SDI Limited

ABN: 27 008 075 581
Privacy Policy

This Privacy Policy sets out how SDI Limited manages personal information in Australia.
For a brief summary refer to this Privacy Notice, which is at the end of this Policy.

1 Purpose

1.1 Why this Privacy Policy (“Policy”) exists

1.1.1 This Policy helps:

  • ensure that SDI Limited (“SDI”) manages personal information in an open and transparent way
  • protect the personal information of individuals who have dealings with SDI e.g.
    • current or prospective:
      – customers, including distributors, dealers and dentists
      – vendors, including suppliers of goods and services, or
      – investors
    • job applicants, and
  • summarise SDI’s management of personal information and the processes SDI has in place to help ensure compliance with the Australian Privacy Principles (“APPs”).

1.2 What this Policy covers

This Policy covers the following areas:

  • it summarises SDI’s management of personal information (Sect. 3 below) for the benefit of:
    • SDI’s employees and officers, and
    • the individuals whose personal information SDI collects, holds, uses and discloses, and
  • it sets out the requirements applicable to SDI’s employees, officers and Privacy Officer (Sect. 4).

In this Policy, references to “handles” refers to personal information SDI collects, holds, uses and/or discloses.

2 Applicability

2.1 Who this Policy applies to

  • This Policy applies to all SDI’s employees and officers.
    • Employees includes employees who are permanent, part-time, fixed term or temporary, interns, secondees or managers.
    • Officers includes directors and company secretaries.

Refer to Sect. 4 for the requirements applicable to SDI’s employees and officers, including SDI’s Privacy Officer.

    • This Policy is also relevant to individuals who need to be informed about, or who have dealings with SDI and wish to understand, how SDI manages the personal information it handles (Sect. 3).

3 SDI’s management of personal information

3.1 How does SDI manage the personal information it handles?

3.1.1 Background

SDI:

  • manufactures specialist dental products in Victoria, Australia, and
  • markets and sells its products in over 100 countries globally via third-party distributors and dealers around the world.

3.1.2 Personal information

3.1.2.1 Definition of “personal information”

In Australia, “personal information” is defined very broadly to mean information or an opinion about:

  • an identified individual – i.e. not about a company, trust etc – or
  • an individual who is reasonably identifiable – e.g. releasing a photo of a person would be personal information, as they would be identifiable from the photo.

For example, the following information would be personal information – an individual’s:

  • name, address (including physical and email), phone number
  • medical history
  • work history
  • qualifications
  • photograph etc.

3.1.2.2 Individuals acting for companies

Although information about a company is not personal information, information about individuals acting for a company – e.g. a sales manager acting for an SDI supplier – is personal information.

3.1.2.3 De-identified information

De-identified information – e.g. information that has an individual’s name, address etc blacked out – is not personal information. De-identified information is information that is not about an identifiable individual or an individual who is reasonably identifiable.

3.1.2.4 Sensitive information

In Australia, “sensitive information” – which is a subset of “personal information” – receives greater protection under privacy law.
“Sensitive information” means:

  • information or an opinion about an individual’s:
    • racial or ethnic origin
    • political opinions
    • membership of a political association
    • religious beliefs or affiliations
    • philosophical beliefs
    • membership of a professional or trade association
    • membership of a trade union
    • sexual orientation or practices, or
    • criminal record
  • health information about an individual
  • genetic information
  • biometric information that is to be used for the purpose of automated biometric verification or biometric identification, or
  • biometric templates.

An example of “sensitive information” includes the results of medical and police checks when directors are being selected/appointed.

When in doubt about whether “personal information” is also “sensitive information”, please consult with the Privacy Officer (their details are set out in Sect. 5.2).

3.1.3 Some overriding principles & requirements

3.1.3.1 Security

The security of the personal information SDI handles is of utmost importance to SDI. Refer to Sect. 3.8.1 for details regarding SDI’s security arrangements.

3.1.3.2 Collecting personal information

  • SDI:
    • must only collect personal information (which includes sensitive information) that is reasonably necessary for SDI’s functions or activities, and
    • must, in the case of sensitive information, only collect the information where the individual has consented to the collection, unless approval is obtained from the Privacy Officer (as certain exceptions might be applicable under the APPs), and
    • must only collect the personal information by lawful and fair means.
  • SDI must strive to collect only minimal personal information to help achieve the above. Also, the above must be achieved in relation to each item of personal information collected.

