This Privacy Policy sets forth the SOMAÍ Pharmaceuticals Pty Ltd (ACN 668 777 366) (SOMAÍ or SOMAÍ Australia) policy with respect to Personal Data that is collected from data subjects. This Privacy Policy details how and why we collect, use and store your personal data within SOMAÍ Australia.
SOMAÍ Australia is committed to managing personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy is intended to operate as an APP Privacy Policy for our Australian operations in addition to meeting our global (including GDPR) commitments.
Australian privacy enquiries (including access, correction, complaints and opt‑out requests) may also be directed to our Australian Privacy Officer at contact@somaipharma.com.au or by writing to Privacy Officer, SOMAÍ Pharmaceuticals Pty Ltd, Level 40, 140 William Street, Melbourne, Victoria 3000, Australia.
This Privacy Policy also complies with the European General Data Protection Regulation (“GDPR”). As used in this Privacy Policy, “Personal Data” means information relating to an identified or identifiable natural person, such as a name, address, telephone number, e-mail address or other information.
For Australian users, references to “Personal Data” include “personal information” and (where relevant) “sensitive information” as those terms are defined in the Privacy Act 1988 (Cth). Sensitive information (for example health information) is subject to additional protections and requires consent unless an exception applies.
PERSONAL DATA WE COLLECT
You can access most of this website without us directly collecting any personal information from you. However, we collect and process information about you when you are:
Subscribed to our mailings
Accessing the website
When you contact us we collect and store personal information about your interactions with us. Combined we process the following Personal Data about you when you use our website:
Our website: we collect information about the pages you visit and how you use them. For more information please see our Cookie Policy.Location Data: your device’s IP address can tell us your location when you connect to our website. When you are subscribed to our newsletter: your name, surname, email address, country, your specialisation (Physician, Nurse, Pharmacist) and whether you treat paediatric patients.
In Australia we will only collect personal information that is reasonably necessary for, or directly related to, our functions and activities. Where we collect sensitive information (for example, professional registration numbers, health specialty information or data relating to child patients) we will seek your express consent unless an exemption under the Privacy Act applies. We will take reasonable steps at or before the time of collection to notify you of the matters required by the APP, including our identity and contact details, the purpose of collection, the consequences if information is not provided, and details of any likely overseas disclosures.
HOW WE USE YOUR PERSONAL DATA: PURPOSES
We use the Personal Data listed above for the following purposes:
Australian purposes include: (a) providing, administering and improving our products, services and websites; (b) communicating with you in response to enquiries and to provide requested materials; (c) sending direct marketing communications where permitted (see “What is the legal basis…” and “Withdrawing your consent”); (d) personalising content and analytics; (e) maintaining information security and preventing fraud; and (f) complying with legal and regulatory obligations in Australia. We will not use or disclose personal information for a secondary purpose unless you consent, the secondary purpose is related (or, for sensitive information, directly related) to the primary purpose and within your reasonable expectations, or another permitted exception applies.
WHAT IS THE LEGAL BASIS FOR OUR USE OF YOUR PERSONAL DATA?
For website users, we use your consent via the cookie banner to perform analytical and statistical analysis of our website and its visitors. When contact is established with you we use your consent and our legitimate interest. When you subscribe to our mailings we use your consent .
In Australia, our handling of personal information is governed by the Privacy Act and the APPs rather than GDPR lawful bases although we accept that sometimes a user from the EU will access our Australian website for the purposes of understanding the Australian market hence we adhere to the GDPR.
For Australian users, where we rely on consent (for example for certain marketing or sensitive information), we will obtain it consistent with APP 7 (Direct Marketing) and Spam Act 2003 (Cth) requirements for commercial electronic messages. We may also handle personal information without consent where required or authorised by Australian law, or for a permitted health or public safety purpose under the Privacy Act.
WITHDRAWING YOUR CONSENT
If we collect and process your personal data that you provide to us, you can withdraw your consent at any time. After you withdraw your consent, we will no longer process your data. If you would like to withdraw your consent, you can contact us using the information in the section “How to contact us’ at the end of this Privacy Policy.
Australian users can also opt out of receiving direct marketing communications by using the unsubscribe facility in our emails or by contacting the Australian Privacy Officer (see contact details above and below). We will action opt‑out requests within a reasonable period as required under APP 7 and associated Spam Act obligations. Even if you opt out of marketing, we may still send you essential administrative or service messages permitted under Australian law.
