Date: March 2015
Your privacy is important to us.
KCI Medical Australia Pty Ltd (ABN 47 056 073 468) (KCI, we or us), a member of the Acelity Group of Companies, takes
such steps as are reasonable in the circumstances to protect and maintain your privacy. KCI takes its obligations under
the Privacy Act 1988 and the Australian Privacy Principles (APPs) seriously.
personal and sensitive information regardless of the way in which we collect it, for example, whether it is collected via our
websites including www.kci-medical.com.au or www.systagenix.com.au (Website), when you contact our Customer Service
team, when you submit a job application to KCI or when you use one of our products or services.
By providing us with your personal and/or sensitive information or by visiting and using our Website, you confirm your acceptance
and in accordance with any other explanation you may be given at the time of providing the information. If you do not agree
Personal Information and Sensitive Information
“Personal information” is any information about an identified individual or an individual who is reasonably identifiable, regardless
of whether the information is true or not.
“Sensitive information” includes, for example, the following:
- health information about an individual;
- genetic and biometric information about an individual; and
- information or an opinion about an individual’s racial or ethnic origin, membership of a professional association, trade
association or trade union (which is also personal information).
What personal information and sensitive information do we collect?
The type of information we collect from you will depend upon the type of interaction you have with us.
Broadly speaking, the types of personal and/or sensitive information that we collect may include:
- from our customers and suppliers - full names of key contacts, employer name, work contact details (including address,
phone number, fax number and email address);
- in respect of patients - patient name, date of birth, gender, address, phone number, wound details (including descriptions,
measurements and photographs) and other health-related information, private health insurance details; and
- from job applicants and employees - full name, contact details (including address, phone number and email address),
driver’s licence details, job title, passport details, employment history and education details, names and contact details
of referees, next of kin details (in the event of an emergency).
We may collect personal and/or sensitive information from you in a variety of ways, including the following:
- when you request the supply and /or delivery of one of our medical products;
- when you request a quote for our products and/or services or wish to arrange private health insurer funding, for
example, when an application for funding is submitted to us; during the clinical management process when using
our products or services;
- when you:
- arrange payment for use of our products and/or services;
- visit our Website and any other webpage that we own and manage;
- when you manage/change your customer and/or patient account information;
- contact us by phone, email, post or via the Website;
- when you register for and/or attend one of our Education Sessions;
- subscribe to receive our newsletter or promotional materials or sign up to a mailing list; and/or
- participate in surveys, such as our Customer Service Survey, or competitions or other promotional activities.
KCI may also collect your personal information from third parties.
This may include (but is not limited to) the collection of your personal and/or sensitive information from:
- your treating doctor(s), hospital or clinic;
- nursing service providers who may provide services to you in your home;
- someone duly authorised to act on your behalf;
- your private health insurer;
- health records which may be provided to us by, for example, your hospital or treating doctor etc; the operator of
our Customer Service Call Centre, when calls are made to the Centre outside 8.30am to 5pm (AEST) Monday to Friday;
and recruiters we have retained and from referees you have provided in support of a job application.
From time to time, you may be able to visit our Website or deal with us anonymously or by pseudonym. However, please be
aware that, if you do not provide us with certain information that we require, we may not be able to provide you with the
products and/or services that you seek.
How do we use your personal and/or sensitive information?
The personal and sensitive information we collect may be used in a number of ways including:
- service delivery and order fulfilment, for example, providing our products to hospitals for use with patients and arranging
for the pick-up and delivery of our products to patients in their homes;
- liaising with treating doctors, specialists, hospitals and nursing service providers in respect of the delivery of our products
and services to patients and their ongoing treatment using our products and services;
- liaising with private health insurers in respect of the funding arrangements for patients’ use of our products and services;
- facilitating and managing the treatment of individuals using our medical therapy products in their home;
- generating bills, managing accounts and carrying out debt-recovery functions;
- providing customer and/or technical support and other customer relationship management functions (for example enabling
the fitting, activation, maintenance and management of a patient’s use of our products;
- dealing with enquiries or complaints;
- collecting and analysing product performance, service and reliability data;
- if you are a health care professional, providing KCI Medical Education Sessions and other training in respect of the use of
our medical therapy products which may include marketing these products to you. You may be contacted by post or, when
you have given us permission to do so, by telephone, email, text messaging or other established electronic methods;
- carrying out market research and product analysis and development;
- complying with our obligations under the law;
- training our staff;
- in the event of a change of business ownership, merger, sale or other business transaction, transferring your information
to a successor entity;
- for various communications and marketing purposes and product and therapy enhancement;
- conducting our internal business and management processes, for example accounting or auditing purposes; and
- for any other purposes that would be reasonably expected.
