lupin-logo

Privacy Policy

1. Our commitment to privacy

Generic Health Pty Ltd (ABN 93 110 617 859) and its Australian and New Zealand related bodies corporate from time to time (Generic Health) recognise the importance of protecting the privacy of your personal information, and are committed to managing your personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Australian Privacy Act) and the Information Privacy Principles under the New Zealand Privacy Act 2020 (New Zealand Privacy Act). This Privacy Policy sets out the manner in which your personal information will be handled. We strongly encourage you to read this Privacy Policy, so that you understand and are comfortable with how we handle your personal information.

We reserve the right, at our discretion, to modify or remove portions of this Privacy Policy at any time. However, where we make a material change to this Privacy Policy, we will provide notice to you (including by updating our website, and, where appropriate, notifying you in writing by other means). This Privacy Policy is in addition to any other terms and conditions applicable to the website. We do not make any representations about third-party websites that may be linked to the website. This Privacy Policy should be reviewed periodically so that you are updated on any changes. If you have any questions about this document, or about how Generic Health’s handling of your personal information, please contact us using the relevant contact details set out in section 14.

Generic Health, and its related bodies corporate, is referred to as “we”, “our” and “us” in this Privacy Policy, and “you” and “your” refers to any individual about whom we collect personal information.

2. About Generic Health and about this Privacy Policy

Generic Health (as defined in section 1) is a Lupin Group Company, and a leading provider of high-quality generic prescription, injectable and over-the-counter medicines. We are committed to supporting the health and wellbeing of all individuals in Australia and New Zealand, through our comprehensive product range, competitive pricing, and healthcare expertise.

We are a key player in the Australian and New Zealand generic medicines market. We have a comprehensive product offering which is continuously expanding. Our range of prescription medicines, over-the-counter products and speciality injectable products are available in pharmacies and hospitals nationwide. Our brands and target markets are summarised below.

This Privacy Policy applies to all Generic Health websites and operations, including all brands and all entities within Generic Health in Australia and New Zealand.

Brand Nature of Products
Goanna Our Goanna range has offered premium oils and creams to alleviate muscular aches and pains, and to provide temporary relief from the symptoms of conditions such as mild arthritis for over 100 years.
Pharmacy Action The Pharmacy Action brand is the range of over-the-counter medicines available in pharmacies across Australia. Our over-the-counter range sits alongside the market leaders in terms of quality, safety and efficacy.
Generic Health – Prescription This product range includes generic prescription medicines, including tablets, capsules, topical creams, inhalers and speciality injectables, made available to patients through local pharmacies via their healthcare providers.
Generic Health – Hospital Products All of our medicines supplied directly to hospitals, including injectable and oral medicines, must meet the high and strict standards required for a product to wear the Generic Health logo.

This Privacy Policy sets out how we collect, store, process, use and disclose personal information (including personal information we collect, and personal information submitted to us, whether offline or online). For example, this can include:

  • information we may collect when you work for a customer or partner who we provide our products and services to or for another entity we do business with;
  • information we may collect when you interact with us (including when you visit one of our premises in person, when you visit our any of our websites in Australia and New Zealand (including, but not limited to, www.generichealth.com.au or www.lupin.co.nz), or contact and communicate with us via our social media channels (such as via Facebook, Instagram or LinkedIn), phone or online; and
  • information we provide to comply with our regulatory obligations (such as to the Therapeutic Goods Administration in Australia and Medsafe in New Zealand).

Other terms and conditions may apply to you such as:

  • the privacy terms and conditions contained in our trading terms (as applicable to you); and
  • the collection notices and privacy statements which may be provided to you at the time your personal information is collected.

3. Personal information

“Personal information” is defined in the Australian Privacy Act, and means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

“Personal information” is defined in the New Zealand Privacy Act, and means information about an identifiable individual, and includes information relating to a death that is maintained by the Registrar-General under the Births, Deaths, Marriages, and Relationships Registration Act 2021.

In this Privacy Policy, whenever we use the term “personal information”, we are referring to these legal definitions.

Personal information does not include:

  • aggregated or de-identified data; or
  • business-related information that does not identify a person, such as information about pharmaceutical products, or business information that does not identify a person.

In conducting our operations and providing our products and services in very limited circumstances we may collect “sensitive information” or “health information”, which are both a particular subset of personal information.

4. What personal information do we collect about you, and how?

Normally we collect your personal information from you directly. However, on occasion, we may also collect personal information about you from other people and organisations (for example if you work for a supplier, customer or other partner we do business with or you report a side effect to a medical practitioner or other individual such as a family member who makes a report on your behalf).

