Privacy Policy of Recordati Rare Diseases Australia PTY LTD

Recordati Rare Diseases Australia PTY LTD is constantly committed in respecting the privacy of individuals with whom they come into contact, in accordance with the Australian Privacy Principles (“APPs”) to the extent required by the provisions of the Privacy Act 1988 (Cth), the Privacy Act 2020 (NZ) and other applicable data protection laws to the extent that it applies to our operations.

This Privacy Policy provides you with the information necessary to illustrate how Recordati Rare Diseases Australia PTY LTD (hereinafter “Recordati”) will process your personal information(“Data”).

1. Types of Personal Information Collected

We may collect and hold various types of personal information depending on our relationship with you. Where appropriate, we will only collect personal information that is reasonably necessary for our business activities. Personal Information may include:

  • Personal and identification data, such as name, surname, professional title, registration in the register of doctors, specialty(ies), gender;
  • Contact data, such as e-mail address, phone number, professional address;
  • Interactions with Recordati such as meetings held, email exchanged, customer service logs, and call recordings;
  • Information on the HCP profile, such as whether the HCP is a regional, national or international expert on a certain field and the level of awareness on certain products;
  • Financial and Transaction Information such as bank account or card information, billing details, and transaction records to process purchases or provide services; bank, tax, where necessary to provide our services;
  • Employment‑Related Information such as your résumé, qualifications, employment history, and reference details, information about job performed by the Employee and his/her related communications
  • Images such as images or video footage (e.g., CCTV), photographs;

2. Sensitive Information Collected

Recordati may collect sensitive information only with your express consent or where authorised by law. This may include:

  • Criminal record information;
  • Racial or ethnic origin;
  • Health Information: Where necessary to provide certain services, we may collect medical history, treatment notes, and health insurance details, as well as information required to support pharmacovigilance or medial information activities.
  • Membership of professional, trade, or trade union associations

3. Method of collection of information

Recordati collects information from you in a number of ways which include the following:

  • directly from you when you provide information via mail, email, SMS or phone;
  • when you sign up, complete forms, or subscribe to our services;
  • from publicly available sources of information, including social media accounts;
  • when you apply for a role;
  • when you provide information through our website or our social media;
  • when you participate in events or surveys;
  • from third parties but only in circumstances where that third party warrants to us that they have complied with the Australian and New Zealand privacy laws and you have consented to your personal information being used and disclosed to organisations such as ours.

If Recordati receives personal information being unsolicited personal information that we did not request, and cannot be collected under the APPs, then we will undertake to reasonably destroy and de-identify the personal information within a reasonable period of time.

4. Purposes of the processing

Recordati processes your Personal Information for the following purposes:

  • To carry out scientific information activities on our products and related tasks in clinics, doctors' offices and hospitals where HCPs carry out their professional activity as well as via remote channels;
  • To send scientific information communications on medicines and products marketed by the Recordati Group through e-mail, phone or other digital or web-based communication tools;
  • To carry out profiling activities based on the expertise of an HCP and the HCP’s awareness on certain treatments or diseases, in order to better plan our activities, prioritising efforts and tailoring our approach;
  • To interact with us via mail, email, SMS or phone or in person;
  • To manage suspected adverse event or special case scenarios (such as exposure during pregnancy, breastfeeding, overdose, lack of efficacy) reports spontaneously submitted through Recordati’s communication channels;
  • For Internal and Regulatory Authorities Reporting: in case of adverse events, special case scenarios, to share your enquiry with the relevant internal function within Recordati and to report the data to regulatory authorities.
  • To comply with obligations arising from the applicable laws, regulations and applicable legislation applying to Recordati, including the communication to competent authorities and supervisory bodies and to comply with requests coming from them where, at law, we are compelled to do so;
  • To carry out activities functional to business and branch transfers, acquisitions, mergers, demergers, or other transformations, as well as to execute such operations, and to assert and defend the Recordati’s rights against the Data Subjects and third parties in any potential dispute;
  • To manage Data Subjects’ enquiries – for example in relation to availability of products, clinical data, dosing and administration, formulation and stability, and interactions with other drugs, foods, and conditions – received via the Global Medical Information service, accessible through designated phone and email contacts;
  • To follow up to complaints related to Recordati’s products, such as any fault of quality and/or effectiveness, stability, reliability, safety, performance, or usage

5. Data collected through our website

The computer systems and software procedures used to operate Recordati’s Website acquire, during their normal operation, some data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or MAC addresses of the computers used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user's operating system and IT environment. These data are used to obtain statistical information on the use of the Website and to check its correct functioning. These data could be used to ascertain responsibility in the event of cyber-crimes against the Website, to the extent permitted by applicable legislation.

6. Cookies

Recordati website or social media channels may collect data through cookies, website analytics, system logs or application data, and other technology.

Cookies are small files sent by websites you visit, including this Website, and stored on the device you use to access them. When users visit the same website again, the browser reads the cookies stored on the device and transmits the information back to the website that originally created or installed those cookies.

If you wish to delete or check the cookies installed on your device, as well as to withdraw consent you may have previously provided to the use of cookies and similar technologies by this Website, you can access the relevant cookie settings via:

If you disable the cookies that this Website uses, some of the features of this Website may not be displayed correctly.

To object to the use of profiling tools other than cookies, we invite you to exercise your rights by contacting us at the contact details below.

