Our privacy obligations
VIRBAC (AUSTRALIA) PTY LIMITED, ACN 003 268 871 (herein referred to as ‘VIRBAC (AUSTRALIA) PTY LIMITED’, ‘we’, ‘us’ or ‘our’) is governed by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (‘Privacy Act’). The APPs regulate how personal information is handled by VIRBAC (AUSTRALIA) PTY LIMITED.
Where applicable we may require you to confirm your express, explicit consent when collecting your personal information for the purposes of compliance with the Privacy Act and the regulations set out in the General Data Protection Regulation (EU) (‘GDPR’). In the event of the data being transferred to our European subsidiary or because our parent company is located in Europe or where the data is collected from an individual located within the EU, our handling of that data will also be subject to the GDPR.
We will review this policy regularly, and we may update it from time to time.
The types of personal information we collect and hold
The kinds of personal information we may collect from you will depend on what type of interaction you have with us, for example, whether as a potential employee, contractor, supplier or customer. Personal information we may collect from you includes, among other things:
- identity particulars – such as your name, address (postal or physical), age or date of birth, occupation, telephone numbers (including landline and mobile), gender (for diversity reporting), occupation, driver’s licence number, e-mail address;
- for potential employees (applicants), collected information will include identity particulars referred to above as well as education information, career history and references;
- details of products you have purchased from us or that you have enquired about, together with any additional information necessary to deliver those products and to respond to your enquiries;
- information regarding animals that you care for, such as the number, species and breed of animal, management and treatment protocols and use of animal health product, where that information is associated with your identity particulars;
- legal entity name, business trading name, ABN;
- personal information we collect from you when assessing, processing and managing an application by you for commercial credit;
- personal information you provide to us when you participate in a promotion, competition, promotional activity, survey, market research, subscribe to our mailing list;
- your bank, credit or debit account details when you make a purchase;
- your records of communication with us;
- if you visit our website, your website usage information such as your IP address.
The purpose for collecting your personal information
We will generally only collect and use your personal information for the primary purposes of:
- our general business operations and routine activities;
- effectively providing you with our goods and services;
- where applicable, assessing and processing an application for commercial credit, and for administrative purposes in relation to the ongoing management of your commercial credit arrangement;
- communicating with you;
- responding to your inquires or complaints;
- meeting our legal and regulatory obligations;
- conducting, improving and developing a relationship with you;
- assessing and processing an application by you as a potential employee;
- direct marketing (such as providing you with information about our products and promotional notices and offers); and
- improving our website(s).
Your personal information is only collected by lawful and fair means and where practicable, only from you or from a person acting or authorised to act on your behalf. Where you have applied for commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent. This could include persons nominated by you as trade references, credit reporting bodies (“CRBs”) and your bankers.
We will take reasonable steps to ensure that you are aware of:
- the likely use of the information;
- the right of access to the information;
- the identity and contact details of our employee/representative collecting your personal information;
- any law requiring collection of the information; and
- the main consequences of failure to provide your personal information.
How we collect personal information
Information that you specifically give us
We may ask you to provide us with certain types of personal information if you wish to obtain a particular service or product from us. This might happen over the telephone, through our website, by filling in a paper form, or meeting with us face-to-face. We will give you a Collection Notice at the time, to explain how we will use the personal information we are asking for. The notice may be written or verbal.
You might also provide your personal information to us, without us directly asking for it, for example if you engage with us on social media.
Information that we collect from others
If you apply for a job or contract with us, we will collect personal information about you from your referees. We may also conduct verifications via a third party to confirm your past academic history, criminal history, bankruptcy status, directorship check as well as other information that may be relevant to your potential employment. We may also check details about our suppliers from publicly available sources, such as the Australian Business Register and ASIC databases. As part of an application for credit, a credit check will also be completed using a third party provider.
Information that we generate ourselves
Links to other sites
Anonymity when dealing with us
Only where it practicable to do so, we may allow you the option not to identify yourself when dealing with us.