In summary, we may collect your personal information when you:

  • do business with us, for example as a supplier, customer or partner;
  • communicate with us during competitions, special events and promotions;
  • interact with us in person (such as when you visit of our offices or interact with our staff who visit you at your place of work such as a hospital or pharmacy), via phone or online (including through our website or our social media channels), such as when you contact us to make an enquiry or give us feedback;
  • report a product complaint, side effect or adverse event which happened to you, or on behalf of someone else; or
  • apply for a position with us.

Summary of personal information we collect and how we collect it

Type of personal information What this includes How do we collect this information?
Contact details and business contact details This may include your:

  • Full name;
  • Date of birth;
  • Address; Email address;
  • Phone number.
We may collect this information:

  • directly from you during our interactions with you (in person, via phone or online);
  • when you register an account with us;
  • when you make purchases or complete purchase orders (by phone, online or other methods we make available);
  • when you contact us via our online chat functionality, via email, phone or social media;
  • if you apply for a position at Generic Health;
  • from our partners, business contacts, external service providers and suppliers (for example, delivery service providers);
  • when you otherwise interact with us on a commercial basis;
  • or by other means as reasonably necessary.
Other information about your work and business relationship with us This includes information such as:

  • your position or title; qualifications;
  • feedback and opinions on our products and services;
  • dealings and interactions with us.
We may collect this information when you do business with us as a supplier, customer or partner.
Payment information This includes your credit card information and bank account details. In limited circumstances we may collect this information when you purchase our products using your credit card or personal bank account details (for example. because you are a sole trader or because you have provided us with your corporate credit card details to process a payment).  We do not store Credit Card details.
Workplace information This may include:

  • information relating to your work history;
  • information about your education and qualifications;
  • your working eligibility rights;
  • your suitability for the role you are applying for;and
  • details about your referees.
We may collect this information during the recruitment process if you apply for a position at Generic Health. We may collect this information indirectly from companies and individuals (such as referees) who we interact with as part of the recruitment process. We also provide staff and job applicants with a separate privacy collection notice setting out this information in more detail.
Information collected during our interactions This includes details of your interactions with us, for example information you provide us when you make an enquiry or complaint. We may collect this information:

  • when you visit our premises;
  • when you call us or we call you;
  • when you use our online services (such as our websites or our social media channels);
  • when you make an enquiry, provide feedback, or make a complaint (via phone, email or in person); and
  • in your responses to customer satisfaction, service development, quality control, research surveys and similar activities.
Online and digital services information (including behavioural information) This may include information (that is not always identifiable) about your:

  • network and device information (such as your device ID, type and IP address);
  • browsing information, including information about how you interact with our Websites, pages you visit, what content you viewed and your session duration;
  • web form inputs such as your name, address, email address and phone number; and
  • transaction data and/or
  • information collected from cookies and/or tracking pixels.

Please see section 10 below for further information on the digital information we collect and when it may become personal information.

We may collect this information when you use our online services, via use of online behavioural technologies, such as cookies, and/or tracking pixels. For further information, see section 10.
Call recording/ CCTV We may record phone calls for training and monitoring purposes. We may collect information from you on phone calls to assist with customer service or product feedback.  We may collect this information when you call our customer service phone number. 
Information required to be collected by law We may collect information as required by law. We may collect this as required.
Publicly available online information We may collect information that is publicly available online, such as on online forums, websites and social media channels. We may collect this directly from the publicly available source.
Information collected following a report on the use of our products by someone else If you are seeking to report a complaint, side effect or adverse effect that has happened to someone else, we will generally collect the following information from you as part of processing your report or complaint regarding Generic Health products and side effects or adverse effects:

  • name;
  • contact details (such as phone, email and address)
  • reporter type (such as consumer, healthcare professional etc.), if applicable;
  • profession (such as physician, pharmacist, consumer, other healthcare professional etc.), if applicable.
We may collect this information in relation to a product recall or if you make a complaint to us or one of our customers about a product or the side effects or adverse effects of one of our products.
Information collected following a report on  your use of our products If you are seeking to report a complaint, side effect or adverse effect that happened to you, we  may collect some or all of the following information from you as part of processing your report or complaint regarding Generic Health products and side effects or adverse effects:

