Policies
Privacy Policy
OVERVIEW
This website is operated by Medinox Australia. Throughout the site, the terms “we”, “us” and “our” refer to Medinox Australia.
This Privacy Policy explains how Medinox Australia (“Medinox”, “we”, “us”, “our”) collects, holds, uses, and discloses personal information in connection with this website (the “Service”), in accordance with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) issued under it.
By using the Service, you agree to the collection and use of your information as described in this Policy. If you do not agree with this Policy, please do not use the Service.
If you are located in the European Union, additional rights apply to you under the EU GDPR — see the EU GDPR Addendum at the end of this Policy.
We reserve the right to update, change or replace any part of this Privacy Policy by posting updates and/or changes to our website. It is your responsibility to check this page periodically for changes.
SECTION 1 – WHO WE ARE
Entity: Medinox Australia Address: Unit 20/314 Burleigh Connection Drive, Burleigh Heads, QLD, 4220, Australia Email: orders@medinox.com.au Phone: +61 405 996 090 Privacy Contact: Duane Brown, Managing Director — duane@medinox.co.uk
SECTION 2 – PERSONAL INFORMATION WE COLLECT
We may collect the following categories of personal information when you use the Service, submit an enquiry, register as a reseller, or download a resource: name, email address, and phone number; company name and business details (for reseller/wholesale enquiries); the content of any message or enquiry you submit; and technical and usage data such as IP address, browser type, device information, and pages visited.
Where practicable, we will collect personal information directly from you and will explain what information is required and why, in line with APP 3 and APP 5.
SECTION 3 – HOW WE USE AND DISCLOSE YOUR INFORMATION
We use personal information to respond to enquiries and provide requested resources (for example, catalogue downloads); to process reseller/distributor applications; to provide marketing communications, where you have not opted out (APP 7 — Direct Marketing); to improve the Service and understand how it is used; and to meet legal and regulatory obligations.
We do not sell your personal information. We may disclose it to trusted service providers who help us operate the Service (for example, hosting, email, and CRM providers), always under confidentiality obligations consistent with the APPs.
SECTION 4 – DIRECT MARKETING
In line with APP 7, you may opt out of receiving direct marketing communications from us at any time, using the unsubscribe link in any marketing email or by contacting us directly. We will not charge you for this and will action your request within a reasonable time.
SECTION 5 – OVERSEAS DISCLOSURE OF PERSONAL INFORMATION
Some of our service providers or group entities may be located outside Australia, including in South Africa or the United Kingdom. Where we disclose personal information to an overseas recipient, we take reasonable steps, in line with APP 8, to ensure the recipient does not breach the APPs in relation to that information, including by way of contractual protections, unless an exception under the Privacy Act applies (for example, your informed consent to an overseas disclosure that may not be APP-protected).
SECTION 6 – DATA QUALITY AND SECURITY
We take reasonable steps to ensure the personal information we hold is accurate, complete, and up to date, and to protect it from misuse, interference, loss, unauthorised access, modification, or disclosure, consistent with APP 10 and APP 11. Where we no longer need personal information for any authorised purpose, we take reasonable steps to destroy or de-identify it.
SECTION 7 – NOTIFIABLE DATA BREACHES
If we experience a data breach that is likely to result in serious harm to affected individuals, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act, including notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals as required.
SECTION 8 – YOUR RIGHTS
Subject to the exceptions set out in the Privacy Act, you have the right to: access the personal information we hold about you (APP 12); request correction of inaccurate, out-of-date, or incomplete information (APP 13); interact with us anonymously or under a pseudonym where practicable (APP 2); opt out of direct marketing at any time; and lodge a complaint if you believe we have mishandled your personal information.
SECTION 9 – HOW TO COMPLAIN
If you have a concern about how we have handled your personal information, please contact us first using the details in Section 1 above, so we can attempt to resolve it directly. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner:
Website: https://www.oaic.gov.au Phone: 1300 363 992 Postal Address: GPO Box 5288, Sydney NSW 2001, Australia
SECTION 10 – CHANGES TO THIS POLICY
We may update this Policy from time to time to reflect changes in our practices or legal requirements. The “Last Updated” date above will be revised accordingly, and material changes will be communicated where appropriate.
