Code of conduct
Aspen Medical recognises the importance of a work environment which actively promotes best practice. The purpose of this Code of Conduct is to define the standards of behaviour and conduct expected from you in your dealings with customers, suppliers, clients, co-workers, management and the general public.
The Code of Conduct provides information to assist in the understanding of the ethical values and standards of behaviour that apply in daily business activities. Adherence to these standards is fundamental to creating a safe and inclusive workplace, while building a partnership of trust between Aspen, industry, government and the community.
Background
This Code of Conduct is effective from 1 July 2022 and supersedes previous versions of the Code of Conduct.
Application
The Code of Conduct applies to employees, agents and contractors (including temporary contractors) of Aspen, collectively referred to in this policy as ‘workplace participants’. The Code and Aspen Medical’s workplace policies provide a clear framework that all workplace participants are required to work within while representing the company. As a workplace participant, you must observe the principles, ethics and behaviour outlined in this Code and further, comply with any applicable policy of Aspen. Non-compliance may result in disciplinary action, ranging from performance counselling to termination of employment, depending on the severity of the breach. Agents and contractors (including temporary contractors) may have their contracts with Aspen Medical terminated or not renewed.
The code
The Code is based on the fundamental principles that all Aspen Medical business dealings and interactions are to be conducted legally, ethically, and honestly, with civility, respect and integrity. As representatives of Aspen Medical, you are expected to act in the best interests of Aspen Medical, to conduct yourself in a professional and courteous manner and observe a similar standard of behaviour both inside the workplace and outside the workplace, where you can be perceived as representing Aspen Medical. If you believe someone you work with is not following the Code, we ask you to first discuss this with the person themselves and/or your supervisor, manager, or a member of the Culture and Performance team. Where this is not practical, the issue should be escalated to the next management level for attempts of resolution. The spirit of this Code aims to enable you to discuss these issues without fear or risk of retribution.
Ethical behaviors
Aspen Medical seeks to create a harmonious relationship with the local community. Therefore, you must ensure that you always respect the values and beliefs of the environment in which you work. We require that you behave in a manner that is considered ethical and law abiding. Ethics are the set of principles by which our actions are judged to be good, bad, right or wrong. It is not just a matter of obeying the law or adhering to rules, regulations, or policies. Our ethics go beyond the constraints of the law to include how we make decisions as to what is the right thing to do. In deciding whether a particular action is ethical we ask that you consider:
- Is the action you are going to undertake consistent with a reasonable person’s standard of right or wrong?
- Is your action going to be considered by others as being ethical and morally, correct?
- Will your action place you and/or others in a compromising position or endanger the safety of others?
- How easily could you justify your actions if you were called upon to do so?
- Are you prepared for your actions to be made public and placed under review?
Actions which are considered unethical include, but are not limited to, use of inappropriate language and dress which is considered inappropriate to the environment and culture in which you work, drug or alcohol abuse, engaging in inappropriate relations with another workplace participant which hinders your ability to perform your role, or engaging in inappropriate relations with members of the local community.
If the CEO or their delegated representative deems your actions to be unethical or inappropriate, you may face disciplinary action and possible termination of your employment.
Anti-discrimination and equal employment opportunity
Aspen Medical is committed to providing an environment where all workplace participants are treated fairly and with respect, and are free from unlawful discrimination, harassment, vilification and bullying. Discrimination, vilification, sexual harassment, bullying and victimisation based on race, colour, religion, gender, age, marital status, disability and/or other factors unrelated to legitimate business interests are unlawful and unacceptable and may be considered a breach of this Code. For further information please refer to the Aspen Equal Employment Opportunity Policy.
Violent or aggressive behaviour
Aspen Medical will not tolerate actual or threatened violent or aggressive behaviour in the workplace. If you believe your personal safety is at imminent risk, you have the right to withdraw from the area.
You are required to report all incidents of violent or aggressive behaviour to your manager who will investigate any incidents with a view to preventing or minimising the aggression and violence in the future.
Should a workplace participant demonstrate actual or threatened violent or aggressive behaviour, the workplace participant may face disciplinary action and possible termination of their employment. For further information please refer to the Aspen Medical Respectful Workplace Behaviour Policy.
Personal conduct
You are required to conduct yourself in such a way that is fully consistent with this Code.
You are required to deal fairly and honestly with each other.
You are required to conduct yourself professionally and courteously at all times including maintaining appropriate standards of personal hygiene.
Everyone who works for Aspen Medical is entitled to be treated with dignity and respect, by all their colleagues, whatever the situation. Aspen has a diverse workforce, a diversity which contributes to its success, and all workforce participants are required to ensure that they demonstrate inclusive behaviours.
Any conduct or behaviour that is inappropriate, intimidating or offensive to our clients, suppliers, contractors, the public or other workplace participants is unacceptable and may be considered a breach of this Code.
Any conduct that is actual or perceived fraternisation with any other workplace participant must be declared in writing to your manager.
Any workplace participant who acts inappropriately in the workplace with regard to this clause, to include sexual behavior, close and exclusive emotional relationships, public displays of affection, and relationships that involve preferential treatment or an improper use of position of authority may be in breach of this Code. For further information please refer to the Aspen Medical Respectful Workplace Behaviour Policy.
Personal and professional boundaries
You are responsible for ensuring you maintain appropriate personal and professional boundaries between yourself and others.
Personal and professional boundaries are based on trust, respect and the appropriate use of power.
A breach of Personal and Professional Boundaries may include, but is not limited to:
- Disclosure of matters relating to your own personal or intimate life, or questions or interest in the intimate or personal lives of other workplace participants
- Verbal and physical invasion of privacy including the personal space of others
- Intentional comments that cause the workplace participant to feel uncomfortable or uneasy
- Being excessively friendly, informal or intimate.
Breaches of Personal and Professional Boundaries may give rise to complaints of sexual harassment or bullying. Where complaints are substantiated, a disciplinary action will be taken which may include termination of employment. For further information please refer to the Aspen Medical Equal Employment Opportunity Policy and the Aspen Medical Respectful Workplace Behaviour Policy.
Workplace environment
Aspen Medical is committed to providing a safe, healthy, inclusive and productive workplace environment for all workplace participants. To this end, the abuse of medication and/or alcohol or the use and/or possession of illicit drugs is not acceptable.
The consumption of alcohol, where it affects your ability to perform your role or affects other workplace participants ability to perform their role, invites adverse public relations, compromises workplace safety or where it violates the law, is unacceptable.
Where the use of prescription medication affects your ability to perform in your role, you must disclose this and discuss with your manager. Your manager may at their discretion request that you step-down from your regular duties until such time as you are not under the negative influence of such medication. Aspen Medical may request a medical certificate confirming your fitness for duty prior to returning to your regular duties.
Aspen Medical will provide confidential support to you if you require assistance in dealing with any substance abuse. Please contact Culture and Performance if you require assistance in this area.
Smoking and vaping on company or client premises is strictly prohibited.
Smoking and vaping in any vehicle owned, leased or operated by Aspen Medical is not permitted.
