Star Pharmacy Group Pty Ltd
ABN 42 480 086 042
We are the franchisor for the Star Discount Chemist line of pharmacies, and operator of the Star Discount Chemist website, online store and Superstar Rewards loyalty program. We also provide a range of back office services to Star Discount Chemist pharmacies, along with a number of other pharmacy operators.
1. Collection of Personal Information
We will only collect and hold personal information if:
(a) it is reasonably necessary for us to conduct our functions and activities, and we are able to do so in a lawful, transparent and non-intrusive way; or
(b) it is required to do so by law.
We may collect personal information from you via the following means:
(a) in the course of providing our goods and services to you;
(b) in the course of your transactions with our online store;
(c) from your correspondence with us (whether in writing or electronically);
(d) through any websites (including via cookies) or mobile or digital applications we operate;
(e) when you sign up for our membership/loyalty card programs;
(f) when you apply to us for a job, either with us or with one of our pharmacies;
(g) from third parties, including public sources, information service providers, providers who administer our products and services, and anyone authorised to act on your behalf; and
(h) as otherwise required in the general conduct of our business.
Where it is reasonably practical to do so, we will collect personal information directly from the relevant individual.
When it is not practicable or reasonable to obtain personal information from the individual to whom the information relates, personal information may be obtained from someone other than the individual to whom the information relates. If this occurs, we will take reasonable steps to ensure that the individual is made aware that the personal information was obtained from a third-party, and why this was necessary and reasonable in the circumstances.
We may collect personal information about you from our pharmacy operators. For example, where you use our loyalty card in conjunction with a purchase, we will collect information about that purchase from the pharmacy operator.
2. Types of personal information we collect
We may collect a range of personal information about you, including, but not limited to:
(a) name, gender and date of birth;
(b) contact details, including residential postal address, telephone number and email;
(c) payment details, including your preferred payment methods;
(d) information about your transactions with our online store, and your transactions in pharmacies where you use our loyalty program;
(e) information contained in any communications between you and us;
(f) information contained in an application form or other document submitted to us (either in person or online);
(g) your activity on, and interaction with, our digital or online services (including websites, apps, email, online advertisements and social media profiles); and
(h) any information we are required to collect by law.
We do not typically collect sensitive information (such as information about health) about customers from our pharmacy operators. All prescription information is held locally at a pharmacy level, and is not collected by us.
We may collect sensitive information in other contexts. For example, we may collect health information about staff members employed by our pharmacy operators. Where we do collect sensitive information, we do so with the consent of the individual concerned, or otherwise in accordance with the APPs.
3. Use and disclosure of personal information
3.1 Permitted use and disclosure
We may use and disclose your personal information for the primary purpose for which that information was collected, or for a secondary purpose if an exception applies. These exceptions include where:
(a) you have consented to a secondary use or disclosure;
(b) you would reasonably expect us to use or disclose your personal information for the secondary purpose, and that purpose is related to the primary purpose of collection;
(c) the secondary use or disclosure is required or authorised by or under an Australian law or a court/tribunal order;
(d) a permitted general situation exists in relation to the secondary use or disclosure (as prescribed by the Privacy Act); and
(e) reasonably believes that the secondary use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
3.2 Use of personal information
Personal information collected by us may be used:
(a) to confirm your identity when you contact us;
(b) to provide services to our pharmacy operators;
(c) to provide you with any of our goods and services, or information about those goods or services (including promotional offers), as part of the conduct of our business generally;
(d) to communicate directly with you and respond to enquiries;
(e) to accept and process your orders via our online store;
(f) to operate our loyalty program;
(g) to provide refunds or discounts;
(h) to provide you with electronic confirmation of your orders, and to advise you of any changes to our goods and services;
(i) to facilitate the delivery of orders;
(j) where permitted under the APPs, for direct marketing on an ongoing basis, including communications and targeted advertising by telephone, electronic messages (including email), our digital services and other means;
(k) to conduct product and market research;
(l) to maintain and update our records;
(m) to work with our service providers;
(n) to administer and manage the provision of our goods and services to you, including billing and debt collection; and
(o) to create aggregate data and other statistics about your visits/interaction with our online and digital services to allow for the efficient operation and usability of those services.