EU GDPR ADDENDUM
This addendum applies to individuals located in the European Union (EU) or European Economic Area (EEA) who use this website or purchase from, or are enquired to by, Medinox as a customer or reseller. Under Article 3(2) of the EU GDPR, the Regulation applies to us whenever we offer goods or services to, or monitor the behaviour of, individuals in the EU regardless of where Medinox itself is based. It applies alongside, not instead of, the Privacy Policy above.
SECTION 11 – DATA CONTROLLER (EU)
For the purposes of the EU GDPR, the relevant Medinox entity that determines the purposes and means of processing your personal data is the entity operating the site through which you engaged with us — for this website, the entity identified in Section 1 above.
General Privacy Contact (non-EU): Duane Brown, Managing Director — duane@medinox.co.uk
Duane Brown is based in the UK, which is not part of the EU following Brexit, and therefore cannot serve as the EU Representative required under Article 27. He is listed here as a general point of contact only; EU data subjects and supervisory authorities should be directed to the EU Representative once appointed.
SECTION 12 – LAWFUL BASIS FOR PROCESSING (EU GDPR)
Under Article 6 of the EU GDPR, we process your personal data on one or more of the following bases: consent — for example, where you opt in to marketing communications; contract — where processing is necessary to respond to your enquiry, process an order, or manage a reseller/distributor relationship; legitimate interests — for purposes such as improving the Service or preventing fraud, balanced against your rights and freedoms; and legal obligation — where required to comply with applicable law.
Where we process special category data (which we do not expect to occur through normal use of this Service), we would only do so with your explicit consent or another basis permitted under Article 9.
SECTION 13 – INTERNATIONAL TRANSFERS (EU GDPR)
Because Medinox’s group entities and infrastructure are based in South Africa, Australia, and the UK — none of which currently holds a full, unconditional EU adequacy decision covering all processing at the time of writing — any transfer of your personal data from the EU to those entities is treated as a restricted transfer under Chapter V of the EU GDPR. We rely on appropriate safeguards for such transfers, in particular the European Commission’s Standard Contractual Clauses (SCCs), together with a transfer risk/impact assessment, and will provide further information about these safeguards on request.
SECTION 14 – YOUR RIGHTS UNDER EU GDPR
Subject to certain exceptions, you have the right to: be informed about how your personal data is collected and used; access the personal data we hold about you; request rectification of inaccurate or incomplete data; request erasure of your data in certain circumstances (“right to be forgotten”); request restriction of processing in certain circumstances; receive your data in a structured, commonly used, machine-readable format and transmit it to another controller (data portability); object to processing carried out on the basis of legitimate interests or for direct marketing purposes; not be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you, without appropriate safeguards; and lodge a complaint with a supervisory authority.
To exercise any of these rights, please contact us using the details in Section 1 above, or our EU Representative once appointed.
SECTION 15 – DATA RETENTION (EU GDPR)
We retain your personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, accounting, or contractual obligations, after which it is securely deleted or anonymised.
SECTION 16 – DATA SECURITY AND BREACH NOTIFICATION (EU GDPR)
We implement appropriate technical and organisational measures to protect your personal data. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware, where required under Article 33, and will notify affected individuals without undue delay where the breach is likely to result in a high risk to them, in accordance with Article 34.
SECTION 17 – HOW TO COMPLAIN (EU GDPR)
If you have concerns about how we handle your personal data, please contact us first so we can try to resolve the issue directly. You also have the right to lodge a complaint with the supervisory authority in your EU member state of residence, work location, or the place of the alleged infringement. A list of EU supervisory authorities is available from the European Data Protection Board:
Website: https://edpb.europa.eu/about-edpb/about-edpb/members_en
SECTION 18 – CHANGES TO THIS ADDENDUM
We may update this addendum from time to time to reflect changes in our practices, the appointment of an EU Representative, or legal requirements. The “Last Updated” date above will be revised accor