Skip to main contentSkip to navigationSkip to search
EnglishSvenska

Privacy notice

Note: For Privacy Notice for Australian residents, please refer to the grey section further below.

Information regarding processing of your personal data

The purpose of this privacy notice is to provide information on how Camurus (“we”) may process your personal data.

We respect your privacy and duly protect the personal data we process about you. All processing of personal data is carried out in accordance with applicable privacy laws, including without limitation the European Union’s General Data Protection Regulation (the “GDPR”) and the California Consumer Privacy Act (the “CCPA”). This privacy notice describes how we collect, process and share your personal data.

In Part I of this privacy notice, you find specific information applicable to different categories of data subjects. In Part II, you find information applicable to all categories of data subjects, such as your rights as a data subject. You will also find additional disclosure for California residents as well as a separate privacy notice for Australian residents.

PART I

1. WEBSITE VISITORS

What personal data may be processed?

We may collect and process personal data that your web browser makes available when you visit this website, which may include Internet Protocol (IP) address, browser language, geographical location data, date and time, cookies, and information about accessed pages.

If you:

  • provide your email address in order to download logos and images from this website;
  • subscribe for our financial reports and/or press releases; or
  • otherwise contact us through this website;
  • we will also process your name and email address that you submit to us, and any other information you may share with us when contacting us.

For more information about cookies, please read our Cookie Policy here

Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. Our website is not currently designed to recognize these signals.

What are the purposes and legal grounds for processing your personal data?

We process your personal data to make the website and the features of the website available to you and to improve, develop, and enhance the usability of the website.

The processing of your personal data for the purposes described above is based on our legitimate interest, as we wish to make the website and its features available to you. The processed personal data is of simple nature and the processing is limited and does not affect personal integrity to a large extent. Furthermore, we believe there is a mutual interest in the purpose described. Based on these factors, we have performed a balance of interest assessment and have concluded that our legitimate interest to make the website and its features available to you outweighs your potential interest in not having your personal data processed for these purposes. However, you are always entitled to object to our assessments. You can read further about your rights in Part II below.

For how long is your personal data stored?

Your personal data will only be processed as long as the purpose for which it is processed exists and as long as permitted or required under applicable laws and regulations, and will be securely deleted or destroyed after expiry of the retention period. You may always request that we delete your personal data sooner, read more about your rights in Part II below.

2. BUSINESS REPRESENTATIVES AND OTHERS

What personal data will be processed?

If you act as a representative or point of contact of a company or organization with whom Camurus has a business relationship (e.g. a customer, collaboration partner, manufacturer, distributor, CRO), or otherwise interact with us (e.g. correspond with Camurus through email, including Camurus’ medical affairs lines and reporting lines), we may collect and process the following personal data about you:

  1. contact information (name, email and telephone number);
  2. position and company/organization;
  3. information on work experiences, if applicable;
  4. date of birth, gender, medical history and other information you may provide as part of adverse event reporting or medical information requests; and
  5. any other personal data you provide to us

The personal data listed above will be collected directly from you or from the organisation/company that you represent. We may also collect your personal data from publicly available sources, if applicable.

What are the purposes and legal grounds for processing your personal data?

We process your personal data:

  1. to manage our business relationship and administer our interactions;
  2. for the purpose of ensuring high standards of our business partners and people we collaborate with and to comply with obligations applicable to Camurus as a public company; and
  3. for the purpose of complying with applicable laws, regulations and industry practices.

The processing of your personal data for purpose (a) stated above is based on our legitimate interest to manage our (actual or potential) business relationship and interact with you. The personal data which is processed is of simple nature and the processing is limited and does not affect personal integrity to a large extent. Furthermore, the processing is necessary for us to conduct our business. Based on these factors, we have performed a balance of interest assessment and have concluded that our legitimate interest to manage our (actual or potential) business relationship and interact with you, outweighs your potential interest in not having your personal data processed for these purposes.

The processing of your personal data for purpose (b) stated above is based either on our legitimate interest to ensure high standards for our business partners and people we collaborate with, or on our legal obligations as a public company operating within the pharmaceutical industry.

The processing of your personal data for purpose (c) above is based on Camurus’ legal obligations as a pharmaceutical company.

You are always entitled to object to our assessments. You can read further about your rights in Part II below.

For how long is your personal data stored?

Your personal data will only be stored as long as the purpose for which it is kept exists and as long as permitted or required under applicable laws and regulations and will be securely deleted or destroyed after expiry of the retention period. This means that personal data processed in order to manage our business relationship and to interact with you will be deleted without undue delay once we believe we no longer have a relationship with you, or without undue delay after we have been informed that you have left the company or organization with whom we have a business relationship. You may always request that we delete your personal data sooner, please see Part II below.