How your personal information is stored and secured
We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. We will take appropriate measures to destroy or permanently de-identity your personal information if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.
We take reasonable steps to protect your personal information from loss, misuse or unauthorised access by restricting access to the information in electronic format and by appropriate physical and communications security.
In the event of a data breach, such as the unauthorised loss, use or disclosure of personal information, we will assess and respond in line with our applicable policies and procedures, which incorporate the requirements contained in the Privacy Act and, where appropriate, the GDPR. Pursuant to our obligations under the Privacy Act and the GDPR, we will notify you where your personal information is involved in an eligible data breach that is likely to result in serious harm. Such notification will also include making recommendations about the steps you should take in response to the breach. Where required by law, the Australian Privacy and Information Commissioner will also be notified of eligible data breach.
How we use personal information
We may use your personal information for the following purposes:
- to provide the service or product you have requested
- to provide technical or other support to you
- to answer your enquiry about our services, or to respond to a complaint
- to manage our employment or business relationship with you;
- to promote and market our current and future products and services to you, informing you of upcoming events and special promotions and offers and analysing our products and services so as to improve and develop new products and services (but giving you the opportunity to opt out of such direct marketing)
- to provide you with further information about the products and services you requested
- to personalise and customise your experiences with us
- to communicate with you, including by email, telephone, mail, text messages and forms of social media
- to undertake product safety recalls
- for administration purposes, including accounts payable and receivable
- to manage and enhance products or your experience on our website
- to conduct and allow you to participate in surveys, competitions, promotions or market research or customer behavioural activity
- to verify your identity
- when considering making offers to job applicants and prospective employees for employment purposes
- to receive services from you or the organisation which employs you
- to comply with legal and regulatory obligations
- for other purposes with your consent, unless you withdraw your consent
The ‘lawful processing’ grounds on which we will use personal information about you are:
- the customer has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the customer is a party or in order to take steps at the request of the customer prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which VIRBAC (AUSTRALIA) PTY LIMITED is subject to
We will keep personal information about you, to use for the above purposes indefinitely, unless instructed by you to remove some or all of the information retained.
Dealing with unsolicited information
We take all reasonable steps to ensure that all unsolicited information is destroyed or de-identified immediately.
When we disclose personal information
Our third party service providers
Our third party service providers are bound by contract to only use your personal information on our behalf, under our instructions. Our third party provider, Microsoft Dynamics, manages the Customer Relationship Management (CRM) database tool used by VIRBAC (AUSTRALIA) PTY LIMITED.
Other disclosures and transfers
We may also disclose your personal information to third parties for the following purposes:
- if necessary to provide the service or product you have requested
- to our related companies (including other Virbac affiliates and overseas Virbac affiliates), suppliers, consultants, contractors or agents for the primary proposes for which it was collected or for other purposes directly related to the purpose for which the personal information is collected. For example, your name and telephone number may be disclosed to our supplier to enable that supplier to respond to your request for information about a particular product;
- to others that you have been informed of at the time any personal information is collected from you;
- to relevant Federal, State, Territory medical, health and safety authorities (as required);
- if otherwise permitted or required by law
- for other purposes with your consent
- to third parties engaged by us to perform functions or provide products or services on our behalf such as mail-outs, marketing or advertising (but giving you the opportunity to opt out of such direct marketing)
- to third parties that sponsor or promote us
- to our professional advisors, including our accountants, auditors and lawyers
- to your referees and former employers (with your consent)
- Where the Privacy Act permits us to do so, we may also disclose your credit related information (in respect of commercial credit) to a credit reporting body (‘CRB’) such as Equifax (formerly known as Veda) or Illion (formerly known as Dun & Bradstreet), if you apply for commercial credit or request to increase in your commercial credit limit with us.
Where we collect information that we are likely to disclose to a CRB:
- the CRBs may include that information in reports provided to us to assist us to assess your creditworthiness;
- if you fail to meet payment obligations in relation to commercial credit or commit a serious credit infringement, we may be entitled to disclose this to the CRB;
We do not disclose your personal information for any secondary purposes unless your consent has been given or as required by law, and we will not sell or license any personal information that we collect from you.