  • name (or just your Initials);
  • any other relevant identifiers such as patient number;
  • contact details (such as phone, email and address);
  • gender, age, age category (e.g., adolescent, adult or date of birth), weight and height, ethnicity, Aboriginal and/or Torres Strait Islander origin status;
  • concurrent conditions, your medical history including relevant past medicine history, relevant family history;
  • information relating to your use of Generic Health products including:
    • the types of products;
    • if these were prescribed to you and details of the prescription;
    • how you took the products;
    • information about your side effects or adverse reactions;
    • any other relevant information you provide to us regarding your use of the Generic Health products;
  • any other information you provide to us, including information we are required to collect and share with the Therapeutic Goods Administration or other regulatory bodies.
We may collect this information in relation to a product recall or if you make a complaint to us or one of our customers about a product or the side effects or adverse effects of one of our products. 

In some cases you may provide us with personal information which relates to another person (for example, a customer who has used our products, an emergency contact, or a job referee). If you do so, you agree that you have received permission from these individuals for us to collect, use, and share, their personal information in accordance with this Privacy Policy. You should also let them know about our Privacy Policy (including the information in this Privacy Policy).

If you are reporting a complaint, side effect or adverse effect and are providing information to us about your patient or on behalf of someone else, then you must ensure that you have complied with all appliable privacy laws before sharing information about patients with us, including to provide all applicable notices and obtain all applicable consents. We do not require you to provide us with the name or contact details of the person that suffered the side effect or adverse effect.

Can you deal with us without providing your name?

Some of the time, you will have the option of not providing your name, or using a fake name or pseudonym, when you deal with us. For example:

  • when you make a general enquiry; or
  • if you do not want to provide your name and contact details, we can process reports about complaints, side effects or adverse effects without these details. However, we are still required to collect certain minimum information required for the Therapeutic Goods Administration or other regulatory bodies to perform their regulatory functions.

However, in some circumstances we may need your real name, as it may not be practicable for us to deal with you anonymously or pseudonymously on an ongoing basis. For example, when you wish to do business with us, or apply for a position at Generic Health.

5. Why do we collect, store and use your personal information?

We collect personal information as is necessary to carry out our business and provide you with our products.

We may use your personal information for the purpose for which it is submitted, for purposes that are incidental to the sale and promotion of our goods, or other purposes which are within your reasonable expectation or permitted by law. The purpose for which we usually handle your personal information depends on how you interact with us, but may include the following:

Purpose Explanation
To provide you with our products or products or services when you are a customer or partner We may collect, store and use your personal information to:

  • import, process, store, package and deliver products as requested by you, including to manage the sale administration;
  • manage your account, to ensure you can take full advantage of our products;
  • administer, manage and communicate with you about existing products we are providing to you (including to answer any questions you may have), or any other products you are interested in;
  • manage our relationship with you;
  • review, manage and enhance our products and delivery of products to you, including to develop insights on customer interaction with certain products;
  • improve our products and your experience with us; and
  • personalise your shopping experience with us by communicating with you about, displaying and promoting our products and services (including to let you know about other products and services you may be interested in based on information you have provided us with).
To manage your working relationship with us (including when you are a contractor) We may collect, store and use your personal information to assess your suitability for a position with us, and, if you successfully join us, to manage our working relationship with us. We may collect, store and use your personal information for administration and management purposes (such as if you are a contractor).
To do business with you (for example if you are a supplier or service provider) We may collect, store and use your personal information about you if you interact with us on a commercial basis (such as if you are a service provider, contractor or supplier to us), or you otherwise interact with us on a commercial basis.
To manage and improve our operations and business We may collect, store and use your personal information to:

  • conduct the general operation and management of our business, and to supply our products to you;
  • manage, monitor, plan and evaluate our products and services;
  • conduct safety and quality assurance and improvement activities, including quality control of our products; train staff;
  • test and maintain our information technology systems;
  • investigate any incidents that may occur (both in relation to cyber security, as well as any health and safety incidents);
  • manage fees and administer billing and debt recovery;
  • handle and respond to any complaints made; and
  • assist with product and service development, to test the effectiveness and customer satisfaction of our products, improve the way we provide products to you, and for quality assurance and compliance purposes.
To create de-identified or aggregate data for data analytics activities We may collect, store and use your personal information to create de-identified or aggregate data sets (which is no longer personal information). We do this by de-identifying or aggregating your information, i.e. combining your purchasing information with other customers’ purchasing information. We use this de-identified or aggregate data to assist with our business decisions, such as to:

