This content is intended for Healthcare Professionals only. If you're not a Healthcare Professional, please consult your doctor about the risks and benefits of surgery.

Privacy Policy Australian Biotechnologies

Last Updated: February 2023

About this Policy

Australian Biotechnologies Pty Ltd (ABN 32 091 988 402 24) and its  related bodies corporate in Australia (“Australian Biotechnologies, “we”, “our”, and “us”)  are committed to responsible privacy practices and to complying with the Privacy Act 1988 (Cth) (“Privacy Act”) including the Australian Privacy Principles (“Privacy Principles”) and Notifiable Data Breaches scheme contained in the Privacy Act, and applicable state and territory health records legislation such as the Health Records Act 2001 (Vic), the Health Records (Privacy and Access) Act 1997 (ACT) and the Health Records and Information Privacy Act 2002 (NSW). 

Where applicable, Australian Biotechnologies will handle personal information relying on the related bodies corporate exemption and the employee records exemption in the Privacy Act and any other applicable exemptions in the Privacy Act or other legislation.

This Privacy Policy sets out our policies on the management of personal information including how we collect and hold personal information, the purposes for which we use this information, and to whom this information is disclosed. We may change our Privacy Policy from time to time at our discretion. At any time, the latest version of our Privacy Policy is available from our website at

Where it is practical for us to allow you to do so, you may deal with us anonymously (for example when enquiring generally about our products and services).

What Personal Information do we collect?

Personal Information is information or an opinion about an individual who is or can reasonably be identified by us.

Sensitive Information is any information or opinion about certain things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record, biometric data or health information. 

We may collect Sensitive Information where it is reasonably necessary to provide you with a specific product or service or required for the design, manufacture or supply of our products, including where your health information is required for the specifications of an allograft product to be provided for you. We may also collect Sensitive Information when you apply for employment with us or your services are provided to us.

The types of Personal Information that we collect about you will depend on why you are interacting with us and, if applicable, the products or services that you acquire, or enquire about. It may include your name, date of birth, phone number, email address, street address, bank account details, credit card details, your treating health practitioner, unique hospital identifier, hospital admission time and date, the hospitals or other institutions at which you work or where you may be treated, the entity you work for and your position there, any applicable practicing registration and licensing, your employer or business representative’s contact information.  

If you do not allow us to collect all of the Personal Information we reasonably request, we may not be able to deliver the products or services you require or process any other request or enquiry.

Throughout the life of any product or service you acquire, we may also collect and hold additional Personal Information about you. This may include but not be limited to, any Personal Information comprised in transactional records, records of enquiries or complaints you make and, if you make a product claim, the collation of additional information to assess the claim.

If you apply for employment with us, we may collect additional Personal Information in relation to you including your educational and employment history and information provided by your referees.

Where you are employed by us, we may collect additional Personal Information from you in the course of your employment with us which may include Sensitive Information including your health information.    We may also require health information from any individuals attending our premises including immunisation status and/or Covid-19 test results.

How do we collect and hold Personal Information?

We will collect your Personal Information directly from you, whether in person, on the phone or electronically, when you voluntarily and knowingly provide it to us, or indirectly from a third party for uses relating to the supply or use of our products or services, our educational activities and marketing events or information.

Circumstances where your Personal Information will be collected directly from you include where you:

  • order or purchase a product or service as a healthcare provider or consumer;
  • order or purchase a product or service on behalf of your employer or for the use by a healthcare provider;
  • subscribe to a mailing list for educational and/or marketing material;
  • register for a seminar, webinar, conference or other educational event;
  • seek to provide goods or services to us;
  • contact us regarding one of our products, services or any other related matter;
  • apply for, register your interest in, or enquire about a product or service;
  • via our website or when you deal with us online (including through our product websites or social media pages);
  • provide us with feedback or make a complaint; or
  • talk to us, or do business with us.

