Privacy policy

Pharmx Technologies Limited (ACN 000 091 305) and the entities it controls (“Pharmx”, “we”, “us” or “our”) is an ASX-listed technology company providing electronic data interchange (EDI), marketplace and analytics solutions to the Australian and New Zealand pharmacy industries. This Privacy Policy explains how we collect, hold, use and disclose personal information in accordance with our obligations under the Privacy Act 1988 (Cth) (“Australian Privacy Act”), the Australian Privacy Principles (“APPs”) contained in Schedule 1 to the Australian Privacy Act, the Privacy Act 2020 (NZ) (“NZ Privacy Act”) and the Information Privacy Principles (“IPPs”) established thereunder, and all applicable State, Territory and New Zealand privacy and health records legislation.

By accessing our platforms, websites, products or services, you acknowledge that you have read and understood this Privacy Policy. This policy applies to all individuals whose personal information we handle, including pharmacy customers, supplier representatives, platform users and website visitors.

1. Scope and Legislative Framework (Australia and New Zealand)

As an entity with an annual turnover exceeding $3 million, Pharmx is an “APP entity” for the purposes of the Australian Privacy Act and is bound by the Australian Privacy Principles. Pharmx also operates in New Zealand and, to the extent it collects, holds, uses or discloses personal information in or from New Zealand, is also subject to the NZ Privacy Act and the IPPs. This policy is informed by the following legislative instruments, to the extent applicable to our operations:

• Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs);
• Health Records and Information Privacy Act 2002 (NSW);
• Health Records Act 2001 (Vic);
• Information Privacy Act 2009 (Qld);
• The Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth), to the extent they govern our electronic communications with individuals.
• Privacy Act 2020 (NZ) and the Information Privacy Principles (IPPs); and
• The Unsolicited Electronic Messages Act 2007 (NZ), to the extent it governs our electronic communications with individuals in New Zealand.

2. What Personal Information We Collect

“Personal information” has the meaning given in the applicable privacy legislation. Under the Australian Privacy Act, it means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not. Under the NZ Privacy Act, it means information about an identifiable individual. In this policy, “personal information” is used to capture both meanings, and references to applicable law should be read accordingly depending on the jurisdiction in which the relevant data subject is located.

The types of personal information Pharmx may collect and hold include, but are not limited to:

• Identity and contact information: full name, job title, business name, postal address, telephone number, facsimile number, email address and other contact details;
• Account and platform credentials: usernames, access credentials and platform activity logs;
• Transaction and order information: purchase history, ordering patterns, product preferences and supply chain transaction data;
• Communications data: records of previous correspondence, support enquiries and the nature of interactions with our team;
• Technical and usage information: IP address, browser type, device identifiers and website usage data collected via cookies and similar technologies.

Where Pharmx operates as a platform facilitating transactions between pharmacies and pharmaceutical suppliers, certain transaction data processed through our EDI and marketplace systems may, in aggregate, contain information about identifiable individuals (for example, pharmacist identifiers or authorised representatives). Such information will be treated as personal information and handled in accordance with this policy and the APPs and IPPs as applicable.

3. How We Collect Personal Information

Consistent with APP 3 (Collection of Solicited Personal Information) and IPPs 1 and 2 (Purpose of Collection and Source of Personal Information) under the NZ Privacy Act, Pharmx collects personal information by lawful and fair means, and only where it is reasonably necessary for one or more of our functions or activities. We collect personal information directly from you where it is reasonable and practicable to do so, and we will, at or before the time of collection (or as soon as practicable thereafter), take reasonable steps to ensure you are aware of the purpose of collection. The principal collection methods are:

• Directly from you: when you register for or use our platforms, complete enquiry or application forms, contact us by telephone, email, letter, facsimile or via our website, or attend events we organise;
• From your employer or principal: where your organisation has provided your details to Pharmx as an authorised representative or platform user;
• Automatically via our platforms and website: including transaction logs, system usage data and cookies (see clause 9 below);
• From third parties: including publicly available sources, industry bodies, or referral partners, where permitted by law.

