Home page > Privacy Policy
 

Privacy Policy

 

1. Introduction

  • Chiesi Australia Pty Ltd ("the Company") collects, holds, uses and/or discloses personal information relating to individuals (including, but not limited to, its customers, contractors, suppliers and employees) in the performance of its business activities, as and when required.
  • This document sets out the Company's policy in relation to the protection of personal information, as required by applicable law, including but not limited to the Australian Privacy Act 1988 (Cth), the Australian Privacy Principles, the New Zealand Privacy Act 2020 (NZ) and the New Zealand Information Privacy Principles.
  • The Privacy Principles regulate the handling of personal information.

 

2. What is personal information?

  • Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

 

3. Employee records

  • This policy does not apply to the collection, holding, use or disclosure of personal information that is considered an employee record in Australia.

  • An employee record is a record of personal information relating to the employment of an employee. Examples of personal information relating to the employment of the employee include, but are not limited to, health information and information about the engagement, training, disciplining, resignation, termination, terms and conditions of employment of the employee. Please see the Australian Privacy Act for further examples of employee records.

  • While this policy does not apply to employee records in Australia, we are committed to handling such records confidentially and in accordance with applicable employment laws. We ensure that employee records are only accessed by authorised personnel for legitimate business purposes.

  • The collection, holding, use or disclosure of personal information contained in employee records in New Zealand will be subject to the New Zealand Privacy Act, the New Zealand Information Privacy Principles and this privacy policy.

 

4. Kinds of information that the Company collects and holds

  • The Company collects personal information that is reasonably necessary for one or more of its functions or activities.
  • The type of information that the Company collects and holds may depend on your relationship with the For example:
    • Employee (in relation to New Zealand only) or Candidate: if you are an employee or a candidate seeking employment with the Company, the Company may collect and hold information including your name, address, email address, contact telephone number, gender, age, employment history, references, resume, medical history, emergency contact, taxation details, qualifications and payment details.
    • Customer: if you are a customer of the Company, the Company may collect and hold information including your name, address, email address, contact telephone number, Chiesi events and educational programs.
    • Supplier: if you are a supplier of the Company, the Company may collect and hold information including your name, address, email address, contact telephone number, business records, billing information, information about goods and services supplied by you.
    • Referee: if you are a referee of a candidate being considered for employment by the Company, the Company may collect and hold information including your name, contact details, current employment information and professional opinion of candidate.
    • Sensitive information: the Company will only collect sensitive information where you consent to the collection of the information and the information is reasonably necessary for one or more of the Company’s functions or activities, or as otherwise permitted by applicable law. Sensitive information includes, but is not limited to, information or an opinion about racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preferences, criminal record, health information or genetic information.

5. How the Company collects and holds personal information

  • The Company must collect personal information only by lawful and fair means. The Company will collect personal information directly from you if it is reasonable or practicable to do so.

  • The Company may collect personal information in a number of ways, including without limitation:

    • through application forms;

    • by email or other written mechanisms;

    • over a telephone call;

    • in person;

    • through transactions;

    • through our website;

    • through surveillance camera;

    • by technology that is used to support communications between both parties;

    • through publicly available information sources (which may include telephone directories, the internet and social media sites);

    • direct marketing database providers.

  • When the Company collects personal information through publicly available information sources, it will manage such information in accordance with the applicable Privacy Principles.

  • Unless an exception applies, at or before the time the Company collects personal information indirectly, or if not reasonably practicable, as soon as practicable after, the Company will take reasonable steps to notify you or ensure that you are made aware of the following:

    • the identity and contact details of the Company;

    • the fact that the Company has collected personal information about you, including where the Company has collected personal information from someone other than you or where you were not aware at the time of collection that such information was being collected;

    • whether the collection of personal information is authorised or required by law, and if so, the particular law authorising or requiring the collection;

    • the purpose for which the Company collects the personal information;

    • the consequences if the Company does not collect some or all of the personal information; the intended recipients or classes of intended recipients to which the Company may disclose the personal information;

    • how you may access and seek correction of personal information held by the Company and how you may complain about a breach of the applicable Privacy Principles, and how the Company will deal with such complaints; and

    • whether the Company is likely to disclose personal information to overseas recipients, and the countries in which those recipients are likely to be located.

  • Unsolicited personal information is personal information that the Company receives which it did not solicit. Unless the Company determines that it could have collected the personal information in line with the applicable Privacy Principles or the information is contained within a Government record, it must either destroy the information or take steps to ensure it is de- identified in accordance with the applicable Privacy Act.



6. Purposes for which the Company collects, holds, uses and/or discloses personal information

  • The Company will collect personal information if it is reasonably necessary for one or more of its functions or activities.
  • The main purposes for which the Company may collect, hold, use and/or disclose personal information may include but are not limited to:
    • recruitment functions;
    • customer service management;
    • training and events;
    • surveys and general research;
    • business relationship management; and
    • management of your employment ralationship.
  • The Company may also collect, hold, use and/or disclose personal information for such purposes for which you have provided your consent or required or authorised under
  • Direct marketing:

    • The Company may, with your consent, use or disclose personal information (other than sensitive information) about you for the purpose of direct marketing (for example, advising you of new goods and/or services being offered by the Company).