We have legal obligations to store data related to Camurus’ medicinal products (such as data related to clinical trials and pharmacovigilance data) for certain time periods. If you are an investigator, business representative or other whose personal data we process in relation to our medicinal products, your personal data may therefore be saved for the applicable time period.

3. INVESTORS AND ANALYSTS

What personal data will be processed?

If you are an investor, shareholder or an analyst, we may collect and process the following personal data about you:

  1. contact information (name, email and telephone number);
  2. position and company/organization, if you represent a company/organization;
  3. any personal data you may provide us.

The personal data listed above will be collected directly from you or from the organization/company that you represent. We may also collect your personal data from publicly available sources, if applicable.

If you are an analyst following Camurus, we will publish your name on our website for the purpose of complying with industry codes and standards applicable to public companies.

What are the purposes and legal grounds for processing your personal data?

We will process your personal data:

  1. to interact with you; and
  2. comply with obligations applicable to Camurus as a public company.

We will process the information above based on Camurus’ legitimate interest to comply with obligations applicable to public companies or, in some cases, based on our legal obligations. The personal data which is processed is of simple nature and the processing is limited and does not affect personal integrity to a large extent. Furthermore, the processing is necessary for us to conduct our business. Based on these factors, we have performed a balance of interest assessment and have concluded that our legitimate interest to comply with obligations applicable to public companies and interact with you, outweighs your potential interest in not having your personal data processed for these purposes.

You are always entitled to object to our assessments. You can read further about your rights in Part II below.

For how long is your personal data stored?

Your personal data will only be stored as long as the purpose for which it is kept exists and as long as permitted or required under applicable laws and regulations and will be securely deleted or destroyed after expiry of the retention period.

4. HEALTHCARE PROFESSIONALS

What personal data will be processed?

If you are a healthcare professional (HCP) interacting with Camurus, we may collect and process the following personal data about you:

  • contact information (name, email and telephone number);
  • professional details (including position, practice specialty, membership of professional associations);
  • information relating to your participation in Camurus sponsored or supported clinical trials, conferences or other educational events;
  • information obtained in relation to adverse event reporting, product complaints or medical information line enquiries;
  • passport details and next of kin details, when Camurus sponsors or arranges your travel to educational events or for business relating to Camurus;
  • remuneration paid for services performed for or on behalf of Camurus, or sponsorship funding ; and
  • any other information provided to us.

The personal data listed above will mainly be collected directly from you or from the organization/company that you represent. However, we may also receive your personal data from external parties who organize and host conferences or events where you have participated. We may also collect your information from publicly available sources, if applicable.

What are the purposes and legal grounds of processing your personal data?

We process your personal data in order to

(a) to provide you with information on our products and our business;
(b) to invite you to events, etc.;
(c) to engage you to perform services for or on behalf of Camurus or otherwise manage our relationship;
(d) o respond to or otherwise handle any requests or questions you may send us, or otherwise interact with you when you send us an email or contact us by phone; and
(e) to comply with our legal obligations or industry standards, such as maintaining our pharmacovigilance system or make transfer of value disclosures as applicable.

The processing of your personal data for the purposes stated in (a) to (d) above is based on our legitimate interest to manage our relationship with you. The personal data which is processed is of simple nature, limited to your professional role and the processing does not affect personal integrity to a large extent. Furthermore, the processing is necessary for us to conduct our business. Based on these factors, we have performed a balance of interest assessment and have concluded that our legitimate interest to manage our relationship and interact with you, outweighs your potential interest in not having your personal data processed for these purposes. You are always entitled to object to this assessment, please see Part II below.

In some cases, processing of your personal data for the purposes stated in (a) to (d) above may also be based on the performance of a contract we have signed with you or on your explicit consent.

The processing of your personal data for the purpose stated in (e) above is based on our legal obligations, especially those relating to pharmacovigilance, product safety and product liability.

For how long is your personal data stored?

Your personal data will only be stored for as long as the purpose for which it is kept exists and for as long as permitted or required under applicable laws and regulations and will be securely deleted or destroyed after expiry of the retention period. This means that certain personal data which is processed to provide requested information to you, invite you to events or to otherwise manage our relationship will be deleted without undue delay when we no longer have a relationship. You may always request that we delete your personal data sooner. Personal data stored for Camurus’ compliance with applicable laws and regulations will be stored as long as required under those laws and regulations.

5. CONSULTANTS

What personal data will be processed?

