Data Protection
Identity of the Controller and Contact Details
Meds2Australia is the data controller responsible for the personal information processed in connection with our services. Owner and Controller: Arlyn Ackerman, Bahnhofstraße 7, 5201 Seekirchen am Wallersee, Austria. Contact email: [email protected].
For privacy inquiries or to exercise your rights, please contact our Privacy Officer via the above email or postal address.
Scope and Governing Framework
This notice applies to personal information collected and processed by Meds2Australia in connection with our website, communications, and related services. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Where we process personal data of individuals located in the European Economic Area (EEA) or the United Kingdom, we also comply with the EU/EEA GDPR and the UK GDPR, as applicable.
Categories of Personal Information We Collect
Information You Provide to Us
- Identification and contact details (e.g., name, email address, phone number).
- Account details (e.g., username, preferences).
- Inquiry details and correspondence (e.g., questions about medicines, price alerts).
- Optional health-related information you choose to share to receive tailored guidance (e.g., conditions, medicines of interest). This may be sensitive information.
Information We Collect Automatically
- Device and usage information (e.g., IP address, browser type, pages visited, timestamps).
- Cookies and similar technologies for essential site functionality, analytics, and preference management.
Information from Third Parties
- Pharmacies and licensed healthcare partners, where you authorize sharing, regarding order status or fulfillment eligibility.
- Publicly available sources and service providers (e.g., anti-fraud, security).
Sensitive Information and Health Data
We avoid collecting health information unless you explicitly provide it (for example, to request medicine comparisons or guidance). Under Australian law this is sensitive information; under GDPR it is special category data. We process such data only with your explicit consent or as otherwise permitted by applicable law.
Purposes and Legal Bases for Processing
- Service delivery and site operations (e.g., responding to queries, providing medicine comparisons and guides). Legal bases: APP 3/6 (collection and use), GDPR Art. 6(1)(b) contract or Art. 6(1)(f) legitimate interests; where health data is involved, GDPR Art. 9(2)(a) explicit consent.
- Communications, support, and account administration. Legal bases: APPs, GDPR Art. 6(1)(b)/(f); consent where required.
- Personalisation and preferences (e.g., saved searches, price alerts). Legal bases: APPs, GDPR Art. 6(1)(f); consent where required (e.g., cookies).
- Safety, security, fraud prevention, and misuse detection. Legal bases: APPs, GDPR Art. 6(1)(f).
- Regulatory compliance and legal obligations (e.g., record-keeping, responding to lawful requests). Legal bases: APP 6, GDPR Art. 6(1)(c).
- Marketing communications about our content and services, where permitted. Legal bases: APP 7 and consent/opt-out rules; GDPR Art. 6(1)(a) consent or Art. 6(1)(f) legitimate interests with the right to object. You may opt out at any time.
Sharing and Disclosure
- Licensed pharmacies, telehealth providers, and fulfillment partners: Only with your direction or consent, to facilitate quotes, eligibility checks, or fulfillment through licensed channels. These parties operate under their own legal and professional obligations.
- Service providers and processors: Hosting, analytics, security, communications, customer support, and IT. We require appropriate contractual safeguards.
- Professional advisers, auditors, and insurers: For governance and compliance purposes.
- Authorities and regulators: Where required by law or necessary to protect rights, safety, or the integrity of our services.
- Business reorganization: In connection with a merger, acquisition, or asset transfer, subject to confidentiality and applicable law.
Meds2Australia does not sell personal information. We do not dispense medicines and do not store prescription records; any dispensing records are maintained by the licensed pharmacies you choose to engage.
Cross-Border Data Transfers
We may process and store information in Australia, the EEA, the UK, the United States, and other jurisdictions where our service providers operate. For transfers from Australia, we take reasonable steps to ensure overseas recipients will protect your information consistently with the APPs. For transfers from the EEA/UK, we rely on appropriate safeguards, such as European Commission Standard Contractual Clauses (and UK-approved equivalents) and supplementary measures where needed.
Cookies and Similar Technologies
We use essential cookies for site functionality, as well as optional analytics and preference cookies. Where required, we seek your consent for non-essential cookies. You can manage your cookie preferences through your browser settings and, where offered, our on-site controls. Disabling certain cookies may affect site performance.
Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this notice, to comply with legal obligations, to resolve disputes, and to enforce agreements. Typical retention periods include:
- Account and communication records: up to 7 years after last interaction, unless a longer period is required by law.
- Consent records and preferences: for the life of the consent and a reasonable period thereafter.
- Analytics data: typically 26 months, unless aggregated or anonymised sooner.
We may anonymise data for statistical purposes; anonymised data is not subject to this notice.
Security Measures
We implement administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit, network monitoring, and staff confidentiality obligations. No method of transmission or storage is entirely secure; we continuously assess and improve our safeguards.
Your Rights
Australian Privacy Rights (APPs)
- Access: You may request access to personal information we hold about you.
- Correction: You may request corrections where information is inaccurate, out of date, incomplete, irrelevant, or misleading.
- Anonymity and pseudonymity: Where lawful and practicable, you may interact with us anonymously or under a pseudonym.
EU/UK GDPR Rights (where applicable)
- Access, rectification, and erasure (right to be forgotten).
- Restriction and objection to processing, including objection to direct marketing.
- Data portability.
- Withdrawal of consent at any time, without affecting the lawfulness of processing before withdrawal.
- Right not to be subject to decisions based solely on automated processing producing legal or similarly significant effects.
How to Exercise Your Rights
To exercise your rights, contact us at [email protected]. We may need to verify your identity. We will respond within timeframes required by applicable law.
Children’s Privacy
Our services are intended for adults. We do not knowingly collect personal information from children under 16 years of age without appropriate consent. If you believe a child has provided us personal information, please contact us so we can take appropriate action.
Automated Decision-Making and Profiling
We do not engage in automated decision-making that produces legal or similarly significant effects about you. We may use limited profiling for analytics and content personalisation, subject to your consent where required and your right to object.
Complaints and Dispute Resolution
If you have a privacy complaint, please contact us first at [email protected]. We will investigate and respond promptly. If you are not satisfied, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). If GDPR applies to you, you also have the right to lodge a complaint with a supervisory authority in your habitual residence, place of work, or place of the alleged infringement.
Changes to This Notice
We may update this notice to reflect operational, legal, or regulatory changes. Material changes will be communicated through our website or direct notice where appropriate. The “Last updated” date indicates the effective date of the current version.
Last Updated
25 September 2025