KCI recognises the need to adequately protect the privacy of all its patients, especially the privacy of children. In circumstances
where KCI interacts with younger users of our products, KCI will obtain appropriate parental consent according to applicable
privacy and data protection laws to ensure that parents and guardians are kept well informed and involved in all such interactions.
How to opt-out of marketing materials?
From time to time, if you are a healthcare professional, we may use your personal information for the purposes of marketing
our medical therapy products and services or to inform you of new products, promotions or events, including training sessions
that we believe you may be interested in. If you no longer wish to receive our marketing communications, you can opt out by:
- writing to us at the Contact Details below and informing us that you no longer wish to receive these marketing materials;
- in relation to any direct marketing email, clicking the “unsubscribe” link at the bottom of each email; or
- informing your usual KCI Representative.
Please be aware that we may still need to send you essential information (rather than marketing information) from time to time.
Is personal and/or sensitive information disclosed to third parties?
KCI may disclose personal and/or sensitive information to third parties in certain circumstances including (but not limited to)
- in respect of the availability, use and delivery of our products and services - to treating doctors, specialists, hospital staff,
third party nursing service providers and private health insurers;
- to other members of the Acelity Group of Companies (including those who may be located overseas);
- to other third parties who we engage to help us run our business - such as couriers and other delivery service providers
to arrange the delivery / collection of our products; pay roll service providers; debt collection agencies and other parties
that assist with debt-recovery functions;
- your duly authorised representatives (such as your guardian, care-giver, healthcare professional, hospital, health insurer
or other health service provider);
- to our professional advisors, including lawyers, accountants, tax advisors and auditors; or
- law enforcement bodies, Courts of law or as otherwise required or authorised by law;
- regulatory or government bodies for the purposes of resolving complaints or disputes both internally and externally or
to comply with any investigation by one of those bodies;
- if our business is sold, restructured or integrated with another group of companies, to the new owner, to be used in the
- any other person or for any other purposes that would be reasonably expected.
With your consent, we may also transfer personal and sensitive information (including, but not limited to, audio-visual materials such as video, audio or photographs) to overseas recipients for communications and marketing purposes, product and therapy enhancement or for any of the purposes listed above. Wound details, including photos, may be incorporated into marketing or clinical materials, which may be distributed to recipients anywhere in the world.
Before KCI does disclose any personal and/or sensitive information to a third party, we take reasonable steps to ensure the
third party will protect your personal and sensitive information in accordance with Australian privacy laws and in a manner
it was provided.
Does the Website use “Cookies”?
Cookies are small text files that may be placed on your computer or other device by websites when you visit them. Cookies
enable KCI to recognise your device on a subsequent visit by that device to our Website and allows us to deliver a more
personalised experience by providing information to us. Cookies are essential for some website functions and these functions
will not work in the absence of those cookies. You can use the browser privacy functions to clear the cookies already on your
computer or to block cookies in the future by altering the browser privacy settings. However, please note this may cause some
of the functionality of the Website to not work correctly.
Third Party Websites
Our Website may contain links to third party websites. Please be aware that these third party websites are not subject to this
of these sites. You will need to contact these third party sites directly to obtain their privacy policies.
How accurate is the personal information we hold about you?
We take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, complete and up-to-date.
However, the accuracy of the information we hold depends to a large extent on the information you provide. To ensure that we have
your most current personal information, please contact us when your information changes (e.g. if a customer or patient, complete
and submit a KCI Change of Circumstances Form or KCI Cease Rental Advice Form).
What security measures do we use to protect your personal information?
The security of your personal information is given a high priority. We take such steps as are reasonable to securely store your personal
information so that it is protected from unauthorised use or access, misuse, loss, modification or unauthorised disclosure. This includes
both physical and electronic security measures. Examples include the use of passwords, locked storage cabinets and secured storage rooms.