If you are a consultant engaged to perform services for Camurus, we may collect and process the following personal data:

  • Contact information (e.g. name, address, email and telephone number);
  • Position with the company you represent;
  • Bank account details or other financial information as may be necessary to make payments to you as a consultant or the company you represent;
  • Remuneration paid as compensation for the services provided;
  • Information about your physical location when using our entrance system (e.g. information regarding entrances and exits to office premises) if you have been provided an access tag to Camurus’ facilities;
  • IT-related information (e.g. possibly stored information concerning data and telephone traffic and information regarding access to IT-systems, log files etc.) if you are provided access to Camurus’ IT system;
  • If applicable for your engagement as a consultant, information (name, position, total remuneration for services) regarding the value of your contract with Camurus; 
  • Any other personal data that Camurus needs to process for the purpose of engaging you to perform the agreed services and as may be required for the purpose of Camurus’ compliance with legal obligations. 

What are the purposes and legal grounds of processing your personal data?

We process your personal data to:

  1. enter into an agreement with you or the company you represent regarding the services to be provided;
  2. pay invoices for services performed or otherwise compensate you for the consulting services;
  3. administrate your access to IT systems and office sites necessary for the conduct of the services;
  4. comply with our legal obligations, including accounting laws and relevant industry regulations; and
  5. fulfil and comply with our obligations under the European Federation of Pharmaceutical Industries and Associations' ("EFPIA").

The processing of your personal data for the purpose stated in (a)-(c) above is necessary for the performance of a contract or, if you are not a party to the agreement regarding your consulting services, the processing is based on our legitimate interest as we have a business legitimate interest to engage you as a consultant.  This is of mutual interest, and we have conducted a balancing interest test with the result that our legitimate interest overweighs your interest in not having your personal data processed for this purpose. You are always entitled to object to this assessment, please see Part II below.

The processing of your personal data for the purpose stated in (d) above is necessary for us to comply with our legal obligation to process certain personal data.

The processing of your personal data for the purpose stated in (e) above is necessary for our legitimate interest as we have a business interest to adhere to the relevant codes and/or practices in line with the industry standard guidance.

For how long is your personal data stored?

Your personal data will only be stored for as long as the purpose for which it is kept exists and for as long as permitted or required under applicable laws and regulations and will be securely deleted or destroyed after expiry of the retention period.

7. JOB APPLICANTS

What personal data will be processed?

If you apply for a position with Camurus, directly to Camurus or through any of Camurus’ third party service providers (e.g. recruitment agencies), we may collect the following personal data in connection with the recruitment process in order to evaluate if you are a suitable candidate for the position:

  • contact information (e.g. name, address, email and telephone number);
  • CV and application job application, and any information provided in these documents;
  • information obtained during interviews or other interactions during the recruitment process; and
  • any other information provided by you or obtained in connection with the recruitment process.

We collect personal data directly from you. However, we may also collect personal data about you from external parties, e.g. from recruitment agencies, background check service providers, prior employers and other business partners, and publicly accessible sources such as national tax authorities and other public agencies or authorities.

What are the purposes and legal grounds of processing your personal data?

We process your personal data in order to:

(a) to interact with you during the recruitment process;
(b) to evaluate if you are a suitable candidate for the advertised job or position you apply for and otherwise include you in the recruitment process;
(c) to carry out statistical analysis of job applicants to analyze for example the number of female/male applicants, etc.;
(d) to process potential claims relating to the recruitment process (e.g. discrimination claims, etc.); and
(e) if applicable and if your explicit consent has been obtained, to store your information if we wish to contact you for future positions.

The processing of your personal data for purposes (a) to (e) above is based on our legitimate interest, as further outline in detail below. The legitimate interest in relation to purposes (a) and (b) is to evaluate if you are a suitable candidate for the advertised position which is also to your advantage. To do so, we must review certain information regarding, for example, your prior experience. We only review and request information that is necessary for such purpose.

We also have a legitimate interest to process your personal data for purpose (c) since we would like to ensure that we attract all types of individuals in order to maintain diversity and to take appropriate actions considering the results of the analysis. The personal data collected for statistical analysis will be compiled in an aggregated form which does not enable your identification.

In case you would like to challenge our decision taken in connection with our recruitment process as described in purpose (d), it is essential that we have documented our decisions in order to be able to motivate our decision and to defend potential legal claims.

Considering the nature of Camurus’ business, legal obligations, security reasons and the importance of mitigating the risk of exposure to and potential leakage of controlled substances (such as narcotics), we have a legitimate interest to carry out drug tests and other relevant health checks in case you are offered a position with Camurus where you will be handling controlled substances or be allowed access to facilities where controlled substances are kept. Such tests and checks are only conducted if they are relevant for the position you apply for. Tests and checks will be performed by an external service provider. Camurus will only receive information whether the test was positive or negative and/or a notice of any red flags, and Camurus will not receive, or store, any other information in relation to such tests. Camurus acknowledges that information received from the external service provider may be considered sensitive data under applicable privacy laws, including the GDPR and the CCPA. If applicable, in addition to Camurus’ legitimate interest to process this information, Camurus has a legal obligation to mitigate the risk of exposure to and potential leakage of controlled substances and must therefore assess the working capacity of you as an employee as described.

