LTR is committed to protecting the privacy of all individuals with whom it deals. This Global Privacy Policy (“Policy”) describes how LTR Pharma Limited (“LTR”), collects, uses, discloses, protects, and stores personal information collected, and what choices and rights you have with respect to that information. We take the privacy and security of your information very seriously and we are committed to ensuring that we collect, use, disclose and store your information in accordance with applicable data protection and privacy laws worldwide. 

1. Background and purpose

LTR is a biopharmaceutical company focused on the development and commercialisation of a fast-acting nasal spray treatment for erectile dysfunction. LTR is headquartered in Brisbane, Australia. LTR collects and holds personal information necessary for us to carry out our business. We collect, use, and disclose your personal information in accordance with this Policy. As an Australian-headquartered business, LTR is committed to protecting the privacy of information and to handling personal information in a responsible manner in accordance with Australian privacy legislation, including the Privacy Act 1988 (Cth), the Privacy Amendment (Enhancing Privacy Protection) Act 2012, the Australian Privacy Principles (APPs), and relevant Australian State and Territory privacy legislation (collectively the Australian Privacy Law).  LTR acts in accordance with applicable legislation concerning privacy in other countries and regions in which LTR operates, including but not limited to the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the UK Data Protection Act 2018 (amended 2020) (UK DPA).

2. Scope

This Policy applies to LTR’s handling of personal information or personal data regarding patients, healthcare professionals, customers, other third-party business associates, employees, and others and to the management of that personal information (collectively referred to as personal information). While this Policy is intended to establish a standard for our information processing activities globally, the laws of a particular country may limit the types of personal information we can collect or the manner in which we process that personal information. In those instances, LTR will comply with relevant local laws and regulations.

3. Policy

3.1 What information do we collect?

The types of personal information that we collect, and process may vary depending on your relationship with us as well as by jurisdiction based on applicable law.  The term “personal information” under this Policy refers to information about an identifiable individual, and may include:

• Contact details: including your name, address, telephone numbers, email addresses and social media handles/usernames.
• Demographic information: such as gender, citizenship, date of birth.
• Personal information in reports you submit to us: if you submit information about our products and services through our websites (for example, through a suspected adverse event reporting form), we will collect any personal information you include within your report.
• Health information: for example, you submit healthcare information to us reporting adverse events relating to our products.
• Employment information: if you apply for a job with us, we will collect information such as your employment history, references, and anything else you may include in the job application form or in any attachments such as CVs.
• Records of your discussions with us: when you contact us using the contact options on our websites (whether by email, phone, an online form or through social media (such as through Twitter or LinkedIn)), we may keep a record of the information you provide when doing this.
• Social media sites: we may collect aggregate statistical data and information you choose to share with us on social media (e.g., Twitter, LinkedIn, Facebook, YouTube).
• How you use our websites: we may collect information about the pages you look at and how you use them through the use of Cookies (please refer to the Cookies Notice available on LTR website).
• Location information: your smartphone or computer’s IP address may tell us your approximate location when you connect to our websites.
• Clinical trials: we may collect your personal information in the course of conducting clinical trials including the information provided when completing information sheets and forms, such as pre-treatment evaluation forms and patient consent forms.

3.2 How does LTR use my information

LTR collects and uses personal information to the extent necessary to conduct our business and pursue our legitimate business interests. Subject to applicable laws, we may collect, use, process and disclose relevant portions of your personal information in order to:

• administer, operate, facilitate and manage LTR’s business and your relationship with LTR, including communicating with you in relation to our business, products and services;
• fulfil a contract we may have with you, such as where you have made a purchase from us;
• facilitate our internal business operations, including fulfilling our legal and regulatory requirements;
• undertake medical research, including the recruitment of study participants and operation of clinical trials;
• enable you to report serious adverse events in relation to any of our products;
• enable you to apply for jobs or other opportunities at LTR;
• administer, operate and manage LTR’s website, including to contact any person in relation of the use of LTR websites and to create a personalised experience when using LTR websites; and/ or
• respond to any comments or complaints you send us.

3.3 Disclosure of information

LTR will not disclose your personal information to third party marketing or advertising businesses or sell or trade your personal information with third parties. There are, however, some occasions where LTR may be required to disclose your personal information to a third party in order to operate our business.  These times are limited, but may include:

• Suppliers and agents: LTR may engage other businesses, certain services and individuals to assist with or perform functions or activities on our behalf. Examples include (a) clinics or hospitals (where treatment is received, and/or clinical trials are performed); (b) medical practitioners and related staff; (c) health insurers and health service providers; (d) persons to whom certain functions are outsourced (e.g. information technology support, payment servers, wireless carriers, system analysis providers, and data storage providers); (e) auditors and insurers;  (f) government and law enforcement agencies and regulators; and (g) entities established to help identify illegal activities and prevent fraud. They may have access to some personally identifiable information needed to perform their functions.
• Company reorganisation:  to a third party in the event of any reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
• Where necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect our rights, privacy, safety or property, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

3.4 Direct Marketing

LTR does engage in direct marketing activities. On occasion LTR may communicate with individuals by email and other forms of communication and where applicable according to privacy laws, based on your consent. If any person does not want to receive emails and/or other communications from LTR, they can inform LTR at any time. Any person may opt out of electronic communications by contacting LTR using the contact details provided in section 3.12 below.

