Introduction

GreenChoices is a trademark of Green Leaf Choices. At GreenChoices (GC), we respect your rights to privacy and have a legal obligation to abide by the provisions of the Privacy Act 1988 (Cth) (“the Act”). Our objective is to handle information responsibly and provide you with some control over the way information about you is handled.

This Privacy Policy has been published to provide a clear outline of how and when personal information and other data collected by GC is collected, disclosed, used, analysed, stored and otherwise handled by GC and its related bodies corporate, including but not limited to Little Green Pharma Ltd (ABN 44 615 586 215) (“LGP”) (together, “Group”). Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy or as permitted under the Act.

This Privacy Policy relates to both personal information and sensitive information (each as defined by the Privacy Act 1988 (Cth) (the Act) and other data collected by any means and by any technology and assumes that you are over 18 years of age and are an Australian resident. Unless otherwise specified, a reference to ‘personal information’ in this Privacy Policy means both personal information and sensitive information.

By using the Group’s websites (including the GC website at greenchoices.com.au (“Site”)), products or services, participating in GC surveys or otherwise by providing personal information or continuing to engage with any Group member or their representatives, you consent to the Group collecting and using your personal information and other data as set out in this Privacy Policy. Special rules and additional consents relating to particular personal information or privacy may be included elsewhere within the Site and are incorporated into this Privacy Policy by reference. To the extent this Privacy Policy is inconsistent with other terms and conditions elsewhere, including on the Site, then those other terms and conditions will prevail.

Our websites (including the Site) may contain links to a number of other external websites that may offer useful information to you. This Privacy Policy does not apply to those sites, and we recommend communicating with them directly for information on their privacy policies.

This Privacy Policy may be amended from time to time in compliance with the Act and any other relevant privacy laws. Any updated versions of this privacy policy will be posted on our website. We ask that you visit the Site periodically to remain up to date with such changes.

This privacy policy was last updated on 9 August 2018.

Personal Information

In general terms, personal information is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. It may also information about your medical history or any conditions you may have. Information which cannot be reasonably linked to your identity (e.g. IP address, browser information, favourite websites or the number of users of a website) does not constitute personal information and is not regulated by the Privacy Act 1988 (Cth). If the information we collect personally identifies you, the information will be considered personal information.

Our Privacy Policy covers the personal information of people who use our services or who provide their personal information to us, or in relation to whom we collect personal information from including in any manner described in this Privacy Policy.

Collection of personal information and other data

For the general public, the nature of personal information collected by the Group may comprise information such as:

  • your name, email, address and telephone number and other contact details;
  • your age or date of birth;
  • your gender;
  • your AHPRA number;
  • your profession, occupation or job title;
  • your social media identities and interests;
  • if you transact or deal with us, your financial information, including credit card details;
  • your medical history and any medical conditions, or the medical history or medical conditions of your children or children in respect of which you are a guardian, including medications (past and current), allergies, adverse events (side effects), immunisations, social history, family history, risk factors, and test results;
  • any additional information relating to you that you provide to us directly through our representatives, medical or allied health professionals.

For healthcare professionals, the nature of personal information collected by the Group may also include information such as:

  • the location and scope of services offered by your medical practice;
  • information collected in the provision of any services requested, including advising on any forms or regulatory matters; and
  • your prescribing practices.

We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys, or aggregated information about how users use our Site.

When collecting personal information from you, we may collect it in ways including:

  • by you completing one of our contact us forms or through an internet portal;
  • through email in relation to enquiries from you or responses to emails sent to you or through phones calls, texts or other forms of communications;
  • in response to product queries or engagement with our medical or educational representatives; through your access and use of our websites (including the Site) and social media channels;
  • by review of your medical records including clinic letters or test results from other health care providers; and
  • in connection with patient or doctor surveys or questionnaires.

Generally, we endeavour to collect your personal information directly from you unless it is unreasonable or impracticable to do so. In addition, we may also collect personal information from other sources including:

  • agents and service providers such as customer relationship management service providers and third-party service providers;
  • information provided on your behalf with your consent or through direct contact with your guardian, other family members or your doctor/healthcare provider;
  • from third party bodies such as your health fund, hospitals or other community health services, law enforcement agencies and other government entities, including Medicare and Department of Veterans Affairs; and
  • publicly available sources including directories, listings and the internet.