Considering the nature of Camurus’ business, we may also have a legitimate interest to have an external service provider perform a screening and background check if you have applied for a position with great responsibilities or that would otherwise require Camurus to ensure that you are fit for the position. Such background check is only conducted if it is relevant for the position you are applying for. In such case, we will receive a summary report from the external party having performed the screening and background check and Camurus will not store any of this information.

Based on the above-mentioned factors, we have performed a balance of interest assessment and have concluded that our legitimate interests outweigh your potential interest in not having your personal data processed for the purposes listed herein. You are always entitled to object to this assessment.

The processing of your personal data for purpose (e) is based on your explicitly given consent to such processing, which we will ask for if applicable. You can always withdraw your consent.

You can read further about your rights in Part II below.

For how long is your personal data stored?

Your personal data will only be stored as necessary for the purpose and as long as permitted or required under applicable laws and regulations and will be securely deleted or destroyed after expiry of the retention period.

PART II

Who is the data controller?

Camurus AB, Reg. No. 556667-9105, address Rydbergs torg 4, SE-224 84 Lund, Sweden or, in some cases the Camurus company that you interact with, is the controller of the processing of your personal data. This means that Camurus AB or the Camurus company that you interact with is responsible for your personal data being processed correctly and in accordance with applicable laws and regulations. The email address to the data controller is [email protected]. Contact information to other Camurus companies may be found on our website, www.camurus.com.

We may update this privacy notice from time to time to account for changes to the law or our privacy practices. If we update this privacy notice, we will update the last updated date at the top.

What are your rights?

  • Right to be informed – You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and what your rights are. This is why we are providing you this privacy notice.
  • Right of access – You have the right to obtain access to your personal data we process. You may ask for:
    • A copy of your information;
    • Details of the purpose for which it is being processed;
    • Details of the recipients or classes of recipients to whom it is or could be disclosed;
    • The period for which the personal data is held (or the criteria which determines this);
    • Any information available about the source of the personal data; and
    • Whether we carry out any automated decision-making or profiling, and where we do information about the logic involved and the outcome or consequences of that decision or profiling (however please see below).
  • Right to rectification – You are entitled to have your information corrected if it is inaccurate or incomplete.
  • Rights in relation to automated decision making – Camurus does not make use of automated decision making when processing your data, so this right is not applicable in relation to this privacy notice.
  • Right to erasure – You may request the deletion or removal of your personal data where:
    • You do not believe that we need your data in order to process it for the purposes set out in this privacy notice;
    • If you withdraw your consent, if applicable for the processing, and we cannot otherwise legally process your data;
    • You object to our processing and we do not have any legitimate interests enabling us to continue to process your data; or
    • Your data has been processed unlawfully or has not been erased when it should have been.
  • Right to restrict processing – You have right to request that we restrict further use of your information. However, we may still store your information, but not use it any further. You may request that we stop processing your personal data temporarily if:
    • You do not think your data is accurate. We will start processing again once we have checked whether or not the data is accurate;
    • The processing is unlawful but you do not want to erase your data;
    • We no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
    • You have objected to the processing because you believe that your interests should override the company's legitimate interests.
  • Right to data portability – You have rights in certain circumstances to obtain and reuse your personal data for your own purposes across different services.
  • Right to object to processing – You have the right to object to certain types of processing, including processing based on our legitimate interests.
  • Right to withdraw consent – If you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time (although if you do so, that does not mean anything we have done with your personal data with your consent up to that point is unlawful).
  • Right to file a complaint. You have the right to file a compliant with the applicable Data Protection Authority if you have any objections or complaints about the way we process personal data.

You can exercise these rights free of charge, by contacting [email protected]. If you contact us to exercise your rights, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 

Who has access to your personal data?

We have implemented appropriate technical and organizational measures to protect your personal data against loss, unlawful access, etc. The number of persons with access to your personal data is limited. Only individuals associated with Camurus that need to process your personal data in accordance with the purposes above will have access to your personal data.

We may share your personal data with other companies within the Camurus group or with other parties working as consultants for Camurus only if necessary to fulfil the purpose stated herein.

We may also share your personal data with external parties that carry out services on our behalf or that we otherwise collaborate with to the extent necessary for the purposes identified herein, such as IT-suppliers, pharmacovigilance service providers, clinical research organizations (CROs), collaboration partners such as recruitment agencies, providers of PR and communication services, providers of CRM-systems, or other business partners of Camurus. Furthermore, your personal data may be shared with regulatory and governmental authorities if required under applicable laws and regulations or otherwise for the purposes set forth herein.