Smoking breaks are not provided during working hours. You may smoke during unpaid meal or tea breaks and before or after shifts or as agreed with your manager.
If you are found to be in breach of any of the above you may face disciplinary action and possible termination of your employment. For further information, please refer to the Aspen Medical Drug and Alcohol Policy or where applicable, the Policy of the worksite where the work is being conducted.
Workplace hours
You are required to report to work as rostered or as directed by the workplace, for the hours as outlined in your employment agreement of contract for work.
You are required to be punctual and diligent in all your work duties.
When a workplace absence is unavoidable, you must promptly notify your line manager of the reason in accordance with the notice provisions contained in the Aspen Medical Leave Policy. For further information, please refer to the Aspen Medical Policy.
Confidentiality
Obligations of confidentiality are set out below. These obligations apply to you while working for Aspen Medical and extend beyond the date of termination of your employment or contract with Aspen Medical.
You agree that you will not, either during or after your employment or contract with Aspen Medical, use or disclose confidential information or otherwise seek to exploit confidential information without the prior written consent of Aspen Medical.
You agree to prevent the use or disclosure of confidential information unless the information lawfully comes into the public domain through no fault of your own, or you are required to disclose the information by Aspen Medical or by law. In this latter case, you agree to give notice in writing to Aspen Medical before making any such disclosure.
“Confidential Information” includes all oral, written, or conceptual information, of Aspen Medical or its clients such as records, remuneration, documents, accounts, plans, formulae, designs, creative concepts specifications, correspondence, letters and papers of every description. It also includes electronically recorded data, all copies or extracts relating to the affairs, transactions or business of Aspen Medical or any of its clients which may come into your possession during your work with Aspen Medical.
You acknowledge that, due to the nature of the duties and responsibilities of your work with Aspen Medical, you will be in possession of knowledge and documents, which will be strictly confidential and agree to preserve the private and confidential nature of such information with vigilance and diligence.
You will immediately notify Aspen Medical of any use or disclosure by you of confidential information under the terms of this Code.
You will keep Aspen Medical fully and effectually indemnified in relation to all actions, claims and demands of whatsoever nature arising out of a breach of your obligations of confidence. For further information, please refer to your engagement document.
Disclosure of information
Information may be disclosed to workplace participants to further Aspen Medical business interests. Such disclosures must not breach local laws, regulations, or Aspen Medical policies.
External disclosure of information should only be made with authorization from the relevant manager.
If you are unsure about whether it is appropriate to disclose information, you must seek the permission of your manager. There may be different delegations for dealing with different groups, such as the public, tourism industry members, government agencies, consultants and the media. Responsibility for ensuring that any disclosure is appropriate remains with the relevant manager.
Company property
Company assets, including goods, money, intellectual property or the services of other workplace participants, must only be used for the purpose of enabling you to perform your duties to the company and consequently must not be used for personal gain or any other purpose including, but not limited to:
- Copying of Confidential Information, regardless of whether or not the information is protected by copyright
- Falsification or improper use of corporate cards, expense accounts or other similar accounts.
Aspen Medical property and merchandise is not to be removed from Aspen Medical’s premises without written authorisation. This includes any samples of merchandise received. If, for business reasons, removal is necessary, then approval must be obtained from your manager.
You are personally accountable for Aspen Medical assets, particularly cash or other valuables while in your control. If any item is lost, stolen or misplaced while under your control, it must be reported to your manager as soon as possible. You must take particular care of items such as mobile phones and laptop computers.
You may be held liable for the replacement cost of equipment, such as mobile phones, should such items be lost or damaged.
Business equipment and systems
Business equipment in the form of, but not limited to, phones, computers, email, and internet is provided to enhance your ability to perform your services/duties and should not be used for personal gain.
When participating in social media, Aspen Medical expects workplace participants to behave in an appropriate and professional manner that demonstrates loyalty and commitment to the company. Workplace participants should always take a moment to consider how their contribution will be perceived by others, and how it reflects on themselves and Aspen Medical.
If you are found to be utilising equipment or systems (including social media) for excessive personal use, for purposes which are considered unreasonable, unacceptable, or illegal you may face disciplinary action and possible termination of your employment. For further information, please refer to the Aspen Information Technology Policy and the Aspen Medical Social Media and External Communications Policy.
Business Documentation and Records Business documents (hard and soft copies) and records must not be destroyed prior to the statutory period requirements, and no records are to be falsified or manipulated. After the statutory period, documents should only be destroyed with the express permission from a member of the Aspen Medical Executive team. If you need further clarification, please contact the Quality Management team.
Conflict of interest
A conflict of interest exists where loyalties are divided. You have a potential conflict of interest if, in the course of your work, any decision you make provides any improper gain or benefit to yourself or a third party.
It is impossible to formulate an all-embracing set of guidelines regarding potential conflicts of interest. Specific questions regarding situations not clearly covered must be determined on a case-by-case basis. The principles to consider are:
- Your capacity to influence dealings that Aspen Medical may have with a third party
- The improper personal benefit that may flow to you or a relative, friend or other third party through the exercise of that influence
- Whether the activity is fraudulent, corrupt or is otherwise an irregular transaction.
Where you believe you may have a conflict of interest or a potential conflict of interest, you must notify your manager in writing of that potential conflict and may be required to remove yourself from that workplace activity.
In specific circumstances, Aspen Medical may ask for a written declaration of any actual or potential conflict of interest from you, as it may relate to a specific project you are working on. This written declaration will be kept on your personnel file until we are notified by you that the association with the potential conflict no longer exists.
Any situation potentially involving direct or indirect conflict of interest should be avoided unless consented to in writing by the Chief Executive Officer (CEO) or their nominated delegate.
Commissions and payment arrangements
Commission and payment arrangements should only be made with companies, firms or individuals who are bona fide commercial representatives, agents or consultants.
You should ensure Aspen Medical is not entering into arrangements with a company, firm or consultant where a workplace participant is known to have an interest.
This may be allowed where prior approval is gained from the appropriate executive or the CEO.
A written contract or purchase order should exist for all commission and payment arrangements, and the payments should be reasonable and consistent with normal practice.
No payments should be made in cash. For further information, please refer to the Aspen Medical Business Ethics Policy.
Fraud, Corruption and Irregular Transactions
You must not engage in any fraudulent activity. Fraudulent activity may include, but is not limited to:
- Misuse of company credit cards or fuel cards
- Intentional submission of incorrect timesheet, overtime or invoices
- Intentional incorrect submission of expense claims.
You must not engage in any unethical or improper payment practices either to obtain business or for personal gain. In particular, you must not:
- Engage in commercial bribery
- Be party to the bribery of public officials
- Establish so-called “slush funds” to facilitate bribery or other improper or questionable practices.
You will not be criticized, disciplined, professionally disadvantaged or your employment placed in jeopardy for the loss of business resulting from not offering or receiving a bribe or inducement to or from a third party.
Your employment will be subject to immediate termination if in the course of your employment you are found to have knowingly made, received or facilitated a bribe or inducement to or from a third party. Aspen Medical deems any situation where you benefit personally from such a transaction as unacceptable and may consider such action as a breach of this Code.