Other features include:
- storing information on secured networks consistent with industry standards, which are only accessible by those employees
who have special access rights to such systems;
- using industry-standard encryption technologies when transferring or receiving sensitive information;
- restrictions are placed on the electronic transfer of files; and
- our IT networks undergo necessary vulnerability testing to continually identify and remediate potential opportunities for
unauthorised data access.
KCI takes such steps as reasonable, in the circumstances, to destroy personal and sensitive information when the information
is no longer required for any purpose for which it may be used or disclosed by KCI and KCI is no longer required by law to
retain the information.
Can you access the personal and/or sensitive information we hold about you?
Yes, however there are some exceptions by law, which we will explain to you if relevant to your request. To request access
to your information, send an email to firstname.lastname@example.org. To protect your privacy, we will take reasonable steps to verify
your identity before providing you with access to your information. We may charge reasonable costs for responding to your
request and will respond to your request within a reasonable time.
If we refuse to grant you access, we will provide you with a written notice setting out the reasons for our refusal and the
mechanisms you may use to complain about our decision.
Can you seek correction of the personal information we hold about you?
If you think your personal information may be inaccurate, incomplete or out of date, you can request it to be updated or
corrected by sending an email to email@example.com. We will respond to your request within 30 days and we will not charge
a fee for responding to your request. KCI may need to flag your records with a suitable explanation rather than changing or
deleting the information. To protect your privacy, we will take reasonable steps to verify your identity before correcting or
adding notes to our records. If we refuse to correct your information, we will provide you with a written notice setting out
the reasons for our refusal and the mechanisms you may use to complain about our decision.
How can you report a breach of your privacy?
If you have any concerns or complaints about a breach of your privacy or the way we have handled your personal information,
please contact us by sending an email to firstname.lastname@example.org.
We will then investigate your complaint and endeavour to provide you with our response within a reasonable time after receiving
your complaint. If, after receiving our response, you still consider your privacy complaint remains unresolved, you may then,
for example, refer your concern to the Australian Privacy Commissioner.
on our Website, you confirm your acceptance of these amendments.
For any other questions regarding privacy, please send an email to email@example.com or call on 1300 524 822.
Appendix: List of Countries
(applicable to European Economic Area and United States website visitors)
Acelity is committed to protecting the privacy of those who entrust us with Personal Data. Acelity abides by the Safe Harbor Principles
developed by the U.S. Department of Commerce and the European Commission and the Federal Data Protection and Information
Commissioner of Switzerland, and the Frequently Asked Questions (FAQs) issued by the U.S Department of Commerce on July 21, 2000.
Acelity’s Safe Harbor certification can be found at https://safeharbor.export.gov/list.aspx. For more information about the Safe Harbor principles,
please visit http://www.export.gov/safeharbor.
The purpose of this Policy is to set forth the privacy principles that Acelity follows with respect to transfers of Personal Data from the
European Economic Area and Switzerland to the United States which has been collected or received by Acelity in conducting clinical or
market research and/or in managing our workforce.
This Policy sets forth the privacy principles that Acelity follows with respect to transfers of Personal Data from the European Economic Area and
Switzerland to the United States which has been collected or received by Acelity in conducting business with customers and patients, in doing
clinical or market research and/or in managing our workforce.
Agent any third party that processes Personal Data on behalf of and under the instruction of Acelity.
Contractor any person or entity engaged (directly or indirectly) to provide services and/or products to Acelity, whether or not pursuant to a
written agreement, including but not limited to any consultant, agent, sales representative, sales associate, distributor, joint venture partner,
contractor or other third party. Employee any employee of Acelity, including any international employee. Personnel any Acelity Contractor,
Acelity Employee or director or officer of Acelity.
“Personal Data” any information or set of information that identifies or can reasonably be used to identify an individual. Personal Data does
not include information that is encoded or anonymized, or publicly available information that has not been combined with
non- public personal information. “Sensitive Personal Data” personal information that reveals race, ethnic origin, political opinions,
religious or philosophical beliefs, or trade
union membership, or that concerns health or sex life. Information will be treated as Sensitive Personal Data where it is received from a
third party that treats and identifies it as sensitive.