3.5 Sensitive Information

LTR only collects sensitive information if it is reasonably necessary for one or more of the uses specified in section 1.2 of this Privacy Policy, if LTR has collected consent of the individual to whom the sensitive information relates, or if the collection is:

• necessary to lessen or prevent a serious threat to life, health or safety;
• necessary pursuant to a legal requirement;
• required for another permitted general situation (as defined in Section 15A of the Privacy Act 1988 (Cth) or other international privacy laws); or
• for a permitted health situation (as defined in Section 16B of the Privacy Act 1988 (Cth) or other international privacy laws).

3.6 How does LTR protect your information?

LTR takes all reasonable steps to ensure the security of our systems and to protect your information from misuse, interference, and loss as well as unauthorised access, modification, or disclosure.  LTR limits access to personal information by our employees and service providers, except as described in this Policy.  Any employee or service provider who does have access to your personal information is under an obligation to keep such information confidential. Your information is stored on high security servers.  Where we use a data storage partner, we will make that selection based primarily on their level of security, reliability and experience in the storage and treatment of data, including personal information. In the event of a data breach, LTR is committed to complying in all respects with the requirements of all relevant privacy laws, where required, including but not limited to, the provisions of the Australian Privacy Law, the UK DPA, and the US HIPAA. LTR has in place data breach policies and plans which applies when handling personal information breaches related to the Data Protection Laws applicable to LTR. The transmission of information via the internet is not completely secure. LTR cannot guarantee the security of personal information transmitted via the internet. Any transmission to our websites is at your own risk.

3.7 Overseas Recipients

LTR businesses and third parties to whom we may provide your personal information are located in countries including, but not limited to Australia, the United Kingdom, and the United States of America. By sharing personal information with LTR, that personal information may be transferred to, or be accessible by businesses in other countries that form part of the LTR group. When disclosure is to be made to an overseas entity, LTR will take reasonable steps to assess the privacy laws of the country where information will be disclosed to determine whether the overseas recipient is required to comply with privacy laws that are at least as stringent as the privacy laws of its existing operations in relation to the information. 

3.8 Your Rights: data accuracy and access

LTR strives to keep your personal information accurate. We provide individuals with reasonable access to their personal information so that they can review and correct it or ask us not to use it (subject to applicable laws). We do not charge for this service and will respond to reasonable requests in an appropriate timeframe. If you wish to exercise your rights, please contact us using the contact details in section 1.12 below.

3.9 Data Retention

Generally, LTR will retain your personal information as long as it is necessary to achieve LTR’s processing activities. You may also ask us to delete such information (subject to applicable laws). If you ask us to delete your personal information at any time, be aware that LTR cannot guarantee that it will be able to delete such information from back-ups or caches of our databases, however we will ensure that we do not actively access such data.

3.10 Changes to our Privacy Policy

This Policy may be changed from time to time to reflect changes in law or changes in our practices concerning the collection and use of personal information. If we make changes that materially alter your privacy rights, LTR will provide additional notice, typically via email.

3.11 Complaints

If any person has a complaint about the privacy of their personal information, LTR requests that they contact LTR in writing at the email below. Upon receipt of a complaint LTR will consider the details and attempt to resolve the matter in accordance with LTR complaints handling procedures. LTR will respond to the complaint within a reasonable time, and LTR may seek further information from the person in order to provide that person with a full and complete response. If any person is dissatisfied with LTR’s handling of a complaint or the outcome, they may make an application to their relevant country Data Protection Authority (if applicable). 

For Australian complaints

Office of the Australian Information Commissioner (OIAC)
175 Pitt Street
Sydney NSW 2000
Australia
Phone 1300 363 992 (Monday–Thursday 10am–4pm AEST/AEDT)
Fax +61 2 9284 9666
https://www.oaic.gov.au/about-us/contact-us

For US (HIPAA) complaints

U.S. Department of Health & Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-800-368-1019
TTD Number: 1-800-537-7697
https://www.hhs.gov/hipaa/filing-a-complaint/index.html

For UK complaints

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom
Phone: 0303 123 1113
Fax: 01625 524510
Website: www.ico.org.uk

For other countries, refer to the relevant responsible country regulator.

3.12 Contacting us

If you have questions regarding this Policy, or privacy concerns (including about your personal information handling, your rights, or your data transfers) or complaints, please contact our Privacy Officer via [email protected] who will guide you on the process to follow to satisfy your request according to local applicable privacy laws.