If you believe you know of any fraud, corruption, irregular transactions, or breach of ethics you are required to raise that matter with your manager or a member of the Culture and Performance team.
As part of its obligations under law, Aspen Medical will fully co-operate with any investigation by law enforcement or regulatory authorities.
Aspen Medical will also require that you:
- do not make any disbursement of Aspen Medical funds or other Aspen Medical property without adequate supporting documentation. This includes ensuring that all appropriate payment authorisations are obtained in accord with delegated authorities. There shall be no disbursement for any purpose other than as described in the documents.
- do not make any personal payments through Aspen Medical accounts excluding payments of expenses which are later reimbursed to Aspen; and do not take any action or authorise any action which involves illegal, unethical, or otherwise improper payment of money or anything else of value. For further information, please refer to the Aspen Anti-Bribery Policy and Business Ethics Policy.
Outside business activities (including family and friends)
Care should be taken to ensure that participation in any outside business, whether or not such business is a supplier or client, does not create a potential conflict of interest.
As a workplace participant, if you are undertaking, or propose to undertake, paid outside work in your own time while engaged by Aspen Medical, you must comply with all terms and conditions as per the Aspen Medical Paid Outside Work Policy.
Termination / Cessation of Employment or Engagement
Upon termination or cessation of your employment or engagement with Aspen Medical, you must return any Aspen Medical property or assets and items containing Confidential Information, intellectual property that may have been created while working with Aspen Medical and all forms of identification relevant to your work place.
Health, Safety and Environment (HSE) Duties
As far as reasonably practical, it is your responsibility to:
- Ensure your personal safety and the safety of others at all times
- Comply with appropriate HSE policies and procedures
- Communicate effectively in the interests of HSE
- Carry out emergency procedures when required
- Report any irregularities or dangerous occurrences in the prescribed manner
- Wear safety clothing and personal protective equipment as supplied
- Co-operate with your management team in meeting HSE requirements.
You must not interfere with or misuse anything provided for your health and safety, and protection of the environment.
Review and Revision Aspen Medical reserves the right to modify, replace or terminate this document.
Further Resources and Information
The workplace policies that support the Code include but are not limited to:
- AMCPP13 Equal Employment Opportunity Policy
- AMHSEP13 HSES Policy
- AMHSEP03 Drug and Alcohol Policy
- AMITP01 Information Security Policy
- AMCPP20 Social Media and External Communications Policy
- AMCPP02 Paid Outside Work Policy
- AMLP07 Anti-Bribery Policy
- AMCPP17 Aspen Respectful Workplace Behaviour Policy
- AMCGP17 Clinical Code of Ethics Policy
- AMLP05 Aspen Medical Business Ethics Policy
- AMCPP05 Leave Policy
Workplace participants are required to comply with all workplace policies that apply to their employment or engagement with Aspen Medical. You are required to review the policies on a regular basis to best ensure compliance with your ongoing obligations. If you are found to be in breach of the Code you may face disciplinary action and possible termination of your employment. The workplace policies are available from the Aspen Medical Quality Management System. If you have any doubts about the workplace policies that apply to your employment or engagement with Aspen Medical, you should confirm those policies with your manager and/or CP.
Whistleblowing
Aspen Medical is committed to a culture of corporate compliance and the promotion of lawful and ethical behaviour and transparency in commercial, legal and other stakeholder dealings.
We will take all reasonable steps to ensure that employees, agents and contractors (including temporary contractors) and other stakeholders are able to report Reportable Conduct without fear for their job security or their professional reputation. This policy:
- outlines the scope of what Aspen Medical considers to be Reportable Conduct that may be the subject of a Protected Disclosure
- encourages employees, agents, contractors and any other external stakeholders of Aspen Medical to notify us of Reportable Conduct using the mechanisms contained in this policy
Provides a framework that:
- allows Aspen Medical to deal effectively and appropriately with Protected Disclosures in a way that will protect, as far as reasonably practicable, the identity of the Whistleblower making the Protected Disclosure and provide for secure storage of the information provided
- facilitates protection, as far as reasonably practicable, from Detrimental Action which arises from the submission of a Protected Disclosure
- ensures principles of procedural fairness are applied to investigations in response to Protected Disclosures
- provides a mechanism to rectify deficiencies in systems and processes identified as a result of investigations into any Protected Disclosures made.
Objective
This Policy encourages employees, agents, contractors and other stakeholders to report reportable conduct which will result in
- improved financial management and budgetary responsibility
- improved work health and safety practices and compliance
- effective and efficient management
- improved organisational morale and culture
- confidence in the organisation’s commitment to good corporate governance.
This Policy reflects Aspen Medical’s commitment to identifying and investigating Reportable Conduct and to support and protect Whistleblowers. Aspen Medical will protect and respect a Whistleblower to the extent permissible by law in accordance with this Policy whenever reasonably practicable. It is committed to enabling appropriate disclosures of matters properly characterised as Reportable Conduct to be made by Whistleblowers confidentially without fear of identification or retribution subject to the report being made in good faith, upon a proper and reasonable basis and, where necessary, supported by written evidence.
In accordance with the relevant legislation and standard of the country where Aspen Medical operates and in line with the Aspen Medical Code of conduct, Values and policies, Whistleblowers who make reports properly characterised as Protected Disclosures in accordance with this Policy are, along with their colleagues and relatives, to be treated with dignity and respect and protection against Detrimental Action.
Scope
This policy applies to all employees, agents, contractors engaged in the delivery of all Aspen Medical projects and its subsidiaries within Australia and overseas. Employees, agents and contractors (including temporary contractors) of Aspen Medical, collectively referred to in this policy as ‘Workplace Participants’.
Board Members of Aspen Medical and it’s subsidiaries are referred to in this policy as an Affiliate of Aspen Medical. When Workplace Participants and any other stakeholder becomes aware of a Reportable Conduct, it is incumbent upon the person to report it through the appropriate channels.
Definitions
Detrimental Action includes:
i. action causing injury, loss, liability or damage
ii. intimidation, victimisation, harassment, threats and reprisals (expressed or implied)
iii. any injury or illness to staff must be reported in RiskMan
iv. discrimination, disadvantage or adverse treatment in relation to a person’s employment, career, profession, trade or business, including, for example, the taking of disciplinary action, dismissal and demotion
v. current or future bias.
Disclosure Receiver means the individual who was appointed by Aspen Medical to:
i. receive Protected Disclosures made by a Whistleblower
ii. refer Reportable Conduct to the Protected Disclosure Officer
iii. ensure timeliness and allocate resources
iv. report back to the Whistleblower after any relevant investigation has been completed.
The Disclosure Receiver will not hold any of the other designated positions under this policy. Investigator is an individual who has been appointed by Aspen Medical to conduct the investigation of Protected Disclosure.
Whistleblowing Policy Protected Disclosure means a confidential notification or report of Reportable Conduct made by a Whistleblower in good faith and with reasonable and proper basis supported by evidence in accordance with this Policy. It does not include a malicious, frivolous or vexatious disclosure.
