personal Information to third party marketing or advertising businesses or sell or trade your Personal Information with third parties. There are, however, some occasions where Telix may be required to disclose your Personal Information to a third party in order to operate our business.  These times are limited, but may include:

  • Suppliers, vendors, agents and collaboration partners: Telix may engage other businesses, certain services and individuals to assist with or perform functions or activities on our behalf. Examples include (a) clinics or hospitals (where treatment is received, and/or clinical trials are performed); (b) medical practitioners and related staff or collaboration partners working together with us on same product, program or activity; (c) health insurers and health service providers; (d) persons to whom certain functions are outsourced (e.g. information technology support, payment servers, wireless carriers, system analysis providers, and data storage providers); (e) auditors and insurers;  (f) government and law enforcement agencies and regulators; and (g) entities established to help identify illegal activities and prevent fraud. They may have access to some personally identifiable information needed to perform their functions.
  • Company reorganisation:  to a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
  • Where necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our subsidiary companies; (f) to protect our rights, privacy, safety or property, and/or that of our subsidiary companies you or others;  (g) to allow us to pursue available remedies or limit the damages that we may sustain; and (h) vendors providing support with Telix activities, programs or supporting management of our relationship with you, including collecting job applicant information or to provide travel support.

All such third parties may have access to Personal Information on a need to know basis, however Telix will take all reasonable steps to ensure their compliance with applicable Privacy Laws and this Policy to the same standard as Telix is bound.

3.5 Direct Marketing

Telix does not generally engage in direct marketing activities. However, on occasion Telix may communicate with individuals by email and other forms of communication and where applicable according to Privacy Laws, based on your consent or agreement or to identify products, services or similar activities as you have previously consented. If any person does not want to receive emails and/or other communications from Telix, they can inform Telix at any time. Any person may opt out of electronic communications by contacting Telix using the contact details provided in Section 3.11 or by unsubscribing as set out in the relevant electronic communication.

3.6 Sensitive Personal Information

Telix only collects sensitive information where permitted by Applicable Privacy Laws, if it is reasonably necessary for one or more of the uses specified in this Policy, if Telix has collected consent of the individual to whom the sensitive information relates, or if the collection is:

  • necessary to lessen or prevent a serious threat to life, health or safety;
  • necessary pursuant to a legal or regulatory requirement;
  • required for another permitted general situation (as defined in Privacy Laws); or
  • for a permitted health situation (as defined in Privacy Laws).
3.7 How does Telix protect your information?

Telix takes all reasonable steps to ensure the security of our systems and to protect Personal Information from misuse, interference, and loss as well as unauthorised access, modification, or disclosure.  Telix limits access to Personal Information by our employees and service providers, except as described in this Policy.  Any employee or service provider who does have access to your Personal Information is under an obligation to keep such information confidential.

Your information is stored on high security servers.  Where we use a data storage partner, we will make that selection based primarily on their level of security, reliability and experience in the storage and treatment of data, including Personal Information.

In the event of a data breach, Telix is committed to complying in all respects with the requirements of all relevant Privacy Laws. Telix has in place data breach policies and plans which apply when handling Personal Information breaches related to the Privacy Laws applicable to Telix.

The transmission of information via the internet is not completely secure. Telix cannot guarantee the security of Personal Information transmitted via the internet. Any transmission to our websites is at your own risk.

3.8 Overseas transfers and third party processing

We are a global company based in Australia.  Our affiliates and third parties to whom we may provide your Personal Information are located in countries around the world. Personal Information you share with Telix may be processed, transferred to, or be accessible by affiliates or third parties in countries other than where the Personal Information was collected.

If Personal Information is transferred across international borders or processed by third parties, we take reasonable steps to assess the Privacy Laws of the country where information will be transferred to determine the required compliance with such local Privacy Laws. 

If we transfer Personal Information from Australia to other countries which do not have equivalent Privacy Laws, we ensure appropriate contractual protection is agreed. If we transfer Personal Information from the European Union (the EU) to countries outside the EU we will only do so in accordance with the GDPR.  We may rely on adequacy decisions, Binding Corporate Rules,  Standard Contractual Clauses, derogations or similar permissible bases. Similar principles will apply if Telix transfers Personal Information from the United Kingdom (the UK) to countries outside the UK or from Switzerland  to countries outside Switzerland, according to UK DPA and FADP respectively.

