Commitment to Privacy

Prism Surgical Designs Pty Ltd and PSM Pacific Pty Ltd (hereinafter referred to we, us, our and Prism Surgical), are bound by the Australian Privacy Principles (APPs), contained in the Privacy Act 1988 (Cth). The Privacy Act 1988 (Privacy Act) is the principal piece of Australian legislation protecting the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information inthe federal public sector and in the private sector.

The object of the Australian Privacy Laws are to protect the confidentiality of personal information and the privacy of individuals by regulating the way in which personal information is managed. Broadly, personal information means information or an opinion about an identified individual or from which an individual can be reasonably identified (Personal Information).

Personal Information can include confidential "health information", which refers to information regarding an individual's physical or mental health or a health service provided to an individual or "sensitive information", which as defined by the Privacy Act. Sensitive information may include information or opinions about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, or health information.

Prism Surgical is committed to protecting the Personal Information it collects and regularly monitors its systems and procedures to ensure compliance with the APPs and this Policy. This Policy outlines the way in which Prism Surgical deals with the Personal Information it collects in Australia only. We are not responsible for the privacy practices of any third-party websites that may be linked on our website.

Collection

Prism Surgical collects Personal Information that is reasonably necessary for or directly related to our functions and activities as a provider of medical devices. In some cases, we are required by the Therapeutic Goods Act 1989 (Cth) to collect Personal Information to comply with our regulatory obligations such as responding to safety concerns about our products.

Prism Surgical collects Personal Information from or about you when we ask for it and it is provided, when it is provided to us by your healthcare professional, and also through technology that collects the information automatically, such as cookies or other similar technologies.

The Personal Information we collect may include:

  • Your name

  • Your address

  • Your date of birth

  • Your email address

  • Your phone number

If you are a patient, additional Personal Information we may collect includes:

  • Details of your healthcare professional

  • Your surgical operation details

  • Your medical history

  • Your Medicare number

  • Your health fund

  • Your surgical requirements, implantation details and history

  • Product data, such as model, serial/batch number and usage of your device

  • Product performance, service, and feedback data

Personal Information may be collected by Prism Surgical during:

  • Providing technical assistance for our products to a healthcare professional

  • Responding to product or service queries

  • Sales calls or follow-up meetings with our distribution/sales representatives/partners

  • Participation in Prism Surgical sponsored programs, including educational programs and post market

  • research activities

  • Using our websites or other services, including through the use of cookies

Use and Disclosure

Prism Surgical will use your Personal Information for the primary purpose for which it is collected, which generally includes the following purposes.

  • During the sale, distribution or provision of medical devices, or services that have been requested by your

  • health care provider

  • While supporting a healthcare professional or other healthcare partners

  • Administering training programs, clinical trials, or other similar programs in which you agree to be involved

  • Compliance with regulatory requirements, such as maintaining a record of medical queries, complaints,

  • adverse events, and recalls relating to our products

We may also use Personal Information to:

  • Provide a health care provider with updated product or safety information with respect to Prism Surgical

  • medical devices, and services

  • Send a health care provider material on our activities and products or developments in medical technology

  • that Prism Surgical believes may be of interest

  • Respond to a health care provider’s request for information, product, or services

  • Resolve or track the status of problems or complaints regarding our products or services

  • Generate customer lists for the purpose of market research

  • Manage accounts and ensure that we receive payment for our products

  • Verify age or identity as needed for us to provide our products and services safely and lawfully

  • Improve our products, services, and overall organisation management

  • De-identify your information by removing all personal identifiers (your name, e-mail address etc.) so that the

  • information is no longer Personal Information and can be used for other purposes

  • Comply with a law or regulation, court order or other legal requirement

  • Undertake other activities for which you have consented we can use or disclose your personal information

Transfer to Third Parties

Prism Surgical will not sell your Personal Information to any third-party for any purpose.

Selected third parties may be used to provide Prism Surgical with support services in connection with our business operations; for example, database IT support.

Such third parties may, from time to time, have access to your personal information to enable them to provide those services to Prism Surgical. All companies providing such support services are required by Prism Surgical to process the Personal Information disclosed to them only for the purposes expressly authorised by Prism Surgical.

Data Security

Prism Surgical has put in place safeguards to protect the Personal Information we hold from misuse, loss, unauthorised access, modification, or disclosure.

Prism Surgical generally holds the Personal Information provided to us in an electronic form on computer servers, which are password protected for limited access and are located in controlled facilities. We also utilise third-party cloud platforms, such as Microsoft Cloud, which may store data on servers both within and outside Australia. Where personal information is stored on these platforms, we ensure that the cloud service providers comply with the Australian Privacy Principles (APPs) or provide adequate protection for personal information consistent with Australian law.

Prism Surgical may also hold Personal Information in physical form, such as in paper hard copies. While Prism Surgical cannot guarantee against any loss, misuse, or alteration to data, we take security safeguards that are reasonable in the circumstances to prevent such occurrences.

Access to the Personal Information is restricted to those employees and service providers who need to use the data, who have been trained to handle such data properly and observe strict standards of confidentiality.

In a secure manner Prism Surgical destroys or permanently purges all Personal Information that we no longer need, where permitted. Prism Surgical will not keep Personal Information for longer than required for the purposes for which the information may be lawfully used or disclosed.

In the event of a data breach that is likely to result in serious harm to individuals, Prism Surgical will assess the situation and, where required, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Privacy Act 1988 and the Notifiable Data Breaches (NDB) scheme.

Access, Correction and Complaints

Access and Correction

You have the right, in most cases, to access your Personal Information at any time. Prism Surgical takes reasonable steps to ensure that any information we hold about you is up-to-date, accurate, relevant, not misleading, and complete. If you wish to request access or correct Personal Information we hold about you, or you have any questions about this Policy, please contact Prism Surgical at enquiries@prismsurgical.com.au, setting out a full description of the request. We will respond to your requests to access or correct your Personal Information within a reasonable period, usually within 30 days. There is no charge for requesting access to your Personal Information, but we may require you to meet ourreasonable costs in providing you with access (such as photocopying costs).

There are some circumstances in which we are not required to give you access to your Personal Information. Prism Surgical may not accommodate a request to access, change or delete Personal Information if it believes doing so would violate any law or legal requirement, or cause the information to be incorrect. In those circumstances, if requested by you, Prism Surgical shall take such steps as are reasonable, to attach a statement provided by you to the information of the corrections sought.

Complaints

If you have a complaint about how we have handled your Personal Information or consider that we may have breached our obligations under Australian Privacy Laws, please contact us at enquiries@prismsurgical.com.au or at: Prism Surgical Attention: Privacy Office, 15/43 Lang Parade MILTON QLD 4064 AUSTRALIA

Updating our Privacy Policy

Prism Surgical may review or revise this Privacy Policy and the way we handle Personal Information from time to time. Such changes will be consistent with current privacy legislation in Australia. You may request a copy of our Privacy Policy at any time.