1. Introduction
This Privacy Policy (Privacy Policy or Policy) outlines how your information is collected, used and
disclosed when you access or use our Services as defined in our Terms. This information is collected,
used and disclosed in accordance with the Privacy Act 1988 (Cth) (Privacy Act).
This Privacy Policy is incorporated by reference into our Terms. Any capitalised terms not defined in
this Policy are defined in the Terms. You agree to comply with all Terms when accessing or using our
Services, including this Privacy Policy.
Our online store is powered by Stripe. The Stripe Privacy Policy applies in relation to any Personal
Information collected, stored and processed on Stripe servers. We may also use this Personal
Information for the purposes as set out in this Policy and in accordance with the terms set out in this Policy.

2. What information do we collect and how is it collected?
We collect Personal Information, as defined in the Privacy Act (including Sensitive Information as
defined in the Privacy Act), when you access or use our Services.

2.1. Personal Information provided by you
We collect information that you provide to us via use of our Services as well as through any other means
used to contact us.
The kinds of Personal Information we collect include your contact information such as your name, email
address, organisation, ABN/ACN, social media account, address and phone or mobile number.
We reserve the right to maintain, store and use any information or data where we reasonably believe
that such action is required to comply with any legal or regulatory obligations, to prevent criminal or
other unlawful activity whether immediate or in the future, or where we have a legitimate business
reason to do so, including collection of amounts owed, resolving disputes, enforcing our Terms or for
record keeping integrity.

2.2. Automatically collected Personal Information
We automatically record information from your device and its software when you access our Services,
including your IP address, browser and device type, internet service provider, mobile phone carrier,
platform type, the website from which you came and the website to which you are going when you leave
our Services, date and time stamp and cookies that may uniquely identify your browser or account.
When accessing our Services using a mobile device, we may also receive and collect identification
numbers associated with your device, mobile carrier, device type and manufacturer, and, if enabled,
geographical location data (including GPS). Please note that some of the information we collect, for
example an IP address, can sometimes be used to approximate a device’s location.

2.3. Personal Information collected via cookies
Our Services may use small pieces of data called cookies to identify a user who engages with our
Services and to compile records of a user’s history of engaging with our Services. Cookies are stored
by a users’ browser while the user browses a website. Cookies do not usually contain information that
personally identifies a person, but each time the user visits the website, the browser sends the cookie
data back to the server to notify the system of the user’s previous activity. If you wish to disable cookies,
you may do so through your browser settings, however, please be aware that if you choose to do this, some functionality of our Website will not be available to you. The Stripe platform is governed by its own
Cookie Policy. We bear no responsibility for how Stripe uses your data for cookies. If you are concerned
with any use and storage of your data for cookies by Stripe, please contact Stripe directly at Stripe
Support.

2.4. Personal Information collected via Google Analytics
We use Google Analytics, which allows us to anonymously track the use of our Services by recording
the number of users who have visited, the number of pages viewed, navigation patterns, what systems
users have and the date and time of visits through cookies. This information is collected for statistical
purposes only and cannot be used to identify you.
We may use a range of services and functions offered by Google Analytics. We also use Google
Analytics to partner with third parties and advertise online. Our third-party partner may use technologies
such as cookies and third party Tracking Technologies to gather information about your activities on
our website and other sites in order to provide you advertising based on your browsing activities and
interests.
Please see this link for how your data is collected and this link for instructions on how to opt-out of any
Google Analytics data tracking.

2.5. Personal Information collected via Meta Pixels
We use Meta Pixel (formerly Facebook Pixel). Meta Pixel collects data through cookies about actions
you make on our website, such as viewing a page or clicking on a specific link. This helps us track
conversions from Facebook advertisements, optimise advertisements for users, and build targeted
audiences for advertisements. See clause 2.3 above for more information about our use of cookies.
We may use a range of services and functions offered by Meta Business Tools. Please note we are not
liable for the way Meta uses your information and it is your responsibility to familiarise yourself with the
Meta terms. You can access Meta Business Tools Terms here.

2.6. Third Party Payment Processor
We use third party payment processors and gateways to process payments made to us in the provision
of our Services. All Personal Information, including any financial information such as credit card
numbers, is collected and used directly by our third party payment processors and gateways as set out
on our website, whose use of your personal information is governed by their own terms and conditions
and privacy policy. We do not store or retain any sensitive financial/billing information (being credit card
numbers, bank account details, etc.), obtained in connection with processing such payments.

