Privacy Policy

Starpharma Holdings Limited and its related bodies corporate (we, our, us or Starpharma) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document is our Privacy Policy, and it tells you how and why we collect and manage your personal information.

We respect your right to privacy under the Australian Privacy Act 1988 (Cth) (Act) and we take steps to comply with the Act’s requirements in respect of the collection, use, disclosure and handling of your personal information. By engaging with us, procuring products from us, or using our services, you agree to the processing of your personal information in accordance with this Privacy Policy.

What is your personal information?

When used in this Privacy Policy, the term “personal information” has the meaning given to it in the Act.  In general terms, it is any information that can be used to personally identify you. The types of information that we may collect and hold about you include (but are not limited to) your name, address, telephone number, email address, country of residence, subscriber type, usage data, profession or occupation, shareholding or employment related information. If the information we collect identifies you, or you are reasonably identifiable from it, the information will be considered personal information. The Act requires us to use personal information only for the primary purpose for which it was collected, or for secondary purposes which are related to the primary purpose. 

In certain limited circumstances, Starpharma may also need to collect sensitive information such as health information or your medical history to enable you to participate in clinical trials or where you have a product query, complaint or adverse event related to a Starpharma product. Further information on sensitive information is contained in a separate section of this Privacy Policy.  

What personal information do we collect and hold?

We collect and hold personal information you have provided to us to ensure that we can provide you with the relevant product or service to the standard required, or engage with you for business purposes. We may also collect details of the products or services you have purchased or received from Starpharma or which you have enquired about, together with any additional information necessary to deliver those products or services and to respond to your enquiries and comply with our regulatory requirements. If you apply for a role with Starpharma we may collect and retain information related to your prior employment and activities. 

We may collect and hold additional information that you provide to us directly through our websites or indirectly through use of our websites or online presence, through our representatives or otherwise. When you visit our websites, such as starpharma.com, viraleze.co or viraleze.co.uk, we may collect other personal information through our Internet Service Provider (ISP) and cookies. Further information about our ISP and our use of cookies is contained in the relevant section below. 

We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to questionnaires, aggregated information about website usage or aggregated data from participants in our clinical trials or from surveys that we conduct for product and/or service development.

How do we collect your personal information?

Starpharma usually collects your personal information directly from you unless it is unreasonable or impractical to do so.  When collecting personal information from you, you may provide it to us in various ways, including:

  • through your access and use of our websites, including subscribing to receive our updates, purchasing products or setting up a customer account; 
  • during communications between yourself or your business colleagues and our representatives for business purposes or as a general enquiry; 
  • when you deal in Starpharma shares or securities; 
  • when you enquire about or apply for a role, including employment or consulting at Starpharma; 
  • when you enquire about or participate in our clinical trials; 
  • when you enquire about, complain about or report an adverse event related to our products; or 
  • when you complete standard forms, contracts / agreements or business documentation such as credit applications or purchase orders.

We may also collect your personal information from third parties, including our share registry provider, credit reporting agencies, corporate advisers, law enforcement agencies and other government entities. You are responsible for authorising the third party to share your personal information with us. If you have concerns about the types of personal information that the third party may share with us, please contact the applicable third party.

Cookies and ISP

We may collect your personal information through the use of our cookies or a third party’s cookies in our websites. When you access our websites, we will send a “cookie” (e.g. information in a text file) to your computer, mobile device, or other device that can access our websites. Our cookies are not shared with any third party.

When you visit our websites, you can control the cookies that are sent by our websites to your computer, mobile or other device. We use CIVIC’s Cookie Control (link here) and Consentmo (link here) to help you manage your cookie settings with ease in our websites. If you want to change your settings, you can do this through our websites at any time. However, if you want to change your cookie settings in your browser (which may apply across multiple websites, or a session of internet browsing), you will need to do this through your browser’s settings or preference centre. Even if you block, disable or reject cookies, you can still access our websites but some of its functions may not work correctly (so, for example, this may affect your use of the elements of our websites). 

Our cookies and our third party’s cookies collect personal information from you and your device, but only to the extent that you or your device has shared your personal information with our website. Personal information collected by our cookies may include your IP address, device location, your activity on our website, and your activity across other websites that you browse. Our website’s server may store your personal information during the session (i.e. the length of time you browse our website) or for a longer period of time. Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline for a period of time, while session cookies are deleted as soon as you close your web browser.