Circumstances where your Personal Information will be collected from a third party include where:

  • a health practitioner or a healthcare provider orders a product or service specifically for you as a patient;
  • you are seeking employment and a recruiter or referee provides us with your Personal Information;
  • your Personal Information is provided to us by a labour hire company or other provider of contracted services;
  • your Personal information is obtained from media and publications or other publicly available sources or registers or from cookies;
  • your Personal Information is provided to us by the organiser of an educational event that we sponsor or support;
  • your health practitioner reports to us on how you have responded to the use of one of our products or services as a patient;
  • you are represented by a third party, for example, your legal adviser, insurance advisor, guardian, trustee, or attorney;
  • you complete an online form or survey provided by us or a third party on our behalf;
  • other organisations, who jointly with us, provide products or services to you or with whom we partner to provide products or services to you; or
  • you comment publicly over Instagram, LinkedIn or any other social media platform that we use).

If we receive Personal Information about you that we did not request directly from you or from another party, we will decide whether we could have collected the information in accordance with this Privacy Policy and applicable privacy and health information laws including the APPs. If we decide that we could have collected the information, we will keep it and handle it in accordance with this Privacy Policy and applicable privacy and health information laws including the APPs. If we decide that we could not have collected the Personal Information , we will destroy or de-identify the information if it is lawful and reasonable to do so.

Each time you visit our websites or social media platforms, we may collect information about you which may include Personal Information (which we will generally de-identify) and may include the following:

  • the date and time of visits;
  • the pages viewed and your browsing behaviour;
  • how you navigate through the site and interact with pages (including fields completed in forms and media posts;
  • general location information;
  • information about the device used to visit our website (including your tablet or mobile device) such as device IDs; and
  • IP addresses. Your IP Address is a number that is automatically assigned to the device that you are using by your Internet Service Provider.

Where reasonable and practicable to do so, we will collect your Personal Information only from you. When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Most information that we hold about you will usually be stored electronically. We may store some of your information in secure data centres that are located in Australia or in other secure data centres of our contracted service providers (including cloud storage providers), that may be located outside Australia. We may also store some information that we hold about you securely in paper files or other hardcopy formats.

We may collect Sensitive Information where it is reasonably necessary to provide you with a specific product or service or required for the design, manufacture or supply of our products, including where your health information is required for the specifications of a medical device to be provided for you. 

Use of Cookies

We may collect information about you using cookies when you use our websites or social media platforms. Cookies are small pieces of information stored on your hard drive or in memory. One of the reasons for using cookies is to offer you increased security. They can also record information about your visit to our websites, allowing us to remember you the next time you visit and provide a more meaningful experience.

Australian Biotechnologies websites may contain links to other sites. This Privacy Policy applies to our websites and not any linked sites which are not operated or controlled by us. We encourage you to read the privacy policy of each website that collects your personal information.

For what purposes do we Collect, Use and Disclose Personal Information

The purposes for which we use and disclose your personal information will depend on the circumstances in which we collect it.  Whenever practical we endeavour to inform you why we are collecting your personal information, how we intend to use that information and to whom we intend to disclose it at the time we collect your Personal Information.

The primary purpose for which we collect, use, hold and disclose your Personal (including Sensitive) Information is to provide you with products and services (including where applicable, third party products and services).  We may use your Personal Information for related secondary purposes that you would reasonably expect such as the administration and running of our business, any subsequent medical treatment you may need support with, processing any other request or enquiry you or your healthcare provider may have and responding to any questions or complaints in relation to the supply of your device.

We may use the Personal Information that we collect about you to:

  • check whether you are eligible for the product or service;
  • conduct human tissue tracing
  • contact your healthcare practitioner for information relating to an allograft product or service purchased by your or on your behalf
  • provide you and your healthcare practitioner with information about a product or service you have purchased, or which has been purchased on your behalf;
  • provide any educational and marketing information you may agree to receive;
  • provide educational services requested by you or, that you may be invited to including seminars, webinars and conferences;
  • consider and respond to any proposal or offer you may provide to us, including an application of employment;
  • consider any proposal to use your personal services;
  • respond to any question, request or complaint received from you or your healthcare practitioner;
  • help us develop insights and conduct data analysis to improve the delivery of products, services, enhance our customer relationships and to effectively manage risks;
  • understand your interests and preferences so we can tailor our digital content;
  • for any other purposes to which you have consented to; or
  • for any other purposes required or authorised by law or a court/tribunal order or by a regulatory body.