If previously collected information is found to be inconsistent with information you subsequently provide, we will update our records to maintain accuracy. Where we collect personal information about you from a third party or by other indirect means, we will take reasonable steps to notify you of that collection at the earliest practicable opportunity, unless doing so would be impracticable or disproportionate in the circumstances.

4. How We Use Your Personal Information

Consistent with APP 6 (Use or Disclosure of Personal Information) and IPPs 10 and 11 (Limits on Use and Disclosure) under the NZ Privacy Act, Pharmx will only use your personal information for the primary purpose for which it was collected, or for a secondary purpose where permitted under the applicable Privacy Act. The primary purposes for which we use personal information include:

• Providing, maintaining and improving our EDI platform, marketplace and associated services;
• Account management, authentication and customer support;
• Processing and facilitating orders, transactions and supply chain workflows between pharmacies and suppliers;
• Assessing and improving our products, services and customer experience, including through analytics and research;
• Sending service-related communications, including notifications, updates and system alerts;
• Sending marketing and promotional communications (where you have consented or where we are permitted to do so under the Spam Act 2003 (Cth) or, in relation to New Zealand recipients, the Unsolicited Electronic Messages Act 2007 (NZ));
• Complying with legal and regulatory obligations, including ASX Listing Rules requirements;
• Resolving disputes, enforcing our agreements and protecting our legal rights.

If you decline to provide certain personal information, we may be unable to provide the relevant service or product, or to support your use of our platforms to the standard we would otherwise endeavour to provide. We will advise you at the time of collection where the provision of personal information is mandatory and what the consequences of non-provision may be.

5. Disclosure of Personal Information

Pharmx may disclose your personal information to third parties where permitted or required under the APPs or IPPs (as applicable), including in the following circumstances:

• Service providers and contractors who assist in delivering our services, including cloud hosting providers, IT support vendors, logistics partners and payment processors — each of whom is contractually bound to handle personal information only for the specific purpose for which it is disclosed and in a manner consistent with the APPs;
• Counterparties in supply chain transactions: to the extent that personal information of pharmacist representatives or supplier contacts is embedded in transaction data that is shared with the relevant counterparty as part of the ordinary course of a transaction on our platform;
• Regulatory bodies and government agencies: where required or authorised by law, including the Australian Securities and Investments Commission, the Australian Information Commissioner, the Therapeutic Goods Administration, the ASX, and (in relation to New Zealand operations) the New Zealand Privacy Commissioner;
• Professional advisers: including legal counsel, auditors and accountants, subject to appropriate confidentiality obligations;
• Prospective acquirers or merger counterparties in connection with a corporate transaction involving Pharmx Technologies Limited, subject to appropriate confidentiality obligations.

6. Cross-Border and Trans-Tasman Disclosure

From time to time, Pharmx may disclose personal information to recipients located outside Australia or New Zealand, including where we use cloud-based infrastructure or third-party software platforms hosted overseas. Before doing so, Pharmx will take reasonable steps to ensure that the overseas recipient handles the information in a manner consistent with the APPs or IPPs as applicable.

In relation to Australian personal information: APP 8 applies and Pharmx will not disclose personal information to an overseas recipient unless it reasonably believes the recipient is subject to a law or binding scheme affording comparable protections to the APPs, the individual has consented, or another exception under APP 8.2 applies. In relation to New Zealand personal information: transfers to Australia benefit from the recognised comparable framework under the NZ Privacy Act (Schedule 5). For transfers to other countries, Pharmx will comply with Principle 12 of the IPPs and will take reasonable steps to ensure the overseas recipient does not breach the IPPs in relation to the transferred information. We will identify the countries to which personal information is ordinarily disclosed where this is practicable.

7. Security of Personal Information

Consistent with APP 11 and IPP 5 (Security of Personal Information) under the NZ Privacy Act, Pharmx takes reasonable steps to protect the personal information it holds from misuse, interference, loss, unauthorised access, modification or disclosure. Our security measures include: storage of personal information in electronic databases protected by password and multi-factor authentication controls; access restrictions based on job function and need-to-know principles; mandatory confidentiality obligations for all staff and contractors who access personal information; encryption of data in transit and at rest where technically practicable; and periodic review of our security practices.

