Website Privacy Policy

Australian Pharmaceutical Industries Limited ABN 57 000 004 320 and its subsidiary companies, including Clearskincare Clinics Australia Pty Ltd  (“API”, “we”, “us” or “our”) recognise the importance of privacy issues. This Privacy Policy briefly tells you how we manage the personal information that we collect, use and disclose and how to contact us if you have any queries or complaints. This Privacy Policy does not cover personal information collected or held by us about our employees and is to be read subject to any overriding provisions of law or contract. We will assume you consent to collection, use and disclosure of your personal information in the manner specified in this Privacy Policy (which may change from time to time) until you tell us to the contrary by contacting us using our contact details below.

Background
API provides pharmaceutical and other health and beauty related goods and services to retail pharmacies and the health market generally. In providing these goods and services, we may collect, use and disclose personal information. Personal information is information or an opinion, in any form and whether true or not, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. Our collection, use and disclosure of personal information is governed by the Privacy Act 1988 (Cth), as amended (Privacy Act). This Privacy Policy describes how we collect use and disclose personal information in accordance with requirements of the Privacy Act.

Collection of personal information by us
We will only collect your personal information where it is reasonably necessary for or directly related to the conduct of our functions or activities. We will typically collect personal information in the course of providing our goods and services to customers and in other dealings with those customers and prospective customers. We may also collect personal information as we determine necessary from time to time for any purpose in connection with the general conduct of our business, for example, in dealing with suppliers, service providers and contractors or for charities or charitable purposes we proudly support.
Where we collect your personal information we will do so only by lawful and fair means and not in an unreasonably intrusive way. Where we collect your personal information, and it is reasonable and practicable to do so, we will collect it directly from you. There may be occasions where we receive or collect personal information about you from a third party. Where it is lawful or practical to do so, you may choose to deal with us anonymously (for example, when enquiring about our goods and services generally).

Where you provide us with personal information about someone else you must have their consent to provide their personal information to us based on this Privacy Policy. Kinds of information collected

• The kinds of personal information we collect, and hold will depend upon the reasons for, or circumstance of, its collection. It may include, amongst other things: your name and contact details;
• other personal information you give us when you request a good or service from
  This information may include: your requirements with respect to specific goods or services; your opinion or preferences with respect to any of our goods or services, payment details, or your preferred payment method;
• information contained in any communications between you and us;
• information contained in an application form or other document given to us;
• payment and transactional information about your acquisition and use of our goods and services;
• activity with our digital or online services; and any information we are required to collect by law.

Collection of other information from our website and online
We provide information and services through a range of digital and online services including websites (e.g. clearskincareclinics.com.au, priceline.com.au ) apps, email, online advertisements and social media profiles.

Site visit information
When you visit our website, we and/or our contractors collect general information about your visit which may include your server address, the date and time of your visit, the pages you accessed, the information you downloaded and the type of Internet browser you used. We and/or our contractors may use this information in anonymous, aggregated form, for statistical purposes, to assist us in improving the quality and usability of our website.

Other digital services
We may use “cookies”. A cookie is a piece of information that allows the server to identify and interact more effectively with your device. The cookie assists us in maintaining the continuity of your browsing session (e.g. to maintain a shopping cart) and remembering your details and preferences when you return. Other technologies that may be used with us include web beacons (which may operate in conjunction with cookies), Flash local stored objects and JavaScript. Some of these cookies and other technologies are consistent across various our digital services, allowing us and the other providers of these services to understand you better and provide a more consistent experience across these services. You can configure your web browser to reject and delete cookies and block JavaScript but you may find some parts of our digital services then have limited functionality. You can control your preferences regarding Flash local stored objects at macromedia.com. Our systems record a variety of information in relation to interactions with our online services. This can include information about software versions used, device identifiers (like IP address), location data (where available and not disabled by the user), dates, times, file metadata, referring website, data entered and user activity such as links clicked. In some cases third parties may use cookies and other technologies such as those described above as part of our digital services. These technologies may be used in connection with activities like surveys, online behavioural advertising, website analytics and email campaign management. The services we may use from time to time include Google Analytics, Google Display Network, Google AdSense, DoubleClick, Yahoo, Adobe, Campaign Manager and Microsoft. You can find more details in the privacy policies for those services (e.g. Google’s Ads Preferences Manager), including information on how to opt-out of certain conduct. Bear in mind, you may need to opt-out separately from each service. The website youronlinechoices also allows you to opt-out of some online behavioural advertising and provides further information about how online behavioural advertising works. You can contact us to request further details of the services we use. Many of these services operate without collecting or using any personal information.