3.1.3.3 Using or disclosing personal information for a purpose that hasn’t been disclosed

If SDI:

  • collects an individual’s personal information for a particular purpose (refer to Sect. 3.5 for the purposes for which SDI collects personal information), and
  • SDI wishes to use or disclose the information for another purpose

then:

  • the individual must consent to the information being used for the other purpose (unless certain exceptions apply) and
  • the Privacy Officer must approve, and
  • SDI must keep a record of any consent.

3.1.3.4 Limiting access to personal information

SDI seeks to limit the SDI employees, contractors and officers who have access to personal information. Access is generally given to those who need to use the personal information in the course of their responsibilities.

3.1.3.5 Linking information

SDI does not link personal information across its subsidiaries unless the individual would expect it or, in the case of sensitive information, the individual has consented to this and the Privacy Officer has approved.

3.1.3.6 Selling information

SDI will never sell personal information about individuals to anyone else.

3.1.3.7 Using personal information for marketing purposes

SDI must comply with the Spam Act in relation to unsolicited electronic messages, and the Do Not Call Register Act in relation to unsolicited telemarketing calls.

In other situations not covered by the Spam Act or the Do Not Call Register Act – e.g. marketing materials sent by post – SDI must comply with privacy law. As a general rule, under privacy law, personal information of an individual collected by SDI cannot be used for marketing purposes unless:

  • the individual would reasonably expect SDI to use or disclose their information for that purpose e.g. if the marketing purpose is disclosed within Sect. 3.5 (which it is), and
  • SDI provides a simple means whereby the individual can opt out of receiving marketing communications from SDI, and
  • the individual hasn’t made a request to opt out.

Under privacy law, there are other rules that apply in other situations – e.g. in the case of sensitive information collected by SDI, or where an individual’s personal information is collected by SDI from someone other than the individual.

For details regarding the above requirements, please contact SDI’s Privacy Officer (their details are in Sect. 5.2).

3.1.3.8 Maintaining the quality of personal information

SDI is obliged to take reasonable steps to ensure the personal information it handles is accurate, up-to-date and complete. The personal information SDI uses or discloses also needs to be relevant. For example, SDI may ask individuals to confirm the accuracy of their personal information when contacting SDI.

3.1.3.9 Disclosure overseas

SDI will only disclose an individual’s personal information to organisations overseas in limited circumstances – refer Sect. 3.6.

3.1.3.10 Government identifiers

SDI does not use government identifiers – e.g. Medicare numbers or driver’s licence numbers – to help identify, within SDI’s records, individuals that SDI deals with (except in circumstances approved by the Privacy Officer pursuant to exceptions in the APPs).

3.1.3.11 Personal information that is no longer needed

If SDI holds personal information about an individual and SDI:

  • no longer needs the information for any purpose for which it may be used or disclosed, and
  • is not required by Australian law to retain it,

SDI must take reasonable steps, and proactively plan, to destroy such information or to ensure such information is de-identified.

3.2 Information flows associated with the personal information SDI handles

3.2.1 SDI has assessed the information flows associated with the personal information SDI handles for its functions and activities to ensure this handling complies with the APPs.

3.2.2 In particular, SDI has assessed the following:

  • Collection
    The personal information SDI collects in connection with its main functions and activities e.g. manufacturing, sales, marketing, human resources, IT, company secretarial etc. Refer to Sect. 3.3 for details regarding what types of individuals SDI collects personal information from and why.
  • Holding
    How SDI holds the personal information of individuals and seeks to keep that information secure, including information that SDI doesn’t physically hold but controls. Refer to Sect. 3.8.1 for details regarding the security of personal information.
  • Use
    How SDI uses the personal information of individuals, to help ensure that use accords with the purposes for collecting the information. Refer to Sect. 3.5 for details regarding these purposes.
  • Disclosure
    In what circumstances SDI discloses the personal information of individuals. Refer to Sect. 3.5 for these details.

3.3 What types of individuals does SDI collect personal information from and why?

  • SDI collects and holds personal information regarding SDI’s:
    • current and prospective customers, vendors and investors, and
    • job applicants,

for the purposes mentioned in Sect 3.5.

