1.1 The privacy of your Personal Information is important to us at Nevro Medical Pty Ltd ABN 53 150 636 945 (Nevro).
1.2 We are committed to protecting your Personal Information. We are bound by the Australian Privacy Principles (APPs) established by the Privacy Act 1988 (Cth) (the Privacy Act) and, in respect of your Health Information, by relevant Health Privacy Principles under State and Territory legislation.1
- (a) collecting your Personal Information;
- (b) using and disclosing your Personal Information;
- (c) holding your Personal Information and keeping it secure;
- (d) allowing you to access and correct your Personal Information; and
- (e) handling privacy-related complaints.
2. COLLECTING YOUR PERSONAL INFORMATION
2.1 With your consent, we will collect Personal Information (including Health Information) from you.
2.2 We will not collect Sensitive Information from you, other than Health Information.
2.3 We will only collect Health Information from you to the extent that it is reasonably necessary for Nevro to perform one or more of its functions or activities.
2.4 We will collect your Personal Information to:
- (a) generate your patient identification card;
- (b) maintain a distribution record of Nevro products;
- (c) support your use of your Nevro device and to improve its operation and effectiveness (including to individualise and optimise your pain management programme);
- (d) contact you in connection with safety issues relating to your Nevro device; and
- (e) process any warranty claim(s) made by you in connection with your Nevro device.
- (together, the Primary Purposes).
2.5 The Personal Information we collect from you may include the following:
- (a) your name;
- (b) your date of birth;
- (c) your personal contact details (for example, your residential and postal addresses, your telephone number(s) and your email address);
- (d) your general medical and surgical history;
- (e) the details of, and data relating to, the current and past pain management programmes you have followed or have been prescribed;
- (f) data relating to the mapping of the anatomical distribution of your sensation and pain;
- (g) your current and historical levels of physical activity;
- (h) the results of radiological or other imaging investigations relating to the location of the lead for your Nevro device;
- (i) your self-rated levels of pain;
- (j) changes to your level of medication consumption/prescription.
2.6 If you do not consent to us collecting your Personal Information, provide none or only part of the Personal Information requested from you by us, or provide incorrect Personal Information, we may not be able to:
- (a) provide you with optimal level of service and support in connection with your Nevro device;
- (b) advise you of any safety issues relating to your Nevro device; and
- (c) optimize pain management programming.
2.7 Because of the nature of the Personal Information we collect from you, and the Primary Purposes for which it is collected, it is not practicable to transact or otherwise deal with you on an anonymous basis or through the use by you of a pseudonym.
3. USING AND DISCLOSING YOUR PERSONAL INFORMATION
3.1 We will use your Personal Information for the Primary Purposes listed in paragraph 2.4 above.
3.2 With your consent we may also use your Personal Information for one or more purposes other than a Primary Purpose (the Secondary Purposes). The Secondary Purposes may include:
- (a) conducting research into your Nevro device to, amongst other things, better understand the operation and benefits of your Nevro device and to further develop your Nevro device and related Nevro products.
3.3 Notwithstanding that we may not have obtained your consent, we may also use your Personal Information for a Secondary Purpose:
- (a) if both of the following apply:
- (i) the Secondary Purpose is related to the Primary Purposes (or, if the Personal Information is Sensitive Information, the Secondary Purpose is directly related to the Primary Purposes); and
- (ii) it would be reasonable for you to expect us to use your Personal Information for the Secondary Purpose.
- (b) if we reasonably believe that the use is necessary to lessen or prevent:
- (i) a serious or imminent threat to an individual's life, health or safety; or
- (ii) a serious threat to public health or public safety;
- (c) if we have reason to suspect that unlawful activity has been, or is or may be engaged in, and may use your Personal Information as a necessary part of our investigation of the matter or in reporting our concerns to relevant persons or authorities; or
- (d) if the use (ie, the Secondary Purpose) is otherwise required or authorised by law.
3.4 We will not use your Personal Information without taking reasonable steps to ensure that the information is accurate, up to date, complete and relevant.
3.5 We will not use your Personal Information for the secondary purpose of Direct Marketing.
3.6 With your consent we may disclose:
3.8 We may disclose your Personal Information to Nevro's parent company, Nevro Corporation (headquartered in the United States of America) (Nevro Corporation) and to other Related Bodies Corporate of the Nevro Corporation (whether located in Australia, the United States of America or elsewhere), with your consent.
3.9 We draw to your attention that the Nevro Corporation and certain other Related Bodies of the Nevro Corporation are Overseas Recipients of your Personal Information. While your Personal Information will be held securely, the Nevro Corporation and its Related Bodies Corporate are not subject to, and they have not undertaken to comply with, the APPs, any relevant Health Privacy Principles or any other Australian privacy requirements.
3.10 Although reasonable steps will be taken to ensure that the Overseas Recipients do not breach the APPs, if you have provided us with your consent to disclose your Personal Information to these Overseas Recipients, you will not have recourse against Nevro under the Privacy Act if such a breach was to occur.