How your personal information will be collected and held
We may collect your personal information in relation to your interactions and transactions with us, including using our loyalty cards; gift cards; making a purchase in-store; placing an order online; participating in a promotion, competition, survey; or charitable event; registering for services; making a charitable donation; using related digital services. We may monitor and record your communications with us (including email and telephone) for security, dispute resolution, and training purposes and we also operate video and audio surveillance devices in our premises. We may also collect personal information from third parties including public sources, information service providers, providers who administer our products and services such as insurance, anyone authorised to act on your behalf. We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We implement a range of measures to protect the security of that personal information. We also take measures in respect of destroying or de-identifying personal information that is no longer needed for any lawful purpose. Unfortunately, the internet is not a secure place and we cannot guarantee security of your personal information.

Sensitive information
We will not collect, use or disclose sensitive information about you unless it is necessary to provide you with a good or service and we have your consent or unless we are legally required to collect, use or disclose that information. Sensitive information is any information about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs or affiliations, membership of a professional, trade or political association or union, sexual preferences or practices, criminal record, health information or genetic information about an individual that is not otherwise health information.

Use of your personal information
We collect your personal information so that we can use it for or in connection with our functions and activities which may include, amongst other things:

• confirming your identity when you contact us;
• accepting and processing your orders;
• providing you with any of our goods and services or information about those goods or services;
• providing you with information about charities or charitable purposes or activities we proudly support;
• being aware of any special good or service requirements you may have;
• providing you with electronic confirmation of your orders (where applicable) and advising you of any changes to our goods and services;
• delivering orders;
• providing refunds or discounts;
• communicating directly with you (including direct marketing) and providing marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (e.g. email), our digital services and other means (you can contact us at csc.privacy@api.net.au (mailto:csc.privacy@api.net.au) at any time or call customer service on 1300 442 632 or to opt-out of electronic and telephone direct marketing communications);
• conducting product and market research;
• maintaining and updating our records;
• working with our service providers;
• administering and managing the provision of our goods and services to you, including billing and debt collection;
• conducting reviews or checks of your credit worthiness;
• addressing any queries, feedback or complaints we receive from you;
• developing, improving and marketing our goods and services;
• complying with relevant laws, regulations and Codes; and
• using your personal information for any other purpose that it was collected for or any related purpose for which we are entitled to use your personal information. Where we are not able to collect personal information that we require to conduct a particular functions or activities, it may restrict or limit our ability to conduct or perform that function or activity.

Use and disclosure of your personal information for secondary purposes
If we use or disclose your personal information for a purpose (the “secondary purpose”) other than the main reason for which it was originally collected (the “primary purpose”), to the extent required by law, we will ensure that:

• the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that we would use or disclose your information in that way;
• you have consented to the use or disclosure of your personal information for the secondary purpose;
• the use or disclosure is required or authorised by or under law; or
• the use or disclosure is otherwise permitted by law (for example, as a necessary part of an investigation of suspected unlawful activity).

Disclosure of personal information to third parties
Where permitted by the Privacy Act, personal information we collect about you may be disclosed to third parties as we determine necessary from time to time for any purpose reasonably necessary or directly in connection with the conduct of our business, including, but not limited to:

• any service provider we engage to carry out our business functions and activities;
• our professional advisors and other contractors (for example IT consultants, research agencies and mailing houses);
• any person who introduces you to us, or who is acting as your referee or guarantor;
• your authorised agents or your executor, administrator or legal representative;
• an organisation that is an arrangement or alliance with us (for example, for the purpose of promoting or using our respective goods or services or conducting a seminar or promotion);
• our business associates and others for purposes directly related to the purpose for which the personal information is collected;
• our related companies;
• organisations that conduct or promote charitable purposes or activities we proudly support;
• organisations that are involved in a transfer or proposed sale of our business or assets
• any entity to which we are required or authorised by or under law to disclose such information (for instance, Federal or State law enforcement agencies and investigative agencies, courts and various other Federal or State government bodies); and others that you have been informed of at the time any personal information is collected from you. We take steps to ensure that third party recipients are obliged to protect the privacy and security of your personal information and use it only for the purpose for which it is disclosed.