  • If SDI didn’t collect this personal information:
    • SDI would not be able to enter into a contractual relationship with the individual e.g. regarding the supply of products to them, their employment or engagement, SDI purchasing their goods or services or them becoming an investor, and
    • SDI may not be able carry out the purposes mentioned in Sect. 3.5.
  • In some instances, SDI may collect personal information unknowingly – for example, within personal emails between individuals and SDI’s staff. Please be aware that such personal information may, also unknowingly, be stored on SDI’s IT systems and backed up by SDI, and third parties, with other business-related information.

3.4 How does SDI collect and hold personal information?

3.4.1 Collection

  • The main way SDI collects personal information is from the individual the information relates to – typically via emails or calls to SDI, meetings with SDI or SDI’s websites. SDI does not currently obtain an individual’s personal information from third parties who sell lists of personal information, but SDI may in the future.
  • It is only in limited circumstances that SDI would collect an individual’s personal information from other sources. For example:
    • from public sources – e.g. internet search engines, an individual’s LinkedIn page or social media – but only for purposes that relate to SDI’s functions and activities
    • from conferences and trade shows
    • from others involved in the individual’s dealings with SDI – for instance:
      – SDI may collect an individual’s personal information from the individual’s work colleagues
      – SDI may collect an individual’s personal information from organisations that have a business arrangement with the individual’s employer e.g. a joint venture partner, agent etc, and
    • in the case of investors, from SDI’s Share Registry for the purposes of communicating with them in relation to their shareholdings.

3.4.2 Holding

  • SDI holds most personal information in an electronic format – e.g. within emails, electronic documents, applications, CRM, ERP – which is stored in computers on SDI’s premises and offsite by third-party data storage services.
  • Personal information regarding SDI’s individual shareholders is kept by SDI’s Share Registrar and Investor Relations adviser. SDI’s directors and senior staff have access to this information.
  • SDI also stores personal information in a physical format – e.g. within physical files and documents.

3.5 What are the purposes for which SDI handles personal information?

SDI collects, holds, uses and discloses personal information of individuals for the following purposes:
Individuals with current dealings with SDI

  • In the case of all individuals SDI currently has ongoing dealings with e.g. if the individual is a current customer, vendor or investor:
    • to fulfil SDI’s contractual and legislative obligations and help satisfy the reason why personal information has been given to SDI e.g.:
      – to sell and deliver SDI’s goods to customers
      – to engage, manage and assess vendors
      – to make payment and enable any tax withholding
      – for communication
      – to respond to queries and requests
      – to manage their dealings with SDI
      – for record keeping
      – for internal reporting, etc
    • to promote SDI or SDI’s products or services
    • to maintain and improve SDI’s relationship with the individual e.g. to improve their experience when visiting SDI’s websites, to record their details, when SDI needs to use vendors or contractors in relation to the individual, etc
    • for the purposes of SDI’s dealings with individuals who are students of or employed by organisations with whom SDI might be conducting joint research or research exploration e.g. universities and other educational institutions
    • in relation to the individual’s attendance at SDI conferences, trade shows, meetings or other events
    • in relation to current shareholders, their personal information may be included within reports from SDI’s Share Registrar
    • to comply with regulatory requirements, such as:
      – maintaining a record of queries, complaints, adverse events and recalls relating to SDI’s products
      – ASX listing rules e.g. regarding the reporting of SDI’s top 20 shareholders.
  • In relation to current customers:
    • to receive payment from them using their credit card details (refer to Sect. 3.8.1.2 for further details)
    • to conduct surveys, product evaluation and research, and
    • to contact them, work with them and disclose their details to others regarding product trials, investigations or training.
  • Regarding current customers and vendors in connection with possible adverse events involving SDI’s dental devices, customer complaints or feedback:
    • to convey details to relevant employees, contractors and officers within SDI
    • to contact them should SDI require information on adverse events, complaints or other feedback, and
    • where necessary, to send adverse events reports to regulators.

Individuals who may have dealings with SDI in the future

  • If the individual is a prospective customer, vendor or investor or a job applicant:
    • to communicate with them, respond to their queries and requests, manage their dealings with SDI and help satisfy the reason why they have given personal information to SDI
    • to help decide whether to enter into a contract with them e.g. background checks regarding job applicants or vendors,
    • in the case of job applicants, to conduct pre-employment health checks, and
    • in the case of prospective investors, to disclose their personal information to SDI’s Investor Relations adviser.
  • Regarding prospective customers, personal information collected by SDI may be shared with an SDI subsidiary to help achieve the individual’s purpose in providing their personal information to SDI – e.g. if the individual has a query regarding the sale of an SDI product overseas.
  • Regarding prospective customers and vendors, SDI may use the individual’s personal information to send promotional material to the individual regarding SDI or SDI’s products and services.

Regarding current and prospective customers

  • Personal information may be used for SDI’s business purposes, including responding to
    queries, promoting SDI and its products and services (using a variety of approaches), and assessing their suitability for SDI’s products.
  • Personal information held within SDI’s CRM software – which includes the personal information of current and prospective customers situated in Australia and overseas – may be viewed by senior SDI employees and officers.

Generally regarding all the above individuals

  • To:
    • give effect to any requirements imposed or authorised by law – e.g. to record an individual’s vaccination status, and
    • allow movement into, out of and around SDI’s premises, which:
      – may involve disclosing the information to the third party whose application SDI uses, and
      – may include sensitive information e.g. temperature scanners upon entry to SDI’s premises.
  • For:
    • security reasons, and
    • for IT purposes e.g. backups.
  • Where SDI is required or permitted to:
    • by law, or
    • by a court or tribunal, include any proceedings before a court or tribunal.
  • Where it is reasonably necessary for SDI’s functions or activities e.g.:
    • in relation to SDI surveys or research
    • in relation to dealings with the above individuals SDI may involve the disclosure of their personal information to other individuals – e.g. including agents, advisors, contractors, subcontractors etc e.g. IT contractors, web-developers – and the personal information of these other individuals may also be collected
    • to communicate with individuals via social media websites and applications e.g. Facebook, Instagram, Twitter, LinkedIn
    • photographs and other personal information may be collected by SDI of current and prospective customers and other individuals at SDI’s seminars/events or trade shows for inclusion in SDI’s social media or other external or internal reporting
    • photographs of SDI’s officers may be used in SDI’s promotional material, including other documentation that SDI prepares e.g. SDI’s financial reports to regulators, SDI’s social media or other reporting
    • SDI’s, and its staff’s, phone records and bills may record an individual’s phone number and other personal information.
  • Regarding individuals who use SDI’s websites and accept cookies on those websites (noting that most internet browsers allow individuals to choose whether to accept cookies or not):
    • information may be collected and used by SDI to improve the individual’s website experience
    • information will be collected using website analytics from a third party, forwarded to the third party overseas, which will be used by the third party to create reports for SDI about its website activities and to send the individuals promotional materials.
  • SDI may disclose personal information to SDI’s professional advisers, including SDI’s accountants, auditors, lawyers and investor relations adviser.
  • If the individuals have dealings with SDI which have ended, SDI may continue to hold personal information to enable SDI to use that information if:
    • a dispute or query arises e.g. regarding warranty claims
    • the relationship may recommence in the future, or
    • in the case of past customers, SDI wishes to send promotional material to the individual regarding SDI or SDI’s products or services (note that individuals always have a right to unsubscribe).

3.6 Overseas recipients

3.6.1 When is personal information disclosed to an overseas recipient?

  • Although the circumstances are limited, it is not unusual for SDI to disclose personal information to an overseas recipient – i.e. a recipient of personal information who is not in Australia. For example:
    where SDI:

    • collects personal information in Melbourne e.g. relating to an overseas request to supply goods or provide information, or an overseas research project, and
    • sends that information overseas e.g. to an SDI subsidiary and its staff (e.g. sales representatives), a research organisation, an IT contractor etc,
      in connection with SDI’s functions or activities e.g. manufacturing, marketing and/or selling SDI’s products and services, R&D, IT etc
  • to a third party providing website analytics, as mentioned in Sect. 3.5, and
  • much of SDI’s electronic data, including personal information, which is stored overseas at a data centre.

3.6.2 In which countries are these overseas recipients located?

In relation to the overseas recipients mentioned in Sect. 3.6.1:

  • the SDI subsidiaries are located in Germany, UK, USA and Brazil, and the staff of these subsidiaries (e.g. sales representatives) are located in these countries and other countries e.g. France, Spain and other countries in Europe
  • the third-party is located in North America, and
  • the data centre is located in North America.

3.6.3 Compliance with the APPs

SDI takes such steps as a reasonable to ensure that the overseas recipients mentioned in Sect. 3.6.1 do not breach the Australian Privacy Principles.

3.7 Access, correction, complaints and other rights

3.7.1 How can personal information be accessed and/or corrected?

3.7.1.1 An individual has the right to:

  • request access to, or
  • request the correction of
    personal information about them that is held by SDI by contacting the Privacy Officer. The Privacy Officer’s contact details are set out in Sect. 5.2.

3.7.1.2 Regarding requests for access, the Privacy Officer will:

  • respond to request within a reasonable time
  • give access in the manner requested by the individual if it is reasonable and practicable to do so, and
  • act in accordance with the APPs, which also set out situations where access can be refused and what SDI needs to do if it refuses access.

3.7.1.3 Regarding requests for correction, the Privacy Officer will:

  • respond to the request within a reasonable time
  • take such steps (if any) as are reasonable in the circumstances to correct the information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading, and
  • act in accordance with the APPs, which also set out what SDI needs to do if it refuses a correction or if SDI refuses to include with the information a note relating to the individual’s concerns.

3.7.2 Complaints

3.7.2.1 How can an individual complain about a breach of the APPs etc?

If an individual has an inquiry or complaint relating to this Policy, the application of this Policy or SDI’s compliance with the APPs, the individual should contact the Privacy Officer in writing. The Privacy Officer’s contact details are set out in Sect. 5.2.

3.7.2.2 How does SDI deal with inquiries and complaints?

The Privacy Officer will deal with the inquiry or complaint within a reasonable time.

3.7.3 Other rights

Anonymity and pseudonymity

Individuals, in all their dealings with SDI, have the option of not identifying themselves or of using a pseudonym unless:

  • it is impracticable for SDI e.g. if SDI needs to employ the individual or contract with them, or
  • SDI is required or authorised by an Australian law, or a court or tribunal, to deal with identified individuals.

3.8 Other information

3.8.1 Security

3.8.1.1 Security measures

SDI takes reasonable steps to protect personal information:

  • from misuse, interference and loss, and
  • from unauthorised access, modification or disclosure.

For example:

  • security procedures regarding accessing SDI’s premises and within its premises
  • IT security procedures e.g. passwords, authentication protocols, firewalls and limiting/monitoring staff access to data
  • security procedures regarding the use of customer credit card details, regarding both online and other transactions (e.g. via phone or email)
  • procedures to help ensure personal information in a physical format – e.g. within files or documents – is stored securely
  • confidentiality rules which bind SDI’s employees, contractors and officers.

In addition, SDI strives to ensure that:

  • the above security measures are continually improved in accordance with technological developments, and
  • where third parties hold personal information, their security measures are appropriate.

Although SDI has appropriate security measures in relation to the transfer of personal information to SDI via the “Contact Us” and “Subscribe” sections of SDI’s websites or via email, the risk of unauthorised access to that information by a third party cannot be excluded.

3.8.1.2 Credit card information

    1.  On-line transactions

In relation to credit card transactions effected via SDI’s websites:

  • SDI complies with the Payment Card Industry Data Security Standard in relation to credit card information.
  • When credit card details are collected from the payments page on SDI’s websites, that information is encrypted and passed on to a third-party processor for secure payment. The third-party processor is an authorised third-party processor for major Australian and International banks.
  • SDI can only see a portion of these credit card numbers i.e. SDI views a truncated credit card number, not the full number.
    1. Other transactions
      A small number of SDI customers provide their credit card numbers when making purchases, for manual processing by SDI. SDI has security procedures in place in relation to this manual processing.

3.8.2 Links to third-party websites

SDI’s websites include applications made available by third parties – e.g. links to social media applications such as Facebook, Instagram, Twitter, LinkedIn – which may collect personal information.
Even though individuals may access or interact with these third-party applications via SDI’s websites, SDI has no control over those third-party applications and is not responsible for how they manage the individual’s personal information, including how they keep personal information secure.
Individuals should visit the third-party’s website to obtain information regarding the third-party’s privacy practices and the individual’s rights.