3.11 We will not disclose your Personal Information without taking reasonable steps to ensure that the information is accurate, up to date, complete and relevant.
4. QUALITY OF YOUR PERSONAL INFORMATION
4.1 Nevro will take reasonable steps to ensure that Personal Information collected, used or disclosed by Nevro is accurate, complete, up-to-date and relevant as required by the Privacy Act.
5. STORING AND PROTECTING YOUR PERSONAL INFORMATION
5.1 We may store your Personal Information in hard-copy documents or electronically.
5.2 We will take reasonable steps to ensure that any hard-copy and/or electronic records containing your Personal Information are stored securely and protected from misuse, interference and loss, and from unauthorised access, modification or disclosure. These steps will include maintaining:
- (a) physical security (for example, locks and other security systems) at the premises at which your Personal Information is stored; and
- (b) computer and network security in connection with our computer systems.
5.3 We will regularly review and, where necessary or appropriate, update our information security practices.
5.4 We will take reasonable steps to destroy or permanently de-identify your Personal Information if:
- (a) it is no longer needed for any purpose for which Nevro may use or disclose the information: and
- (b) we are not required by law or a court or tribunal order to retain the information.
6. ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
6.1 Upon receiving a request from you, we will ordinarily allow you as soon as practicable to access our records containing your Personal Information. However, in certain circumstances we are permitted by the Privacy Act to refuse your request for access, or to limit the access we provide you with – in these circumstances we will advise you why your request has been refused or your access has been limited.
6.2 Upon receiving a request from you, we will update/correct as soon as practicable our records containing your Personal Information in accordance with the requirements of the Privacy Act.
6.3 You may submit a request to access and/or to correct our records containing your Personal Information by contacting us by one of the means set out in paragraph 8 below.
6.4 We will not charge you a fee to lodge a request to access your Personal Information or to have your Personal Information updated/corrected. However, we may charge you a fee for:
- (a) the time we spend on locating, collating and explaining the Personal Information you have requested access to; and
- (b) any out-of-pocket expenses we incur.
7. WITHDRAWING YOUR CONSENT
7.1 Having provided your consent to the collection, use and disclosure of your Personal Information, you may withdraw that consent at any time by contacting us by one of the means set out in paragraph 8 below.
8. CONTACTING NEVRO
Writing to us at:
Att: Jeff Esbjerg
Nevro Corp Country Manager
Level 6, 468 St Kilda Road
Melbourne VIC 3004
Emailing us at:
9. HANDLING YOUR COMPLAINTS
9.1 We aim to:
- (a) acknowledge the receipt of your complaint within 30 Business Days; and
- (b) resolve your complaint within 60 Business Days (although this may not be possible in every case).
9.2 If we cannot resolve your complaint within 60 Business Days, we will notify you of the reason for the delay and provide you with an indication of when we expect to resolve your complaint.
9.3 If you are not satisfied with how we have resolved your complaint, we will advise you of the external dispute resolution avenues available to you.
Business Day means a day that is not a Saturday, Sunday or public holiday in the primary place in which your complaint is being handled.
Direct Marketing means the marketing of goods or services through means of communication including written, verbal or electronic means.
Health Information means:
- (a) information or an opinion about:
- (i) the health or a disability (at any time) of an individual; or
- (ii) an individual's expressed wishes about the future provision of health services to him or her; or
- (iii) a health service provided, or to be provided, to an individual;
- that is also Personal Information; or
- (b) other Personal Information collected to provide, or in providing, a health service; or
- (c) other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
- (d) genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
Nevro means Nevro Medical Pty Ltd ABN 53 150 636 945 and its subsidiaries.
Overseas Recipients means the Nevro Corporation and certain other Related Bodies of the Nevro Corporation that are located outside of Australia.
Personal Information means information (including Health Information) or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Privacy Act means Privacy Act 1988 (Cth).
Related Body Corporate means that, where a body corporate is:
- (a) a holding company of another body corporate; or
- (b) a subsidiary of another body corporate; or
- (c) a subsidiary of a holding company of another body corporate,
- the first mentioned body corporate and the other body corporate are related to each other.
Sensitive Information means:
- (a) information or an opinion about an individual's:
that is also Personal Information; or
- (i) racial or ethnic origin; or
- (ii) political opinions; or
- (iii) membership of a political association; or
- (iv) religious beliefs or affiliations; or
- (v) philosophical beliefs; or
- (vi) membership of a professional or trade association; or
- (vii) membership of a trade union; or
- (viii) sexual preferences or practices; or
- (ix) criminal record,
- (b) Health Information about an individual; or
- (c) genetic information about an individual that is not otherwise Health Information.
1 For example, those contained in the Health Records and Information Privacy Act 2002 (NSW), Health Records Act 2001 (Vic) and the Health Records (Privacy and Access) Act 1997 (ACT).