Transborder data flows
We will only transfer personal information to someone who is in a foreign country if:
we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the Privacy Act;

• you consent to the transfer;
• the transfer is necessary for the performance of a contract between you and us, or for the implementation of pre-contractual measures taken in response to your request;
• the transfer is necessary for the conclusion or performance of a contract concluded in the interest of you between us and a third party;
• all of the following apply:
• the transfer is for your benefit;
• ◦ it is impracticable to obtain your consent to that transfer;
• if it were practicable to obtain such consent, you would be likely to give it; or
• we have taken reasonable steps to ensure that the information transferred will not be held, used or disclosed by the recipient of the information inconsistently with the Privacy Act.
  We may provide your personal information to our contractors and service providers who may be located in a foreign country. This is for the purpose of analyzing your personal information consistent with this Privacy Policy and the Privacy Act.

Security of your personal information
We protect any personal information that we collect and hold about you from misuse or loss. We also protect it from unauthorised access, modification or disclosure. Where we need to disclose your personal information to a service provider or other agent or contractor, we prohibit them from using the personal information except for the specific purpose that we have provided it. We will take reasonable steps to destroy or de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed in accordance with the Privacy Act. Keeping your personal information up-to-date and correcting your personal information We take reasonable steps to ensure that any personal information collected by us is accurate and up-to-date at the time of collecting, using and disclosing that information. If you learn that personal information we hold about you is inaccurate, incomplete or out-of-date, you should contact us. You also have a right to request that a statement be attached to your personal information if we disagree with your request to correct the information.

Access to your personal information
You can ask to obtain access to personal information that we hold about you, although in some circumstances, the law may not permit us to provide such information to you. If we are not able to provide you with access to any of your personal information held by us, we will tell you the reasons why this is the case. We may ask you to put your request in writing and pay a reasonable fee to us before providing requested access.

How to contact us If you wish to contact us, for example, to access or correct your personal information, you may contact us at: Australian Pharmaceutical Industries Limited ABN 57 000 004 320
250 Camberwell Road Camberwell Victoria AUSTRALIA, 3124
Ph: 61 3 8855 3000 Fax: 61 3 8855 3402 E-mail: csc.privacy@api.net.au (mailto:csc.privacy@api.net.au)

Complaints
If you have any feedback or a complaint about the way we have dealt with your personal information, please contact us on the above telephone number and ask to speak with our Company Secretary and Chief Privacy Officer, or email us at our privacy email address mentioned above. We will make all reasonable attempts to respond to your complaints or requests. If you are not satisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner at: Website: www.oaic.gov.au  Phone: 1300 363 992
Further information about the application of privacy law to the private sector generally can be found by contacting the Office of the Australian Information Commissioner (details above).

Updates to Privacy Policy
We may amend this Privacy Policy at any time and from time to time. If we do so, we will post the amended Privacy Policy on our website so that you will always be aware of how we manage your personal information.

Credit Reporting Policy
Australian Pharmaceutical Industries Limited ABN 57 000 004 320 and its subsidiary companies (“API”, “we”, “us” or “our”) recognise the importance of privacy. API is bound by the credit reporting provisions of the Privacy Act and the Credit Reporting Code registered under the Privacy Act. This Credit Reporting Policy describes how API manages credit-related information about individuals (credit information). API may modify or update its Credit Reporting Policy from time to time by publishing it on API’s websites. This policy does not apply to the collection or use of credit-related information about corporations. API will ensure that all personal information (including credit information) that it handles is managed in accordance with the Privacy Act and other applicable laws protecting privacy. For more information on how API deals with personal information, please refer to the API Privacy Policy (a copy of which is available at https://www.api.net.au/privacy_policy.asp (https://www.api.net.au/privacy_policy.asp)).