Cookies in our websites enable us to (without being limited to):

  • remember your cookie settings or preferences. You can chance your cookies settings or preferences at any time in our websites or through your browser;
  • prevent bots from inputting data or making changes to data in user-input fields in our websites;
  • help you enjoy a seamless experience when purchasing products from (and making payments through) our websites with eCommerce functionality;
  • keep track of items you view so that, if you consent, we can send you news about those items; 
  • helps remember your website user experience preferences such as preferred website language; 
  • provide targeted advertising to you based on your website activity and online behaviour across websites so that we can promote our products to you; and
  • measure traffic patterns, to determine which areas of our websites have been visited and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our websites.  

In addition to our use of cookies, when you visit our websites or download information from them, our ISP makes a record of your visit and records (as applicable and among others) your internet address, domain name and the date and time of your visit. Our ISP also monitors the pages you access, the documents you download, links from other sites you follow to reach the site, and the type of browser you use. We use this information for statistical and website development purposes.

We may also use:

  • Flash Cookies. Certain features of our service may use local stored objects (or Flash Cookies) to collect and store information about your preferences or your activity on our service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies.
  • Web Beacons. Certain sections of our service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

We work with third-party providers like Google, LinkedIn, Mailchimp, Klaviyo, Meta and X who set cookies for analytics and marketing purposes. This list may not be exhaustive, which is based on information from these providers. Please see the following resources for more detailed information about the cookies set by Meta  (link) and Google (link).

What happens if we cannot collect your personal information?

Where excused under law, you are not obliged to provide us with your personal information. If you do not wish to provide us with your personal information, we may (for example) not be able to engage with you or provide the requested product or service to you, either to the same standard or at all, and we may not be able to tailor the content of our websites to your preferences, so your experience with our websites may not be as useful or enjoyable. In certain circumstances, it may also prevent us from complying with our legal and regulatory requirements. While we will take your preferences into account, please note that our service to you may be impacted if we do not collect your personal information. 

For what purposes do we process and handle your personal information?

We collect personal information from you so that we can perform our business activities and functions and to provide the best possible quality of service.

We collect, hold, use, disclose and otherwise process or handle your personal information for the following purposes:

  • as indicated to you at the time your personal information was collected, or as indicated by you in your communication to us; 
  • to provide products and services to you and to send communications requested by you, or to manage your customer account;
  • to answer enquiries and provide information or advice about Starpharma or existing and new products or services;
  • to assess the performance of the website and to improve the operation of the website;
  • to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
  • for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of Starpharma, contractors or third party service providers;
  • to keep your contact details up to date and to provide your updated personal information to our related bodies corporate, contractors or third party service providers;
  • to process your application for employment at Starpharma; 
  • to process and respond to any query, feedback or complaint made by you; and
  • to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.

Your personal information will not be shared, sold, licensed, streamed, uploaded or otherwise disclosed other than as described in this Privacy Policy or with your consent.  

To whom may we disclose your personal information?

To ensure that we can provide you with our products or services, we may disclose your personal information to:

  • our employees, related bodies corporate, contractors or third party service providers for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide products and services to you including, without limitation, web hosting providers, IT systems administrators, share registries, mailing houses, order fulfilment providers, freight providers, payment processors, data entry service providers, electronic network administrators, debt collectors, credit reporting bodies, identity verification service providers, and professional advisors such as accountants, auditors, solicitors, business advisors and consultants;
  • suppliers, business partners and other third parties with whom we have commercial relationships for business, marketing, logistics, product offers and related purposes;
  • to businesses in connection with, or during negotiations of, any merger, sale of our assets or shares, financing, or acquisition of all or a portion of our business to another company. We will provide notice before your personal information is transferred to another company and becomes subject to a different privacy policy;
  • other users. When you share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside. If you interact with other users or register through a third-party social media service, your contacts on the third-party social media service may see your name, profile, pictures and description of your activity. Similarly, other users will be able to view descriptions of your activity, communicate with you and view your profile;
  • government agencies that regulate our products, or organisations that support us with our product reporting and vigilance obligations under law;
  • law enforcement or other similar government agencies or by a court or like body, in which case Starpharma will make a written note of the disclosure; 
  • any other person or organisation for an authorised purpose with your express consent; or
  • where we are otherwise permitted or required by the Act or any other law.

