Alcon is bound in Australia by the Australian Privacy Principles ("Principles") contained in the Commonwealth Privacy Amendment (Enhancing Privacy Protection) Act 2012 and Privacy Act 1988 (Cwth), as amended from time to time, and in New Zealand, by the Privacy Act 1993 together with the Health Information Privacy Code 1994, as amended from time to time, and complies with these to the extent required by the relevant privacy laws applying in Australia and New Zealand.
Before collecting any information about individuals outside of the company, Alcon must obtain the consent of each individual prior to that information being provided.
Aggregated information in a de-identified form may be used for the purpose of data analysis in relation to the business of Alcon solely.
Personal information, where collected, is handled by Alcon in an open and transparent way. Alcon collects, stores, manages and uses personal and health information for specific and limited purposes which we will inform you about when we ask you for information or for secondary purposes which are related to those purposes and are therefore purposes for which you would reasonably expect the information to be used. Alcon only collects information that is reasonably necessary for Alcon to carry out business functions or actions, and thus will depend on what type of interaction you have with us. Personal information is only used for the primary purpose for which it was collected or for purposes (secondary) which are related to the primary purpose. If this information includes a person's state of health and/or medical history then it is considered 'sensitive information' and can only be used for the primary purpose for which it was collected or for purposes (secondary) which are related to the primary purpose, unless consent is given otherwise or if this information is required by law or to prevent a serious and imminent threat to the life or health of an individual.
Personal information we may collect from you includes, among other things:
Generally, Alcon may keep a record of your name, contact details (address, telephone including mobile number, and fax number, email address etc.) and, where relevant your date of birth and your professional details (e.g. qualifications, specialty, areas of interest), details of your practice/business (e.g. size, use of products and services) and details of your dealings with Alcon.
Other information may be collected from other sources but those sources will provide details of what personal information is being collected and why.
Alcon will collect information with an option that it be provided anonymously or under a pseudonym, unless it is impracticable to do so or there are legal obligations for identification. Additionally, information collection will include full disclosure of the purpose and use of the information being collected.
Alcon does not use government identifiers (e.g. tax file numbers or Medicare numbers) to identify individuals.
Financial information is collected so that Alcon can successfully complete a financial transaction. Where you have applied for a commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent. This could include persons nominated by you astrade references, credit reporting bodies ("CRBs") and your bankers.
Where the Privacy Act permits us to do so, Alcon may also disclose your credit related information (in respect of commercial credit) to CRBs such as Veda or Dunn & Bradstreet, if you apply for commercial credit or request to increase in your commercial credit limit with Alcon.
Where Alcon collects personal credit information that we are likely to disclose to a CRB, please note:
Alcon will only disclose personal information to CRBs where Alcon is member of a recognised External Dispute Resolution Scheme ('EDR Scheme'). If Alcon disclosing your personal information to CRBs, we will provide you written notice prior to that disclosure, as well as the details of the recognised EDR Scheme.
Alcon will generally only collect and use your personal information for the primary purposes of:
Your personal information is only collected with your consent and by lawful and fair means; and where practicable, only from you or from a person acting or authorised to act on your behalf. Where you have applied for commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent. This could include persons nominated by you as trade references, credit reporting bodies ("CRBs") and your bankers.
Alcon will take reasonable steps to ensure that you are aware of:
Personal and health information is kept by Alcon only for as long as is reasonably needed for such purposes and in accordance with any applicable legal reporting or documentation retention requirements. Alcon will give you the opportunity to tell us if you not want to receive this information.
If you do not provide the personal or health information requested by us, we may not be able to provide you with our products or services or respond to your enquiry.
Alcon recognizes the importance of protecting the privacy of personal information and only processes this information for specific and limited purposes. This information will be limited to that necessary to record and manage our interaction with you.
We take reasonable steps to protect your personal information from loss, misuse or unauthorised access by restricting access to the information in electronic format and by appropriate physical and communications security.
If a substantial data breach has or may have occurred (for example, your personal information was shared with unauthorised persons) we will notify you as soon as is practicable (refer to Section 6.7.1).
On receipt of your personal and health information Alcon typically:
Alcon may communicate with your Customers.