HOW WE PROTECT YOUR PERSONAL DATA
SOMAÍ uses appropriate technical and organizational measures to ensure that the Personal Data we process is protected from unauthorized access, use, destruction, alteration or disclosure in accordance with applicable laws and regulations. In case of data transmission or when IT storage problems arise we have appropriate procedures in place to protect your Personal Data and privacy.
Under Australian Privacy Principle 11 we take reasonable steps to protect the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Our safeguards include access controls, encryption in transit and at rest where appropriate, multi‑factor authentication, staff training, vendor due diligence, and secure destruction or de‑identification when no longer required (see Retention). We review our controls regularly to reflect OAIC guidance and evolving Australian privacy reforms.
WHO HAS ACCESS TO AND HOW WE MAY SHARE YOUR PERSONAL DATA
We may share your Personal Data:
When required with other service providers and consultants (IT, legal or financial advice) to help us deliver our services to you.If required to do so by law and/or regulations
In Australia we may disclose personal information to: (a) cloud hosting and IT support providers (some of whom may be offshore—see “International transfers”); (b) email distribution and analytics providers; (c) professional advisers (law, accounting, insurance); (d) regulators and enforcement bodies such as the Office of the Australian Information Commissioner (OAIC) where required or authorised by law; and (e) prospective purchasers of our Australian business subject to confidentiality. Such disclosures will occur only in accordance with APP 6 and any other applicable Australian law.
We will otherwise never disclose your data with a third party, except where we have a legal obligation to do so or where we need to assist with investigating and preventing crimes. SOMAÍ may provide other third parties with statistical information and analysis, but we verify that no one can be identified from this information prior to disclosure.
INTERNATIONAL TRANSFERS OF PERSONAL DATA
Where personal information collected in Australia is disclosed overseas, we will take reasonable steps before disclosure to ensure the overseas recipient does not breach the APPs in relation to that information. In many cases this will involve contractual safeguards (for example, clauses requiring APP‑equivalent protections, security measures, and breach notification). Under Privacy Act s 16C, if the overseas recipient mishandles the information, SOMAÍ may be accountable in Australia unless an exception applies. We identify likely overseas locations in our collection notices and on request.
Your Personal Data may be transferred to companies in countries that operate and are located outside of the EEA. When transferring Personal Data to countries outside of the EEA, SOMAÍ uses standard contractual clauses approved by the European Commission to ensure a sufficient level of protection.
RETENTION OF YOUR PERSONAL DATA
In Australia, APP 11.2 requires us to take reasonable steps to destroy or de‑identify personal information when it is no longer needed for any purpose permitted under the APPs (unless we are required by law or a court/tribunal order to retain it). Our retention schedules take account of statutory record‑keeping periods (for example, taxation, corporate and health record laws) and we apply secure deletion or de‑identification methods consistent with OAIC guidance.
We will retain your Personal Data for as long as is necessary in order to fulfil the purposes for which we have collected your Personal Data, including any legal requirements. When the Personal Data is no longer needed for its original processing goal, and there are no further legal requirements or you have withdrawn your consent, we will delete your Personal Data.
HOW TO EXERCISE YOUR PRIVACY RIGHTS
You have the following rights with regard to your Personal Data:
Australian residents also have rights to access and correction (APP 12 and APP 13). You may request a copy of the personal information we hold about you in Australia, or ask us to correct information that is inaccurate, out‑of‑date, incomplete, irrelevant or misleading. We will respond within a reasonable period (generally within 30 days). If we refuse your request as permitted by the Privacy Act, we will provide written reasons and information about how to complain to the OAIC. You may request that we associate a statement with your record if we do not agree to correct it.