Your personal data will only be transferred to a country outside of EU/EEA if necessary for us to fulfil the purpose of our processing stated herein. When transferring personal data to countries outside the EU/EEA, Camurus will take reasonable efforts and security measures necessary to keep your information secure, and will ensure that the transfer takes place in accordance with applicable laws and regulations.

Additional disclosures for California residents

This section supplements the other parts of our privacy notice, and provides additional disclosures for California residents under the CCPA. For purposes of this privacy notice, the term “personal data” includes “personal information” as defined by the CCPA.

Categories of personal data we collect

We may collect the following categories of personal data about California residents. Note that the categories of personal data that we collect about you may vary depending on the nature of your relationship with us as more fully described in Part I of this privacy notice.

  • Identifiers
  • Personal information described in Cal. Civ. Code § 1798.80(e)
  • Characteristics of protected classifications under California or federal law
  • Commercial information
  • Internet or other electronic network activity information
  • (Non-precise) geolocation data
  • Professional or employment-related information
  • Inferences
  • Personal information collected and analyzed concerning a consumer’s health

Additional California privacy rights

In addition to the rights already identified in this privacy notice, residents of California or someone designated to submit the request on their behalf, may exercise the following rights by contacting [email protected]. We will not discriminate against you or treat you differently for exercising your lawful privacy rights.

  • Right to Know. You have the right to know the categories of personal data we have collected about you, including the categories of sources from which the personal data was collected; our business purposes for collecting or disclosing personal data; the categories of recipients to which we disclose personal data; and the categories of personal data that we disclosed for a business purpose, and for each category identified, the categories of recipients to which we disclosed that particular category of personal data.
  • Right to Opt Out of Sales and Sharing. We do not sell personal data or share personal data for cross-context behavioral advertising, as “sale” and “share” are defined by the CCPA, including the personal data of children under 16. Because of this, this right is not applicable.
  • Right to Limit Use and Disclosure of Sensitive Personal Data. We do not use or disclose sensitive personal data for purposes to which the right to limit applies, so we do not offer this right.

Last updated: March 2025

Privacy Notice for Australian residents

1. Privacy Notice


1.1 Purpose

As a healthcare company, Camurus Pty Ltd (Camurus) recognizes the importance of privacy and is committed to the management and handling of Personal Information and Sensitive Information in an open and transparent way. Camurus is required to comply with the Australian Privacy Act 1988 (Cth) (Privacy Act) and this policy creates a framework to ensure that any Personal Information Camurus holds is collected, used, stored and disclosed in accordance with the Australian Privacy Principles in the Privacy Act.

Your Personal Information is held securely in accordance with this Privacy Policy and applicable privacy laws and is treated with respect and care. You have the right to contact us to access or correct your Personal Information. We encourage you to contact us if you have questions or concerns about your privacy or how your Personal Information is handled by Camurus.

1.2 Scope

This Privacy Policy documents the handling of Personal Information by and on behalf of Camurus, both within and outside of Australia.

This policy does not apply to the handling of Personal Information about Camurus employees.

1.3 Regulatory environment

As a healthcare company which deals with Personal Information and Sensitive Information, Camurus has an obligation to respect the privacy of individuals and to follow the Australian privacy laws, which include:

  • the Privacy Act 1988 (Cth) (as amended from time to time);
  • the National Privacy Principles contained in Schedule 3 to the Privacy Act or where applicable, the Australian Privacy Principles contained in Schedule 1 of the Privacy Act;
  • all other applicable laws that require a person to observe privacy or confidentiality obligations in respect of Personal Information.

In addition, Camurus assesses whether the GDPR applies to any personal data it collects, processes or stores. Accordingly, please notify Camurus in writing if you are currently, or in the future become, a resident of the European Union, so that Camurus can assess whether any Personal Information it holds falls within the scope of the GDPR.

2. Personal Information

Camurus may collect and hold information about individuals who may be customers, members of the general public, job applicants, business contacts, healthcare professionals and others.

The information Camurus typically collects and holds and processes is detailed below.