  • help us in understanding trends in customer behaviour (such as the success of our products and services, and our different marketing campaigns);
  • create look-a-like audiences for the purposes of providing targeted advertising to other customers;
  • improve the products we offer; and
  • develop new products that better meet our customers’ preferences and behaviours.
To assist with any business, share sale or corporate restructure We may collect, store and use your personal information for the purpose of facilitating or implementing a transfer or sale of all or part of our assets or business or if we undergo any other kind of corporate restructure, acquisition or sale, or in respect of a potential corporate restructure, acquisition or sale.
Legal and regulatory requirements including to report complaints, side effects or adverse events We may collect, store and use your personal information where required or permitted by applicable laws and regulations, including the Therapeutic Goods Administration Act 1989.
Complaints and reporting side effects or adverse events When you contact us about side effects, adverse effects or otherwise made a complaint in connection with our Generic Health products, we collect, use and store your personal information (which may include health information):

  • to review and process your report or complaint;
  • to otherwise manage your report or complaint, including to contact you to gather further information if this is required;
  • to comply with our legal and regulatory obligations, including reporting issues to the Therapeutic Goods Administration, Medsafe and other relevant regulatory authorities (and some of the information we collected may be required under law);
  • to comply with our contractual obligations, such as arrangements we have with suppliers; and
  • to improve or products and services.

6. Who do we share your personal information with and why?

We may share your information with third parties:

  • for the reasons for which we collect, store or use that information, as set out above;
  • for other purposes explained at the time we collect your personal information; or
  • where we are otherwise allowed or required to do so under law.

Some of the third parties with whom we may share your information include:

Recipient Explanation
Our subsidiaries, affiliates and parent company Generic Health is part of the global Lupin Group of companies. We may share your personal information with our subsidiaries, affiliates and parent company Lupin Limited where those Group companies provide shared services or other back-end IT services to us or otherwise provide administrative and corporate services to Generic Health. We may also share your personal information with the Lupin Group members, including Lupin Limited, so that Lupin Group members, including Lupin Limited, are able to comply with their regulatory obligations.
Our service providers We may engage third parties to provide you with products or services on our behalf, or to promote and manage our products and services. In that circumstance, we may disclose your personal information to those third parties. These may include our IT service providers, marketing agencies and professional advisors and logistics providers.
Corporate restructure We may share your personal information with third parties, whether affiliated or unaffiliated, for the purpose of facilitating or implementing a transfer or sale of all or part of our assets or business or if we undergo any other kind of corporate restructure, acquisition or sale. In this context, your personal information may be transferred to another entity (or if such a sale, transfer, acquisition or corporate restructure is being contemplated by us). This may also occur in the context of a potential sale, acquisition or transaction.
Government and law enforcement agencies We may share your personal information with regulatory bodies, government agencies and law enforcement bodies to comply with our legislative or regulatory obligations (such as to assist with police investigations). This may include the Therapeutic Goods Administration, Medsafe and other regulators, including those regulators as required by the Lupin Group members, including Lupin Limited, global pharmacovigilance responsibilities.
Persons you authorise We may share your personal information with persons who you authorise to receive information held by us.

7. Do we share your personal information overseas?

We generally collect personal information about you in Australia or New Zealand, depending on where you are based. While we store some of your personal information in Australia, however, it is likely that we will share your personal information with overseas recipients located in India, Singapore and China. These recipients include our parent company Lupin Limited who provides shared services and back end services to us as well as service providers who may handle your personal information on our behalf, including to securely store your personal information.

We only ever share your personal information outside of Australia where we are permitted to do so under the Australian Privacy Act and New Zealand Privacy Act. Generally this means we will take reasonable steps to ensure your personal information is treated securely and in accordance with applicable privacy laws.

There are other circumstances where we may disclose your personal information to an overseas recipient. For example, where you have provided your consent or we are otherwise permitted to do so under other relevant laws.

8. Do we use or share your personal information for direct marketing?

When you provide your personal information to us, we may use that personal information to send you direct marketing communications to keep you informed about products we offer which we think might be of interest to you based on your interactions with us.

For example, when you register with us, we may send you direct marketing communications and information about our products that we consider may be of interest to you, or as otherwise allowed under applicable privacy laws.

We may communicate with you (and send these electronic messages and tailored advertising) through various channels, such as via regular mail, email, SMS, telephone, or social media (including through targeted advertisements on certain websites and social media channels).

We will only send these communications in accordance with applicable privacy and marketing laws (such as the Australian Privacy Act (including Australian Privacy Principle 7), the Australian Spam Act 2003 (Cth) and the Therapeutic Goods Advertising Code), and only where you have not opted out from receiving such communications.