2.7. Anonymity and the use of pseudonyms
When we collect your Personal Information, as far as reasonably practicable, you are permitted to
interact and/or contact us anonymously or by using a pseudonym except where:
(a) we are required or authorised by a law or a court or tribunal order to deal with identified individuals;
or
(b) it is impracticable for us to deal with individuals who have not identified themselves.

3. For what purposes do we collect and use Personal
Information?
We collect your Personal Information as outlined in this Privacy Policy for the purposes described below:
(a) for provision of the Services;
(b) for communication with you and to provide messaging and/or communications to you in association
with the functions and features of the Services;
(c) for communicating to you any announcements and updates, updated terms, conditions and policies,
security alerts, technical notices, support and administrative messages;
(d) for analysis, monitoring, development and improvement of our Services, including other products
or services;
(e) for security purposes, including to protect the Services and our property from abuse, fraud,
malicious, unauthorised access or potentially illegal activities, and to protect our rights, safety and
property and that of our other users;
(f) for sending marketing communications to you, including notifying you of promotional or advertising
offers, contests and rewards, upcoming events and other news about products and services offered
by us and use of our Services;
(g) to comply with relevant laws and regulations where applicable; and
(h) for the performance of other functions described at the time of collection or as consented to in
relation to our Services.
If you consent to become a stockist, or express interest in becoming a stockist, we will collect and
use your personal information to facilitate this relationship. This may include displaying your stockist
status and details on designated areas of our website, such as the ‘Become a Stockist’ page.
We may also use your contact details to communicate about partnership opportunities, updates,
and other relevant business matters.

4. How do we store and protect your information?
4.1. Storage of Personal Information
We take reasonable steps to protect your Personal Information in accordance with this Privacy Policy.
The Personal Information we collect from you is transferred and stored electronically via a secured SSL
connection, in secured Stripe servers, subject to change as required by Stripe (if such information is
held on the Stripe system) or in password-protected servers located worldwide in locations such as
North America, Europe, Asia and Australia. You agree and consent to us storing your Personal
Information on such servers.

4.2. Who can access your Personal Information?
Your Personal Information is accessible to our employees, contractors and our third-party service
providers such as our website host and technical support providers. We may also store your Personal
Information in password-protected email databases for the purpose of sending out communications and
marketing emails in accordance with this Privacy Policy.
Please note that no method of electronic transmission or storage is 100% secure and we cannot
guarantee the absolute security of your Personal Information. Transmission of Personal Information
over the Internet is at your own risk and you should only enter, or instruct the entering of, Personal
Information to the Services within a secure environment. It is your responsibility to ensure that you
keep your Personal Information safe, including keeping your software up to date to prevent security
breaches.
We reserve the right to maintain and store any information or data where, we reasonably believe, in our
sole discretion, that such action is required to comply with any legal or regulatory obligations, to prevent
criminal or other unlawful activity whether immediate or in the future, or where we have a legitimate
business reason to do so, including collection of amounts owed, resolving disputes, enforcing our Terms
or for record keeping integrity.
We destroy or de-identify your Personal Information after 2 years where it is no longer needed for the
purposes outlined in this Policy. However, we may also be required to keep some of your personal
information for specified periods of time, for example under certain laws relating to corporations, money
laundering, and financial reporting legislation.

5. To whom your Personal Information is disclosed?
Your Personal Information may be disclosed to individuals and companies, for the purposes described
in this Policy, as outlined below:

5.1. Nurses Choice Pty Ltd and Related Bodies Corporate
Your Personal Information may be accessed by us, including our directors, employees, officers and
contractors. You consent to us providing your Personal Information, including Sensitive Information to
our Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)).

5.2. Parties required by law
Your Personal Information may be disclosed by us to any party to whom we are required by law to
provide your Personal Information and to any party to whom disclosure is permitted under the Australian
Privacy Principles, or where we reasonably believe that disclosure is required to comply with any court
orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure
is required by law. Where possible and appropriate, we will notify you if we are required by law to
disclose your Personal Information.

5.3. Direct marketing
You agree and expressly and indefinitely consent to us using or disclosing Personal Information (other
than Sensitive Information) to keep you informed about our products and services and other products
and services that we consider may be of interest to you. For this purpose, disclosure may be made to
our third-party service providers. We may communicate with you via phone, email, social media, SMS,
or regular mail. If you have indicated a preference for a method of communication, we will endeavour
to use that method wherever practical to do so.
You can opt-out of direct marketing communication activities undertaken by us at any time by clicking
the “unsubscribe” or “opt-out” link on email communications from us, replying ‘Stop’ to a promotional
SMS or by contacting us by phone or email.