2.1 Members of the public
  • Information obtained when you access Camurus’ websites
  • Information you provide when calling Camurus’ medical affairs line or reporting an adverse event, including name/initials, occupation, home/work address, telephone number, email address, gender, date of birth, age or age range, pregnancy, medication, medical history including drug of dependence, doctor’s details, details of adverse event
  • Information from any patient support programmes which Camurus runs, including de-identified details (your initials and date of birth), age or age range, medication, medical history including drug of dependence, doctor’s details
2.2 Healthcare professionals
  • Your name, business address, business telephone number(s) and email address
  • Professional details, including provider number
  • Practice specialty including areas of interest
  • Membership of professional associations
  • Practice and/or business information including, where applicable, interest in Camurus products
  • Information relating to your patients, following Adverse Event reporting, product complaints or Medical Information line enquiries, including patient drug of dependence
  • Information relating your participation in Camurus sponsored or supported clinical trials, conferences or other educational events
  • Information from public domain websites
  • Information obtained when you access Camurus’ websites
  • Information and all notes obtained during telephone sales calls, including date and duration of the call, call outcome, follow-up required
  • Information about patients obtained when reporting adverse events required for reporting to regulatory authorities and for safety data reporting by Camurus’ global pharmacovigilance function
  • Frequent flyer numbers, passport details and next of kin details, when Camurus sponsors or arranges your travel to educational events or for business relating to Camurus
2.3 Business contacts
  • Your name, business address, business telephone number(s) and email address
  • Dealings with Camurus in respect of general business relationships
  • Work, professional and employment references, reports and assessments
  • Information from public domain websites
  • Information obtained when you access Camurus’ websites
  • Bank information for payment of invoices
  • Health and/or vaccination status for relevant public health/pandemic instances, where you will attend Camurus offices or have face-to-face contact with Camurus personnel or customers
2.4 Job applicants

The types of Personal Information Camurus collects from job applicants, including for both employment and contract positions, may include:

  • Employment history
  • Qualifications
  • Residential address
  • Date of birth
  • Opinions about suitability for employment from referees and previous employers
  • Taxation and banking details
  • Information from public domain and social media websites
  • Information obtained when you access Camurus’ websites
  • Driver’s licence/passport details
  • Superannuation fund details
  • Next of kin
  • Psychometric testing results
  • Records of Medicines Australia course or code of conduct training completion
  • “Right to work” check to ascertain right to reside and work in Australia
  • Police clearance, where required for customer facing roles employment purposes
  • Vaccination status for relevant public health/pandemic instances, where relevant for the performance of the role being applied for

Job applicants have the right to not disclose Personal Information, however Camurus may not be able to assess a candidate’s suitability for employment when it does not receive all necessary information. Camurus will only disclose the Personal Information of job applicants to third parties with the consent of the job applicant, or as otherwise permitted in limited circumstances by law.

Once a position has been filled, all applications received by Camurus are filed and kept in Camurus’ human resources files. However, the following information, if previously collected, will not be retained for applicants who do not commence employment or a contract position with Camurus: bank account details, driver’s licence/passport, Tax File Number, superannuation fund details, next of kin.

3. Management of Personal Information 


3.1 How will Camurus collect your Personal Information

Wherever possible, Camurus will collect Personal Information about you directly from you. Nevertheless, on some occasions Camurus may collect your Personal Information from other sources, such as:

  • Third party agents or data providers
  • Public domain websites on the Internet
  • Electronic communications such as articles and information pieces in which you feature such as a health information site or a medical professional site
  • Publicly available directories and listings such as telephone directories
  • Newspapers, magazines, professional journals and the electronic media
  • The date, time and domain from which you access Camurus’ website
  • Personal interactions and/or communications with Camurus employees and/or contractors
  • Databases purchased from an external provider
  • Healthcare professionals
  • Carers

Personal information about you which Camurus collects and holds may vary depending on your particular interaction with Camurus and will be for a legitimate business purpose. Camurus will not collect Sensitive Information about you, such as information about your health or ethnicity without your consent.

3.2 Collection of your Personal Information through Camurus’ websites

Camurus’ websites provide for direct input of Personal Information under some circumstances.

In addition, Camurus’ websites make use of ‘cookies’ which are small text files that are stored in the visitor’s local browser cache. This enables recognition of the visitor’s browser to optimize the website and simplify its use. Most browsers are set up to accept these cookies automatically, however you can deactivate the storing of cookies or adjust your browser to inform you before the cookie is stored on your computer. Data collected via cookies will not be used to determine the personal identity of the website visitor.

Camurus expects to increasingly make use of web analytics, including analysis by third-party service providers, which may use IP addresses. While this may in some circumstances be ‘Personal Information’ neither Camurus nor the service providers have any interest in an individual’s browser activities and will not use the information to take any action targeted to individuals without having obtained that person’s consent.