Cross border disclosure
Your personal information may also be processed by, or disclosed to employees, representatives, or other third parties operating outside of Australia who work for, or are engaged by us in other countries, including France. For example, we may use a server hosted overseas to store data, which may include your personal information.
We will take reasonable steps, in the circumstances, before your personal information is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal information (‘the reasonable steps’).
The reasonable steps may not apply if you consent to the disclosure of your personal information to an overseas recipient and we reasonably believe that the overseas receipt is subject to laws that are suitability similar to privacy laws in Australia.
If you consent to the disclosure of your personal information to an overseas recipient, the overseas recipient may not be accountable under the Privacy Act, and you will not be able to seek redress for breaches under the Privacy Act. ]
Data Subject Rights
Where applicable under the GDPR, and in addition to the rights set out above, you have the following rights regarding your personal information stored with us:
- the right to object to your personal information being processed;
- the right to data portability of your personal information;
- the right to complain or query how we process your personal information;
- the right to object to automated decision making using your personal information; and;
- the right to have your personal information forgotten by us.
Data Controller and Data Processor
You acknowledge that when using our website, you will be deemed to be the data controller in relation to any personal information that you collect and store and will be responsible for how such personal information is collected. You must ensure that you obtain consent and provide notice to any persons as required under the relevant privacy legislation in relation to the collection, storages and use of their personal information.
When you use our website, we act as a data processor only in relation to personal information and data entered, collected and stored by you. We will only access your data in accordance with written instructions given by you, or unless required to do so by the Privacy Act or GDPR.
Accessing or correcting your personal information
You have the right to request access to the personal information VIRBAC (AUSTRALIA) PTY LIMITED holds about you. Unless an exception applies, we must allow you to see the personal information we hold about you, within a reasonable time period and without unreasonable expense. If you make an access request, we may ask you to verify your identity and put your request in writing for security reasons. If access is refused to your personal information for reasons permitted by the Privacy Act, we will give you a notice explaining our decision to the extent practicable and your options.
You also have the right to request the correction of the personal information we hold about you. We will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up-to-date. Unless an exception applies, we must update, correct, amend or delete the personal information we hold about you within a reasonable time period. We do not charge for making corrections.
To seek access to, or correction of, your personal information, please contact our Privacy Officer, Adam Smith, by either:
- in writing: VIRBAC (AUSTRALIA) PTY LIMITED, Locked Bag 111, Wetherill Park NSW 1851; or
- by email: firstname.lastname@example.org
Exercising your other rights
You have a number of other rights in relation to the personal data VIRBAC (AUSTRALIA) PTY LIMITED holds about you. You have the right to:
- opt-out of direct marketing, and profiling for marketing
- opt-out of processing for research / statistical purposes, or processing on the grounds of ‘public interest’ or ‘legitimate interest’
- data portability, and
- temporary restriction of processing.
To seek to exercise any of those rights, please contact our Privacy Officer.
To contact our Privacy Officer
If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our Privacy Officer as follows:
Our Privacy Officer is:
Mr Adam Smith
Human Resources Director – SANZA Region
Telephone: +61 2 9772 9772
Mail: Locked Bag 111, Wetherill Park NSW 1851
For the purposes of the GDPR, our Privacy Officer is also our Data Protection Officer (DPO).
While we endeavour to resolve complaints quickly and informally, if you wish to proceed to a formal privacy complaint, we request that you make your complaint in writing to our Privacy Officer, by mail or email as outlined above. We will acknowledge your formal complaint within 10 working days.
If we do not resolve your privacy complaint to your satisfaction, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) by calling them on 1300 363 992, making a complaint online at www.oaic.gov.au, or writing to them at OAIC, GPO Box 5218, Sydney NSW 2001.
If you are in the European Union, you can choose to instead lodge a complaint with your local Data Protection Authority (DPA). The list of DPAs is at http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm