This Privacy Policy sets out how EpiQuil Pty Ltd (ABN 59 692 871 266)(‘‘EpiQuil’’) collect, use, disclose, store and otherwise handle personal information and other data. We recognise the importance of protecting your privacy and we are committed to handling personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs); and where applicable, the EU General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR.

This Privacy Policy applies to personal information and, where relevant, sensitive information (each as defined in the Privacy Act) that we collect by any means and via any technology, including through our website at www.epiquil.com and any associated pages; email and other electronic communications; professional or research collaborations; and any other dealings you may have with us.

By accessing or using the Website, contacting us, or otherwise providing personal information to us, you acknowledge that you have read and understood this Privacy Policy and you consent to the collection, use and disclosure of your personal information as described in this Privacy Policy, subject to any additional rights you may have under applicable law (including GDPR where relevant).

What is “personal information” and “sensitive information”?

In general terms, personal information is any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not. This may include, for example, your name, postal address, email address, telephone number, profession or occupation.

Sensitive information is a subset of personal information and includes information about an individual’s health, genetic or biometric data, racial or ethnic origin, religious or philosophical beliefs, sexual orientation and certain other categories as defined in the Privacy Act and, where applicable, GDPR.

For the purposes of this Privacy Policy, references to “personal information” include sensitive information where the context requires, unless stated otherwise

Personal information we collect

We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

We may collect and process personal information in relation to, for example:

  • visitors to and users of our Website;

  • healthcare professionals and researchers who interact with us;

  • potential collaborators, suppliers, investors and other business contacts; and

  • other individuals who contact us or whose personal information we otherwise lawfully receive in connection with our activities.

The nature and extent of personal information we collect will depend on the circumstances of your interaction with us. In general, the types of personal information we may collect include:

(a) General public / website users

  • name;

  • email address and other contact details;

  • organisation and role (if you choose to provide them);

  • content of any enquiry or message you send to us;

  • technical data such as IP address, browser type and version, device identifiers, operating system, time zone setting, referring URLs and information about how you use the Website (pages viewed, time spent, navigation patterns).

(b) Healthcare professionals, researchers and other professional contacts

In addition to the above:

  • professional details (specialty, title, qualifications, institutional affiliation);

  • areas of clinical, scientific or commercial interest;

  • information contained in correspondence, contracts or project documents relating to our collaboration.

(c) Research-related information

If, in the future, we engage in research, clinical investigations or similar activities, we may collect more detailed personal and sensitive information about participants in accordance with applicable ethics approvals, informed consent documentation and relevant laws. In such cases, additional or more specific privacy information may be provided and will apply together with this Privacy Policy.

We may also collect information that is not personal information because it does not identify you or cannot reasonably be linked to your identity (for example, aggregated or de-identified analytics data).

How we collect personal information

Wherever reasonably practicable, we will collect personal information directly from you, including when you:

  • complete a contact form or otherwise submit information through the Website;

  • communicate with us by email, telephone, video call or other means;

  • provide us with business cards, proposals or CVs;

  • attend meetings, conferences, webinars or other events organised or attended by us; or

  • otherwise interact with us in relation to our activities.

We may also collect personal information about you from third parties where it is unreasonable or impracticable to collect it directly from you, or where you have authorised a third party to provide it to us. These third parties may include:

  • your colleagues or other professional contacts;

  • our service providers (for example, IT and analytics providers);

  • publicly available sources (such as professional directories, publications or websites).

When you visit the Website, we and our service providers may collect certain information automatically via cookies, server logs and similar technologies. Further details are provided in section 12 (Cookies and tracking technologies).

Purposes for which we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information for purposes connected with the conduct of our business and activities, which may include:

  • responding to and managing your enquiries, requests or complaints;

  • establishing, managing and developing collaborations and business relationships;

  • providing information about our activities, technology platform and potential projects where permitted by law;

  • maintaining, operating and improving the Website, including monitoring usage, performance and security;

  • managing our administrative, accounting, risk management and corporate governance functions;

  • complying with legal and regulatory obligations, including record-keeping, reporting and responding to lawful requests from public authorities; and

  • any other purpose disclosed at the time of collection, or otherwise reasonably necessary or directly related to the above, and for which you would reasonably expect us to use or disclose your personal information.

Where we intend to use your personal information for a substantially different purpose that is not compatible with the original purpose and is not otherwise permitted by law, we will seek your consent where this is required.

Legal basis for processing personal data (GDPR)

Where the GDPR or UK GDPR applies to our processing of your personal data, we rely on one or more of the following legal bases:

  • Performance of a contract (Article 6(1)(b) GDPR): where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract;

  • Compliance with legal obligations (Article 6(1)(c) GDPR): where processing is necessary for compliance with our legal or regulatory obligations;

  • Legitimate interests (Article 6(1)(f) GDPR): where processing is necessary for the purposes of our legitimate interests (or those of a third party) and your interests or fundamental rights and freedoms do not override those interests, including our legitimate interests in operating our Website and business, responding to enquiries, and developing our technology and collaborations;

  • Consent (Article 6(1)(a) GDPR): where you have given us your consent to process your personal data for one or more specific purposes (for example, certain types of cookies or optional communications).

Where we process special categories of personal data (sensitive information), we will do so only where permitted under GDPR, such as where you have given explicit consent, the processing is necessary for scientific or historical research purposes subject to appropriate safeguards, or another applicable condition is met.

Direct communications

We may, from time to time, send you communications (for example, by email) about our activities, research, events, or opportunities to collaborate, where this is consistent with applicable law.