3.3 How will Camurus hold and use your Personal Information

Customer Relationship Management (CRM) software

  • Information relating to healthcare professionals and third parties with which Camurus conducts business will be held on Camurus’ secure customer relationship management (CRM) software platform. This information will be accessed and used in the ordinary course of conducting business and for continuous and improved relationship management, including but not limited to communicating with you, order processing and fulfillment, accounting, responding to enquiries or complaints.
  • Sales data and call activity will be entered into databases run by third-party providers such as IQVIA and Prospection. Camurus may also provide those providers with your updated contact or other professional information, consistent with the use of such databases by other pharmaceutical companies.
  • Information relating to third parties with which Camurus conducts business will be used to facilitate the provision of products and services to Camurus.

Healthcare professionals

In addition to the uses of Personal Information specified in the CRM section, Camurus may use your information as follows:

  • To provide you with information relevant to your practice
  • To involve you in conferences and provide training and support relevant in Camurus’ products and therapy areas relevant to your practice
  • To assess your suitability for and involvement in advisory boards
  • To otherwise satisfy our legal and regulatory obligations
  • To report adverse events to regulatory authorities and for safety data reporting by Camurus’ global pharmacovigilance function.

Personal health information

  • Camurus will collect and record personal health information obtained from calls to Camurus’ medical affairs line when you or your carer report an adverse event related to a Camurus medication.
  • Your personal health information will be anonymised and included in reports to regulatory agencies and in Camurus records.

Other use and disclosure

Camurus may disclose information about you in the course of any of the uses described above, including to related businesses and third-party service providers for routine business purposes such as order delivery, marketing, hosting, data processing and validation, data storage or archiving, printing and mailing. Camurus will use only reputable service providers and will ensure that it enters into appropriate contractual provisions with service providers to safeguard your privacy.

If you conduct business with Camurus and as a consequence are a close contact of Camurus personnel, Camurus may disclose information about your visits to Camurus’ offices and/or interaction with Camurus’ personnel if required in relation to relevant public health/pandemic instances.

Camurus will otherwise only disclose Personal Information about you to a third party where required by law.

3.4 Adverse Event reporting

Camurus is required by law to report Adverse Events to relevant regulatory authorities, including the Therapeutic Goods Administration and overseas equivalent regulatory authorities in markets in which Camurus has current activities or intends to commence future activities. The following information is collected and used to fulfil these reporting requirements:

  • Identifiable patient information is required for an Adverse Event report to be validated, however only patient initials OR age OR gender is required.
  • Where Adverse Event reports require submission to local regulatory health authorities or to an in-licensed partner/distributor, a de-identified CIOMS-I form is used to collect and transmit the information (refer to section 1 for additional information).
  • Suspect Drug Information (name, strength, dosage, route of administration, therapy start and end date, indications for use)
  • Adverse Event details (date started/ended, outcome, causality).
  • Concomitant medications (if any)
  • Medical conditions (if available)
  • Name, profession, institution name and contact details of person reporting the Adverse Event. If the Adverse Event is reported by a patient, personal details are de-identified and contact details are withheld unless authorised to complete a follow-up, in which case the contact details are retained until they are no longer needed, at which time they are permanently deleted.

4. Cross border privacy


4.1 Overseas recipients

Camurus may transfer your Personal Information to affiliated Camurus companies and service providers located outside of Australia. Under these circumstances, your Personal Information will always be stored in a secure manner which is at least as robust as the practices followed by Camurus in Australia.

  • Your Personal Information may be aggregated with data from other Camurus sources and stored or processed on computers or web-based database systems located outside Australia where data protection laws may differ from ours. Camurus’ IT servers, databases and cloud-based data centres are located globally.
  • Your Personal Information may be stored, maintained and processed on computers or web-based database systems at Camurus which may be accessed by and shared with any affiliate within the global Camurus Group (Camurus Affiliates) and with third-parties working with Camurus Affiliates. Our overseas related corporate bodies are located in the European Union, amongst others.
  • Some of our overseas service providers, including our IT service providers, are located globally including in the European Union. Where Camurus uses external service providers located in countries outside of Australia, Camurus takes reasonable steps, including by contract provisions, to ensure that these service providers do not breach the Australian privacy laws.
  • We may disclose your Personal Information to regulatory authorities overseas, such as the European Medicines Agency, ethics committees, or otherwise as required by law.
4.2 European General Data Protection Regulation (GDPR)

Camurus’ parent company and many of Camurus’ affiliates are subject to the GDPR. Although many of the privacy principles of the GDPR are similar to the Act and other Australian privacy laws, there are some differences. If you are a European resident, Camurus may be subject to GDPR in relation to Personal Information it holds about you. Accordingly, we request that you notify us if you are a European resident when you transfer your Personal Information to us or if you are aware that we are collecting your Personal Information. Your Personal Information will still be subjected to the same information security standards as are applied to all Personal Information held by Camurus and its global affiliates. However, we may manage your Personal Information in a different manner to take account of data portability entitlements and other GDPR-specific requirements.