Alcon may provide some personal/health information overseas in the provision of goods/services to you and such information will be handled as per Australian law to ensure compliance with these Principles. Prior to transfer of information internationally the individual/s will be informed of the transfer, and Alcon ensures that both parties comply with their own privacy policies and the Australian Privacy Principles. Alcon will not provide personal information to an international recipient without compliance to these Principles.
Alcon has adopted Binding Corporate Rules (BCR), a set of principles governing the international transfer of personal information of Novartis associates, customers, business partners and other individuals whose data is collected or processed in the EU and in Switzerland. The approval of the Novartis BCR by EU and Swiss Data protection Authorities also Alcon to transfer your personal information from the EU and Switzerland to Alcon affiliates in other countries in compliance with EU and Swiss data protection laws.
Alcon utilizes global ordering and distribution systems, which mean your personal information, may be transmitted overseas when ordering, and distributes its goods/services via freight/courier companies that operate globally and locally.
Alcon may use your personal information for:
Alcon does not disclose your personal information for any secondary purposes unless your consent has been given or as required by law, and we will not sell or license any personal information that we collect from you.
Alcon may disclose personal information we collect from you:
Alcon will not share with any other third parties any personal information or health information about you without your consent. These include contractors who act for or on behalf of Alcon for particular purposes such as fulfilling orders for products or services, and providing marketing and support services, and to related companies of Novartis, including those located outside of Australia and New Zealand. Alcon requires these third parties to use personal information only for the specific purpose for which it is collected and that such third parties provide the same level of protection as Alcon and, where appropriate, we will contractually require them to process personal and health information transferred to them only for the purposes expressly authorised by Alcon.
Alcon will not share with third parties any identifiable health information about you without your consent except to prevent a serious and imminent threat to an individual's life or health. You may always revoke your consent at a later date. If consent is revoked Alcon may not be able to carry out certain requests made by you. Alcon will, where practicable, inform third parties to whom your information has been transferred of your withdrawal of consent.
Alcon may also disclose your information in circumstances required or authorised under law, in co- operation with any governmental authority or as otherwise permitted under applicable legislation
Alcon takes reasonable steps to ensure that any information we hold about you is up-to-date, accurate, and complete.
You have the right to access and update your personal and health information, if appropriate, unless certain circumstances set out in the Principles apply. If you wish to access or correct this information, please contact the Alcon Privacy Officer. To protect your privacy, Alcon may require proof of identity before processing your request. Your request will be dealt with in a prompt and proper manner. No charge will be levied for requesting access or correction of your information. Alcon may charge a reasonable fee to cover its costs of providing access.
Where your consent, direct or implied, is given Alcon may use your personal information for:
We may exchange your personal information between our related entities so they can also assist in the marketing of our products and services to you.
We will only offer you products or services, where we reasonably believe that they could be of interest or benefit to you.
At the point we collect information from you, you may be asked to "opt in" to consent to us using or disclosing your personal information. You will generally be given the opportunity to "opt out" from receiving marketing communications from us. You may "opt out" from receiving these communications by clicking on an unsubscribe link at the end of an email or by contacting us with this request directly.
Personal information may be disclosed as required by law or in special situations where Alcon has reason to believe that doing so is necessary to identify, or bring legal action against anyone damaging, injuring, or interfering with Alcon rights and property, or anyone else who could be harmed by such activities.
As with most websites, when you visit our websites or use an application on our website, we may record anonymous information such as IP address, time, date, referring URL, pages accessed and documents downloaded type of browser and operating system.
We also use "cookies". A cookie is a small file that stays on your computer until, depending on whether it is a sessional or persistent cookie, you turn your computer off or it expires. Cookies may collect and store your personal information. You may adjust your internet browser to disable cookies. If cookies are disabled you may still use our website, but the website may be limited in the use of some of the features. Cookies do not personally identify users, although they do identify a user's browser. Cookies are used by Alcon to estimate our number of customers and determine overall traffic patterns through this website.
Alcon strives to ensure the security, integrity, confidentiality and privacy of personal information that it collects. We may hold your information in electronic and hard copy form. When information is collected on-line, it is subject to data networks protected internally by firewall and password protection. Alcon takes all reasonable precautions to protect your personal information from loss, misuse or alteration, including unauthorized access. Unfortunately, no data transmission can be guaranteed to be totally secure. Although we aim to protect your personal information, Alcon cannot guarantee the security of any information you may transmit to us, or our transmissions to you.