3.8.3 Tax File Numbers

  • SDI handles tax file numbers (“TFNs”) in relation to its employees.
  • In addition to being bound by the APPs in relation to these TFNs, SDI must also comply with rules issued by the Office of Australian Information Commissioner in relation to TFNs that relate to individuals.

4 Requirements applicable to SDI’s employees & officers

4.1 When this Policy applies

  • This Policy applies at all times.

4.2 How to comply

4.2.1 Employees & officers

41.2.1.1 SDI’s management of personal information

SDI’s employees and officers must read Sects. 3.1 to 3.8 for information regarding SDI’s management of the personal information it handles.

4.2.1.2 Overriding principles

SDI’s employees and officers must comply with the overriding principles in Sects. 3.1.3.1 to 3.1.3.11 relating to:

  • security
  • collecting personal information, including sensitive information
  • using or disclosing personal information for a purpose that hasn’t been disclosed
  • limiting access to personal information
  • linking information
  • selling information
  • using personal information for marketing purposes
  • maintaining the quality of personal information
  • disclosure overseas
  • Government identifiers, and
  • personal information that is no longer needed.

4.2.1.3 Reasons to contact SDI’s Privacy Officer

Data breaches

    • SDI’s employees and officers must contact the Privacy Officer (whose contact details are in Sect. 5.2) immediately if:
      • there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that SDI holds
      • this is likely to result in serious harm to one or more individuals, and
      • SDI hasn’t been able to prevent the likely risk of serious harm with remedial action.

Other reasons

SDI’s employees and officers must contact the Privacy Officer as soon as possible if:

    • personal information about an individual is collected from someone other than the relevant individual e.g. from conference or trade show organisers
    • personal information is not collected by lawful and fair means
    • personal information is received by SDI without it being solicited by SDI
    • personal information is, or is intended to be, collected, held, used or disclosed by SDI for purposes other than those mentioned in Sect. 3.5
    • their department intends to collect new types of personal information, including sensitive information – e.g. asking visitors for their vaccination status
    • they wish to develop any process or documentation that involves the collection, holding, use or disclosure of personal information
    • they become aware of personal information being disclosed overseas in additional circumstances to the examples mentioned in Sect. 3.6
    • SDI is advised of the need to disclose personal information outside SDI pursuant to an Australian law, a court/tribunal or another reason
    • they become aware of a privacy issue or any breach, or potential breach, of this Policy, or
    • they have any privacy-related queries or requests.

SDI’s employees and officers should contact the Privacy Officer or Company Secretary (whose contact details are in Sect. 5.2) if they have any questions regarding the content or application of this Policy.

4.2.1.4 Projects and changes to processes

If there is:

  • an SDI project, new or existing, or
  • a change to SDI’s existing processes
    that may involve a change to how SDI collects, holds, uses or discloses personal information, the employee or officer with overall responsibility for the project or process must:
  • complete a privacy impact assessment to assess the negative and positive privacy impacts and obtain documentation from the Privacy Officer for the purposes of this assessment, and
  • forward the completed privacy impact assessment and other answers to the Privacy Officer.

4.2.2 SDI’s Privacy Officer

SDI’s Privacy Officer must:

  • comply with all this Policy
  • strive to ensure SDI has the processes and procedures to comply with this Policy
  •  ensure that documents provided to, or signed by, individuals – e.g. visitors to SDI’s premises – obtain the agreement of the individual to SDI’s Privacy Policy, and
  • ensure this Policy is brought to the attention of existing and new SDI employees and officers, and
  • coordinate the monitoring, review and other actions referred to in Sect. 7.1.

5 Help

5.1 If anyone has any questions regarding the content or application of this Policy, please contact either:

  • SDI’s Privacy Officer, or
  • SDI’s Company Secretary.

5.2 The contact details of SDI’s Privacy Officer or Company Secretary are as follows:

  • Email: privacy@sdi.com.au
  • Address: 3-15 Brunsdon Street, Bayswater, Victoria 3153
  • Phone: +61 3 8727 7111

6 Authorisation

6.1 This Policy has been approved by SDI’s Board and SDI’s Board has authorised the release of this Policy to SDI’s employees and officers by email and by including it on SDI’s website.