5. Data Management


5.1 Data security

Camurus uses technical and organisational security precautions to protect your data from misuse, interference or loss and from unauthorised access, modification or disclosure.

Camurus’ security procedures are continuously revised based on new technological developments to ensure that any Personal Information that is provided to Camurus by you through Camurus’ systems will be protected against possible misuse by third parties.

In the event of an actual or suspected data breach, Camurus will follow the procedures outlined in its Mandatory Data Breach Response Plan, including

  • containing the data breach
  • conducting a risk assessment to assess the severity rating of a suspected or known data breach
  • assessing whether an Eligible Data Breach has occurred.

If an Eligible Data Breach has occurred, Camurus may report the data breach to third parties such as:

  • Camurus’ financial services provider
  • police or law enforcement bodies
  • the Australian Securities & Investments Commission (ASIC)
  • the Australian Taxation Office (ATO)
  • the Australian Transaction Reports and Analysis Centre (AUSTRAC)
  • the Australian Cyber Security Centre (ACSC)
  • the Australian Digital Health Agency (ADHA)
  • the Department of Health
  • State or Territory Privacy and Information Commissioners
  • Australian Health Practitioner Regulation Agency
  • professional associations and regulatory bodies
  • insurance providers.

Camurus will contact you if you have been personally impacted by an Eligible Data Breach.

5.2 Data retention

Camurus will maintain your Personal Information for as long as is necessary to fulfil the purposes for which it was collected and for additional legal purposes related to Camurus’ legitimate business interests. If Camurus becomes aware that you are a European resident, it will ensure that your Personal Information is kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the Personal Information is processed. Camurus will delete from its records Personal Information which is no longer required.

If Camurus is required to retain Personal Information (e.g. Adverse Event records), then wherever practicable, it will be held in a de-identified form.

5.3 Data access and correction

You may request access to Personal Information Camurus holds about you at any time. If you believe your Personal Information is inaccurate, out of date, incomplete, irrelevant or misleading, you may request to have it corrected and/or supplemented.

Requests to access or correct Personal Information should be sent to the Privacy Officer. Please provide as much detail as possible to assist in the location of information Camurus may be holding about you, such as your name, contact details, any former name(s), and if possible the context, for example, your relationship with Camurus. Please specify if you are seeking access to specific Personal Information.

Camurus will respond to your request within 30 days of receipt or within any further time notified to you in writing, or if you are a European resident, will correct any of your inaccurate personal data without undue delay. Camurus will take reasonable steps to verify the identity of any person requesting access to or correction of their Personal Information to ensure that the person making the request is actually the data subject.

5.4 Deletion of data

You may notify Camurus at any time if you do not wish Camurus to retain your Personal Information. Camurus will comply with all such requests wherever practicable and lawful. Camurus will take reasonable steps to verify the identity of any person requesting erasure of their Personal Information to ensure that the person making the request is actually the data subject. If you are a European resident, Camurus will correct any of your inaccurate personal data without undue delay where the right to be forgotten applies.

6. Contact information


6.1 Complaints

All complaints regarding your Personal Information should be made in writing to Camurus’ Privacy Officer.

Camurus will respond to your complaint within 30 days of receipt of your correspondence or within any further time notified to you in writing.

If you are not satisfied with the outcome of the response you receive, we can refer you to the Office of the Australian Information Commissioner (as applicable) for further investigation.

6.2 Privacy Officer contact information

All requests relating to access, correction or deletion of Personal Information, or any other information relating to Camurus’ Privacy Policy should be made in writing to:

The Privacy Officer
Camurus Pty Ltd
Hyde Park Hub
223 Liverpool St
Darlinghurst, NSW, 2010
AUSTRALIA

Email: [email protected] and [email protected]
Phone: 1800 142038

Definitions

TermDefinition
CamurusCamurus Pty Ltd
Confidential informationInformation that is not known to, or readily accessible by, the public and disclosure of that information would cause harm to or disadvantage a person or organization. Access and disclosure of Confidential Information must be controlled and will only be given to persons who require access to perform their duties.
Data breachAn incident, in which Personal Information or Confidential Information is lost or subjected to unauthorized access, modification, disclosure, or other misuse or interference.
Eligible data breachA Data Breach which has caused serious harm to an individual requiring notification under the Notifiable Data Breaches Scheme under the Privacy Act.
GDPRThe General Data Protection Regulation (EU)
Personal InformationAny information or an opinion about an identified individual, or an individual who is reasonably identifiable, as defined in the Privacy Act, or which is classified as personal data under the GDPR.
Privacy actPrivacy Act 1988 (Cth).
Sensitive informationPersonal Information categorised as Sensitive Information under the Privacy Act, including but not limited to health records.