GLOBAL PRIVACY POLICY

Telix’s commitment to maintaining your privacy

Telix is committed to protecting the privacy of all individuals it deals with. This Global Privacy Policy (“Policy”) describes how Telix Pharmaceuticals Limited, and its affiliated companies worldwide (together referred to as “Telix”), collects, uses, discloses and stores personal information collected, and what choices you have with respect to that information.

We take the privacy and security of your information very seriously and we are committed to ensuring that we collect, use, disclose and store your information in accordance with applicable data protection and privacy laws worldwide.

Purpose

Telix is a biopharmaceutical company focused on the development and commercialisation of diagnostic and therapeutic products using Molecularly Targeted Radiation. Telix is headquartered in Melbourne, Australia with regional offices in Belgium, Japan and the United States. Telix collects and holds personal information necessary for us to carry out our business. We collect, use and disclose your personal information in accordance with this Policy.

As an Australian-headquartered business, Telix and all of its subsidiaries are committed to protecting the privacy of information and to handling personal information in a responsible manner in accordance with Australian privacy legislation, including the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles (APPs), and relevant Australian State and Territory privacy legislation. Telix and its subsidiaries also act in accordance with applicable legislation concerning privacy in other countries and regions in which Telix operates, including but not limited to the General Data Protection Regulation 2016/679 (GDPR) and US Health Insurance Portability and Accountability Act of 1996 (HIPAA) (collectively referred to as privacy legislation).

Scope

This Policy applies to personal information regarding patients, healthcare professionals, customers, other third party business associates, employees and others and to the management of that personal information. While this Policy is intended to establish a standard for our information processing activities globally, the laws of a particular country may limit the types of personal information we can collect or the manner in which we process that personal information. In those instances, Telix will comply with relevant local laws and regulations.

Policy

1.1 What information do we collect?

The types of personal information that we collect and process may vary depending on your relationship with us as well as by jurisdiction based on applicable law. The term “personal information” under this Policy refers to information about an identifiable individual, and may include:

  • Contact details: including your name, address, telephone numbers, email addresses and social media handles/usernames.
  • Demographic information: such as gender, citizenship, date of birth.
  • Personal data in reports you submit to us: if you submit information about our products and services through our websites (for example, through a suspected adverse event reporting form), we will collect any personal data you include within your report.
  • Health data: for example, if you submit healthcare data to us in relation to our products or services, we will collect any personal data and sensitive personal data you include.
  • Employment information: if you apply for a job vacancy with us, we will collect information such as your employment history, references and anything else you may include in the job application form or in any attachments such as CVs.
  • Records of your discussions with us: when you contact us using the contact options on the Websites (whether by email, phone, an online form or through social media (such as through Twitter or LinkedIn), we may keep a record of the information you provide when doing this.
  • How you use our websites: we may collect information about the pages you look at and how you use them through the use of Cookies (see below).
  • Location information: your smartphone or computer’s IP address may tell us your approximate location when you connect to our Websites.
  • Clinical trials: we may collect your personal information in the course of conducting clinical trials including the information provided when completing information sheets and forms, such as pre-treatment evaluation forms and patient consent forms.

Some personal information may also be considered “sensitive information” for which higher levels of privacy protection are provided under applicable law. “Sensitive information can include information or an opinion about an individual’s:

  • racial or ethnic origin;
  • political opinions;
  • membership of a political association;
  • religious beliefs or affiliations;
  • philosophical beliefs;
  • membership of a professional or trade association;
  • membership of a trade union;
  • sexual preferences or practices; or
  • criminal record.

“Sensitive information” also includes health information and genetic information about an individual that is not otherwise health information. Telix does not generally collect sensitive information other than health information in very limited circumstances in relation to a clinical trial.

1.2 How does Telix use my information?

Telix collects and uses personal information to the extent necessary to conduct our business and pursue our legitimate business interests. Subject to applicable laws, we may collect, use, process and disclose relevant portions of your personal information in order to:

  • administer, operate, facilitate and manage Telix’s business and your relationship with Telix, including communicating with you in relation to our business, products and services;
  • fulfil a contract we may have with you, such as where you have made a purchase from us;
  • facilitate our internal business operations, including fulfilling our legal and regulatory requirements;
  • undertake medical research, including the recruitment and operation of clinical trials;
  • enable you to report serious adverse events in relation to any of our products;
  • enable you to apply for jobs or other opportunities at Telix;
  • administer, operate and manage Telix’s website, including to contact any person in relation of the use of Telix websites and to create a personalised experience when using Telix websites; and/ or
  • respond to any comments or complaints you send us.
1.3 Disclosure of information

Telix will not disclose your personal information to third party marketing or advertising businesses or sell or trade your personal information with third parties. There are, however, some occasions where Telix may be required to disclose your personal information to a third party in order to operate our business. These times are limited, but may include:

  • Suppliers and agents: Telix may engage other businesses, certain services and individuals to assist with or perform functions or activities on our behalf. Examples include” (a) clinics or hospitals (where treatment is received, and/or clinical trials are performed); (b) medical practitioners and related staff; (c) health insurers and health service providers; persons to whom certain functions are outsourced (eg information technology support, payment servers, wireless carriers, system analysis providers, and data storage providers); (d) auditors and insurers; (e) government and law enforcement agencies and regulators; and (f) entities established to help identify illegal activities and prevent fraud. They may have access to some personally identifiable information needed to perform their functions.
  • Company reorganisation: to a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
  • Where necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our related bodies corporate; (f) to protect our rights, privacy, safety or property, and/or that of our related bodies corporate, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
1.4 Direct Marketing

Telix does not generally engage in direct marketing activities. However, on occasion, Telix may communicate with individuals by email and other forms of communication. If any person does not want to receive emails and/or other communications from Telix, they can inform Telix at any time. Any person may opt-out of electronic communications by contacting Telix using the contract details provided below.