We may also use your Personal Information for secondary purposes closely related to the primary purpose for which it was collected, in circumstances where you would reasonably expect such a use or disclosure.

We may disclose Personal Information that we collect from you to a third party as follows:

  • to meet the purpose for which it was collected, such as to disclose it to suppliers for the supply of an allograft product or related service;
  • if we have your consent to disclose the information;
  • if we are required or authorised by law to disclose the information, including for example to comply with a court subpoena;
  • to provide products or services related to those that we have agreed to provide to you, for example, catering services at a seminar or conference; or
  • to enable us and the relevant manufacturer or supplier, to deal with any concern, issue or complaint you or your healthcare practitioner have raised with us, including a complaint about an allograft product or service.

Where we have de-identified the information and if it is lawful and reasonable to do so, this Privacy Policy will generally not apply to our use of de-identified information. However, we will continue to safeguard this de-identified information so that it is secure and not reidentified. Where we use de-identified information together with other information (including Personal Information) and in doing so, we are able to identify you, that information will be treated as Personal Information in accordance with this Privacy Policy and applicable privacy and health information laws including the APPs.

We may use or disclose your information to comply with our legislative or regulatory requirements in any jurisdiction where we are subject to relevant laws and to prevent fraud, criminal or other activity that may cause you, us or others harm including in relation to our products or services.

Generally, we use contracted service providers to help us in our business activities. For example, they may help us provide you with products and services, deliver technology or other support for our business systems, refer us to new customers, or assist us with marketing and data analysis. These organisations may include:

  • our agents, contractors and contracted service; providers (for example, mailing houses, technology service providers and cloud storage providers);
  • authorised representatives who sell or arrange products and services on our behalf;
  • insurers and health care providers;
  • payment systems operators (for example, merchants receiving card payments);
  • other organisations, who jointly with us, provide products or services to you, or with whom we partner to provide products and services to you;
  • debt collectors;
  • professional advisors such as our financial advisers, legal advisers and auditors;
  • your representatives (including your legal adviser, accountant, mortgage broker, financial adviser, executor, administrator, guardian, trustee, or attorney);
  • fraud bureaus or other organisations to identify, investigate or prevent fraud or other misconduct;
  • external dispute resolution schemes; and
  • regulatory bodies, government agencies and law enforcement bodies in any jurisdiction.

Where your Sensitive Information is collected, it will only be used and disclosed by us consistent with this Privacy Policy for:

  • the primary purpose for which it was obtained;
  • a secondary purpose that is directly related to the primary purpose and which you would reasonably expect;
  • a purpose you have consented to; or
  • where required authorised by law.

For example, we may use and disclose health information about you to process a claim under a product warranty or to assess a product related claim, including a complaint, or verify your identity or authorise transactions.

Disclosure of Personal Information interstate and overseas

Your Personal Information may be transferred to and stored in all states and territories of Australia, where it is held securely in accordance with this Privacy Policy and the Australian Privacy Principles.

We may also disclose your Personal Information to our cloud services provider that stores our data outside of Australia.  They will usually be located in the United States of America.

In such circumstances, we will take reasonable steps, to ensure that the overseas recipient does not breach the APPs in relation to that information.

In respect of health information covered by health records legislation, unless otherwise required or permitted by law, we will only disclose your health information to a third party outside the state/territory of collection if we reasonably believe that the recipient of the information is subject to a law, binding scheme or contract which upholds principles for fair handling of the information that are substantially similar to those in the applicable health records legislation.