Protected Disclosure Officer means the In-House Legal Counsel of Aspen Medical who is responsible for:
i. determining how disclosures will be dealt with
ii. initiating such actions as may be required arising from the making of a Protected Disclosure and the outcome of a Protected Disclosure
iii. ensuring that the Whistleblower is advised of the outcome of the Disclosure.
The Protected Disclosures Officer will not hold any of the other designated positions under this Policy.
Whistleblower includes any of the following individuals who make a Protected Disclosure in accordance with this Policy:
i. employees
ii. contractors
iii. any external stakeholders of Aspen Medical (e.g. members of the public dealing with Aspen Medical).
Principles
Aspen Medical has adopted the following principles in relation to Aspen Medical’s whistleblowing program:
- Aspen Medical will support and protect whistleblowers who act honestly, reasonably and with genuine belief about the reportable conduct, from reprisals that stem from making a disclosure. Aspen Medical is not able to extend the full level of protections and support set out in this policy to whistleblowers who are not employed by Aspen Medical.
- Aspen Medical will conduct investigations in an objective, independent and confidential manner. Appropriate corrective action will be taken as warranted by the investigation.
- Aspen Medical will not take any disciplinary action against a whistleblower where a disclosure is unable to be substantiated or is found to be untrue, when the disclosure was made with a genuine or reasonable belief regarding the reportable conduct.
- Aspen may pursue legal or disciplinary action against a whistleblower acting with malicious intent or who knowingly provides any part of a false disclosure. In such circumstances, Aspen Medical may not extend protection or indemnify a whistleblower against reprisals (including civil actions).
- Aspen Medical will not prevent (whether through confidentiality agreement or otherwise) a prospective, current, or former company officer, employee or contractor (including professional service providers) in making a disclosure to a regulator.
Reportable conduct
Reportable conduct means:
- conduct of a Workplace Participant, an Affiliate of Aspen Medical or any stakeholder of Aspen Medical that adversely affects, or could adversely affect, either directly or indirectly, the honest and/or proper performance of a workplace participants of Aspen Medical or an Affiliate of Aspen Medical of their duties to Aspen Medical
- conduct of a Workplace Participant or an Affiliate of Aspen Medical that amounts to the performance of their functions dishonestly, unlawfully or with inappropriate partiality
- conduct of a current or former Workplace Participant or Affiliate of Aspen Medical that amounts to the wrongful use of their Aspen Medical position or of information or material acquired in the course of the performance of their functions (whether for the benefit of that person or Aspen Medical or otherwise)
- a conspiracy or attempt to engage in conduct referred to above.
Protections available to a whistleblower
Aspen Medical will protect the anonymity of a Whistleblower who reports or who seeks to report Reportable Conduct except in the following circumstances if the Whistleblower:
- consents in writing to the disclosure of their identity by Aspen Medical
- self discloses their identity
- the identity of the Whistleblower becomes known other than by an action of Aspen Medical
- if disclosure of the identity of the Whistleblower is required by law
- where disclosure of the identity of the Whistleblower is required in order to deal with and/or investigate the Disclosure.
As far as practicable, the confidentiality of all information provided by a Whistleblower must be maintained securely in the strictest confidence and should only be disclosed to a person if:
- the Whistleblower consents in writing to the disclosure
- the information is otherwise available to Aspen Medical
- if disclosure is compelled by law
- disclosure of the information is required in order to deal with and/or investigate the Disclosure.
Any person receiving information provided by a Whistleblower under this Policy is bound by the obligation of confidentiality set out in this policy. A breach of this obligation of confidentiality shall be misconduct and, in the case of staff members, shall be dealt with in accordance with the Code of Conduct or any equivalent policy of Aspen Medical from time to time.
Immunity from detrimental action
Aspen Medical supports a culture that encourages the reporting of Reportable Conduct. Where a Whistleblower acting in good faith on a proper and reasonable basis and who has not engaged in any activity that would constitute misconduct under the Code of Conduct has made a Protected Disclosure as defined in this Policy, Aspen Medical will protect the Whistleblower from Detrimental Action and the Whistleblower shall not suffer detrimental action by reason of having made a Protected Disclosure. Protection by Aspen Medical from Detrimental Action does not extend to criminal offences.
How to make a Protected Disclosure
Any person (a Whistleblower) who seeks to make a Protected Disclosure is required to follow the process set out in this Policy. A Whistleblower should contact the Disclosure Receiver either by:
- telephoning
- sending a confidential email to [email protected]
The Whistleblower must be able to provide sufficient written or other evidence to the Disclosure Receiver at the time of making the Protected Disclosure or within a reasonable period to enable the matter to be referred to the Protected Disclosure Officer. The Discloser Receiver may ask the Discloser to provide further information or documents in relation to the Protected Disclosure at any time.
How to deal with a Protected Disclosure
When the Disclosure Receiver has obtained all available relevant information or documents from the Discloser in relation to the Protected Disclosure, the Disclosure Receiver must refer the de-identified Protected Disclosure to the Protected Disclosure Officer within seven (7) days. Upon receipt of the Protected Disclosure, the Protected Disclosure Officer may, at the Protected Disclosure Officer’s discretion, pursue any of the following actions (or any combination of the following actions) in order to reach an outcome:
- request the Disclosure Receiver to provide further documents or information in relation to the Protected Disclosure, including the identity of the Whistleblower if the identity of the Whistleblower is necessary to pursue an investigation or reach an outcome
- determine an outcome in relation the Protected Disclosure based upon the available information and documents including any actions or recommendations arising out of the outcome
- investigate the Protected Disclosure or refer the Protected Disclosure to an investigator to reach an outcome
- refer the Protected Disclosure to another officer Aspen Medical for investigation or action under another policy or procedure of Aspen Medical
- refer the matter to the Police
- dismiss the Protected Disclosure and take no further action.
The Protected Disclosure Officer must take appropriate action in a timely manner taking into consideration the nature of and circumstances surrounding the Protected Disclosure. Where relevant, the Protected Disclosure Officer will provide progress reports to the Discloser Receiver on a monthly basis to enable the Disclosure Receiver to communicate the progress of any action to the Discloser.
The Protected Disclosure Officer must communicate any outcome to the Disclosure Receiver within seven (7) days of the outcome being determined. Where the Protected Disclosure is referred to an Investigator, the Investigator shall:
i. determine the process for the investigation, ensuring at all times that the principles of procedural fairness guide the investigation process
ii. conduct the investigation in a timely fashion, bearing in mind any complexities associated with the investigation (e.g. the availability of witnesses)
iii. provide a copy of the investigation report to the Protected Disclosure Officer for appropriate follow-up action.
Upon receipt of any report or notification from the Protected Disclosure Officer, the Disclosure Receiver must provide the Whistleblower with an update or details of the outcome within seven (7) days.
Reporting and accountability
Reporting
The Protected Disclosure Officer and Disclosure Receiver shall have a direct line of reporting and accountability to Chief Executive Officer (CEO) of Aspen Medical. If the CEO has a conflict of interest or reasonably perceived conflict of interest of where there is a reasonable apprehension of bias on the part of the CEO, the protected Disclosure Officer and the Disclosure Receiver shall report directly to the board of Aspen Medical.
If the In-House Legal Counsel has a conflict of interest or reasonably perceived conflict of interest, the CEO and/or the Board will appoint another stakeholder who will act as Protected Disclosure Officer.
Accountability
The Annual Report of Aspen Medical shall contain a report in relation to the operation of this Policy.
The report shall not disclose the identity of any person who has made a Protected Disclosure.
Compliance with this policy
This policy sets out the minimum standards required for all Aspen Medical employees and its subsidiaries. In addition to meeting the minimum requirements of this policy, Aspen Medical employees will also need to comply with local or entity specific requirements, policies, and procedures where they exceed the requirements of this policy. Where specific requirements are inconsistent with this policy these should immediately be referred to the policy owner.
Non-compliance with this policy may result in disciplinary action up to and including termination of employment.
Anti-bribery
This Anti-bribery policy will be implemented as part of a broader anti-bribery program that will include:
- commitment and support from the Board of Aspen Medical
- formal Risk Assessment of the bribery risks inherent in each project
- the Risk Assessment will be reviewed annually and more frequently where the risk is rated as ‘High or Extreme’
- the Risk Assessment results will be reported to the Board. - inclusion and maintenance of the anti-bribery principles in the Aspen Medical Code of Conduct. Staff will be required to re-affirm the Code of Conduct annually as part of the Performance Appraisal process
- on-line education program for those staff identified at risk of bribery.
- reporting of suspected bribery activity in the incident reporting program.
Scope
This policy applies to all Aspen Medical, and its subsidiaries, staff, officers, agents, and contractors.
Definitions and Abbreviations
Bribery means any advantage and is not limited to property, and includes facilitation payments.
Business advantage means an advantage in the conduct of business.
Foreign Public Official is defined very broadly under the Act and includes an employee or official of a foreign government body.
References
- AMCPP01 Code of Conduct
Implementation
Principles
Aspen Medical will not pay bribes in any circumstances. Aspen Medical, the Board and Managers will forego contracts rather than pay bribes.
Policy
Aspen Medical staff will not offer a bribe to any foreign public official in order to gain a business advantage. No Aspen Medical staff will suffer demotion, penalty, or other adverse consequences for refusing to pay bribes even if such refusal may result in the company losing business. Proven violations of this policy by managers and/or employees will result in sanctions up to and including termination of employment.
Proven violations may also result in criminal sanctions. Aspen Medical staff are required to report any activities in which bribery may be suggested or suspected, including being asked to pay a bribe or the payment of bribes, to their manager. All bribery activities will be reporting using the Aspen Medical incident reporting software (RiskMan).
Training will be provided for Aspen Medical staff.
- The on-line training module will be developed and administered by ‘In-house Counsel’.
- Records kept will include:
- the number of facilitation payments made and the details of these payments
- the percentage of required staff who have completed the on-line training module
- other activities as described in 4 above.
Administration and Record Keeping
The responsible Aspen Medical officer for the implementation of this policy is ‘In-house Counsel’
- The on-line training module will be developed and administered by ‘In-house Counsel’.
- Records kept will include:
- the number of facilitation payments made and the details of these payments
- the percentage of required staff who have completed the on-line training module
- other activities as described above.
Business ethics
Business integrity is the quality of being honest and having strong moral principles. A business that holds itself to consistent moral and ethical standards earns the respect of its peers and the trust of its clients.
Reinforced by a robust code of ethics, business integrity can be achieved in the application and enforcement of a set of guiding principles governing the actions of the company, its staff and business partners.
Aspen Medical has a policy that outlines its approach to business integrity in two parts: a Code of Ethics and a Code of Conduct. This policy applies to Aspen Medical and all of its subsidiaries and affiliates.
Our Code of Ethics outlines the ethical principles of Aspen Medical and its staff, representing the aspirations of the company at the business level.
Our Code of Conduct translates these principles into practical guidance that empowers Aspen Medical, its staff, its business partners and their employees to realise these aspirations.
Our Business Ethics Policy, the combination of these two codes, has been developed to reinforce our commitment to honest and truthfulness and for the practical purpose of protecting Aspen Medical, its staff and business partners from acts of corruption, modern slavery (slavery, servitude, forced or compulsory labour, bonded labour) or human trafficking and the potential criminal liabilities.
Specifically, it recognises the responsibilities of Aspen Medical under the Criminal Code Act 1995 and its responsibilities in accordance with the relevant laws, statutes and codes applicable in the countries in which we operate. Aspen Medical will amend this code as and when necessary to reflect changes in national legislation, international agreements etc.
As part of our commitment to achieving the principles laid down in our Code of Ethics, Aspen Medical has assigned a Board Director responsible for compliance with our Code of Conduct on all projects undertaken by the company. Aspen Medical’s Managing Director/CEO and Board Director responsible for Business Compliance and Ethics, is charged specifically with ensuring the company maintains its commitment to combat corruption, modern slavery and human trafficking, and continues to enforce a zero-tolerance approach to non-compliance.
Code of Ethics
In all our endeavours, Aspen Medical and its staff pledge that we will:
Accept the responsibilities of our Profession…
- at all times uphold the dignity, standing and reputation of our Profession, “leading by example” as advocates of good governance and strong moral/ethical codes of practice
- act with impartiality, and in the legitimate interests of our client(s) at all times when providing professional advice, judgement or decision
- apply due skill, care and technical diligence in services rendered to our client(s), imparting knowledge at levels consistent with technological progress, changes to legislation, multilateral agreements on aid and sustainable development etc
- disclose any conflict of interest, potential conflict of interest or future involvement that may potentially create a conflict of interest
- recognise that many of the countries and communities we work in are in need of our help, seeking solutions that are compatible with the Sustainable Development Goals (SDGs) and the principles of economic, social and environmental sustainability
- advocate and adhere to core labour standards as outlined in the International Labour Organisation (ILO) Declaration on Fundamental Principles and Rights at Work (1998), seeking to eliminate forced, compulsory and child labour, and protect the rights of the individual
- advocate and adhere to the core standards as outlined in the Criminal Code Act 1995 seeking to prevent slavery and human trafficking within our supply chains and our own business
- perform all services with integrity, and conduct ourselves with the professionalism expected of a company with our international standing, reputation and experience.
Promote transparency and fairness in Procurement…
- advocate the concept of "selection by ability" for individuals, seeking to eliminate discrimination based on gender, age, race, political, social or cultural backgrounds
- advocate the concept of “selection by ability” for companies and organisations, adhering to the principles of fair and transparent procurement throughout the tendering process
- refrain from bidding for and/or performing any service unless judged competent to do so
- neither wilfully attempt, nor otherwise sanction attempts to influence the decision of any tendering body through deliberate misrepresentation of ability, or other acts of corruption
- neither carelessly nor intentionally do anything to injure the reputation of a third-party, nor attempt to prejudice the appointment of rival individual/company through negative campaigning
- engender a sense of trust and respect with all consultants and companies associated with Aspen Medical in mutual appreciation of our professionalism, and of our duty to the client.
Adopt a rigorous stance on corruption…
- promote a “zero tolerance” approach to all forms of corruption
- ensure continuing compliance with the Criminal Code Act 1995 and any relevant national legislation governing the operations and actions of companies\s/individuals where we work
- perform appropriate due diligence on all potential partners, and refuse to associate with any company, or employ any individual suspected of corrupt behaviour/practice
- ensure all staff, contractors and business partners are (i) regularly reminded of our strict policy on corruption, and (ii) agree, by contract, to adhere to our “Code of Conduct” when working on opportunities and projects with Aspen Medical
- provide context-appropriate anti-corruption training to all staff (including Aspen Medical staff, independent consultants, and consultants’ and contractors’ staff where appropriate) to reinforce the responsibilities incumbent upon them as representatives of Aspen Medical
- maintain and review “whistle-blowing” procedures for the reporting of observed acts of corruption/bribery/fraud/extortion, and communicate these procedures to all Aspen Medical staff, independent consultants, and consultants’ and contractors’ staff
- immediately report to the relevant authority any known act of corruption, fraud or bribery committed by its staff, contractors, partnering companies or any third-party agent in the course of their commission on any lead, bid or project
- suspend any employee suspected of committing a corrupt offence, subsequently terminating their contract should any later investigation find they have acted in direct contravention of our “Code of Conduct”
- cooperate fully with any legitimately constituted investigative body which may conduct any inquiry into the administration of our business
- ensure that all confidentiality of rates and contract documents, financial details and account payments are not disclosed or discussed with any parties except parties that are specifically authorised to do so.
Adopt a rigorous stance on modern slavery and human trafficking…
- promote a “zero tolerance” approach to all forms of modern slavery and human trafficking
- ensure continuing compliance with the Criminal Code Act 1995 and any relevant national legislation governing the operations and actions of companies/individuals in the countries where we work
- perform appropriate due diligence on all potential partners, and refuse to associate with any company, or employ any individual suspected of partaking in modern slavery and/or human trafficking
- ensure all staff, contractors and business partners are (i) regularly reminded of our strict policy on modern slavery and human trafficking, and (ii) agree, by contract, to adhere to our “Code of Conduct” when working on opportunities and projects with Aspen Medical
- maintain and review “whistle-blowing” procedures for the reporting of observed acts of modern slavery and human trafficking, and communicate these procedures to all Aspen Medical staff, independent consultants, and consultants’ and contractors’ staff
- immediately report to the relevant authority any known act of modern slavery, or human trafficking committed by its staff, contractors, partnering companies or any third-party agent in the course of their commission on any lead, bid or project
- suspend any employee suspected of partaking/aiding/abetting/failing to recognise and notify and forms of modern slavery and/or human trafficking, subsequently terminating their contract should any later investigation find they have acted in direct contravention of our “Code of Conduct”
- cooperate fully with any legitimately constituted investigative body which may conduct any inquiry into the administration of our business.
Code of conduct
In our conduct Aspen Medical, its staff, its business partners and all independent consultants pledge that:
We will:
- ...adopt a “zero tolerance” approach to all forms of corruption modern slavery and human trafficking
- …ensure compliance with all Australian, international and national anti-bribery legislation governing the operations and actions of companies/individuals
- …engender a sense of trust and respect with all partner companies
- …perform all services with integrity and adhere to the principles of fair and transparent procurement
- …apply due skill, care and technical diligence in services rendered to our client(s)
- …undertake appropriate due diligence on suppliers
- …ensure all staff and suppliers are (i) regularly reminded of our strict policy on corruption, modern slavery and human trafficking and (ii) agree, to adhere to the principles laid down in Aspen Medical’s “Business Ethics Policy”
- …disclose any conflict of interest, potential conflict of interest or future involvement that may potentially create a conflict of interest
- …ensure all staff and suppliers involved in project delivery complete the context-appropriate anti-corruption training and are provided with Gift registers and appropriate guidance
- …ensure staff and suppliers are aware of and understand the “whistle-blowing” procedures for the reporting of observed acts of corruption/bribery/fraud/extortion/modern slavery/human trafficking
- …ensure staff and suppliers are aware of and understand the procedures for reporting any known act of corruption, fraud, bribery, modern slavery or human trafficking
- …immediately suspend any employee suspected of committing a corrupt offence, or partaking/aiding and abetting in acts of modern slavery and/or human trafficking pending further investigation
- …cooperate fully with any legitimately constituted investigative body which make inquiry into the administration and management of the bid or project.
And we will not:
- …willfully attempt, or otherwise sanction attempts, to influence the decision of any tendering body through deliberate misrepresentation of ability, or other acts of corruption including bribery and extortion
- …carelessly or intentionally do anything to injure the reputation of a third-party, nor attempt to prejudice the appointment of rival individual/company through negative campaigning
- …become involved in any activity which will, or might, involve dishonesty
- ….nor comply with any direct instruction to act dishonestly
- …become involved in any activity which will, or might result in modern slavery or human trafficking
- …instruct any other person to act dishonestly or to knowingly commit any act of corruption, bribery, extortion, fraud, modern slavery or human trafficking
- …give or accept gifts, payments or other benefits – including exchange of favours – if the intention is to improperly influence actions or decisions
- …attempt to have claims/payments approved in any way other than the legitimate and recorded means
- …dishonestly provide, conceal, or approve work, materials, equipment or services which are not of the quality and quantity required under contract.
Political engagement
Aspen Medical participates in the Australian policy-making system by engaging with political stakeholders, government and government departments, the broader Australian health sector and health professionals.
For example, this may include providing submissions to, and testifying before parliamentary inquiries.
- Aspen Medical avails itself of legitimate and reasonable opportunities to engage with political and government stakeholders. We believe that, when conducted in an ethical, legal and transparent manner, public policy engagement is an important and appropriate role for companies in open societies.
- Aspen Medical will ensure that it complies with the funding and disclosure requirements of the Commonwealth Electoral Act and the guidelines of the Australian Electoral Commission.
- Aspen Medical does not provide cash donations to political parties. However, it actively engages in policy discussions with political parties, which may include attending conferences, policy workshops, round table discussions and other opportunities. Aspen Medical may pay a fee for the attendance of representatives at such events, and this may include a political fund-raising component.
- Other principles Aspen Medical abides by in respect to payments to political parties:
- No gifts, money, items or services are offered or given directly to candidates.
- Aspen Medical will not make direct campaign funding donations to either individuals or political parties.
- From time to time, Aspen Medical may sponsor events which provide an opportunity to hear from or engage with political stakeholders.
- Aspen Medical will seek access across the political spectrum in a bipartisan manner.
Anti-money laundering
Money laundering is the process of concealing the criminal origin of money or other assets (such as raw materials), so they appear to come from a legitimate source. It is illegal, unethical and facilitates criminal conduct.
Failure to address the risk of money laundering could undermine our reputation and lead to investigations, fines and/or other penalties for the company and/or individuals.
This Anti-Money Laundering Policy sets out Aspen Medical’s approach to ensuring that we comply with applicable laws and regulations to prevent money laundering and appropriately manage money laundering risks.
Definition
Money laundering refers to activities designed to conceal the true source of monies. When a person launders money, by definition, they are dealing in money that is reasonably believed to be the proceeds of crime. The money laundering offence provisions are found in the Criminal Code Act 1995. Reference: Money laundering | Australian Federal Police (afp.gov.au)
Application
This policy applies to all employees, directors and officers, as well as contractors under Aspen Medical’s direct supervision, or working for an Aspen Medical office or subsidiary.
Where we assert influence over joint ventures we don’t control, we encourage them to act in a manner consistent with the intent of our policy and values.
Our values
We are guided by our philosophy of ‘wherever you need us’ which underpins our vision to be a leading healthcare provider of the future. That ambition is supported by our values:
- Compassion
- Respect
- Teamwork
- Integrity
- Pursuit of Excellence.
These values promote strong relationships with our partners, continuous improvement, and inform our approach to responsible and ethical business practice.
Our commitment
Aspen Medical is strongly against any corruption or corrupt practices wherever we work in the world.
We are aware of the risk of third parties exploiting us to engage in money laundering.
We do not assist, support, participate in or permit money laundering or financing of terrorism.
We do not accept money or other assets if we know or suspect that they derive from any kind of criminal activity. We do not knowingly deal with criminals, suspected criminals, or the proceeds of crime.
We do facilitate the acquisition, ownership of control if criminal proceeds or other assets deriving from criminal activity nor do we assist others in concealing criminal proceeds or assets.
We do not tolerate tax evasion of any kind and we do not knowingly or willfully facilitate tax evasion. We implement procedures to prevent the facilitation of tax evasion by pour people and others acting on our behalf.
To manage our money laundering risk exposure and ensure compliance, we implement a number of controls and practices. These include:
- Conducting know your counterpart and due diligence procedures in order to determine the background and identity of our counter parties
- Implementing controls in respect of payments we make and receive using a risk-based approach to ensure that they are consistent with the requirements of this policy. For example, as a rule we make all payments under our contracts to, and receive payments from, our contractual counterparties to avoid the risk of facilitating money laundering or tax evasion.
We require employees to be alert to any unusual or suspicious arrangements, which could expose Aspen Medical to the risk of money laundering or the facilitation of tax evasion, and to report such arrangements to Corporate Sustainability.
Responding to concerns
We are responsible for ensuring that we, and our agents, suppliers, and subcontractors meet these commitments. We expect our employees, agents, suppliers, and subcontractors to speak openly and raise concerns about possible breaches of this and all our policies through to managers, supervisors or via any other available reporting channel.
Our Whistle-blower policy is available to all employees, contractors, and external parties. Aspen Medical takes all concerns seriously and commits to handling them promptly.
Aspen Medical has zero tolerance for retaliation against anyone who speaks openly about conduct they believe is unethical, illegal, or not in line with our Code of Conduct and other policies, even if the concern isn’t substantiated.
Governance
This Policy is overseen by the Board and Executive. Any material breaches of this Policy must be reported to the Corporate Sustainability Team and reported to the relevant Risk Management Committees.
References
- Aspen Medical Values
- Aspen Medical Code of Conduct
- Aspen Medical Business Ethics Policy
- Aspen Medical Fraud Control Plan.
Global responsible sourcing
The Global Responsible Sourcing Policy outlines Aspen Medical’s commitment to responsible sourcing practices and sets out the behaviour and standards that we expect all our suppliers to uphold.
By suppliers we mean any individual or entity that provides goods or services to, or performs work for or on behalf of, Aspen Medical or its subsidiaries, including their subcontractors, representatives, and agents.
Expectations
We expect that all our suppliers, whether directly or through their supply chain, conduct themselves in accordance with the principles and standards in this Policy and implement suitable management systems and processes. We encourage all our suppliers to exceed these standards. A supplier’s ability to meet and exceed the standards set out in this Policy will be considered when Aspen Medical makes procurement decisions.
We expect all our suppliers to communicate this Policy to their related entities, employees, agents, suppliers, and subcontractors so that they are aware of, understand and comply with this Policy. Aspen Medical also expects all its suppliers to examine not only their own operations, but their supply chains, to identify and appropriately address risk areas where they do not comply with these standards.
Aspen Medical subsidiaries may supplement this Policy with policies that have specific relevance to their operations and market location.
Where Aspen Medical is party to a joint venture but does not exercise effective control, Aspen Medical will look to assist the joint venture entity to promote high standards across its supply chains.
Our values
We are guided by our philosophy of ‘wherever you need us’ which underpins our vision to be a leading healthcare provider of the future. That ambition is supported by our values:
- Compassion
- Respect
- Teamwork
- Integrity
- Pursuit of Excellence.
These values promote strong relationships with our partners, continuous improvement, and inform our approach to responsible and ethical business practice.
Aspen Medical respects and values its suppliers as partners and cares about the way it treats and does business with them. We expect all our suppliers to share our commitment to responsible sourcing practices and value a collaborative approach to achieving our sustainability objectives.
Requirements
Aspen Medical prefers to partner and work with organisations who share similar values. As a Benefits Corporation member we will give weight to other Benefits Corporation organisations in any value for money considerations. We expect our suppliers to:
- Conduct their business in a manner that is aligned with the United Nations Guiding Principles on Business and Human Rights.
- Comply with applicable laws, regulations, and conventions in relation to criminal conduct, regarding forced, bonded or compulsory labour, child labour, slavery (including modern slavery), servitude, forced marriage, debt bondage and human trafficking and in relation to modern slavery risk reporting requirements.
- Comply with applicable laws and regulations relating to remuneration and benefits, including minimum wages, overtime, superannuation, leave entitlements and other benefits, and ensure the timely payment of workers.
- Not engage in or tolerate the use of forced, bonded, compulsory labour, slavery, servitude, forced marriage, debt bondage or human trafficking, the use or threat of physical or other punishment, the use of deceptive recruiting, or the physical, sexual, or psychological abuse, inhumane treatment, or other forms of intimidation of workers.
- Provide their employees with clear and understandable information about all relevant employment conditions before they enter employment.
- Avoid subcontracting with individuals or entities reasonably known to disregard or be in breach of applicable labour laws and regulations.
- Promote the principles of diversity, inclusion, and respect in the workplace and through their supply chains.
- Not engage in or tolerate direct and indirect discrimination based on gender, age, race, ethnicity, nationality, immigrant status, religion, marital status, sexual orientation, gender identity, pregnancy, disability, union membership or political affiliation, or any other status protected by applicable laws.
- Ensure the workplace is accessible for all persons, including by making reasonable adjustments in line with relevant discrimination laws, standards, and regulations.
- Respect workers’ rights, in accordance with applicable laws, to freedom of association, to collective bargaining, to establish and join or not join workers’ associations, and to engage in lawful industrial activity, without interference, intimidation or harassment.
- Actively manage the environmental impact of their operations across all areas, including by maximising the efficient use of energy, water and resources, minimising waste and pollution and implementing policies and procedures in relation to ethical and compliant materials sourcing and biodiversity.