About this Credit Reporting Policy
The purpose of this Credit Reporting Policy is to tell you how we manage:
credit information – this information relates primarily to your credit-related dealings with us and we can disclose this information to credit reporting bodies. For a list of what is credit information see ‘1. What kinds of credit information do we collect and hold?’ below;
credit eligibility information – this information relates primarily to your credit-related dealings with other credit providers. Credit eligibility information comprises:
◦ ‘credit reporting information’ provided by credit reporting bodies (for a more detailed explanation see ‘3. Exchanges of information about you with credit reporting bodies’ below); and
◦ credit worthiness information that we derive using “credit information” (for a more detailed explanation see ‘4. What kinds of credit worthiness information do we derive from credit reporting information?‘ below)

1. What kinds of credit information do we collect and hold?
At API, we collect and hold your credit information, examples of which include:
Identification information, such as your name, address, date of birth and drivers licence or similar identification verification information.
Credit liability information. This is information about credit accounts you hold, or have held, with us, such as the type of account, the date the account was opened and closed, the maximum amount of credit approved for that account and some specific terms and conditions relating to the repayment of credit under that account.
Repayment history information. For credit accounts you hold, or have held, this includes whether or not you made any payment that was due in a particular month, and where a payment was overdue, when it was ultimately paid A note that we have made an information request about you with a credit reporting body. An information request is when we ask a credit reporting body to provide us with credit reporting information about you. The amount of credit sought in an application for credit made by you in connection with which we made an information request.
Default information about you. This is information about a payment owed by you as an account holder, borrower or guarantor in connection with credit that remains overdue for more than 60 days and which we can disclose to a credit reporting body if certain requirements under the Privacy Act are met.
Payment information about you. Payment information is a statement that an overdue payment in relation to which default information was provided to a credit reporting body has been paid.
New arrangement information about you. This is information about you having entered into certain types of arrangements with us in relation to credit where you have been overdue in making a payment and we have provided default information to a credit reporting body. New arrangement information is either that the terms of conditions of that credit have been varied as a result of you being overdue or that you have been provided with new credit relating to the original amount of credit.
Court proceedings information about you. This is information about a judgment of an Australian court that is made against you that relates to credit that was provided to, or applied for, by you.
Personal insolvency information about you. This is information recorded in the National Personal Insolvency Index and relating to your bankruptcy, a debt agreement proposal given by you, a debt agreement made by you, a personal insolvency agreement executed by you, a direction given, or an order made, under the Bankruptcy Act that relates to your property or an authority signed under the Bankruptcy Act that relates to your property.
Publicly available information about you:
◦ that relates to your activities in Australia or the external Territories and your credit worthiness; and
◦ that is not court proceedings information about you or information about you that is entered or recorded in the National Personal Insolvency Index.

2. How do we collect credit information?
We collect credit information in a variety of ways, such as obtaining the relevant information directly from you or by persons acting on your behalf (including on application forms or other forms or in our ongoing dealings with you in connection with credit). Some credit information will also be derived by us from your transactions in connection with credit, such as when you make payments to us.

3. Exchanges of information about you with credit reporting bodies
We may obtain credit reporting information about you from credit reporting bodies. Credit reporting information includes:

• credit information of the kinds listed under ‘What kinds of credit information do we collect and hold?’ but relating primarily to your dealings with other credit providers (such as about credit applications you have made or credit that you hold with other credit providers). This information will typically have been provided by other credit providers or other third parties; and
• credit worthiness information about you that credit reporting bodies derive from the information above, such as credit records / history, risk ratings and other evaluations about you. We may also disclose your credit information relating to your dealings with us to credit reporting bodies. Those credit reporting bodies may include that information in reports that they provide to other credit providers to assist them to assess your credit worthiness. For example, we will provide information that identifies you and about your application for credit when obtaining credit reporting information for the purposes of assessing that application. Should you fail to meet your payment obligations to us or commit a serious credit infringement in relation to credit provided by us, we may be entitled to disclose this information to credit reporting bodies.

API discloses credit information to:  Veda Advantage Information Services and Solutions Limited (Veda)
Website: www.equifax.com.au  Postal address: PO Box 964, North Sydney, NSW 2059

Veda is required to have a policy which explains how it will manage your credit-related personal information. If you would like to read the policies of these credit reporting bodies please visit their websites and follow the “Privacy” links, or you can contact them directly for further information. You also have the right to request credit reporting bodies not to use or disclose your credit reporting information if you believe that you have been, or are likely to be, the victim of fraud (for example, you suspect someone is using your identity details to apply for credit). You must contact the credit reporting bodies directly should this be the case.