Acelity will inform individuals about the purposes for which we collect and use Personal Data about them, how to contact us, the types of
non-agent third parties with whom we may share Personal Data, and any ways that individuals may limit the use and sharing of such data.
This notice will be provided when individuals are first asked to provide Personal Data or as soon thereafter as is practicable. Such notice may
Acelity will offer an individual the opportunity to choose (opt out) whether Personal Data are (a) shared with a non-agent third party or (b)
used for a purpose other than that for which the data were originally collected or subsequently authorized by the individual. For Sensitive
Personal Data, Acelity will endeavor to give an individual an affirmative or explicit (opt in) choice if the information is to be disclosed to a
third party or used for a purpose other than those for which it was originally collected or subsequently authorized by the
individual; provided, however that choice is not required where the processing of Sensitive Personal Data is: (i) in the vital interests of the data
subject or another person; (ii) necessary for the establishment of legal claims or defenses; (iii) required to provide medical care or diagnosis; (iv)
carried out in the course of legitimate activities by a foundation, association or any other non-profit body with a political, philosophical, religious
or trade-union aim and on condition that the processing relates solely to the members of the body or to the persons who have regular contact
with it in connection with its purposes and that the data are not disclosed to a third party without the consent of the data subjects; (iv)
necessary to carry out our obligations in the field of employment law; or (vi) related to data that are manifestly made public by the individual.
Acelity will provide individuals with reasonable access to Personal Data about them and they may request the correction or amendment of
Personal Data that they demonstrate to be incorrect or incomplete. Acelity will endeavor to process all reasonable requests for access within a
reasonable time period but reserves the right to deny access or limit access in cases where the burden or cost of providing access would be
disproportionate to the risks to the individual’s privacy or in the case of a vexatious or fraudulent request. Any Acelity Employee who desires
to review or update their Personal Data can do so by contacting their human resources representative.
Transfers to Agents
Acelity will only transfer Personal Data to an Agent where the Agent has provided assurances that the Agent provides at least the same level of
privacy protection as is required by these principles. Should Acelity become aware of an Agent using or sharing Personal Data in a way that is
contrary to these principles, Acelity will take reasonable steps to prevent or stop such activity.
Acelity will only transfer Personal Data to a non-agent third party where consistent with the notice provided to the individuals who are the
subject of the data and any consent that those individuals have given.
Acelity will only use Personal Data only in ways that are consistent with the purposes for which it was collected or subsequently authorized by
the individual. To the extent necessary for those purposes, Acelity will take reasonable steps to ensure that the Personal Data are relevant for
its intended use, accurate, complete and current.
Acelity will take reasonable precautions to protect Personal Data in its possession from loss, misuse and unauthorized access, disclosure,
alteration and destruction. Acelity endeavors to limit access to Personal Data to Acelity Personnel that have a specific business purpose for
maintaining and processing such Personal Data. Acelity Personnel who have been granted access to Personal Data are aware of their
responsibilities to protect the security, confidentiality and integrity of such information.
Acelity has put in place mechanisms to verify our ongoing adherence to the privacy principles set forth in this Policy. Individuals who wish to file
a complaint, ask a question or raise a concern with this Policy should direct such communication to Acelity at the address provided below.
Acelity will investigate and attempt to resolve complaints, questions and concerns regarding the use and disclosure of Personal Data in
accordance with the principles set forth in this Policy. Furthermore, Acelity is committed to cooperating with local European Data Protection
Authorities to resolve any dispute and will take steps to remedy any problems arising out of a failure to comply with the Safe Harbor principles.
“Acelity will cooperate with the following dispute resolution bodies to address individuals' complaints regarding privacy issues: (i) for individuals
complaints, we cooperate with JAMS in accordance with the JAMS Safe Harbor Program, which is described on the JAMS website at
http://www.jamsadr.com/safeharbor/; (ii) for complaints concerning our handling of Acelity Employee Personal Data, we cooperate with the
relevant EU or Swiss data protection authorities.
Limitations on Scope of Principles
Adherence by Acelity to these privacy principles may be limited to the extent required to meet a legal, governmental,
national security or public interest obligation.
Contact for Concerns
For questions regarding this Policy please contact Acelity at:
San Antonio, Texas 78249
Attention: Compliance Department
C4296 FEB 2015