PRIVACY POLICY

1. Introduction
At Vorna Pty Ltd (hereinafter referred as “we”, “us” or “our”) your privacy is important to us. We are committed to ensuring that personal information and credit information we hold about you is held securely and that your privacy is protected. We collect and use personal information only to the extent permitted by law, particularly the Privacy Act 1988 (Australia) and the Privacy Act 1993 (NZ) (Privacy Acts), which Vorna is subject to. This policy explains how we handle personal information that we hold about you. It details the types of personal information we collect, how we may use that information and who we allow to access it. In addition to this policy we will on occasion provide you with specific privacy statements about how we use particular information that we collect from
you. Your use of our website(s) or our services, your purchase of our products or your continual engagement with Vorna signifies implied agreement to this Privacy and Credit Reporting Policy. Please note that our website(s) may contain hyperlinks to third party websites that are not managed by us, and are therefore not subject to this Privacy and Credit Reporting Policy.

2. Personal Information

‘Personal information’ referred to in this Privacy Policy consists of any:
• information about an identifiable individual; or
• information or opinion that will enable your identity to be reasonably ascertained.
Personal information can include your name and contact details such as your residential or postal address, email address, date of birth or your telephone number. Information which cannot be reasonably linked to your identity (e.g. IP address, browser information, or the number of users of a website) does not constitute personal information and is not regulated by the Privacy Acts. Vorna collects and stores personal information about its customers, medical and allied healthcare professionals and members of the public. The personal information collected may vary depending on your particular interaction with Vorna but will be limited to the information necessary to record and manage our interaction with you or as permitted or required by law. The personal information that Vorna collects is primarily related to our products and services. By providing your personal information to us and/or by continuing to engage with Vorna, you consent to your personal information being collected, stored, used and disclosed in accordance with this Privacy and Credit Reporting Policy. If we provide you (or an entity related to you) with credit, we may also collect and hold credit information and credit eligibility information about you. Without limitation, this may include credit reports, identification information, consumer credit liability information, details of amounts payable to us and the terms of the relevant credit, and information relating to payments made, default information and payment information.

3. Collection of information

Vorna may collect personal information (including credit information and credit eligibility information) about healthcare professionals (e.g. naturopaths, pharmacists etc.), customers or members of the public:
• when an order is placed for our products;
• when you open a customer account with us;
• in the course of responding to enquiries;
• during consultations with Vorna staff or meetings with our company representatives;
• from adverse event reports; and
• from Vorna-sponsored programs (e.g. trade events, retail events, membership
programs, competitions or promotions, clinical trials, expert panels, educational
seminars and disease management programs).
Vorna may collect personal information about prospective employees during the recruitment process to assess whether an applicant is suitable for a role with us. If you are not ultimately successful in securing employment with Vorna, your personal information collected during the recruitment process will be handled in accordance with this Privacy and Credit Reporting Policy. Occasionally, we may also collect personal information about you from third parties. For example, we may collect personal information about you from an entity related to you or
credit eligibility information about you from Credit Reporting Bodies (CRBs) Personal information may be collected from you in person, through websites operated by Vorna (for example, through online forms, questionnaires or enquiries), by letter, facsimile, email or through telephone enquiries. The types of personal information we collect depends on the circumstances in which the information is collected. Personal information that may be collected about you includes:
• your name and contact details (eg. address, email, telephone number, business and professional details (if applicable) etc.);
• the nature of your enquiry; and
• other details about you that might be relevant, such as your age, gender, diet, lifestyle, medical history and medical condition or medical treatment.
We may collect sensitive information, such as health information when it relates to provision of our products to you. An example of sensitive information collected by us is a prescription issued by your health practitioner. You expressly acknowledge and consent to our collection of sensitive information in this way. If you contact us by telephone, this information may be collected by Vorna as a recorded voice message where our staff are temporarily unavailable to answer a call and you
choose to leave a voice message. We will only collect personal information that you provide us and you are entirely free to decide whether or not to supply this information. However, you acknowledge and agree that if you do not provide sufficient or adequate information, Vorna may not be able to provide you with its full range of products and services or may not be able to fully assist you with your enquiry. You should be aware that your use of our website(s) does not reveal your identity, unless you have chosen to register and log into our website. Each time you visit our website, our web servers automatically save the name of your browser and operating system, your IP address, the website from which you accessed our website, the webpages you visit while with us and the date and time you spend on our website. Vorna’s servers save this information for security purposes. We may also evaluate anonymous or de-identified data sets for statistical purposes, for example to aggregate user activity, which may be used by Vorna to provide insight on the usage of its website.

4. Use of information

Vorna will use personal information for the primary purposes for which it is collected or for other related purposes as permitted by law including but not limited to the following purposes, where applicable:
• to manage your product order(s);
• if we are providing you (or an entity related to you) with credit, to assess your
creditworthiness (or the creditworthiness of your related entity which is receiving the credit);
• to maintain a record of medical enquiries, product complaints and adverse events
and to comply with our reporting obligations to relevant regulatory authorities such as the Therapeutic Goods Administration or the Natural Health and Supplementary
Products Authority. This information will also be used to monitor, assess and improve our products and services;
• to provide you with clinical services;
• to provide further information regarding our products or services (including advice) that you have requested;
• to provide you with material on our activities and products or that may be of interest to you, which you are entitled to opt out of receiving at any time;
• to administer trade events, retail events, membership programs, competitions,
promotions, clinical trials, conferences, expert panels, educational seminars, disease awareness or management programs or other programs organised or sponsored by us, which you agree to be involved with;
• to notify you of matters that we are required by law to notify you of (e.g. product
recalls); to monitor and prepare reports regarding the quality, safety and efficacy of
our products; to review our compliance with relevant regulations and codes of
conduct;
• to obtain feedback and customer satisfaction information to assist Vorna in improving its products and service offerings;
• for our internal management purposes, to manage our relationship with you and to manage the payment and recovery of amounts payable to us by you;
• to statistically analyse the distribution of our products (e.g. we might compile
personal information in order to determine the percentage of users that live in a
particular geographic area); and
• to generate customer lists for the purposes of market research.
Depending on the purposes for which your personal information is collected, Vorna may disclose your personal information to:
• its related entities outside of Australia and New Zealand including in the US, in which case your personal information will be collected, used, disclosed, managed and stored in accordance with this Privacy and Credit Reporting Policy;
• if we are providing you (or an entity related to you) with credit, CRBs, trade insurers and businesses assisting us with providing credit;
• if you have provided us with referees to assist with a credit application, a job
application or the assessment of a potential contract between you and us, the
referees you have provided;
• service providers that provide financial, legal, administrative or other services in
connection with the operation of our business, for example mailing houses, software developers, IT;
• service providers which process, store or back up information (which may be located overseas);
• maintenance providers and solicitors within or outside of Australia and New Zealand;
• regulatory authorities, within or outside of Australia and New Zealand; and
• other entities as permitted or required by law.
Our service providers are mainly located in Australia. However from time to time we may need to engage a service provider in a country not identified here. You acknowledge that by providing us with your personal information, you agree to the disclosure of your personal information to third parties operating outside of Australia and New Zealand. You acknowledge and agree that and we will not be liable to you for any breach of the Privacy Acts by these overseas third parties on the basis that you consent to such disclosure. Our staff and service providers who handle or obtain personal information are subject to obligations of confidentiality and privacy under the Privacy Acts, other applicable privacy laws and this Privacy and Credit Reporting Policy.
You acknowledge and agree that, Vorna may use or disclose your personal information:
• for other purposes for which you have provided your prior consent;
• for other purposes directly related to the purposes for which the information was
collected; or
• as required by or permitted under any law (including common law) or any direction of a Court or order of a Government authority or body.
 Vorna may collect and use information, which is not personal information (such as IP addresses), for security purposes, systems administration, to enforce compliance with Vorna’s trading terms and website usage terms to protect Vorna’s business, brands, products, services and website(s) and/or to enforce compliance with any applicable laws. If you fail to make a payment to Vorna as and when due or commit a serious credit infringement, we may disclose details of such events to CRBs. A CRB may use such information in reports given to other credit providers to help assess your creditworthiness. You have certain rights to request that CRBs do not use or disclose credit reporting information about you if you believe on reasonable grounds you have been or are likely to be a victim of fraud. You should contact the CRB directly using the contact details above if you wish to request this.
If requested by us, a CRB may use credit reporting information about you to assess
whether you may be eligible to receive direct marketing communications from us (i.e. prescreening). You have the right to request CRBs not to use credit reporting information about you for this purpose. You should contact the CRB directly using the contact details above if you wish to request this. Vorna will use de-identified information within its business where possible. De-identified information may be used to comply with and satisfy Vorna’s legislative and corporate reporting obligations, in which latter case the de-identified information will be sent to our related entities in the US.

5. Cookies

Cookies are small data files which are placed on your computer by web servers when you visit certain websites. Vorna’s website(s) use cookies to allow us to identify regular visitors and collect information about your usage of our website(s) (eg. your webpage viewing preferences). This enables us to provide a better and more relevant website service to you each time you revisit specific webpages. Vorna also utilises third- party plug-ins which may create cookies that may collect information about your visit to our website. Cookies do not collect nor store any personal information and do not personally identify users, although they do identify a user’s browser. Vorna does not have any control over, and therefore will not be responsible for, the content of the cookies created by third party plugins, the use made of any data collected by third party plug-ins, or the security of that data. The use of cookies derived from the third party plugins that we utilise do not collect any personal information and represents current best practice in accordance with W3C standards. Most browsers are set to accept cookies automatically. However, you can turn off the ‘Save Cookies’ function or set your browser so that it informs you whenever cookies are transmitted.

6. Session IDs

Session IDs are used to allow us to identify visitors as they browse various websites. Session IDs are essential and are created to allow you to interact with elements of our website(s), such as contact forms, and enables Vorna to distinguish your visit to its website from other concurrent users of its website. No personal information will be collected or saved through our use of session IDs. Session IDs expire as soon as you leave our website.

7. Security

We use a variety of technical measures to ensure the security of all data, whether electronic or in physical form. The security of our systems and processes is regularly reviewed to ensure ongoing protection against damage, loss and/or unauthorised access. Your personal information and credit information are stored in secured premises or in electronic databases requiring usernames and passwords for access only by authorised staff members. Our security precautions are regularly updated and improved in line with technical developments. Unfortunately, no data transmission over the internet or storage facility can be guaranteed to be 100% secure. Accordingly, Vorna cannot provide absolute assurance that the information you provide to us will be secure at all times and you agree that Vorna will not be held, and you must not hold Vorna, responsible for unauthorised access to personal information where it has taken reasonable steps to protect and secure that
information.

8. Access, Correction and Deletion rights

Vorna will endeavour to ensure that your personal information is accurate, up-to- date and complete. You are entitled to request access to and correction of your personal information held by Vorna if you believe it to be out of date or incorrect. Simply contact Vorna’s Privacy Officer as set out in section 12 below. Upon your reasonable request, Vorna will endeavour to provide you with access to or correct your personal information unless Vorna believes that denying access or correction
is required:
• by or permitted under any law (including common law and the various exceptions within the Privacy Acts) or any direction of a Court or order of a Government authority or body; or
• for other legal reasons.
 If Vorna refuses your request to access or correct your personal information, it will provide you with written reasons for its refusal. If you wish to stop receiving any communications from us and have your personal information deleted, please contact Vorna’s Privacy Officer as set out in section 12 below, and we will take all reasonable steps to delete it, unless we need to keep it for legal reasons (for a minimum period or otherwise). In addition, if you have any concerns about how your personal information has been collected, used or disclosed, you can contact Vorna’s Privacy Officer as set out in section 12 below and we will do our best to address your concerns to ensure that you are satisfied that there have been no breaches of privacy laws in relation to any personal information we hold about you.
Personal information that is obsolete and no longer required will automatically be destroyed except where required for data analysis purposes or where required to be retained for a minimum period in accordance with statutory requirements. If it is used for data analysis purposes, the personal information will be de-identified.

9. Making a complaint

If you have any concerns about how your personal information has been collected, used or disclosed, and you wish to make a complaint about a possible breach of privacy laws, you can contact our Privacy Officer. The Privacy Officer will investigate your concerns and take any necessary steps to resolve your complaint. We may need to contact you if we need further information to investigate your complaint and will advise you of the outcome of the investigation as soon as it is completed. We will endeavour to investigate and resolve your complaint within 30 days after receiving your complaint. If you are not satisfied with the outcome of the investigation, you can contact us again to discuss your concerns, or you may complain to the Australian Privacy Commissioner via www.oaic.gov.au or the New Zealand Privacy Commissioner via www.privacy.org.nz for New Zealand customers.

10. Hyperlinks to other Websites

Third party operators of websites which may be accessed via hyperlinks from Vorna’s website(s) may gather and store personal information as soon as you access their websites. You acknowledge and agree that Vorna does not accept any liability for those third party operators in the event that your personal information is collected, used, disclosed or shared by them. We encourage you to read their privacy policies separately.

11. Amendments to Privacy and Credit Reporting Policy

Vorna reserves the right to amend this Privacy and Credit Reporting Policy at any time. Visitors to Vorna’s website(s), healthcare practitioners, patients and consumers of Vorna’s products and services are responsible for carefully reading this policy on a regular basis to inform themselves of any amendments that may have been made. You acknowledge and agree that the amended Privacy and Credit Reporting Policy will apply between all relevant parties whether or not Vorna has given you specific notice of any such change.