If you have indicated a preference for a method of communication, we will endeavour to use that method wherever practical to do so.

How can you opt out?

Direct marketing via email, SMS and mail

You are always in control of the direct marketing communications which you receive and can opt out at any time. Generally you can opt out by following the relevant opt-out or unsubscribe instructions in the relevant communication (such as email or SMS message). You can also contact us using the contact details set out in section 14 to tell us you would like to stop receiving direct marketing communications from us.

Importantly, regardless of whether you opt out from receiving any or all direct marketing communications, we will still communicate with you if we are required by law to provide you with information, or in relation to the products we are providing you with (for example, in relation to delivery information for products or sending you an invoice in relation to a transaction).

Cookies and pixels and tracking technologies

As explained in section 10, some of the cookies, pixels and third-party tracking technologies we use may use your personal information for the purpose of direct marketing (such as targeted advertising and personalising your experience).

Please see section 10 for how to opt out of having your personal information used for the purpose of this kind of direct marketing.

9. How do we store and protect your personal information?

We are committed to taking all reasonable steps to securely protect the personal information that we collect and store, in accordance with applicable privacy laws. We take all reasonable steps to ensure that personal information that we handle is accurate, complete and up to date, and stored in a secure environment, and have appropriate security measures in place to protect against the loss, misuse or alteration of information.

Our security measures including ensuring the security, integrity and privacy of personal information submitted to our sites, and reviewing and updating our security measures in light of current technologies.

In addition, we take steps to include appropriate provisions regarding privacy and the protection of personal information via contractual obligations with our employees and the contractors who provide services where personal information is handled.

Steps we take to protect your personal information include:

  • Electronic records: Your personal information will be stored on databases held on servers located in a technologically secured environment, accessed only by authorised personnel or contractors. We also maintain physical security measures in relation to storage of our electronic records (such as through locks and security systems at our electronic data stores), and maintain computer and network security, by using firewalls and other security systems to control access to our computer systems.
  • Paper-based files: We store personal information in paper-based files in secure storage, and maintain physical security measures to ensure that such personal information is protected, such as physical locks and security systems at our premises.
  • Our websites: Our websites use encryption and other technologies to ensure that your personal information is securely transmitted via the internet.

Copies of correspondence sent from the website, that may contain personal information, are stored as archives for record-keeping and back-up purposes only.

10. Cookies, pixels and other third-party tracking technologies.

We may collect statistical information when you access and use our websites and any online platforms available via our websites, by utilising features and technologies of your internet browser and built into our website infrastructure, including cookies and tracking pixels. We use these tracking technologies for a variety of purposes, including to:

  • collect data about our website traffic;
  • analyse how our websites are being used,
  • improve our websites; and
  • provide more user friendly and customised websites and online services.

These features and technologies do not specifically identify you unless you otherwise provide personal information to us that enables identification.

We may also combine information from cookies, pixels and third-party technologies with personal information, including data obtained from third-parties.

We describe below some of the tools and technologies we may use to collect information, including personal information for the purpose of targeted and personalised advertising and analytics and the options to limit the use of, or opt out of, remarketing or targeted advertising for these tools and technologies in this Section 10.

What are cookies

We use cookies to provide you with a better experience. A ‘cookie’ is a small file stored on your computer’s browser, which assists in managing customised settings of the website and delivering content. We collect certain information such as your device type, browser type, “click-through” information, IP address, pages you have accessed on our websites and on third-party websites. Depending on the circumstances, this may or may not be personal information.

Cookies can be used to personalise your browsing experience, and allows us to better understand our users. These cookies allow us to increase your security by storing your session ID and are a way of monitoring single user access. This aggregate, non-personal information is collated and provided to us to assist in analysing the usage of the site.

If you do not wish to receive any cookies (other than those that are strictly necessary) you can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our websites. Please note that this website uses features to target advertising to people based on Google Analytics and other data. This allows us to display ads that relate to products and services you have viewed on our website as you browse other sites on the Google Display Network.

What are tracking pixels

A tracking pixel is a piece of code that a business or third-party provider can place on its website or in email to collect information about a users’ activity, including the site pages they visit, time spent on each page, IP address, and/or form inputs (as relevant). When users visit pages with pixels, the pixel “loads” and sends the information it is designed to collect back to the server of the business or third-party provider. In the case of third-party pixels, this would be to the third-party service provider like Meta or Google (as set out below).