3.9 Your Rights

We strive to keep your Personal Information accurate. We provide individuals with reasonable access to their Personal Information in accordance with applicable Privacy Laws so that they can review and correct it or ask us not to use it. We do not charge for this service and will respond to reasonable requests in an appropriate timeframe or the required timeframes under applicable Privacy Laws. If you wish to exercise your rights, please contact us using the contact details below.

In case your Personal Information is subject to EU GDPR, UK DPA and/or FADP, you are also entitled to the following rights: right of access, right of rectification, right to erasure, right to restrict processing, right to object, right to data portability. In case you wish more information about or to exercise your rights, please contact us using the contact details set out in Section 3.11..

You may also ask us to delete such information (subject to applicable Privacy Laws). If you ask us to delete your Personal Information at any time, be aware that Telix cannot guarantee that it will be able to delete such information from back-ups or caches of our databases or from historical clinical study data collection to preserve integrity of statistical analysis or where required to retain to comply with applicable legal or regulatory obligations (e.g. safety reporting on our products). We will endeavour to follow your request as much as possible after notice of it, strictly as permitted by applicable Privacy Laws.

Please be aware that Telix may be entitled to rely on exemptions or not to action your request under applicable Privacy Laws and so cannot guarantee that it will be able to comply with your request in all cases.

3.10 Data Retention

Generally, Telix will retain your personal information as long as it is necessary to achieve Telix’s processing activities. This especially applies where the use of your personal information is under the scope of EU GDPR, UK DPA and/or Swiss FADP.

You may also ask us to delete such information (subject to applicable laws). If you ask us to delete your personal information at any time, be aware that Telix cannot guarantee that it will be able to delete such information from back-ups or caches of our databases, however we will ensure that we do not actively access such data.

3.11 Changes to our Privacy Policy

This Policy may be changed from time to time to reflect changes in law or changes in our practices concerning the collection and use of Personal Information. When we update this Policy, we will also update the version date. Only the current statement of the Policy is effective, so please review it periodically.  If we make changes that materially alter your privacy rights, Telix will provide additional notice, typically via email.

3.12 Contact us

If you have questions regarding this Policy, or privacy concerns (including about your Personal Information handling, your rights, or your data transfers) or complaints, please contact our Privacy Officer via privacy@telixpharma.com who will guide you on the process to follow to satisfy your request according to local applicable Privacy Laws.

3.13 Complaints

If any person has a complaint about the privacy of their Personal Information, Telix requests that they contact Telix in writing at the email set out in Section 3.11. Upon receipt of a complaint Telix will consider the details and attempt to resolve the matter in accordance with Telix complaints handling procedures.

Telix will respond to the complaint within a reasonable time, and Telix may seek further information from the person in order to provide that person with a full and complete response.

If any person is dissatisfied with Telix’s handling of a complaint or the outcome, they may make an application to their relevant country Data Protection Authority (if applicable). 

For Australian complaints

Office of the Australian Information Commissioner (OIAC)
175 Pitt Street
Sydney NSW 2000
Australia
Phone 1300 363 992 (Monday–Thursday 10am–4pm AEST/AEDT)
Fax +61 2 9284 9666
https://www.oaic.gov.au/about-us/contact-us

For EU complaints

Please find the name and contact details of all EU Member States Supervisory Authorities here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

For UK complaints

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom
Phone: 0303 123 1113
Fax: 01625 524510
Website: www.ico.org.uk

For Switzerland complaints

Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
CH – 3003 Berne
Phone: +41 (0)58 462 43 95 (mon.-fri., 10-12 am)
Fax: +41 (0)58 465 99 96
https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—switzerland.html

For US HIPAA complaints

U.S. Department of Health & Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-800-368-1019
TTD Number: 1-800-537-7697
https://www.hhs.gov/hipaa/filing-a-complaint/index.html

For Japanese complaints

Personal Information Protection Commission Japan
Kasumigaseki Common Gate West Tower 32nd Floor,
3-2-1, Kasumigaseki, Chiyoda-ku, Tokyo, 100-0013, Japan
Phone: +81-3-6457-9680
https://www.ppc.go.jp/en/contactus/

For other countries, refer to the relevant responsible country regulator.

4. CALIFORNIA PRIVACY RIGHTS NOTICE

This California Privacy Rights Notice (“Notice”) applies to all visitors, users, customers, and suppliers who reside in the State of California (“consumers” or “you”). In the event of a conflict between this Section and the remainder of this Policy, this Section shall take precedence for California residents. Any terms used below and not otherwise defined have the meaning given to them under the California Consumer Privacy Act as Amended by the California Privacy Rights Act and its implementing regulations (the “CCPA”).