We will not use or disclose personal information for any other purpose unless permitted under the APPs, or where the individual has consented to that use or disclosure.
3.3 Disclosure of personal information
We may disclose your personal information to third parties as required from time-to-time for those purpose reasonably necessary for, or directly in connection with, the conduct of our business including, but not limited to:
(a) our pharmacy operators;
(b) our authorised agents, contractors, service providers and external advisers that provide products or services to us, or to you or other parties on our behalf from time to time (including, but not limited to, mail processing business, printers, market research companies and auditors);
(c) an organisation that has a contractual arrangement or alliance with us (for example, for the purpose of using or promoting our respective goods or services, or conducting seminars or educational events);
(d) any entity that we are require or authorised by or under law to disclose such information (for example, Commonwealth and State law enforcement agencies, investigative agencies and courts); and
(e) our related bodies corporate.
If we disclose personal information to a third party, we generally require that the third party protect personal information to the same extent that we do.
4. Anonymised information
Where information is de-identified, aggregated or otherwise anonymised, such that an individual is not reasonably identifiable from this information, it will not constitute personal information and is not subject to the APPs. We may use and disclose such anonymised information for any purposes as we see fit, including to our pharmacy operators, or to third parties for research and educational purposes.
When you visit our online platforms we may use ‘cookies’ (being a piece of data that a website places on your browser when you visit the website) to automatically collect the following information, which includes, but is not limited to:
(a) technical information, including your IP address, login information, browser type and version, device identifier, location and time zone setting, operating system and platform, page response times and download errors;
(b) information about your visit, including the websites you visit before and after our site, as well as the products you viewed or searched for; and
(c) the length of your visits to certain pages, page interaction information and methods used to browse away from the page
The settings in your Internet browser software can be adjusted to prevent cookies being stored on your electronic device. However, some of the features and functionality of our online platforms may then be lost.
6. Protection and security of personal information
We will take reasonable steps to protect personal information we hold from:
(a) misuse, interference and loss; and
(b) unauthorised access, modification or disclosure.
We have in place:
(a) computer software and hardware that provides electronic protection of and/or prevents access to personal information from unauthorised persons, particularly from those individuals who are external to us. Electronic protection will include:
(i) mandatory password protection on computers; and
(ii) firewall and anti-virus software; and
(b) documented record management procedures in relation to the collection, physical security and storage of hard copy records.
6.2 Data Breaches
A data breach occurs when personal information is lost or subject to unauthorised access, modification, disclosure, or other misuse or interference. A data breach may be intentional or unintentional.
Examples of data breaches may include where:
(a) a device (such as a laptop) containing personal information is lost or stolen;
(b) a database containing personal information is accessed without authorisation; or
(c) personal information is mistakenly provided to the wrong person.
The Privacy Act will require us certain steps in response to an ‘eligible data breach’. An eligible data breach occurs where:
(a) there is unauthorised access to or disclosure of personal information that we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur); and;
(b) this is likely to result in serious harm to any of the individuals to whom the information relates; and
(c) we have been unable to prevent the likely risk of serious harm with remedial action.
Where we suspect that an eligible data breach may have occurred, we will:
(a) the breach and, if possible, take remedial action; and
(b) commence the requisite assessment process to determine whether the data breach is likely to be an ‘eligible data breach’ for the purposes of the Privacy Act.
If we have reasonable grounds to believe that an ‘eligible data breach’ has occurred, we will:
(a) prepare a statement to the Office of the Australian Information Commissioner (OAIC) as soon as practicable (OAIC Statement);
(b) notify the individual to whom the information relates as soon as practicable after the statement has been prepared; and
(c) provide that individual with a copy of the OAIC Statement.
If it is not possible to notify the individual to whom the eligible data breach relates for the purpose of providing them with a copy of the OAIC Statement, a copy of the OAIC Statement will be posted on our website.