4. What kinds of creditworthiness information do we derive from credit reporting information?
We utilise credit reporting information obtained from credit reporting bodies to derive other information that assists us in assessing your creditworthiness, for example credit risk ratings and credit history.

5. How do we hold and protect credit information and credit eligibility information?
We understand the importance of protecting the personal information we hold about you. We take steps to ensure your personal information is free from misuse, interference, loss, unauthorised access or modification by:

• securing information both in physical and electronic form;
• having internal procedures and measures limiting access to personal information only to those that need access for their legitimate activities; and protecting our systems by appropriate technology solutions.

6. For what purposes do we collect, hold, use and disclose credit information and credit eligibility information?
API collects, holds, uses and discloses credit information and credit eligibility information about you for purposes reasonably necessary for our business activities and consistently with the requirements in the Privacy Act as permitted by law. These purposes include:

• to assess applications for credit (including assessing any proposed guarantors);
• for the ongoing servicing and administration of our accounts and products;
• to assist with the management, including recovery, of outstanding debts;
• to assist you if we consider that you may be at risk of default;
• internal management purposes;
• for data analysis;
• to participate in the credit reporting system and provide information to credit reporting bodies as permitted by the Privacy Act;
• to undertake securitisation activities and debt assignments;
• to deal with complaints and legal proceedings;
• to meet our legal and regulatory requirements (such as reporting matters to regulators or enforcement bodies when authorised or required by law); and
• to assist other credit providers with such purposes in circumstances permitted by the Privacy Act (such as disclosing information to another credit provider with your consent or where you have committed a serious credit infringement). Restrictions apply under the Privacy Act in relation to the circumstances and purposes for which such information may be used or disclosed and we comply with these restrictions. For example credit eligibility may not be disclosed to some types of overseas entities and restrictions apply on the use of credit eligibility information for direct marketing.

7. Will we be disclosing your credit information or credit eligibility information to overseas organisations?
At this stage we do not disclose your credit information or credit eligibility information to any overseas organisations, however this may change in the future. We will update our Credit Reporting Policy in this instance without notice.

8. How can you access credit eligibility information we hold about you?
You may access the credit eligibility information which we hold about you by contacting us on the relevant contact number provided at the end of this Policy. We will need to verify your identity before giving you access. We will usually provide the information requested within 30 days of receiving your request. If there is a reason we are unable to agree to a request for access to your credit eligibility information we will advise you of this in writing There is no charge to make a request for access request but we may apply an administration fee for providing access in accordance with your request.

9. How can you seek correction of the credit information or credit eligibility information about you which we hold?
We aim to hold accurate and up–to-date credit information and credit eligibility information about you at all times. If you consider that any such information we hold about you is incorrect in any way, you may seek the correction of that information. To seek such a correction please call the relevant contact number provided at the end of this Policy to discuss your query. In certain situations, we may not agree to a request to correct information we hold about you. If this occurs we will advise you of this and our reason for not agreeing to the correction request.

10. How can you make a complaint about our compliance with our credit reporting obligations and how will we deal with such a complaint?
If you believe that we have failed to comply with the credit reporting requirements of the Privacy Act or the Credit Reporting Privacy Code, please contact us on the telephone number below and ask to speak with our Company Secretary and Chief Privacy Officer or email us at our privacy email address below. If you are not satisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner at: Website: www.oaic.gov.au Phone: 1300 363 992
Further information about the application of privacy law to the private sector generally can be found by contacting the Office of the Australian Information Commissioner (details above).

Further information
If you wish to contact us, for example, to access or correct your personal information, you may contact us at: Australian Pharmaceutical Industries Limited
ABN 57 000 004 320
250 Camberwell Road
Camberwell
Victoria
AUSTRALIA, 3124
Ph: 61 3 8855 3000
Fax: 61 3 8855 3402
E-mail: csc.privacy@api.net.au
(mailto:csc.privacy@api.net.au)www.api.net.au (https://www.api.net.au/)