6.2 Any amendments to this Policy must be authorised by SDI’s Board.

7 Monitoring & review

7.1 SDI will:

  • periodically review the contents of this Policy, rectify any issues in a timely way and publish any revised policy on SDI’s website, and
  • monitor the effectiveness of this Policy and implement improvements where appropriate.

Privacy Notice

SDI Limited (“SDI”) may collect personal information about you. SDI’s contact details are set out at the end of this Privacy Notice.

Collection of personal information

The main way SDI collects your personal information is from you directly – typically via emails, phone calls, meetings or SDI’s websites.

SDI may, in limited circumstances, collect your personal information from someone other than you – for example, from a co-worker, public sources, others involved in your dealings with SDI, conference organisers and from SDI’s Share Registry. For additional details regarding these circumstances, please read SDI’s Privacy Policy.

What are the purposes for which SDI collects your personal information?

SDI collects, holds, uses and discloses your personal information for the following purposes – for additional details regarding these purposes, please read the Privacy Policy:

  • Where you have ongoing dealings with SDI e.g. if you are a current customer, vendor or investor:
    • to fulfil SDI’s contractual and legislative obligations to you
    • to maintain and improve SDI’s relationship with you
    • to help satisfy the reason why personal information has been given to SDI, and
    • to comply with regulatory requirements, such as maintaining a record of queries, complaints, adverse events and recalls relating to SDI’s products.
  • If you are an individual who wishes to have future dealings with SDI – e.g. if you are a prospective customer, vendor or investor or a job applicant – to help satisfy the reason why you have given personal information to SDI and help decide whether to enter into a contract with you.
  • Generally regarding all the above individuals: where SDI is required or permitted to by law; where it is reasonably necessary for SDI’s functions or activities e.g. for security reasons; to maintain and improve your website experience if you are a user of SDI’s websites; and to promote SDI or SDI’s products or services.
  • If you are a current customer or vendor, in connection with: receiving payment from you; surveys, product evaluation and research; dental device trials, investigations and training; adverse events involving SDI’s dental devices; and customer complaints or feedback.
  • If you are a current or prospective customer to: promote SDI and its products and services; assess product/service suitability; and help you achieve your purpose vis-à-vis SDI.

SDI may be required or authorised to collect your personal information under a Commonwealth, State or Territory law or regulation – for example:

  • Therapeutic Goods Act 1989 and its Regulations
  • Therapeutic Goods (Medical Devices) Regulations 2002
  • The Income Tax Assessment Act 1936
  • The Corporations Act 2001 and its Regulations

What are the consequences if personal information is not collected from you?

If SDI doesn’t collect your personal information:

  • SDI will not be able to enter into a contractual relationship with you, and
  • SDI may not be able to carry out the purposes mentioned above and in the Privacy Policy.

You have the option of not identifying yourself when dealing with SDI, but it would not be possible to enter into a contract with SDI and remain anonymous.

Disclosure of personal information to other organisations

SDI may disclose your personal information to organisations outside SDI – for example:

  • for the purposes of SDI supplying goods and services to you
  • for storage, backup and security purposes
  • to comply with regulatory reporting requirements e.g. tax reporting, adverse events reporting
  • to perform background checks regarding job applicants or vendors
  • to enable any tax withholding, and
  • generally to satisfy the purposes mentioned in the Privacy Policy.

SDI may disclose personal information to overseas recipients in limited circumstances. These circumstances, and the countries where these overseas recipients might be located, are disclosed in the Privacy Policy.

Access to and correction of personal information and complaints

SDI’s Privacy Policy contains information about:

  • how you may access the personal information SDI holds about you and seek the correction of that information, and
  • how you may complain about a breach of privacy laws and how SDI will deal with such a complaint.

For further details regarding SDI’s collection, holding, use, disclosure and management of personal information, please read the Privacy Policy.

SDI’s contact details
Privacy Officer
Email: privacy@sdi.com.au
Address: 3-15 Brunsdon Street, Bayswater, Victoria 3153
Phone: +61 3 8727 7111

June 2023