Right to access information about how we process your Personal Data, including the categories of Personal Data that we process, recipients of your Personal Data and purposes of our processing. Right to rectification of inaccurate Personal Data concerning you, as well as, taking into account the purposes of the processing, the right to have incomplete Personal Data completed. The Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed you withdraw your consent and there are no other legal grounds for the processing you exercise your right to object and there are no compelling legitimate grounds for the processing the Personal Data has been unlawfully processed; orthe Personal Data has to be erased for compliance with a legal obligation applicable to us. You consent to the accuracy of the Personal Data, for a period enabling us to verify the accuracy the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its use instead we no longer need the Personal Data for the purposes of the processing but it is required by you for the establishment, exercise or defence of legal claims you exercise your right to object (see below) pending the verification of whether our legitimate grounds override yoursRight to notification of the rectification or erasure of Personal Data or restriction of processing.Right to data portability, i.e., the right to obtain a copy of the Personal Data concerning you in a structured, commonly used and machine-readable format and the right to transmit this data to another controller without hindrance from usRight to object to processing of Personal Data based on our legitimate interests, provided that there are no compelling legitimate grounds for the processing that would override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims Right to not be subjected to automated decision-making: SOMAÍ Australia does not make use of automated decision-making.
If you wish to exercise any of your rights mentioned above, please contact us using the information in the section ‘How to contact us’ at the end of this Privacy Policy. We will respond to your request within 30 days of receiving such request. If we are unable to honour or otherwise deny your request, we will provide a reason why.
Under Australian law we will not ordinarily charge for making a request to access or correct your personal information, though we may recover reasonable costs of providing access (for example, photocopying or secure retrieval) as permitted by the Privacy Act. We will advise you of any likely charges in advance.
In Australia, please first contact us so we can try to resolve your concern. If you are not satisfied with our response (or we do not respond within 30 days), you may lodge a privacy complaint in writing with the Office of the Australian Information Commissioner (OAIC). The OAIC provides an online complaint form and accepts complaints by mail (GPO Box 5288, Sydney NSW 2001). Complaints are free and you do not need a lawyer.
CHILDREN
We do not knowingly collect Personal Data on this website from children under the date of 16 years. If you are under the age of 16, please do not give us any Personal Data. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children to never provide Personal Data on this website without their permission. If you have reason to believe that a child under the age of 16 years has provided Personal Data to SOMAÍ through this website, please contact us and we will endeavour to delete that information from our databases.
Although Australian guidance does not prescribe a fixed age of consent in privacy law; rather, organisations must assess a child’s capacity to understand and consent on a case‑by‑case basis (OAIC). As a precaution, if we learn that we have collected personal information from a child who lacks capacity to consent (typically presumed under 15 in our Services unless we have evidence of capacity), we will seek parental/guardian consent or delete the information. Australia is developing a Children’s Online Privacy Code that will impose additional age‑appropriate design and data handling standards; we will update this section when the Code takes effect.
AMENDMENTS TO THE PRIVACY POLICY
We reserve the right to amend this Privacy Policy at any time and from time to time. We encourage you to review it periodically. If you use this website after the amended Privacy Policy has become effective, you will be deemed to have agreed to the amended Privacy Policy.
Where changes materially affect how we handle personal information in Australia (for example, changes required by Privacy Act reforms), we will take reasonable steps to notify affected individuals—such as prominent website notices or direct email—consistent with APP 1’s requirement for open and transparent management of personal information.
WEBSITE OF THIRD PARTIES
Our website contains hyperlinks to websites of Third Parties. These third party links are provided for your convenience only. We accept no liability for any content on the linked websites, or the websites themselves. We do our utmost to link to reputable websites but ultimately have no control over the content on these websites.
Please note that when you follow a link from our Australian website to a third‑party site, the privacy practices of that third party (which may be outside Australia) will govern the handling of any personal information you provide there. We encourage you to review the privacy policy of each site you visit; overseas sites may not be subject to the Australian Privacy Act unless they “carry on business in Australia” within the meaning of s 5B of the Act.
HOW TO CONTACT US
If you have any questions about this Privacy Policy, please feel free to contact us
Australian Privacy Officer: contact@somaipharma.com.au | Mail: Privacy Officer, SOMAÍ Pharmaceuticals Pty Ltd, Level 40, 140 William Street, Melbourne 3000, Australia.
Notifiable Data Breaches
If we suspect that a data breach involving personal information held in Australia may result in serious harm to individuals, we will promptly assess the incident and, where an eligible data breach is confirmed, notify affected individuals and the OAIC as required under Part IIIC of the Privacy Act.
Statutory Privacy Tort & 2024 Reforms: Australia’s Privacy and Other Legislation Amendment Act 2024 (Cth) introduces, in staged commencement, a statutory cause of action for serious invasions of privacy, strengthened enforcement powers and clarified security measures (APP 11.3). We are monitoring commencement dates and will update contractual and policy language accordingly.