In most circumstances, Australian Biotechnologies does not require Personal Information for you to gain access to our website and in some circumstances you may choose not to identify yourself or use a pseudonym when providing your Personal Information to us. However we may require your Personal Information in some other circumstances. For example, if you are a healthcare practitioner or healthcare provider, we require you to acknowledge this in order to access our website. Our ability to provide our products or services to you or process any request or complaint by you may be adversely affected if you do not give us the requested Personal Information, or if the information you give us is incomplete or inaccurate.

Other Legal and Regulatory Obligations

In addition to Privacy Law, Australian Biotechnologies is subject to a number of applicable laws and regulations in relation to privacy of personal information and as such, its procedures are also governed by the Health records legislation such as Health Records Act 2001(Vic), Health Records and Information Privacy Act 2002 (NSW), and Health Records (Privacy and Access) Act 1997 (ACT), which impose similar obligations to the Privacy Law, as well as additional obligations such as:

  • ensuring quality and accuracy of health information; 
  • provision of access to and correction of health information; and
  • security of health information.

Human tissue legislation in each Australian State and Territory, which imposes restrictions on the disclosure of information or publication of records where the donor or recipient can be identified. This legislation also ensures that certain documents (i.e. records of consent) should be kept to demonstrate compliance with the relevant legislation.

In addition, the Therapeutic Goods Act 1989 (Cth) and regulation by the Therapeutic Goods Administration, including the Australian Code of Good Manufacturing Practice for Human Blood and Blood Components, Human Tissues and Human Cellular Therapies, which imposes record keeping requirements such as:

  • Processes and associated activities during the manufacture of products should be documented and the documentation controlled
  • Records should be retained in compliance with legislative requirements and electronic records should be backed up and readily available through the period of retention;
  • Documents approved, signed, and dated by appropriate authorised persons.

Australian Biotechnologies’ collection, storage, use and disclosure of all Personal Information will be in compliance with the legislation and regulatory guidance listed above.  

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the Personal Information we hold. For example:

  • access to our information systems is controlled through identity and access management controls, including unique logins, password protection, encrypted servers and locked archives;
  • employees and our contracted service providers are required to keep information secure; and
  • all employees are required to complete training about privacy and information security.

If you have reason to believe that your interaction with us is no longer secure for example, if you feel that the security of any information you have with us has been compromised, please immediately contact us (see Privacy Policy Complaints and Enquiries section below).

When your Personal Information is no longer needed for the purpose for which it was obtained, or for legal record-keeping purposes, we will take reasonable steps to destroy or permanently de-identify your Personal Information. Some of the Personal Information we collect is or will be stored and be kept by us for a minimum of 20 years.

Access and correction to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. For example, we are not required to give you access to your Personal Information where giving you access would pose a serious threat to any person’s life, health or safety, or to public health or safety, where giving access would be unlawful, where giving access would have an unreasonable impact on other people’s privacy or where we reasonably conclude your request is frivolous or vexatious.

We will take reasonable steps to make sure that your Personal Information is accurate, complete and up to date when we collect, use or disclose it. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality products and services to you.

Any requests for access to, or correction of, your Personal Information should be made directly by contacting us using the details provided below.

If we refuse to give you access to or to correct your Personal Information, we will give you a notice explaining our reasons except where it would be unreasonable to do so. If we refuse your request to correct your Personal Information, you also have the right to request that a statement be associated with your Personal Information noting that you disagree with its accuracy. If we refuse your request to access or correct your Personal Information, we will also provide you with information on how you can complain about the refusal.

Policy Updates

We may need to update this Privacy Policy from time to time to reflect changes to our information handling practices, activities or legal obligations. Any changes to this Privacy Policy will be posted on our website  Unless stated otherwise, changes will be effective immediately upon being placed on the website.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy, please contact us first by using the contact details provided below:

Australian Biotechnologies Pty Ltd
Unit 4, 25 Frenchs Forest Road East,

Frenchs Forest NSW 2086

Telephone: (02) 9975 9500

Email: [email protected]

If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner (visit: or other relevant regulators. 

Complaints can also be made in relation to health information we collect and handle to Commissioners responsible for administering State or Territory health information laws.