Use and disclosure of personal information and other data

The purposes for collecting such personal information include to arrange and conduct the Group’s business activities and functions, understand our audiences and provide you with requested products and services.

We collect, hold, use and disclose your personal information for the following purposes:

  • for administrative and billing purposes;
  • to update your contact details;
  • to process and respond to any complaint made by you;
  • to share with legal and regulatory bodies, including to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country, including any accreditation agencies;
  • to use within the Group to understand adverse events (side effects) and treatment effects of medical cannabis;
  • for the purposes of data research and analysis, including for (a) the purpose of searching for trends within information received from yourself and other patients (including using third party data) between products and conditions or illnesses (b) proactive screenings, and (c) for the purpose of sending you direct communications in relation to these;
  • to answer enquiries and provide information or advice about both existing and new products or services or opportunities that might be of interest to you and in relation to all matters relevant to the services we provide to you;
  • to administer conferences, symposia, expert panels, seminars or other similar programs organised by us, which you agree to participate in or be involved with;
  • to advise you in connection with clinical trials, other trials, surveys or other matters in which you have expressed an interest or have participated in;
  • to discuss and disclose to your health practitioners;
  • to conduct business processing functions including providing personal information to our related bodies corporate and affiliates, contractors, service providers or other third parties;
  • for the administrative, marketing (including direct communications), planning, product or service development, quality control and research purposes of the Group;
  • to facilitate the performance of any services or functions we provide to you using third parties, including contractors;
  • to disclose to any Related Body Corporate or any entity which controls or holds a significant shareholding in a Group member for the purpose of carrying out any of the services, functions, activities or tasks permitted to be carried out by the Group under this Policy;
  • for the supply to third parties on a de-identified basis to assist product improvement and enhancement of global understanding of cannabis treatments.
  • in relation to any acquisition of some or all of the assets of GC or a Group member where such assets include all or substantially all of the assets of GC, including any bona-fide due diligence process in connection therewith where such potential acquirer agrees to comply with confidentiality restrictions and our Privacy Policy prior to the acquisition;
  • in relation to a change in the entity that controls (through shareholding, directorships or otherwise) GC including any bona-fide due diligence process in connection therewith where such entity agrees to comply with confidentiality restrictions and our Privacy Policy prior to the change in control;
  • in connection with the unlikely event of a bankruptcy or insolvency; and
  • to meet obligations of notification to our medical defence organisations or insurers.

The Group may aggregate personal information so that it is not personally identifiable and disclose such aggregate or de-identified data to third parties. The Group will not sell your personal information to third parties.

On some occasions, your personal information and other data may be transferred to or processed by service providers in overseas countries including but not limited to the US, or even in ‘the cloud’ (which may involve processing in more than one country) in order for such service providers to perform services on our behalf. We will not be accountable under the Privacy Act 1988 for any breach of your privacy by the cloud storage provider nor will you be able to seek redress under the Privacy Act 1988 for any breach of your privacy by the cloud storage provider.

Like most business organisations, the Group performs some of its functions under licence and also contracts out some functions and relies on third party suppliers to conduct specialised activities such as website management, IT systems administrators, share registry services, mail out services, couriers, call centre services, data analysis and processing services, electronic network administrators, insurance broking, supply of equipment, engineering services, security services, financial services, credit reporting services, and professional advisors such as accountants, solicitors, business advisors and consultants. Personal information may be provided to these licensors (where contractually required) and to these suppliers to enable them to perform the agreed tasks.

Generally, in relation to transactions that may potentially involve the transmission of personal information, we seek to require that third parties who handle or obtain personal information acknowledge the confidentiality of this information, undertake to respect an individual’s right to privacy and comply with the Act. However, you acknowledge that, by agreeing to the disclosure of your personal information to these third parties operating outside of Australia, we will no longer be required to take reasonable steps to ensure the overseas third parties' compliance with the Act (including the privacy principles) in relation to your personal information and we will not be liable to you for any breach of the Act or this Privacy Policy by these overseas third parties and on this basis you consent to such disclosure.