If permitted by law, we may disclose your personal information to comply with a legal obligation, protect and defend our rights or property, prevent or investigate possible wrongdoing in connection with the service, protect the personal safety of users of the service or the public, or protect against legal liability.

We may combine any information that we collect from you with information collected by any of our related bodies corporate, to the extent permitted by law.

Do we disclose your personal information to anyone outside Australia?

We may disclose personal information to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above. Your personal information may be transferred to, and maintained on, computers or servers located outside of your state, province, country, territory or other governmental jurisdiction where the data protection laws may differ to the laws in your jurisdiction. 

We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.

We may disclose your personal information to entities located outside of Australia, including to our data hosting and IT service providers and authorised representatives of our products, located in countries which may include the United States, United Kingdom, Singapore and Hong Kong, and countries within the European Economic Area.

Overseas recipients to whom we may potentially disclose personal information are located in the United States, South America, European Economic Area, Asia, New Zealand, the United Kingdom, and any other countries to the extent required to fulfil the purposes listed in this Privacy Policy. Generally, we require that organisations outside Starpharma who handle or obtain personal information as third party service providers to Starpharma acknowledge the confidentiality of this information and comply with the privacy requirements of such information as directed by us. 

Direct marketing materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you, provided that you have opted in to receive direct marketing communications from us.  These communications may be sent in various forms, including mail, SMS, fax, telephone and email, in accordance with applicable marketing laws, such as the Australian Spam Act 2003 (Cth).  If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. However, we may not be able to accommodate your preferred method of communication. You may be able to choose what types of direct marketing communications and information you receive.  In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that you do not receive further marketing communications within the timeframes established by applicable laws. You may still receive communications from us while we update our records. 

We do not disclose your personal information to other organisations, except where they are contracted on Starpharma’s behalf, for the purposes of direct marketing.  

How can you access and correct your personal information?

You may request access to any personal information we hold about you at any time by contacting us (see our contact details below).  Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by posting or emailing it to you). To the extent permitted under law, we may charge you a fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge you for simply making the request, and we will not charge you for making any corrections to your personal information held or stored by us.

There may be instances where we cannot grant you access to the personal information we hold.  For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality.  If that happens, we will give you written reasons for any refusal.

If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, then you may request that we amend it.  We will also consider if the information requires amendment.  

If you are a shareholder, please contact our share registry to view and/or amend your personal information. See starpharma.com/investors for more information.  

Security

We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure.  We may hold your information in either electronic or hard copy form. Where required, we will take reasonable steps to destroy or de-identify your personal information when it is no longer necessary for a permitted purpose.

As our website is linked to the internet, and the internet is inherently insecure, we are unable to provide any assurance regarding the security of transmission of information you communicate to us online.  We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online (including by email), by phone or by mail is transmitted at your own risk.

Retention of your personal information

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal information to the extent necessary to, for example, comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies that you have agreed to comply with.

We will also retain website usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our services, or we are legally obligated to retain this data for longer time periods.

Children’s privacy

Our website does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from anyone under the age of 18 without verification of parental consent, we will take steps to remove that information.

If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent’s consent before we collect and use that information.

Links

Our websites may contain links to other websites and social network services operated by third parties.  We make no representations or warranties in relation to the privacy practices of any third party link, plug-in, API, cookie, website or other third party owned or managed computer, IT or data functionality and we are not responsible for the privacy policies or the content of any third party website or other IT functionality.  Please review the privacy policies of the relevant third party.

Health related personal information

Health or medical information that you provide to Starpharma in the course of your interest in or participating in a clinical trial, or in making a product complaint or adverse event report, may be considered to be “sensitive” personal information. Such information will only be collected and used for Starpharma’s purposes with your express consent or where we are legally required to do so. If you voluntarily disclose your health or medical information to us, we will seek your consent before we disclose it (if required) to third parties (unless we are permitted, under law, to disclose your health or medical information to a third party without your consent). Even with your explicit consent, sensitive personal information will only be collected and used: 

  • for the purpose for which it was provided; 
  • for a directly related secondary purpose; or
  • where required by law. 

This section applies in addition to the general provisions of this Privacy Policy. 

To the extent possible, we ensure that sensitive information is anonymised or pseudonymised. This includes details of medical conditions, treatments, investigations, and tests, or other information related to participation in our clinical trials.

Where health related personal information is collected, it is typically collected by clinical trial sites, clinicians and clinical research organisations (CROs), clinical trial database managers and in limited cases by Starpharma, directly from you unless it is unreasonable or impracticable to do so. We have contractual relationships with clinical trial sites and CROs to set expectations in relation to the processing of personal information. Such information may be collected when you enquire about or participate in our clinical trials, or when you make a product complaint or report an adverse event related to a Starpharma product. Where health related personal information is collected by a third party, these organisations are required to comply with the data privacy legislation in the relevant country. In clinical trials, typically the participant’s personal information is anonymised or pseudonymised, with the key code being held by the patient’s doctor so that the participant’s involvement and personal information can remain anonymous. We may also collect some health information that is not personal information because it does not identify you or anyone else.  For example, we may collect aggregated data from participants in our clinical trials. If you do not provide us with your health-related personal information, we may not be able to recruit you into our clinical trials, or allow you to continue in our clinical trials, or we may not be able to use the information we obtained about you in our clinical trials to assess its conduct or outcomes. It may also prevent or limit us from investigating and resolving a product complaint or adverse event. 

Your health-related personal information is used to maintain records of medical queries, adverse event reports, make legally required notifications (e.g. notifications to regulators, or product recalls) and otherwise comply with legal requirements. In addition, with the informed consent of participants, we may assess the conduct and outcomes of clinical trials. 

We collect, hold, use and may disclose your health-related personal information to:

  • CROs, clinical trial sites or related committees, clinical trial database or service providers/managers to allow the conduct and assessment of our clinical trials; 
  • regulatory bodies (e.g. the Australian Therapeutic Goods Administration, the United States Food and Drug Administration, etc.) where legally obliged to do so; 
  • law enforcement or other government agencies or by a court or like body, in which case we will make a written note of the disclosure; 
  • any organisation for any authorised purpose with your express consent; or
  • where we are otherwise permitted or required by the Act or any other law. 

As we conduct clinical trials throughout Australia and overseas, in respect of the above ways in which Starpharma collects, holds, uses, discloses or otherwise processes your health-related personal information, some of these disclosures may occur outside the state or territory in which an individual resides, including overseas.

EU and UK privacy laws

In addition to how we respect your privacy in accordance with this Privacy Policy, we take steps to apply relevant aspects of the European Union’s General Data Protection Regulation (2016/679), the United Kingdom’s General Data Protection Regulation incorporated in the United Kingdom’s Data Protection Act 2018, and the United Kingdom’s Privacy and Electronic Communications (EC Directive) Regulations 2003 (collectively, EU and UK Privacy Laws) to our operations. 

To supplement the definition of personal information in this Privacy Policy, we recognise that we might collect additional types of ‘personal data’ described in the EU and UK Privacy Laws. We will let you know if we collect any additional personal information.

The following sections provide context about the application of the EU and UK Privacy Laws to our operations.

Data controller

For the purpose of the EU and UK Privacy Laws, we are the data controller. This means that we control how your personal information is processed (and by whom), on what lawful basis we process your personal information and for what purposes your personal information is processed. As a data controller, we are required to take responsibility and accountability for implementing effective measures to regulate any processing activities we direct in accordance with this Privacy Policy.  

Lawful basis for processing

We will have a lawful basis for processing your personal information based on our interaction, engagement or arrangement with you. More than one lawful basis might apply to the processing of your personal information. The lawful bases that we commonly apply are:

  • consent: you have given us clear consent for us to process your personal information for a specific purpose. This will usually be documented in a collection notice or other agreements that we have with you. For example, you may consent to receiving marketing material from us in a particular form and in relation to particular subject matter, or you may consent to receiving further information about the status of your purchase from our eCommerce store;
  • contract: we have a contract with you that entitles us to process your personal information in accordance with the contractual terms and any applicable laws and regulations that cannot be excluded in a contract. For example, you may purchase good or services from us and we will need to process your personal information to enable us to send you the good and communicate with you about your purchase;
  • legal obligation: we need to process your personal information so that we can comply with applicable laws (excluding contractual obligations). For example, we may be required to provide a government regulator with information about any transactions that are fraudulent or to comply with our reporting obligations in relation to adverse events related to our products; and
  • legitimate interest: we have a legitimate interest to process your personal information if it is necessary for us to perform our business functions and that these interests are not overridden by your interests, rights and freedoms. For example, we engage in marketing, and we take steps to prevent and suppress fraudulent, abusive or criminal behaviour. We may process your personal information to monitor your conduct while you access or use our website to ensure that you are not using our website or services for criminal or other unauthorised activities.

If you would like to know which lawful basis applies to the processing of your personal information, please contact us. 

Who will process your data?

As we have described in the ‘To whom may we disclose your personal information?’ section of this Privacy Policy, we may disclose your personal information to organisations or agencies that process your personal information on our behalf. We take steps to ensure that any third party that processes your personal information on our behalf is performed in accordance with applicable EU and UK Privacy Laws, and that we receive suitable guarantees of compliance with personal information processing rules. To the extent that a third party is established in a jurisdiction that does not guarantee an adequate level of protection of personal data according to the standards established by the EU and UK Privacy Laws and as determined by the European Data Protection Board and/or the UK’s Information Commissioner’s Office, we apply relevant standard contractual cluses between us and the third party which are recognised by applicable international privacy regulators to guarantee an adequate level of protection of your privacy.

Additional rights

In addition to your rights (as described in this Privacy Policy) of access to your personal information, correction (or rectification) of your personal information, deletion or de-identification of your personal information that is no longer needed for a permitted purpose, information about our processing arrangements, and checking the quality of your personal information held by us, you (as a ‘data subject’) may be entitled to exercise the following rights recognised under EU and UK Privacy Laws depending on the type of legal basis that we have established for processing your personal information:

  • right to erasure (including the right to be forgotten): you can request us to delete your data in certain circumstances to the extent permitted by law including where the data is no longer necessary for the purpose for which it was collected, or where you withdraw your consent and there is no other legal ground for processing your data. We will let you know if your exercise of this right will impact our service to you;
  • right to object to data being processed: if you object to us processing your data, we will take steps to stop processing the data in accordance with your request and within a reasonable timeframe. This right only applies in certain circumstances that are permitted under law. For example, you can request us to stop sending you direct marketing communications if you choose to opt out of receiving those communications (this right applies regardless of which lawful basis applies). Or, you may request us to not disclose your personal information to a data processor we engage. Please note that if you no longer want us to process your personal information on your behalf in a particular manner, this may affect our service to you. We will let you know if that’s the case;
  • right to data portability: you have a right to receive your personal information that was processed using automated means in a format that you can read, use and transfer to another entity. We will provide you with a copy of your personal information held by us in a format determined by us that complies with applicable laws; and 
  • right to object to automated individual decision-making (or profiling): you have a right to not be subject to automated decision making or profiling. Please note that we do not currently (at the time this privacy policy was drafted) engage these practices in our operations.

Contacting us

If you have any questions about this Privacy Policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please contact our Privacy and Data Protection Officer using the details set out below.

We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. We will treat your requests or complaints confidentially.  Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved.  We will aim to ensure that your complaint is resolved in a timely and appropriate manner. We will inform you whether we will conduct an investigation, the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process.

After we have completed our enquiries, we will contact you to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view. 

Please contact our Privacy and Data Protection Officer at:

Privacy and Data Protection Officer
Starpharma Holdings Limited (including its subsidiaries)
Post: 4-6 Southampton Crescent, Abbotsford, Victoria, 3067, Australia
Phone: +61 (0)3 8532 2700
Email: privacy@starpharma.com

If you are located within the EU or UK, you may contact our GDPR representative (GDPREP.ORG) by email at info@gdprep.org or by phone at +44 (0) 7810 883333 if you have any concerns about this Privacy Policy or our activities. You can also contact a designated Data Protection Supervisory Authority in the UK or EU based on where you live, where you work, or where the infringement of your privacy took place. If you are in the UK, you can contact the UK Information Commissioner’s Office (see their website). If you are in the European Economic Area, visit this website for information about your local European Data Protection Supervisor.

If we have not responded to your complaint within a reasonable timeframe, or you are not satisfied with our response to your complaint, you are entitled to make a complaint to the Office of the Australian Information Commissioner (details below). You can also contact a regulator in the UK or EU. 

          Office of the Australian Information Commissioner

          Website: www.oaic.gov.au 

Changes to our Privacy Policy

We may change this Privacy Policy from time to time.  Any updated versions of this Privacy Policy will be posted on our websites.  You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on our website. 

This Privacy Policy was last updated on 18 November 2024.