VIRBAC (AUSTRALIA) PTY LIMITED, ACN 003 268 871 (herein referred to as 'VIRBAC (AUSTRALIA) PTY LIMITED', 'we', 'us' or 'our') is governed by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) ('Privacy Act'). The APPs regulate how personal information is handled by VIRBAC (AUSTRALIA) PTY LIMITED.
Where applicable we may require you to confirm your express, explicit consent when collecting your personal information for the purposes of compliance with the Privacy Act and the regulations set out in the General Data Protection Regulation (EU) ('GDPR'). In the event of the data being transferred to our European subsidiary or because our parent company is located in Europe or where the data is collected from an individual located within the EU, our handling of that data will also be subject to the GDPR.
We will review this policy regularly, and we may update it from time to time.
The kinds of personal information we may collect from you will depend on what type of interaction you have with us, for example, whether as a potential employee, contractor, supplier or customer. Personal information we may collect from you includes, among other things:
We will generally only collect and use your personal information for the primary purposes of:
Your personal information is only collected by lawful and fair means and where practicable, only from you or from a person acting or authorised to act on your behalf. Where you have applied for commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent. This could include persons nominated by you as trade references, credit reporting bodies (“CRBs”) and your bankers.
We will take reasonable steps to ensure that you are aware of:
Information that you specifically give us
We may ask you to provide us with certain types of personal information if you wish to obtain a particular service or product from us. This might happen over the telephone, through our website, by filling in a paper form, or meeting with us face-to-face. We will give you a Collection Notice at the time, to explain how we will use the personal information we are asking for. The notice may be written or verbal.
You might also provide your personal information to us, without us directly asking for it, for example if you engage with us on social media.
Information that we collect from others
If you apply for a job or contract with us, we will collect personal information about you from your referees. We may also conduct verifications via a third party to confirm your past academic history, criminal history, bankruptcy status, directorship check as well as other information that may be relevant to your potential employment. We may also check details about our suppliers from publicly available sources, such as the Australian Business Register and ASIC databases. As part of an application for credit, a credit check will also be completed using a third party provider.
Information that we generate ourselves
Only where it practicable to do so, we may allow you the option not to identify yourself when dealing with us.
We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. We will take appropriate measures to destroy or permanently de-identity your personal information if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.
We take reasonable steps to protect your personal information from loss, misuse or unauthorised access by restricting access to the information in electronic format and by appropriate physical and communications security.
In the event of a data breach, such as the unauthorised loss, use or disclosure of personal information, we will assess and respond in line with our applicable policies and procedures, which incorporate the requirements contained in the Privacy Act and, where appropriate, the GDPR. Pursuant to our obligations under the Privacy Act and the GDPR, we will notify you where your personal information is involved in an eligible data breach that is likely to result in serious harm. Such notification will also include making recommendations about the steps you should take in response to the breach. Where required by law, the Australian Privacy and Information Commissioner will also be notified of eligible data breach.
We may use your personal information for the following purposes:
The ‘lawful processing’ grounds on which we will use personal information about you are:
We will keep personal information about you, to use for the above purposes indefinitely, unless instructed by you to remove some or all of the information retained.
Dealing with unsolicited information
We take all reasonable steps to ensure that all unsolicited information is destroyed or de-identified immediately.
Our third party service providers
Our third party service providers are bound by contract to only use your personal information on our behalf, under our instructions. Our third party provider, Microsoft Dynamics, manages the Customer Relationship Management (CRM) database tool used by VIRBAC (AUSTRALIA) PTY LIMITED.
Other disclosures and transfers
We may also disclose your personal information to third parties for the following purposes:
Where we collect information that we are likely to disclose to a CRB:
We do not disclose your personal information for any secondary purposes unless your consent has been given or as required by law, and we will not sell or license any personal information that we collect from you.
Your personal information may also be processed by, or disclosed to employees, representatives, or other third parties operating outside of Australia who work for, or are engaged by us in other countries, including France. For example, we may use a server hosted overseas to store data, which may include your personal information.
We will take reasonable steps, in the circumstances, before your personal information is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal information (‘the reasonable steps’).
The reasonable steps may not apply if you consent to the disclosure of your personal information to an overseas recipient and we reasonably believe that the overseas receipt is subject to laws that are suitability similar to privacy laws in Australia.
If you consent to the disclosure of your personal information to an overseas recipient, the overseas recipient may not be accountable under the Privacy Act, and you will not be able to seek redress for breaches under the Privacy Act. ]
Data Subject Rights
Where applicable under the GDPR, and in addition to the rights set out above, you have the following rights regarding your personal information stored with us:
Data Controller and Data Processor
You acknowledge that when using our website, you will be deemed to be the data controller in relation to any personal information that you collect and store and will be responsible for how such personal information is collected. You must ensure that you obtain consent and provide notice to any persons as required under the relevant privacy legislation in relation to the collection, storages and use of their personal information.
When you use our website, we act as a data processor only in relation to personal information and data entered, collected and stored by you. We will only access your data in accordance with written instructions given by you, or unless required to do so by the Privacy Act or GDPR.
You have the right to request access to the personal information VIRBAC (AUSTRALIA) PTY LIMITED holds about you. Unless an exception applies, we must allow you to see the personal information we hold about you, within a reasonable time period and without unreasonable expense. If you make an access request, we may ask you to verify your identity and put your request in writing for security reasons. If access is refused to your personal information for reasons permitted by the Privacy Act, we will give you a notice explaining our decision to the extent practicable and your options.
You also have the right to request the correction of the personal information we hold about you. We will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up-to-date. Unless an exception applies, we must update, correct, amend or delete the personal information we hold about you within a reasonable time period. We do not charge for making corrections.
To seek access to, or correction of, your personal information, please contact our Privacy Officer, Adam Smith, by either:
You have a number of other rights in relation to the personal data VIRBAC (AUSTRALIA) PTY LIMITED holds about you. You have the right to:
To seek to exercise any of those rights, please contact our Privacy Officer.
If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows:
Our Privacy Officer is:
Mr Adam Smith
Human Resources Director – SANZA Region
Telephone: +61 2 9772 9772
Mail: Locked Bag 111, Wetherill Park NSW 1851
For the purposes of the GDPR, our Privacy Officer is also our Data Protection Officer (DPO).
While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by mail or email as outlined above. We will acknowledge your formal complaint within 10 working days.
If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by calling them on 1300 363 992, making a complaint online at www.oaic.gov.au, or writing to them at OAIC, GPO Box 5218, Sydney NSW 2001.
If you are in the European Union, you can choose to instead lodge a complaint with your local Data Protection Authority (DPA). The list of DPAs is at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm