Privacy policy

 
 

Privacy Policy

MM Pharmacy Pty Ltd (ACN 654 224 898) trading as The Pharmacy Common (TPC) is committed to protecting your privacy. TPC is bound by the Privacy Act 1988 (Cth) (Privacy Act) and the incorporated Australian Privacy Principles (APPs).

This Privacy Policy explains how TPC generally handles your personal information. We will also provide more specific information relating to particular products or services in our privacy collection notices.

In this Privacy Policy:

  • Related Companies” refers to all related companies, including subsidiaries of TPC.

  • TPC”, “our”, “we” and “us” refers to MM Pharmacy trading as The Pharmacy Common (ACN 654 224 898), and

  • You’ and ’your’ refers to anyone who provides us with personal information in their interactions with us.

This Privacy Policy was last updated April 2026.

The types of personal information that we collect and hold

The types of personal information that TPC collects about you will ultimately depend on the interactions that we have with you. TPC typically collects some, or all, of the following information:

  • General information about you: your name, title, gender, date of birth.

  • Contact details: address, contact phone number, email address.

  • Employment details.

  • In respect of our online booking system: we may collect your Medicare, NDSS, or DVA information including registration numbers, to facilitate the provision of products and services.

  • Other medical information: including details of products and services purchased by you, or disclosed by you to us, details of medicines and prescriptions including eScripts, your dispensing and medical history, and health services accessed.

  • Payment details: such as credit or debit card number and expiry date.

  • Allergies, and

  • Our interactions with you: including any feedback, complaints, responses to surveys, records of correspondence and interactions with our staff (including in person, online, by telephone, email and via social media).

If you do not wish to provide us with particular information, we may not be able to respond to your query, provide you with our products or services.

Sensitive information: We will only collect sensitive information about you with your consent (unless we are otherwise allowed or required by law to collect that information). Sensitive information includes information about your health, race, ethnic origin and religious beliefs.

How we collect your personal information

How we collect your personal information will depend on our relationship or interactions with you.

  1. Directly from you

We mainly collect your personal information directly from you, including when you use our website (through completion of online or physical forms) or social media, you call or write to us, we interact with you in person, when you access or engage with our products and services or at seminars, events and functions.

  1. Indirectly
    We may also collect your personal information from other sources. For example, we may collect information about you from a publicly available source, social media or from a third party (including service providers and suppliers).

    If you provide us with personal information about other individuals, you are responsible for letting those individuals know that they can find a copy of this Privacy Policy on our website.

  2. Automatically
    Whenever you visit or interact with our website or other online platforms (Platforms), we may use a variety of technologies (including cookies and tracking pixels) that automatically record information about how the Platform is accessed and used.

    Information collected automatically includes:

    • server and IP address (the electronic addresses of computers connected to the Internet)

    • top level domain name accessed (for example .com, .gov, .au)

    • the date and time of your visit to our website or Platforms

    • the duration of your visit to our website or Platforms

    • the webpages you accessed and documents downloaded during your visit

    • the previous website you visited

    • if you have visited our website before, and

    • the type of browser used.

This information is used to identify your generic behavioural patterns, analyse trends, customise and improve user website experience, report statistics, gather broad demographic information, and administer and maintain our website and platforms. Some of this information may constitute personal information where a third-party service provider is able to link it with other data they hold.

Our website is hosted by Squarespace, which processes certain technical visitor data as part of delivering the website. We also use Google Analytics and other media publishers to advertise our products and services online. You can opt out of the collection of information via Google Analytics by downloading the Google Analytics Opt-out browser add on. You can also change the settings in your browser to control how your browser deals with cookies.

However, in doing so, you may limit the functionality of our website and be unable to access certain pages or content on our website.

We use Meta Pixel on our website to measure general website traffic and the reach of our advertising on Facebook and Instagram. Because TPC is classified by Meta as a health and wellness business, Meta automatically applies restrictions to how data received from our website can be used. Under Meta's Business Tools Terms, this restricts Meta from using data received from our website to build health-related advertising audiences or to target individuals based on activity on our site. We have not enabled advanced matching, which means we do not pass identifiable information such as email addresses to Meta through the pixel. The Meta Pixel is not active on our contact form page or our booking page.

TPC will, on occasion, use third-party platforms to deliver services and information to you. These third-party platforms and websites may be hosted and managed by organisations other than TPC. Before deciding if you want to contribute to any third-party website, please familiarise yourself with the relevant privacy collection notice and privacy policy in the first instance.

4.       Through our appointment booking service

Appointments can be booked through our website via MedAdvisor Solutions Pty Ltd (MedAdvisor), a third-party booking platform. MedAdvisor collects your personal information when you submit a booking and operates under its own privacy policy, which we encourage you to review before booking. TPC receives your booking details from MedAdvisor in order to prepare for and deliver your appointment, including the pre-appointment screening process conducted at the pharmacy. Medicare details provided through the booking service are handled in accordance with the Healthcare Identifiers Act 2010 (Cth) and used only for the purpose of providing the booked service.

How we use your personal information

The purposes for which we collect, use and disclose your personal information will depend on the circumstances in which we collect it and what you intend to do using the TPC website and Platforms. Whenever practical, we endeavour to inform you why we are collecting your personal information, how we intend to use that information and to whom we intend to disclose it at the time we collect your personal information.

We collect and use personal information about you for the following purposes:

a)      to verify your identity;

b)     to provide you with the features and functionality of the Platform, including the ability to purchase pharmacy products and services including fulfilling prescription medicines and repeats with your scripts and eScripts, medication reminders, access to health programs and other products and services that may be appropriate or suitable for you and to provide you with an integrated view of your dispensing history;

c)      to assist and enable TPC and other health professionals to provide you with certain pharmacy products and services (e.g. fulfilling prescription medicines and repeats with your scripts and eScripts, medication reminders, and access to health programs and other products and services that may be appropriate or suitable for you);

d)     to provide a more personalised experience from the website and Platforms and to improve our products and services and keep you up to date on such improvements;

e)      to market or promote products and services to you based on your profile or activity;

f)        to administer and manage services, including verification, reporting, charging, billing and collecting fees;

g)      to analyse customer demographics, health, prescriptions, medicine adherence, and purchasing trends so that we can tailor our products and services to you, suppliers and third-party partners;

h)      to improve the quality of our Platforms, social media presence, or community programs;

i)        to respond to you if you have requested information (including via our website or Platforms or via an email or other correspondence you send to us) and to address any issues or complaints that you have regarding our products and services;

j)        to obtain your feedback (directly or through our service providers), to find out your level of satisfaction with our products and services and for other market research activities; and

k)      to contact you regarding any of the above, including via electronic messaging such as SMS, email, and social media, by mail, by phone, by fax or in any other lawful manner.

We will provide an option to unsubscribe or opt-out of any electronic marketing sent to you on our behalf. If you opt-out of receiving marketing material from us, we may still contact you in relation to our ongoing relationship with you.

  • Customer support: to handle your enquiries, requests and complaints, and

  • Research: to conduct market, consumer and other research to improve our products, services, marketing activities and website content.

How we disclose your personal information

We may disclose your personal information to our Related Companies. Where this is the case, our Related Companies are only permitted to use your personal information for the purpose it was collected for, unless an exception applies. We may also disclose your personal information to third parties where necessary to complete a request from you or to perform our activities and functions, including:

  • to financial institutions or payment processing platforms

  • your nominated emergency contact (where applicable)

·       MedAdvisor Solutions Pty Ltd, which provides our appointment booking service, under its own privacy policy

·       our website hosting provider, Squarespace, and analytics and advertising platforms (Google and Meta) through our website tracking technologies

·       our IT managed services provider for the purpose of supporting and maintaining our systems

  • our third-party contractors including:

    • mailing houses, freight and courier services

    • printers and distributors of direct marketing material, and

    • external business advisers.


We may also disclose your personal information to third parties where required or authorised by law.

We do not share your personal information with data resellers, social networks or advertising networks for their own independent commercial purposes without your consent, except where information is transmitted to analytics and advertising platforms through tracking technologies as described above.

We do not give your personal information to other organisations, agencies, or individuals unless you (or your authorised representative) have consented for us to do so, or in our assessment may reasonably expect, that information of the kind provided will be given to a third party as a matter of standard practice.

Where reasonably practical, or where the provision of information to third parties is in our assessment outside the scope of the purposes outlined above, we will provide you with advance notification of, and obtain your informed consent to, the proposed disclosure.

How we hold and secure your personal information

We hold your personal information in a combination of hard copy and electronic files. TPC takes reasonable steps to ensure your personal information is stored securely and protected from loss, unauthorised access, use, modification or disclosure, interference and misuse, regardless of whether that personal information is stored in electronic databases or physical form. These steps include:

  • using applications that prevent unauthorised access or damage to electronically stored information (password-protected systems, multi-factor authentication, firewalls, encryption and anti-virus software as appropriate) and maintaining physical security over physical records.

  • restricting access to your personal information only to personnel who need it to perform their functions.

While TPC endeavours to protect the personal information and privacy of website users, we cannot guarantee the security of any information that you disclose to us online. If you are concerned about sending your information to us over the internet you can contact TPC.

Data retention: Our retention periods for personal information are based on legal requirements. We retain your personal information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. When personal information is no longer needed, at our election, we either securely destroy it, or irreversibly de-identify that personal information

Disclosure of personal information overseas

Some of the third-party providers we use store or process data outside Australia. Our website is hosted by Squarespace, which uses servers in the United States of America. Google Analytics and Google Ads may store data in the United States of America, Belgium, Chile, Denmark, Finland, Ireland, Singapore, and Taiwan. Meta Pixel transmits data to Meta's servers in the United States of America. MedAdvisor is an Australian company — see MedAdvisor's privacy policy for information about any overseas transfers on their end.

In circumstances where your personal information may be stored by a service provider in a country that has a lower standard of data protection than Australia, we will use all reasonable endeavours to safeguard your personal information as set out in this Privacy Policy

How to access, update and correct your personal information

You have the right to access, or correct, the personal information that we hold about you. If you would like to request access to, or correct your personal information, please contact us using the contact details set out below. TPC will allow access or make the requested changes unless TPC considers there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the requested change.

If we refuse your access or correction request, we will provide you with a written notice setting out the reasons for our refusal and how you can make a complaint to the Office of the Australian Information Commissioner.

How to contact us

If you have any questions, concerns or complaints about your privacy please contact The Pharmacy Common Proprietor, May Mitropoulos, using the details below:

  • email to: may@thepharmacycommon.com;

  • phone: (03) 9421 5888; or

  • by mail to: 521 Bridge Road, Richmond, Victoria, Australia, 3121

We take all complaints seriously and will respond to your complaint within a reasonable time.

If you are not satisfied with our handling of your complaint, you may contact the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992, by email enquiries@oaic.gov.au or by using the contact details on the OAIC website.