Some companies that the Group is associated with have their own privacy policies and where they collect personal information from you for their own business, your personal information will be handled in accordance with their privacy policies.

Our websites (including the Site) may contain links to other websites that we think may be of interest to you. However, we are not responsible for the privacy practices or the content of such websites. When linking to the other site, you should always check that the web site's privacy policy before providing any personal information.

Direct Communications

We may send you educational communications and information about medical conditions, clinical trials, research, events, products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with all applicable marketing laws, such as the Spam Act 2003 (Cth). If, in your dealings with us, you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving communications from us by contacting us or by using opt-out facilities provided in the communications and we will then ensure that your name is removed from our mailing list.

Access and correct your personal information

The Group’s objective is to ensure that all personal information collected is accurate, complete and up-to-date. To assist the Group in achieving its objective, please contact the Privacy Officer if any of your details change. Further, if you believe that the information the Group holds is not accurate, complete or up-to-date, please contact the Privacy Officer on info@greenchoices.com.au in order to have the information corrected.

You may request access to any personal information we hold about you at any time by contacting us. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you and, if so, the fees will be as advised from time to time. We will not charge for simply making the request and will not charge for making any corrections or deletions to your personal information.

There may be instances where we cannot grant you access to the personal information we hold; however, we will only do so in accordance with our rights and obligations under the Act. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

Personal information security

The Group take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure in accordance with the sensitivity of that information. Your personal information and other data may be stored in hard copy documents, but is generally stored electronically on our software or systems or on those of our third-party service providers.

As our website is linked to the internet, and the internet is essentially insecure, the Group cannot provide any assurance regarding the security of transmission of information you communicate to us online. The Group also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.

We have directed our staff that personal information must be dealt with in accordance with this Privacy Policy and kept secure from unauthorised access or disclosure and endeavour to limit access to personal information to Group personnel on a need to know basis only.

Additionally, you acknowledge that the collection and use of your personal information by third-parties may be subject to separate privacy policies and/or the laws of other jurisdictions.

External links

Our Site may contain links to other websites operated by third parties. The Group make no representations or warranties in relation to the privacy practices of any third-party website and are not responsible for the privacy policies or the content of any third-party website. Third party websites are responsible for informing you about their own privacy practices.

IP addresses, cookies and web beacons

We may also collect and receive certain types of information whenever you interact with us on our websites (including the Site) and through e-mails or other communications we may send each other. These technologies we use may include, for example, Web server logs, IP addresses, cookies and Web beacons.

  • Web server logs / IP addresses: We may collect web server logs and IP addresses to conduct system administration and report aggregate information to affiliates, business partners and/or vendors to conduct site analysis and web-site performance reviews.
  • Cookies. A cookie is a piece of information that is placed on your computer when you access certain websites. The cookie uniquely identifies your browser to the server. Cookies allow us to store information on the server to help make the web experience better for you and to conduct website analysis and web site performance review. Most web browsers are set up to accept cookies, although you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Note, however, that some portions of our websites (including the Site) may not work properly if you refuse cookies.
  • Web Beacons. On certain webpages or e-mails, we may utilize a common Internet technology called a "web beacon (also known as an "action tag" or "clear GIF technology"). Web beacons help analyse the effectiveness of websites by measuring, for example, the number of visitors to a site or how many visitors clicked on key elements of a site.

We may also collect information from your browser or device when you visit our websites (including the Site) in addition to your IP, including device ID and type, your browser type and language, access times, your mobile device’s geographic location and referring website address.

Complaints process

If you believe that your privacy has been breached, please contact us in accordance with the arrangements set out below and provide details of the incident so that we can investigate it.

We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.

All complaints should initially be in writing and directed to the Privacy Officer.

Privacy Officer’s contact details

Please address all written correspondence to:

Privacy Officer
GreenChoices
PO Box 690
West Perth, WA 6872

Email: info@greenchoices.com.au