5.4. Other third parties
We may share your Personal Information with third parties if it is reasonably related to the provision of
our Services. The third parties that we may share your Personal Information with includes consultants,
contractors, credit agencies, debt collection agencies and other service providers to us that perform
services on our behalf. Such services we procure may include identifying and disseminating
advertisements, enforcement of our Terms, providing fraud detection and prevention services,
processing payments or providing analytics services. We may also share your Personal Information
with our business partners who offer goods or services to you jointly with us (for example, contests or
promotions).
We may share your Personal Information where we have reason to believe that doing so is necessary
to identify, contact or bring legal action against anyone damaging, injuring, or interfering (intentionally
or unintentionally) with our rights or property, users, or anyone else who could be harmed by such
activities.
We may also share your Personal Information with third parties with your consent in a separate
agreement, in connection with any company transaction (such as a merger, sale of assets or shares, reorganisation, financing, change of control or acquisition of all or a portion of our business by another
company or third party) or in the event of bankruptcy, dissolution, divestiture or any related or similar
proceedings.
Note that we reserve the right to share your Personal Information with other third parties where, in our
sole discretion, it is required to:
(a) investigate and defend ourselves against any third party claims or allegations;
(b) protect against harm to the rights, property or safety of us, our users or the public as required or
permitted by law; and
(c) detect, prevent or otherwise address criminal (including fraud or stalking), security or technical
issues.

6. Third party websites and social media
Our Services may, from time to time, contain links to and from websites which are owned or operated
by other parties. You acknowledge and agree that we have no control over, and shall not be liable for,
the privacy practices or content of these third party websites and we do not make any representation
about the privacy practices of, any third-party websites, whether or not linked from or transferred from
our Services. You are responsible for checking the privacy policy of any such websites and applications
so that you can be informed of how they will handle Personal Information.
We run pages on a number of social media platforms, including Facebook, Instagram, Pinterest and
Google Plus (Social Media Platforms). By accessing, interacting with and using our social media
pages, you agree to the terms and privacy policy of those Social Media Platforms. You acknowledge
and agree that these Social Media Platforms may collect your information and that the privacy practices
of those Social Media Platforms are not controlled by us and that we hold no responsibility for such
privacy practices.
Social Media Platforms also allow public access to your public social media profile, which may include
your username, age range, country/language, list of friends or other information that you make publicly
available and you understand that such information may therefore be accessible by us if you interact
with its social media pages.
We may from time to time, have access to statistics regarding the number of views, navigation patterns,
posts that you like, comment on or share and any user interactions with our social media pages and
may use such information for the purpose of its marketing and promotion strategies.

7. How can you access or update your Personal Information?
At any time, you may request access to Personal Information we hold about you. We may refuse to
provide access if the law allows us to do so, in which case we will provide reasons for our decision as
required by law.
We take reasonable steps to keep your Personal Information accurate, complete and up-to-date. If, at
any time, you discover that information held about you is incorrect, you may contact us to have the
information deleted or corrected.
You may request access to the information we hold about you, or request that we delete, update or
correct any Personal Information we hold about you, by setting out your request in writing and sending
it to us in accordance with paragraph 10.
We will process your request as soon as reasonably practicable, provided we are not otherwise
prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know
why.

8. How can you make a complaint about our privacy
practices?
You may submit a written complaint about how we handle your Personal Information to our Privacy
Officer via the details below. If you are not satisfied with our handling of your complaint or we have not
replied to you within a reasonable period of time, then you are entitled to make a complaint to the Office
of the Australian Information Commissioner or, if you are in the EU, a data protection authority or
supervisory authority.

9. Amendments
We reserve the right to amend this Privacy Policy from time to time as we see fit. While we endeavour
to notify you as soon as reasonably possible of any changes to our Policies by email or by a notice on
our Services, it is your responsibility to keep up to date with any changes or amendments by checking
this page prior to using our Services. This page contains our most accurate and up to date version of
our Privacy Policy.

10. Contact us
All requests for access or corrections to your Personal Information and complaints should be directed
to our Privacy Officer. If submitting a complaint, please provide our Privacy Officer with full details of
your complaint and any supporting documentation:
(a) by contact form at https://www.nurseschoice.com.au/about/; or
(b) by letter to The Privacy Officer, PO Box 351, Bungendore, NSW 2621.
If you are not satisfied with our handling of your complaint or we have not replied to you within a
reasonable period of time, then you are entitled to make a complaint to the Office of the Australian
Information Commissioner.

