Privacy Policy And Notice Of Information Practices

Effective Date: March, 2018

BioMarin Pharmaceutical Australia Pty Limited (“BioMarin,” “we”, “us,” or “our”) respects the privacy and values the confidence of our customers, visitors, visitors to our websites and online services, partners, patients, and employees.

BioMarin complies with all applicable requirements under the Privacy Act 1988 (Cth) (“Privacy Act”), the Australian Privacy Principles (“APPs”) (Schedule 1 to the Privacy Act) and other applicable State and Territory based privacy legislation, with respect to the collection, use, management, storage and disclosure of your personal information. Any terms in this Privacy Policy have the same meaning as in the Privacy Act unless the context requires otherwise.

This Privacy Policy and Notice of Information Practices (“Privacy Policy”) sets forth BioMarin’s practices regarding the collection, use, management, storage, disclosure and security of personal information that you entrust to us through our websites, as part of online services or in written documents or information provided to us in person or over the telephone (collectively, the “Services”). This Privacy Policy also explains how you can contact us to access, correct or delete your personal information from our records or make a complaint.

Please read the entire Privacy Notice before using our Services. By using the Services, you agree to abide by the terms of this Privacy Policy.

Collection of Personal Information

This Privacy Policy applies to BioMarin’s collection and use of personal information (including sensitive information) from:

• patients and patients’ relatives and next of kin;
• health service providers, including health professionals;
• employees, contractors, suppliers, and service providers engaged by us; and
• other individuals engaged by or providing services to us.

We may collect the following personal information when you use our Services, access or submit various content or features, or directly contact us with questions or feedback:

• your contact information, including your name, email address, postal address, and telephone number;
• demographic information, such as age information and gender;
• demographic information, such as age information and gender;
• employment history, including job title, skills and background checks (including personal information contained in curricula vitae);
• your stories, comments, photos or other information posted in our interactive online features;
• audio or video footage of you, as well as photographs, recorded or taken at our offices;
• your affiliation with any hospital and its contact details;
• your health information, including your medical history, family history and other information we are provided with or we collect in the course of providing our Services;
• your specialisation or area of practice as a healthcare professional; and
• other personal information we need to provide our Services that you send to us.

We also may collect certain information automatically when you visit our online Services, including:

• your browser type and operating system;
• your Internet Protocol (IP) address, which is the number automatically assigned to your computer whenever you access the Internet and that can sometimes be used to derive your general geographic area;
• other unique identifiers, including mobile device identification numbers;
• sites you visited before and after visiting our online Services;
• pages you view and links you click on within our online Services;
• information collected through cookies, web beacons, and other technologies;
• information about your interactions with email messages, such as the links clicked on and whether the messages were opened or forwarded; and
• standard server log information.

We may use cookies, pixel tags, and similar technologies to automatically collect the above information. Cookies are small pieces of information that are stored by your computer’s web browser. Pixel tags are very small images or small pieces of data embedded in images, also known as “web beacons” or “clear GIFs,” that can recognise cookies, the time and date a page is viewed, a description of the page where the pixel tag is placed, and similar information from your computer or device. By using our online Services, you consent to our use of cookies, pixel tags and similar technologies. You can decide if and how your computer will accept a cookie by configuring your preferences or options in your browser. However, if you choose to reject cookies, you may not be able to use certain online products, services or features on the Services.

Response to “Do Not Track” Signals

Some Internet browsers include the ability to transmit “Do Not Track” signals. Since uniform standards for “Do Not Track” signals have not yet been adopted, BioMarin does not process or respond to “Do Not Track” signals.

Purposes for Collection, Holding, Use and Disclosure of Personal Information

We collect, hold, use and disclose personal information that we collect through the Services for a variety of purposes, including to:

• Provide you with the products, promotions, services, and information you request;
• contact you via email and otherwise about products, trade and other promotions, services, and events that we think might be of interest to you (i.e. for the purposes of direct marketing);
• maintain or administer the Services, perform business analyses, or for other internal purposes to improve the quality of our business, the Services, and other products and services we offer;
• providing recruitment-related services and other purposes;
• customise and personalise your use of the Services;
• comply with applicable legal and regulatory obligations; and
• as otherwise described to you at the point of collection or pursuant to your consent.

If we do not collect your personal information, we may not be able to perform all or some of the functions and activities (as described above).

Disclosure of Personal Information

We are committed to maintaining your trust, and we want you to understand when and with whom we may disclose the personal information we collect.

• Corporate Parents and Affiliates. We may share your personal information with our corporate parents and other affiliated entities for a variety of purposes, including business, operational, and marketing purposes.
• Service Providers. We may share your personal information with service providers that perform certain functions or services on our behalf (such as to host our online Services, manage databases, perform analyses, or send communications for us).
• Other Parties When Required By Law or as Necessary to Protect the Services. We may disclose your personal information to third parties in order to:
  • protect the legal rights, safety, and security of BioMarin, our corporate parents and affiliates, and the users of our Services;
  • enforce our Terms of Use on any of our websites];
  • prevent fraud (or for risk management purposes); and
  • comply with or respond to law enforcement or legal process or a request for cooperation by a government entity, whether or not legally required.
• In Connection With a Transfer of Assets. If we sell all or part of our business, make a sale or transfer of assets, or are otherwise involved in a merger or business transfer, or in the event of bankruptcy, we may transfer your personal information to one or more third parties as part of that transaction.
• Other Parties With Your Consent. We may share personal information about you with third parties when you consent to such sharing, including when you post information to a user profile or a public area of our online Services, such as a chat room, forum, blog, or other community tool.
• Aggregate Information. We may disclose to third parties information that does not describe or identify individual users, such as aggregate website usage data or demographic reports.