You may opt out of such communications at any time by using the unsubscribe function (where available) or by contacting us using the details in section 16 below. We may still contact you for administrative or legal purposes even if you opt out of marketing-type communications.

Disclosure of personal information

We may disclose your personal information to third parties for the purposes described in this Privacy Policy, including to:

  • our related bodies corporate;

  • service providers and contractors who assist us with functions such as website hosting, IT services, data storage and analytics, professional advice (legal, accounting, insurance), and communication platforms;

  • collaborators, research partners or organisations with whom we work, where necessary in connection with a project or relationship and where appropriate confidentiality and privacy protections are in place;

  • regulatory authorities, ethics committees or government agencies where required or authorised by law;

  • prospective purchasers or investors in connection with any proposed sale, merger, restructuring or other corporate transaction involving EpiQuil, subject to appropriate confidentiality obligations.

We may also disclose aggregated or de-identified information which does not identify individuals, for research, statistical or analytical purposes.

We will not sell your personal information to third parties.

Overseas disclosure and international transfers

Some of our service providers and counterparties may be located outside Australia, including in countries that may not have the same level of data protection as the country in which you reside.

Where we disclose personal information overseas, we will take reasonable steps to ensure that the recipient will handle the information in a manner consistent with this Privacy Policy and applicable law. In the case of personal data subject to GDPR, we will ensure that appropriate safeguards are in place, such as:

  • an adequacy decision of the European Commission or UK Government; or

  • standard contractual clauses or other appropriate contractual safeguards.

By providing personal information to us, you acknowledge that, subject to applicable law, we may transfer your personal information to overseas recipients as described in this Privacy Policy.

Data retention

We retain personal information for as long as is reasonably necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, tax, accounting or reporting requirements.

When personal information is no longer required for the purposes set out in this Privacy Policy, and we are not legally required to retain it, we will take reasonable steps to de-identify or securely destroy it.

Cookies and tracking technologies

Like many websites, our Website may use cookies, web server logs and similar technologies to:

  • ensure the Website functions properly;

  • recognise your browser;

  • help us understand how the Website is used; and

  • improve performance and user experience.

Cookies are small text files placed on your device by websites you visit. Most browsers are set to accept cookies by default, but you can usually change your browser settings to refuse cookies or to alert you before cookies are placed. If you disable cookies, some features of the Website may not function properly.

Where required by law, we will request your consent for the use of non-essential cookies (for example, certain analytics cookies) via a cookie banner or similar mechanism.

Security of personal information

We take reasonable steps to protect personal information that we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps include technical, administrative and physical safeguards appropriate to the nature of the information.

However, no method of transmission over the internet or method of electronic storage is entirely secure. We cannot guarantee the security of information transmitted to or from the Website or via email, and you do so at your own risk.

If you suspect any misuse, loss or unauthorised access to your personal information, please contact us immediately using the details in section 16.

Access, correction and your privacy rights

Australia

Subject to certain exceptions under the Privacy Act, you have the right to request access to the personal information we hold about you and to request correction of that information if it is inaccurate, out of date, incomplete, irrelevant or misleading.

EU / UK (GDPR)

Where the GDPR or UK GDPR applies, and in addition to the above, you may have the following rights in relation to your personal data:

  • Right of access – to obtain confirmation as to whether we process your personal data and, if so, to receive a copy and certain information about our processing;

  • Right to rectification – to have inaccurate personal data corrected and incomplete data completed;

  • Right to erasure – to request deletion of your personal data in certain circumstances;

  • Right to restriction of processing – to request that we restrict processing of your personal data in certain circumstances;

  • Right to data portability – to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller where technically feasible, where our processing is based on consent or contract and carried out by automated means;

  • Right to object – to object, on grounds relating to your particular situation, to processing based on our legitimate interests, and to object at any time to processing for direct marketing;

  • Right to withdraw consent – where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.

To exercise any of your rights, please contact us using the details in section 16. We may need to verify your identity before responding to your request. We will respond within the timeframes required by applicable law.

If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant supervisory authority (see section 15).

Complaints and supervisory authorities

If you have any questions or concerns about how we handle your personal information, or if you wish to make a complaint, please contact us using the details below. We will investigate your complaint and endeavour to respond within a reasonable time.

If you are not satisfied with our response, you may lodge a complaint with the relevant data protection authority. For example:

  • in Australia: the Office of the Australian Information Commissioner (OAIC);

  • in the EU: your local data protection authority;

  • in the UK: the Information Commissioner’s Office (ICO).

Contact details for these authorities are available on their respective websites.

Children

Our Website and Services are not directed to individuals under 18 years of age, and we do not knowingly collect personal information from children via the Website.

If you believe that we have inadvertently collected personal information from a child, please contact us and we will take appropriate steps to delete or de-identify that information.

Third-party sites

The Website may contain links to websites or resources operated by third parties. These links are provided for convenience only.

We are not responsible for the privacy practices or the content of any third-party websites. We encourage you to review the privacy policies of those third parties before providing them with any personal information.

Changes to this Privacy Policy

We may amend this Privacy Policy from time to time to reflect changes in our practices, legal requirements or other reasons.

The updated Privacy Policy will be posted on the Website with an updated “Last updated” date. We encourage you to review this Privacy Policy periodically. Your continued use of the Website or continued dealings with us after any changes take effect will constitute your acceptance of the amended Privacy Policy.

How to contact us

If you have any questions about this Privacy Policy, our handling of personal information, or wish to exercise your rights, please contact us at:

EpiQuil Pty Ltd
242 Hilmer Building Union Rd Kensington NSW
Email: info@epiquil.com

 

Privacy Policy