Where personal information is no longer needed for any purpose for which it may be used or disclosed under the applicable Privacy Act, and we are not required by law or a court or tribunal order to retain it, Pharmx will take reasonable steps to destroy or de-identify that information. This obligation applies equally to personal information held in respect of Australian and New Zealand individuals.

In the event of a data breach that is likely to result in serious harm to any affected individual, Pharmx will comply with its mandatory notification obligations under Part IIIC of the Australian Privacy Act (Notifiable Data Breaches scheme) and will notify the affected individual(s) and the Office of the Australian Information Commissioner (OAIC) as required. In respect of personal information held about New Zealand individuals, Pharmx will also comply with the notifiable privacy breach requirements under section 113 of the NZ Privacy Act, including notification to the New Zealand Privacy Commissioner and, where required, to affected individuals.

8. Accuracy of Personal Information

Consistent with APP 10 and IPP 8 (Accuracy of Personal Information) under the NZ Privacy Act, Pharmx takes all reasonable precautions to ensure that the personal information it collects, uses and discloses is accurate, complete, up-to-date and relevant to the purpose for which it is to be used. However, the accuracy of that information depends to a significant extent on information you provide to us. We ask that you promptly notify us of any errors in or changes to your personal information, including contact names, phone numbers, email addresses and other relevant details, so that we can update our records accordingly. Details of how to notify us are set out in clause 11 of this policy.

9. Cookies and Online Tracking

Our website and platforms may use cookies, web beacons, pixel tags and similar tracking technologies to enhance user experience, analyse site traffic and support the delivery of targeted content. Cookies are small data files placed on your device that allow us to recognise returning users and gather analytical data. Most web browsers permit you to disable or delete cookies through your browser settings; however, doing so may affect the functionality of parts of our website. Where our tracking activities constitute a collection of personal information, we will handle that information in accordance with this policy and the APPs and IPPs as applicable.

10. Your Rights — Access, Correction and Complaints

You have the following rights under the applicable Privacy Act in relation to the personal information Pharmx holds about you:

• Access (APP 12 / IPP 6): You may request access to the personal information we hold about you. Under the Australian Privacy Act, we will respond within 30 days. Under the NZ Privacy Act, we will respond within 20 working days (as required by section 39). We will not charge a fee for making an access request, but may charge a reasonable fee to cover the cost of providing access. We may refuse access on grounds permitted by the applicable Privacy Act and will provide reasons for any refusal;
• Correction (APP 13 / IPP 7): You may request that we correct personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading. Under the Australian Privacy Act, we will respond within 30 days. Under the NZ Privacy Act, we will respond within 20 working days (as required by section 46). Corrections will be made at no charge to you;
• Complaints (APP 1 / NZ Privacy Act Part 5): If you believe we have breached the APPs, the IPPs, or any applicable privacy legislation, you may make a complaint by contacting us using the details in clause 11 below. We will acknowledge your complaint within 5 business days and endeavour to resolve it within 30 days. If you are not satisfied with our response: (a) Australian individuals may refer their complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by telephone on 1300 363 992; and (b) New Zealand individuals may refer their complaint to the Office of the New Zealand Privacy Commissioner at www.privacy.org.nz or by telephone on 0800 803 909.

11. Contact Us

All enquiries, access and correction requests, complaints and notifications relating to this Privacy Policy should be directed to:

Privacy Officer
Pharmx Technologies Limited
PO Box Q281, Queen Victoria Building, Sydney NSW 1230

Telephone: 1300 724 579
Email: info@pharmx.com.au

12. Updates to This Policy

Pharmx may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. The current version of this policy will always be available on our website at www.pharmx.com.au. We encourage you to review this policy periodically. Material changes will be notified via our website or by direct communication where appropriate. Your continued use of our platforms or services following notification of any changes constitutes your acceptance of the updated policy.

This Privacy Policy was last reviewed and updated in March 2026. ABN: 25 000 091 305 | ACN: 000 091 305

 

For further enquiries please contact:

Privacy Officer
1300 724 579
info@pharmx.com.au