Analytics and advertising

We may use third-party service providers, such as Google and Meta, that may collect data related to your use of our online services through tracking technologies, such as third-party tracking pixels and web beacons, for analytic and marketing purposes. We may use these third-party providers to help us improve the advertising that you see from us, some of which may be personalised, when you visit their respective platforms or networks (such as Facebook and YouTube).

These third-party services may also link the information collected about you to your personal profiles on their platforms if you are logged in.

Opting out of targeted advertising

As set out above, we may use information collected by tools and technologies such as cookies and tracking pixels to deliver targeted advertising.

You can control how these platforms use your personal information by adjusting your targeted ad preference and personalisation settings by:

Provider Description
Meta Platforms Inc If you use Facebook, Instagram, Threads or any other platforms or networks owned or used by Meta, you can generally adjust their ‘ad preferences’ in the account settings of the respective platform that you access and see ads in.
Alphabet Inc If you use YouTube, Google or any other platforms owned by Alphabet, you can manage how tracking technologies are used by checking your browser or account settings and adjusting your ‘privacy & safety’ and ‘search personalisation’ settings.

If you would like to opt out of customised Google Display Network ads you can using the Ads Preferences Manager (https://www.google.com/settings/ads/onweb/). You can also use the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout/) so you are not tracked into Google Analytics.

You can also visit Your Online Choices and do a blanket opt out for the organisations who have signed up to Your Online Choices. When you opt out of receiving targeted ads, this information is usually saved on a cookie. Often this means that if you clear your cookies, you’ll have to opt out again.

Changing your settings with individual browsers or ad networks will not necessarily carry over to other browsers or ad networks. As a result, depending on the opt outs you request, you may still see our ads. In addition to the methods described above, if you wish to limit receipt of targeted advertisements you may click on the displayed icon on that advertisement to receive more information.

If you have opted out of targeted advertising, by following the steps above, you may still see general ads which have not been selected for you using your personal information.

11. Access to and correction of Personal Information

Access

You are entitled to request access to any personal information that we hold. To make such a request, please contact us using the relevant contact details set out below in section 14.

Correction

We will take all reasonable steps to keep secure any information which we hold about you, and to keep this information accurate, complete and up to date. If, at any time, you discover that information held about you is incorrect, out of date, incomplete, irrelevant or misleading, you may contact us to have the information corrected. Please contact us using the relevant contact details set out below in section 14.

Declining request for access or correction

We may decline your request to access or correct your information in certain circumstances, in accordance with applicable privacy laws. If we do refuse your request, we will provide you with a reason for our decision. In addition, in the case we refuse your request for correction, we will include a statement about your request with the personal information we store.

12. Links to other sites

We provide links to third-party websites. These linked sites are not under our control, and we are not responsible for information on, or the privacy practices of, any third-party websites. Before disclosing your personal information on any other website, we advise you to examine the terms and conditions of using that website and its privacy statement.

13. Problems or questions

If you have any queries or concerns relating to this Privacy Policy or about how we have handled your personal information, please contact us on the information set out at section 14 below.

If you make a complaint about privacy, we will handle your complaint as follows:

# Step
1. We will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally acknowledge your complaint within a week.
2. If your complaint requires more detailed consideration or investigation:

  • we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly; and
  • we may ask you to provide further information about your complaint and the outcome you are seeking.
3. We will then typically gather relevant facts, locate and review relevant documents and speak with the individuals involved.
4. In most cases, we will respond to your complaint within 30 business days from when we receive your complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If you are not satisfied with our response to a complaint, or you consider that we may have breached the Australian Privacy Act (including the Australian Privacy Principles) or the New Zealand Privacy Act (including the Information Privacy Principles), you are entitled to make a complaint to the Office of the Australian Information Commissioner (the Australian privacy regulator) or the Office of the Privacy Commissioner (the New Zealand privacy regulator).

The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992, or you can fill out the form at this link to make a complaint about our handling of your personal information. Full contact details for the Office of the Australian Information Commissioner can be found online at www.oaic.gov.au.

The Office of the Privacy Commissioner (NZ) can be contacted by telephone on 0800 803 909 or by using the contact details on the website www.privacy.org.nz.

14. How you can contact us

You can contact us at the details below:

Phone: +61 (0)3 9809 7998

Email: privacy@generichealth.com.au

Postal address: Privacy Officer
Suite 2, Level 2
19-23 Prospect Street
BOX HILL, VIC, 3128
Australia