    • The Company may use or disclose sensitive information about you for the purpose of direct marketing if you have consented to the use or disclosure of the information for that purpose.
    • You may opt-in during the initial collection process and can unsubscribe at any time by contacting us or using the unsubscribe mechanism provided in communications. You can also opt out of receiving direct marketing communications from the Company by contacting the Privacy Officer in writing or if permissible accessing the Company’s website and unsubscribing appropriately.

 

7. Disclosure of Personal Information

  • The Company may disclose your personal information for any of the purposes for which it is was collected, as indicated under clause 6 of this policy, or where it is under a legal duty to do so.
  • We may disclose your personal information to our related entities, to third parties (such as our suppliers), to regulatory agencies or law enforcement We may also disclose your personal information to any other parties with your consent.
  • Before the Company discloses personal information about you to a third party, the Company will take steps as reasonable in the circumstances to ensure that the third party does not breach the applicable Privacy Principles in relation to the information. 

 

8. Access to personal information

  • If the Company holds personal information about you, you may request access to that information by putting the request in writing and sending it to the Privacy Officer. The Company will respond to any request within a reasonable period, and a reasonable charge may apply for giving access to the personal information.
  • We may request information from you for the purpose of verifying your identity in order for us to consider and respond to your request.

  • There are certain circumstances in which the Company may refuse to grant you access to your personal information. In such situations, the Company will give you written notice that sets out:

    • the reasons for the refusal; and

    • the mechanisms available to you to make a complaint.

 

9. Correction of personal information

  • If you believe the Company holds personal information about you that is inaccurate, out-of- date, incomplete, irrelevant or misleading, you may request correction of your personal information by contacting our Privacy Officer in writing.

  • If the Company holds personal information and you make a request in writing addressed to the Privacy Officer to correct the information, the Company must take steps as reasonable to correct the information and the Company will respond to any request within a reasonable period.

  • There are certain circumstances in which the Company may refuse to correct the personal information. In such situations the Company will also give you written notice that sets out:

    • the reasons for the refusal; and

    • the mechanisms available to you to make a complaint. 

  • If the Company correct personal information that it has previously supplied to a third party and you request us to notify the third party of the correction, the Company will take such steps as are reasonable to give that notification unless impracticable or unlawful to do so.

  • In relation to personal information collected in New Zealand, if we refuse your request for a correction, you have the right to provide us with a statement of correction and request that we attach the statement of correction to your information. We will take reasonable steps to ensure the statement of correction is attached to the information in a manner that ensures it will be read with the information.

 

10. Integrity and security of personal information

  • The Company will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that it:

    • collects is accurate, up-to-date and complete; and

    • uses or discloses is, having regard to the purpose of the use or disclose, accurate, up-to- date and complete.

  • The Company will take steps as reasonable in the circumstances to protect the personal information from misuse, interference, loss and form unauthorised access, modification or disclosure.

  • The Company implements a range of security measures such as encryption, access control, and secure server environments to protect the personal information we hold from misuse, interference, loss, unauthorised access, modification, or disclosure. We regularly review these measures to ensure they remain effective and are updated as necessary.

  • If the Company holds personal information it no longer needs for any purpose for which the information may be used or disclosed, the information is not contained in any Government record and the Company is not required by law to retain the information, it will take such steps as reasonable in the circumstances to destroy the information or to ensure it is de- identified.
  • We may disclose your Personal Information to third parties and service providers located overseas in connection with any purpose, including to overseas cloud computing hosts. We take reasonable steps to ensure that any such transfer of Personal Information will only be undertaken in compliance with the applicable Privacy Act and does not breach the privacy obligations relating to your Personal Information.
  • Before disclosing personal information to overseas recipients, the Company will take reasonable steps to ensure that the recipient does not breach the applicable Privacy Principles in relation to the information, or we will obtain your consent before doing so. This may involve ensuring the overseas entity is subject to laws or binding schemes similar to the applicable Privacy Principles or including relevant safeguards in contracts. Subject to clause 10.5, we are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.

 

11. Anonymity and Pseudonymity

  • You have the option of not identifying yourself, or using a pseudonym, when dealing with the Company in relation to a particular This does not apply:
    1. where the Company is required or authorised by or under applicable law, or a court/tribunal order, to deal with individuals who have identified themselves; or
    2. where it is impracticable for the Company to deal with individuals who have not identified themselves or who have used a pseudonym.
  • However, in some cases, if you do not provide the Company with your personal information when requested, the Company may not be able to respond to your request, consider your application for employment, or provide you with the goods or services that you are requesting.

 

12. Complaints

  • You have a right to complain about the Company’s handling of your personal information if you believe the Company has breached the applicable Privacy Principles.
  • If you wish to make such a complaint to the Company, you should first contact the Privacy Officer in writing. Your complaint will be dealt with in accordance with the Company’s complaints procedure and the Company will provide a response within a reasonable period.
  • If you are unhappy with the Company’s response to your complaint, you may refer your complaint to the Office of the Australian Information Commissioner or New Zealand Privacy Commissioner (as applicable).

 

13. Privacy Officer Contact Details

  • The Company's Privacy Officer can be contacted in the following ways:
    • Telephone number:- +613 9077 4486
    • Email address: dpo.au@chiesi.com
    • Postal address: Suite 1, Level 7, 500 Bourke Street, Melbourne VIC 3000
 
© 2026 Chiesi Australia Pty Ltd
Level 7, Suite 1, 500 Bourke
Street, Melbourne VIC 3000
Phone +61 3 9077 4486
info.au@chiesi.com
CHIESI ON THE WEB