1.5 Sensitive Information

Telix only collects sensitive information if it is reasonably necessary for one or more of the uses specified in section 1.2 of this Privacy Policy, if Telix has consent of the individual to whom the sensitive information relates, or if the collection is:

  • necessary to lessen or prevent a serious threat to life, health or safety;
  • necessary pursuant to a legal requirement;
  • required for another permitted general situation (as defined in Section 15A of the Privacy Act 1988 (Cth) or other international privacy legislation); or
  • for a permitted health situation (as defined in Section 16B of the Privacy Act 1988 (Cth) or other international privacy legislation).
1.6 How does Telix protect your information?

Telix takes all reasonable steps to ensure the security of our systems and to protect your information from misuse, interference and loss as well as unauthorised access, modification or disclosure. Telix limits access to personal information by our employees and service providers, except as described in this policy. Any employee or service provider who does have access to your personal information is under an obligation to keep such information confidential.

Your information is stored on high security servers. Where we use a data storage partner, we will make that selection based primarily on their level of security, reliability and experience in the storage and treatment of data, including personal information.

In the event of a data breach, Telix is committed to complying in all respects with the requirements of all relevant privacy laws, where required, including but not limited to, the provisions of the Australian Privacy Law, the European GDPR and the HIPAA.

The transmission of information via the internet is not completely secure. Telix cannot guarantee the security of personal information transmitted. Any transmission to our websites is at your own risk.

1.7 Overseas Recipients

Telix businesses and third parties to whom we may provide your personal information are located in countries including, but not limited to Australia, Austria, Belgium, Brazil, Canada, France, Germany, Greece, Japan, Netherlands, New Zealand, Spain, Sweden, Switzerland, the United Kingdom and the United States of America.

By sharing personal information with Telix, that personal information may be transferred to, or be accessible by businesses in other countries that form part of the Telix group.

When disclosure is to be made to an overseas entity, Telix will take reasonable steps to assess the privacy laws of the country where information will be disclosed to determine whether the overseas recipient is required to comply with privacy laws that are at least as stringent as the privacy laws of its existing operations in relation to the information.

If Telix transfers personal information originating from the European Union (the EU) to countries outside the EU it will only do so in accordance with the GDPR. The GDPR requires that one of the following conditions applies to such transfer:

  • the European Commission has decided that the country provides an adequate level of protection for your personal data (in accordance with Article 45 of the GDPR);
  • the transfer is subject to a legally binding and enforceable commitment on the recipient to protect the personal data (in accordance with Article 46 of the GDPR);
  • the transfer is made subject to binding corporate rules (in accordance with Article 47 of the GDPR); or
  • the transfer is based on a derogation from the GDPR restrictions on transferring personal data outside of the EU (in accordance with Article 49).

Telix also ensures that any third party it uses to store or process information (generally referred to as “data controllers” under the GDPR) is compliant with GDPR and where necessary, will seek evidence of compliance with the Standard Contractual Clauses for data transfers from each data processor it uses.

1.8 Your Rights: data accuracy and access

Telix strives to keep your personal information accurate. We provide individuals with reasonable access to their personal information so that they can review and correct it or ask us not to use it (subject to applicable laws). We do not charge for this service and will respond to reasonable requests in an appropriate timeframe. If you wish to exercise your rights, please contact us using the contact details below.

1.9 Data Retention

Generally, Telix will retain your personal information until you ask us to delete such information (subject to applicable laws). If you ask us to delete your personal information at any time, be aware that Telix cannot guarantee that it will be able to delete such information from back-ups or caches of our databases, however, we will ensure that we do not actively access such data.

1.10 Do we use cookies?

Yes (cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enables the sites or service providers systems to recognise your browser and capture and remember certain information). We use cookies to compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. Any person may refuse the use of cookies by selecting the appropriate settings on their browser. Some browser manufacturers provide comprehensive help relating to cookie management in their products.

1.11 Your Consent

By using Telix websites, you consent to this Policy.

1.12 Changes to our Privacy Policy

This Policy may be changed from time to time to reflect changes in law or changes in our practices concerning the collection and use of personal information. If we make changes that materially alter your privacy rights, Telix will provide additional notice, typically via email.

1.13 Complaints

If any person has a complaint about the privacy of their personal information, Telix requests that they contact Telix in writing at the email below. Upon receipt of a complaint, Telix will consider the details and attempt to resolve the matter in accordance with Telix complaints handling procedures.

Telix will respond to the complaint within a reasonable time, and Telix may seek further information from the person in order to provide that person with a full and complete response.

If any person is dissatisfied with Telix’s handling of a complaint or the outcome, they may make an application to the Office of the Australian Information Commissioner (if applicable).

1.14 Contacting Us

If you have questions regarding this Policy, or privacy concerns or complaints, please contact our Privacy Officer via privacy@telixpharma.com.