7. Direct marketing
We will, on occasion, and where reasonable and appropriate, use your personal information for the purpose of direct marketing. This includes providing you with information about new products, services and promotions offered by either us, or a third party, which are related to the health care of the individual and may be of interest to them.
Direct marketing in these circumstances may occur by mail, email, SMS or telephone.
Where the direct marketing is transmitted electronically or by telephone, we will at all times comply with any applicable laws including the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
We will not use sensitive information for the purposes of direct marketing unless you have expressly consented to this taking place.
We will not disclose personal information, including sensitive personal information, to third parties for a direct marketing purpose unless permitted by the APPs, or where we have been given consent to do so by the individual involved.
You may opt out at any time if you no longer wish to receive commercial messages from us. This request can be made by contacting us via the opt- out mechanism in the direct marketing material, or by contacting the Privacy Officer.
8. Personal information about employees
We may collect personal information about:
(a) our own employees and prospective employees; and
(b) employees and prospective employees of our pharmacies, as part of their application and during the course of their employment, either from them, from our pharmacy operators, or in some cases from third parties such as recruitment agencies.
This may include information about the employee’s health, their right to work in Australia, or other sensitive information. For some roles, employees may need to obtain a security clearance or provide a criminal history search.
Under the Privacy Act, personal information about our own current or former employees may be held, used or disclosed by us in any way that is directly connected to the employment relationship. We handle information about our employees in accordance with legal requirements and our applicable policies in force from time to time.
9. Accessing and correcting personal information
We will deal with requests for access or correction, by an individual, of their personal information held by us, in accordance with this policy. Requests must be made in writing by sending an email to [email protected], and in the appropriate form specified by us from time to time.
On receipt of an application, and within a reasonable timeframe, we will take reasonable steps to inform the individual who made the request:
(a) what personal information we hold in relation to that individual;
(b) why the personal information is held;
(c) how we collect (or collected), hold (or held), use (or used) and disclose (or disclosed) the personal information.
We will confirm with the individual whether they wish to have access to the personal information in question.
We will ordinarily give an individual access to their personal information unless an exception applies. Exceptions include where:
(a) giving access would have an unreasonable impact on the privacy of other individuals;
(b) the request for access is frivolous or vexatious; or
(c) the access would be unlawful.
If your request relates to information held by another party, such as one of our pharmacy operators, we may direct you to them.
We reserve the right to charge a reasonable administrative fee for providing access to the personal information, but no fee will be charged for making the application or correcting personal information held by us. We may withhold access to the personal information until the fee is paid.
If a request for access or correction is denied by us we will, within a reasonable time period, provide the individual who made the request with a general, written explanation as to why the request was refused. We will also take such steps, if any, as are reasonable in the circumstances to give access in a way that meets our needs, and the needs of the individual.
10. Overseas transfers of personal information
We operate primarily in Australia, with the assistance of our team members in the Philippines. In addition, from time-to-time, we use web-based programs for online activities, which may be hosted overseas. Outside of those arrangements, we do not typically provide personal information to parties in any other countries.
If we do propose to disclose personal information to recipients in other countries in the future, we will do so in compliance with the requirements of the Privacy Act. We will, where practicable, advise of the further countries in which any overseas recipients are likely to be located.
Each individual providing personal information to us consents to us disclosing this personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business, and agrees that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the APP, that entity will not be bound by, and the individual will not be able seek redress under, the Privacy Act.
We will be obliged, without a request for correction, to correct inaccurate, out-of-date, incomplete, irrelevant or misleading personal information if we are satisfied that, having regard to the purpose for which the personal information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
If this occurs, we will take all reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If you are of the view that their personal information requires correction, they should contact the Privacy Officer listed below.
The Privacy Officer
Post: Star Pharmacy Group, 2/108 Rundle St, Kent Town SA 5067
Telephone: (08) 8443 7955
Email: [email protected]
We take all complaints seriously and will respond to each complaint within a reasonable period.
If dissatisfied with the handling of a complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
Email: [email protected]
The last update to this document was 10 March 2023.