We will only disclose your personal information (including sensitive information) in accordance with applicable law.

Disclosure to Overseas Recipients

The recipients of your personal information may be located outside of Australia (primarily, but not exclusively, in the United States) (“Overseas Recipients”).If we collect your Personal Information, you are taken to consent to the disclosure, transfer, storing or processing of your Personal Information outside of Australia. You acknowledge and agree that by providing your consent:

• we will not be required to take steps as are reasonable in the circumstances to ensure that third parties comply with the APPs;
• if the Overseas Recipient handles your Personal Information in breach of the APPs, we will not be liable under the Act and you will not be able to seek redress under the Act;
• the Overseas Recipient may not be subject to any privacy law or principles similar to the APPs;
• you may be unable to seek redress overseas; and
• the Overseas Recipient is subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority.

We may allow third parties to place and read their own cookies, web beacons, Local Shared Objects (sometimes referred to as “Flash Cookies”), and similar technologies to collect information through our online Services. For example, our third party service providers may use these technologies to collect information that helps us with traffic measurement, research, and analytics. Local Shared Objects are similar to standard cookies except that they can be larger and are downloaded to a computer or mobile device by the Adobe Flash media player. Please note that you may need to take additional steps beyond changing your browser settings to refuse or disable Local Shared Objects and similar technologies. For example, Local Shared Objects can be controlled through the instructions on Adobe’s Setting Manager page. If you choose to refuse, disable, or delete these technologies, some of the functionality of the Services may no longer be available to you.

Direct Marketing

We may use or disclose your personal information (other than sensitive information including health information) for direct marketing if:

• we collected the information from you;
• you would reasonably expect us to use or disclose the information for direct marketing;
• we provided you with a simple way to opt out of receiving direct marketing; and
• you have not made such an opt out request to us.

We may also use or disclose your Personal Information (other than Sensitive Information) for direct marketing if:

• we collected the information from you and you would not reasonably expect Knox Medical to use or disclose the information for direct marketing, or we collected the information from someone other than you;
• either you have consented to the use or disclosure of the information for direct marketing, or it is impracticable to obtain that consent;
• we provided you with a simple way to opt out of receiving direct marketing; and
• in each direct marketing communication with you:
• we include a prominent statement that you can request to opt out;
• we otherwise draw your attention to the fact that you can request to opt out; or
• you have not made such a request to Knox Medical.

We will only use or disclose your sensitive information for the purpose of direct marketing if you have consented to the use or disclosure of that information for direct marketing.

If the personal information that we used to send you direct marketing material was collected from a third party, you can ask us to identify that third party unless it is unreasonable or impracticable.

You can request not to receive direct marketing communications from Knox Medical. If we use or disclose your Personal Information for the purpose of facilitating direct marketing by other organisations, you may request that we do not use or disclose your information for this purpose.

We will give effect to your request not to receive direct marketing from Knox Medical or an entity facilitated by Knox Medical free of charge within a reasonable time.

Holding Personal Information and Security

BioMarin may hold your personal information in hardcopy files or in electronic form. If your personal information is held in electronic form, it will be stored on servers located overseas, primarily (but not exclusively) in the United States. These servers are owned or operated by BioMarin’s related entities and/or outsourced third party data storage providers.

We maintain reasonable security procedures to help protect against loss, misuse, interference or unauthorised access, disclosure, modification or destruction of the personal information you provide through the Services. However, no data transmission over the Internet or stored on a server can be guaranteed to be 100% secure. As a result, while we strive to protect your information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and cannot be responsible for the theft, destruction, or inadvertent disclosure of your information. In the event that we believe that the security of your personal information may have been compromised, we will endeavor to give you appropriate notice as quickly as possible, including by email. You consent to our use of email for such notification.

Your Choices and Your Personal Information

If at any time you wish to stop receiving emails or other communications from us, or if you have submitted personal information through the Services and would like to have that personal information deleted from our records, please notify us　at the address, phone number, or email provided at the end of this policy.

You may also request access to your information held by BioMarin, request that we correct or amend your personal information, or complain about a privacy breach by contacting us by completing the form found here or by telephone at +612 9967 8662. We will respond to any complaints within a reasonable period.

Links to Third Party Content

As a convenience to our visitors, our online Services may link to a number of sites, services, and other content that are operated and maintained by third parties. These third parties operate independently from us, and we do not control their privacy practices. Such links do not constitute an endorsement by BioMarin of the content or the persons or entities associated therewith. This Privacy Policy does not apply to third party content. We encourage you to review the privacy policies of any third party to whom you provide information.

Privacy Policy Updates

This Privacy Policy may be revised from time to time as we add new features and services, as laws change, and as industry privacy and security best practices evolve. We display an effective date on the policy in the upper left corner of this Privacy Policy so that it will be easier for you to know when there has been a change. If we make any material change to this Privacy Notice regarding use or disclosure of personal information, we will provide advance notice through the Services.

Contact Us

If you have any questions about this Privacy Policy, you may contact us at:

BioMarin Pharmaceutical Australia Pty Ltd
119 Willoughby Road, Crows Nest, NSW 2065
Phone: +612 9967 8662
E-mail: medinfoasia@bmrn.com