7. Social Media Channels

Recordati may collect personal information when you interact with us through our social media channels, including when you like, comment, share, follow, or otherwise engage with our content. The information we receive will depend on your privacy settings and the platform’s data‑sharing practices. We use this information to communicate with you, respond to enquiries, monitor engagement, and improve our services.

8. Website analytics

Recordati’s website uses Matomo Analytics. When you visit our website, we may automatically collect certain information through cookies, tracking technologies, and analytics tools. This may include your IP address, browser type, device identifiers, pages viewed, time spent on the site, and interactions with our content. We use this information to analyse website performance, understand user behaviour, troubleshoot issues, and enhance user experience. You may adjust your browser settings to refuse cookies, although some website features may not function properly as a result.

9. Event registration

If you register to attend one of Recordati’s events, we may collect personal information such as your name, contact details, where you work, dietary preferences, accessibility requirements, and payment information where applicable. We use this data to manage event logistics, communicate important updates, verify attendance, ensure that your participation needs are met, and for compliance purposes. Where events are hosted jointly with partners or third‑party providers, relevant information may be shared as necessary to facilitate the event in accordance with applicable privacy obligations.

10. Direct marketing

We may use your personal information for our direct marketing purposes.

If you do not wish to receive any of these materials, please:

  • contact our Data Protection Officer at groupDPO@recordati.com to opt out; or
  • follow the prompts in the communication which will provide a method for opting out.

You can change your mind about receiving our marketing materials or information at any time by contacting us. We will not sell, license, trade or provide your information to another person for direct marketing purposes.

We will not disclose your information to any third party for their direct marketing purposes unless you have provided us with your express consent.

11. Data retention period

The Data will be stored only for as long as necessary to fulfil the purposes for which it was collected, or to meet legal, regulatory, and compliance requirements. Once the retention period has passed, we will delete your data unless you confirm to us that you would like to be kept in our systems for an additional period of time.

12. Data disclosure - Data transfer to third-party countries/international organisations

Our personnel may have access to your Data. In addition, your Data may be shared or made accessible to the following recipients or categories of recipients, in their capacity as independent data controllers or data processors specifically selected and appointed by the data controller on the basis of a specific contract:

  • Affiliates of the Recordati group, for administrative, compliance or audit purposes;
  • Third-party suppliers and related technical assistance and maintenance services;
  • Third-party suppliers for the management and organisation of trainings and events;
  • competent authorities for their institutional purposes.

The complete list of recipients can be requested by contacting the data controller at the addresses indicated below.

Recordati will not otherwise disclose your personal information to a third party unless you have provided your express consent.

Should your personal information be transferred overseas, Recordati will take appropriate steps to ensure that the recipient party of the personal information has in place data handling and security arrangements that are either in line with or more stringent than the Australian privacy law, or that we have a contractual arrangement that ensures the recipient shall comply at a minimum, to the Australian and New Zealand privacy law.

For the full list of countries where data may be transferred and the legal basis for such a transfer, please contact the data controller at the addresses indicated below.

For further information about the applicable safeguards, you can contact us at groupDPO@recordati.com.

13. Automated Decision-making

Recordati will not use or disclose any personal information in any open-sourced automated decision making, or generative application (e.g. ChatGPT). If at any time this changes, we will update this information notice accordingly.

14. Your rights

The Recordati Group companies inform you that:

  • you have the right to request access to Data together with information on the processing purpose, category of data processed, subjects or categories of subjects to whom they have been or will be communicated;
  • you also have the right to obtain:
    • the correction of your data, if it is incorrect or incomplete;
    • the erasure of the Data, in certain circumstances;
    • the restriction of the processing of your Data;
    • the Data is in a structured, commonly used and machine-readable format, also in order to send the Data to another data controller if the processing is based on consent or on a contract and is carried out by automated means (so-called data portability right). If you are interested, you can ask the Data Controller to send the Data directly to the other data controller if this will be technically feasible.
  • You have the right to object to the processing of the Data, in certain circumstances, unless there are legitimate reasons for the Data Controller to proceed with the processing.
  • You have the right to withdraw the consent given at any time for the purposes described in paragraph 4 above, without prejudice to the lawfulness of the data processing based on consent and carried out before the withdrawal.

Any correction or erasure of the Data or processing restrictions made upon request - unless this proves impossible or involves a disproportionate effort - will be communicated to each of the recipients to whom the Data may have been transmitted in accordance with this policy.

The exercise of the previous rights is not subject to any form of constraint and is free of charge. We may only ask you to verify your identity before taking further action upon your request.

You may exercise your rights by sending a written communication to the Data Protection Officer of the Recordati Group at groupDPO@recordati.com.

15. Complaints handling

If you wish to make a complaint about the collection, use, or disclosure of your personal information, please contact our Data Protection Officer at groupDPO@recordati.com.

In Australia, if you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner via an online form, via mail or fax, following the process in the “Lodge a privacy complaint with us” page of the website at: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us#section-how-to-lodge-a-complaint-with-us. And in New Zealand at their Website at: https://www.privacy.org.nz/your-rights/making-a-complaint-to-the-privacy-commissioner/

16. Data Controllers, Data Protection Officers and Privacy Officers

The data controller is Recordati Rare Diseases Australia Pty Ltd with registered office in Level 10, 100 Arthur Street, North Sydney NSW 2060, Australia, a company of the Recordati Group.

The Data Protection Officer of the Recordati Group can be contacted using the following contact details: Data Protection Officer - DPO, Recordati S.p.A., Via Matteo Civitali 1, Milan - Italy; e-mail: groupDPO@recordati.com.