11. Application of GDPR
For the purpose of clarity, data processing of individuals in the European Union (EU) is carried on only
occasionally and as such, no EU representative has been designated, however the General Data
Protection Regulation (GDPR) (EU) 2016/679 may apply to you if you are resident of, reside in or are
located in the EU.
If the GDPR applies, in this Privacy Policy, “Personal Information” shall also include the definition of
“Personal Data” under the GDPR and terms that are defined in the GDPR shall be defined in this Privacy
Policy in accordance with the GDPR.
If the GDPR applies, this paragraph applies in addition to the above paragraphs to the extent that we
are acting as a “Data Controller” with respect to your Personal Information.

11.1.Consent and right to withdraw consent
By clicking accept to this Privacy Policy or otherwise notifying us of your acceptance of this Privacy
Policy, you agree that you are providing express, freely given consent to us processing your Personal
Information for the purposes outlined above and that we may lawfully process your Personal Information
on the basis of this consent.
To the extent that our legal basis for processing your Personal Information is consent, you have a right
to withdraw consent to the collection of your Personal Information at any time by sending us a written
request to do so via the contact details above.

11.2.Legal Basis
Our legal bases for collecting and processing your Personal Information for the purposes listed above
may be:
(a) your express consent;
(b) for our legitimate interests in providing information about the Services to you or providing the
Services to you and improving and developing the Services; and/or
(c) in order to perform a contract (whether verbal or written) for you in order to provide paid Services
to you.

11.3.Your rights
We have summarised your rights under the GDPR, but please note that not all of the details of your
rights have been included in these summaries. Please ensure to read the relevant laws and guidelines
for a full explanation of these rights.
You may exercise these rights by contacting us to notify us of the rectification or provide information to
complete your Personal Information.
(a) Right of access
You have a right to obtain confirmation as to whether or not your Personal Information is being
processed and, if so, you may request access to that Personal Information and further information
including the purposes of the processing, the categories of Personal Information concerned and
the recipients of the Personal Information. The first copy of such information will be provided free
of charge, but additional copies may be subject to a reasonable fee.
(b) Right of rectification
You have the right to obtain the rectification of inaccurate Personal Information concerning you and
you have the right to have incomplete Personal Information completed.
(c) Right to erasure
You have the right to obtain the erasure of your Personal Information without undue delay if:
(i) the Personal Information is no longer necessary in relation to the purposes for which they
were collected or otherwise processed;
(ii) you withdraw consent to consent-based processing;
(iii) you object to the processing under certain rules of the GDPR; or
(iv) the Personal Information has been unlawfully processed.
However, there are exclusions of the right to erasure such as where processing is necessary to
exercise the right of freedom of expression and information, for compliance with a legal obligation,
for reasons of public interest, or for the establishment, exercise or defence of legal claims.
(d) Right to restriction of processing
You have the right to restrict the processing of your Personal Information if:
(i) you contest the accuracy of the Personal Information;
(ii) processing is unlawful but you oppose erasure;
(iii) we no longer need the Personal Information for the purposes of our processing, but you
require Personal Information for the establishment, exercise or defence of legal claims; or
(iv) you have objected to processing, pending the verification of that objection.
Where processing has been restricted on this basis, we may continue to store your Personal
Information, however we will only process it with your consent, for the establishment, exercise or
defence of legal claims, for the protection of the rights of another natural or legal person, or for
reasons of important public interest.
(e) Right to data portability To the extent where your Personal Information has been provided based on consent, under a
contract, or where processing is carried out by automated means, you have a right to receive
Personal Information concerning you in a structured, commonly used and machine-readable format
and you have a right to transmit that data to a Data Controller, except where this would adversely
affect the rights and freedoms of others.
(f) Right to object
You have the right to object to our processing of your Personal Information for direct marketing
purposes. If you make such an objection, we will cease to process your Personal Information for
this purpose.

12. Application of CCPA
If you are a California resident, there are some additional rights that may be available to you under the
CCPA. Please email us at nurseschoice@outlook.com to request that we:
• disclose certain information to you about the collection, use, and disclosure of your personal
information over the past 12 months and to request access to such information; and
• delete any of your personal information that it has collected from you and retained;
• not sell your personal information.
When you make a request, we may require you to provide further information to assist in verifying your
request including your first and last name, email address, telephone number or address. We will only
use the information received in a request for the purposes of responding to the request.
We will not discriminate against you for exercising any of your rights under the CCPA including by:
• withholding our goods or services;
• charging you different prices or rates for goods or services; or
• providing you with differing quality of goods or services.
We are not required to respond to your request for access to personal information more than twice in a
twelve (12) month period.