Where credit card details are submitted to us for a website purchase, we take every precaution to ensure that your transaction is safe and secure. Your credit card details are encrypted automatically with 128 bit SSL (secure socket layer) security after you enter them, and are deleted once the sale has been processed.
Alcon takes reports of all data security (breach) incidents seriously. Staff compliance with our policies and procedures is regularly audited and reviewed. While we cannot guarantee against any loss, misuse or alteration to data, Alcon will try to prevent such unfortunate occurrences. If an employee breaches our policies and procedures he/she will be disciplined accordingly.
Examples of Data Security Incidents include but are not limited to:
If an associate, agent or contractor suspects that any Data Security Incident has taken place or is about to take place, they should promptly report this suspicion to an appropriate department / function. This may be their Line Manager, ELT member, IT, Information Security, BPO, Privacy Officer, Compliance or HR.
All incidents are managed following the Novartis Guideline for Data Security Incident Response and Breach Notice. Briefly, the incident response team will conduct an investigation into the allegation/suspicion of a breach. The incident response team will, at minimum, consist of the DPO, Compliance/Legal representative and an IT/Information Security representative. If the breach involves personal or sensitive data the investigation lead will be the DPO, if the breach does not involve personal or sensitive data the investigation lead will be an IT representative. The initial investigation template (Appendix 1) outlines the information to be gathered and assessed. A report of the investigation, including proposed remediation plans, will be presented to the ELT and remediation actions will be determined accordingly.
Alcon complies in Australia with the Spam Act 2003 (Cth) and in New Zealand with the Unsolicited Electronic Messages Act 2007 in its interactions with you. Alcon will not send you a commercial electronic message unless permitted by the Act. If you contact Alcon electronically and Alcon believes that certain product, service, health or other information is of importance to you, we may inform you electronically but will give you the choice to opt out of receiving further communications of this type.
Alcon collects your name and telephone number for the purpose of enabling Alcon to contact you at a later date about your inquiry. The information may also be used for producing a report if you are calling Alcon to report a product complaint or adverse reaction to one of our products.
Alcon will not knowingly collect, use or disclose personal and health information from a minor without obtaining prior consent from a person with parental responsibility (e.g. parent or guardian). Alcon will provide the parent with (i) notice of the specific types of information being collected from the minor, and (ii) the opportunity to object to any further collection, use, or storage of such information.
Alcon complies with the privacy requirements which apply to personal information supplied by prospective employees, contractors or consultants. In the private sector in Australia, legislation provides an exemption regarding employee records of current and previous employees. In the public sector and in New Zealand, standard privacy laws apply
We take reasonable steps to ensure your personal information is accurate, up-to-date and not misleading by updating its records whenever true and correct changes to the data come to its attention.
If you believe your information is incorrect, incomplete or not current, you can request that we update this information by contacting the Alcon Privacy Officer (see details below).
We will correct information we hold about you if we discover, or you are able to show to a reasonable standard, the information is incorrect. If you seek correction and we disagree that the information is incorrect, we will provide you with the reasons for taking that view.
We disregard information that seems likely to be inaccurate or out-of-date by reason of the time that has elapsed since it was collected or by reason of any other information in our possession.
You may deal with us anonymously or using a pseudonym where it is reasonably possible to conduct the relevant interactions.
We do not use government identifiers (e.g. tax file numbers or Medicare numbers) to identify individuals.
Alcon acknowledges that you have a general right of access to information concerning you, and to have inaccurate information corrected. You are able to access the personal information we hold about you by contacting our Privacy Officer.
Phone: 02 9452 9200
Postal address: The Privacy Officer
Alcon Laboratories (Australia) Pty Ltd
10/25 Frenchs Forest Road East
Frenchs Forest NSW 2086
†Eye exam may be required. Professional fees may apply. At participating practices.
‡One-month trial refers to a recommended replacement schedule of up to 4 weeks as determined by the eye care professional.
§Not everyone can sleep in lenses or wear lenses for a full 30 nights. Ask your eye care professional for complete wear, care, and safety information. Important Safety Information.