Telix collects several categories of Personal Information as described above. Within the last twelve (12) months, the Personal Information we have collected consists of the following categories under California law:

  • Identifiers: consisting of name, address, telephone number, email address, social media handles, and usernames;
  • Consumer Information under Cal. Civ. Code 1798.80(e): consisting of information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, name, social security number, physical characteristics or description, address, telephone number, education, employment, employment history, medical information, and health insurance information;
  • Characteristics of Protected Classifications under California or federal law: consisting ofage, race, ethnicity, citizenship, medical condition, physical or mental disability, sex gender, veteran or military status;
  • Commercial Information: consisting of records of products or services purchased, obtained, or considered, other purchasing or consuming histories or tendencies, payment information, transaction history;
  • Geolocation data: consisting of approximate location based on your IP address;
  • Audio, Electronic, and Visual Data: consisting of customer support calls, video recordings, and electronic device information;
  • Professional or employment-related information: consisting of employment history, references, and information you include in your job application or CV;
  • Inferences: inferences drawn to create a profile; and
  • Sensitive Personal Information: consumer’s account log-in, in combination with any required security or access code, password, or credentials allowing access to the account; racial or ethnic origin, personal information about health.

Telix does not knowingly collect or store information about minors under the age of 16, except as legally required or professionally required in our capacity as required by our Services. Telix does not collect, use, disclose, or share Sensitive Personal Information for any purpose other than those purpose for which it was specifically collected or as otherwise permitted by applicable Privacy Laws.

Categories of Sources From Which Personal Information is Collected 

The categories of sources from which your Personal Information is collected is described above  (How does Telix collect Personal Information).

Purposes for Collecting Personal Information

Our business and commercial purposes for collecting your Personal Information are described above (How does Telix use Personal Information).

Disclosures

For a Business Purpose

In the last 12 months we disclosed each of the above categories of Personal Information for our business purposes to the following  categories of third parties and / or service providers with whom we disclosed Personal Information in the last 12 months are described above  (Disclosure of Personal Information)

For Selling or Sharing

In the past 12 months, the following categories of Personal Information may have been sold or shared for compensation or cross-contextual behavioural advertising to our vendors that provide cross-contextual behavioural advertising services: (a) identifiers, (b) consumer information under Cal. Civ. Code 1798.80(e), (c) commercial information, (d) internet or other electronic information, (e) geolocation data, (f) audio, electronic and visual data, and (g) inferences. 

We do not have any actual knowledge that we have sold or shared information of any individual under the age of 16 for monetary compensation or for cross-contextual behavioural advertising.

California Consumer Rights

Subject to certain exceptions, residents of California have the right to:

  • request access to specific pieces of your Personal Information;
  • request correction of your Personal Information;
  • request to know what  Personal Information has been collected, including the categories of Personal Information collected, the categories of sources from which such Personal Information is collected, the purpose for collecting, selling, or sharing Personal Information, and the categories of third parties to whom we disclose, share or sell Personal Information;
  • request deletion of your Personal Information; and
  • opt out of the sale or sharing of your Personal Information.

You also have the right to be free of discrimination and retaliation if you elect to exercise any of the above rights. 

You, or your authorized agent, may exercise these rights by (1) calling us via our US Syntrio Ethics English-speaking hotline toll free at +1.823.214.1164 or our US Syntrio Ethics Spanish speaking hotline toll free at +1.800.216.1288, or (2) by emailing us at privacy@Telixpharma.com and providing us with your name, email address, relationship to Telix, nature of your request, and state of residence.

You must provide sufficient information to allow us to reasonably authenticate your request and verify you are the person about whom we collected Personal Information or that you are the authorized agent of such person.  We may require additional information to verify and authenticate the request, which may vary depending on the Personal Information we have on file for you and the nature of your request. We will be unable to respond if you do not provide  sufficient detail to allow us to properly understand, evaluate, and respond to your request.

We will strive to respond to your request in a timely manner as required by law.  We may charge a fee to process or respond to your request if it is excessive, repetitive, or manifestly unfounded.

To opt-out online, please contact us as set out in Section 3.11 or opt-out in accordance with the unsubscribe communications on relevant electronic communication.

CALIFORNIA’S “DO-NOT-TRACK” REQUIREMENT. WE CURRENTLY DO NOT HONOUR “DO NOT TRACK” REQUESTS.