- Comply with applicable environmental laws, regulations and standards and obtain, maintain, and comply with necessary permits or approvals.
- Review and audit their operations and supply chain to identify any breaches of, or risk of non-compliance with, modern slavery laws and regulations.
Monitoring and compliance
Aspen Medical monitors and promotes compliance with this Policy through its Supplier Code of Conduct. Suppliers are expected to implement their own systems, processes, and policies to achieve compliance with this Policy as a part of partnering with Aspen Medical.
We expect suppliers will take all reasonable steps to address, remedy and prevent any non-compliance. Suppliers are asked to immediately notify Aspen Medical if they become aware of any allegations of non-compliance or investigations into non-compliances.
To identify and manage risks Aspen Medical may conduct sustainability audits prior to or during any engagement with a Supplier. We reserve the right to review compliance with this Policy and ask our suppliers to cooperate and provide any information as we may reasonably require to perform such a review. In the event an audit conducted on the Supplier identifies non-conformances, the Supplier will be asked to address any non-conformances to the mutual satisfaction of Aspen Medical and the Supplier.
If a supplier is unwilling or unable to comply with the Policy or refuses to participate with this Policy and the Supplier Code of Conduct, we reserve our right under the relevant supplier agreement to either suspend or terminate any agreement.
Responding to concerns
We are responsible for ensuring that we, and our agents, suppliers, and subcontractors meet these commitments. We expect our employees, agents, suppliers, and subcontractors to speak openly and raise concerns about possible breaches of this and all our policies through to managers, supervisors or via any other available reporting channel.
Our Whistle-blower policy is available to all employees, contractors, and external parties. Aspen Medical takes all concerns seriously and commits to handling them promptly.
Aspen Medical has zero tolerance for retaliation against anyone who speaks openly about conduct they believe is unethical, illegal, or not in line with our Code of Conduct and other policies, even if the concern isn’t substantiated.
Governance
This Policy is overseen by the Board and Executive. Any material breaches of this Policy must be reported to the Corporate Sustainability Team and reported quarterly to the relevant Risk Management Committees.
References
- Modern Slavery Act (Commonwealth) 2018
- United Nations Guiding Principles on Business and Human Rights
- Aspen Medical Modern Slavery Statement 2023
- Aspen Medical Supplier Code of Conduct (January 2022)
- Aspen Medical Supplier Selection and Evaluation Standard Operating Procedure (April 2021).
Health, Safety and Environmental Responsibility
Aspen Medical will:
- uphold our value of a genuine commitment to ensure the health and safety of our people and to protect the environment from harm
- establish clear leadership responsibilities for HSES
- comply with all relevant legislation, policies, procedures, licence conditions and other relevant requirements, and where appropriate go beyond compliance to achieve the aims of this policy
- implement policies and procedures with training in accordance with our accredited management systems (ISO 9001, ISO 45001 and ISO 14001) that are appropriate for our operations
- on client controlled sites, comply with the contract and their HSE Management Systems requirements
- incorporate an attitude of environmental stewardship throughout the organisation
- identify, assess and manage risks to prevent injuries or illnesses to our people and harm to the environment, including the efficient use of all natural resources
- communicate openly with staff, encouraging initiatives through consultation that contribute to a safer, healthier and environmentally sustainable working environment
- report and investigate all injuries, illnesses, near misses and environmental incidents
- provide effective support and return to work programs when staff are injured at work
- seek ways to promote and improve the health and wellbeing of our people
- establish and achieve challenging HSES goals
- inspect, audit and review our behaviours, systems of work and workplaces to learn and seek continuous improvement in how we operate
- measure, evaluate and report our performance progress against set targets and key performance indicators
- respect the traditional rights and culture of Indigenous people wherever we work.
Aspen Medical is committed to safeguarding the health, safety and wellbeing of our people, our patients, our partners, our clients and the communities in which we operate. Health, safety and environmental sustainability (HSES) is fundamental to the way we operate. People are at the heart of our capacity to be the preferred provider of outsourced health services wherever we are needed.
We believe that all incidents are preventable; as a result our objective is to strive for zero harm by ensuring we have safe people, safe workplaces and safe work practices.
Quality Policy Statement
Aspen Medical's vision is to be the leading global health services provider.
To ensure the effectiveness of the Quality Policy, Aspen Medical shall ensure the quality management system is planned, implemented, reviewed and improved, considering the organisation works within a risk management framework.
Aspen Medical has three core principles that govern the company's operations:
- High quality service delivery
- Excellence in human resources
- Sound financial management.
Aspen Medical is committed to:
- providing quality services and all applicable ISO 9001:2015 requirements
- considering and meeting any external and internal issues relevant to our purpose, strategic direction that affects our QMS in achieving its intended results
- determining and meeting the requirements of relevant stakeholders
- complying with statutory and regulatory obligations, standards, specifications and relevant codes of practice
- continually improving our QMS by ensuring operational efficiencies, clinical governance, and enhancing customer satisfaction.
Aspen Medical shall ensure that the Quality Policy is communicated and understood at appropriate levels throughout the organisation and is available on the Aspen Medical website for all key stakeholders to access.
Our website and data policies
Aspen Medical Website Terms of Use
This website www.aspenmedical.com (“Website”) is owned and operated by Aspen Medical Pty Ltd ABN 32 105 250 413 of 17C, 2 King Street, Deakin ACT 2600 (“Aspen Medical”, “us”, “our”, “we”).
Access to and use of our Website, and any products, services, content and information available through our Website (collectively, Services) are subject to the following terms, conditions and notices (Terms of Use). By using the Services, you are agreeing to all of the Terms of Use, as may be updated by us from time to time. You should check this page regularly to take notice of any changes we may have made to the Terms of Use.
1 Amendments to Terms of Use
We reserve the right to amend these Terms of Use from time to time. Amendments will be effective immediately upon notification on our Website. Your continued use of our Website following such notification will represent an agreement by you to be bound by the terms and conditions as amended.
2 Website Access and Online Accounts
- Access to our Website, including any online account you register for, is permitted on a temporary basis, and we reserve the right to withdraw or amend the Services without notice. We will not be liable if for any reason our Website is unavailable at any time or for any period. From time to time, we may restrict access to some parts or all of our Website.
- When you register for an online account via our Website, you will set up a personal login containing your email address and password of your choice. You must not share these login details with anyone else or allow others to use and access your account.
- You may upload content via your account including your image, and other information about you. You acknowledge and accept that any information you upload will be published and available in your online account.
3 Linked Sites
This Website may contain links to other websites (Linked Sites), which are not operated by Aspen Medical. Aspen Medical has no control over the Linked Sites and accepts no responsibility for them or for any loss or damage that may arise from your use of them. Your use of the Linked Sites will be subject to the Terms of Use and service contained within each Linked Site.
4 Our Information Policies
Information about how we collect, use, store and protect your information can be found in our Website Privacy Policy, Data Protection Policy, Information Security Policy, and Personal Information Collection Notice. By using our Website, you consent to the collection and processing of your information as described in these policies and warrant that all data provided by you is accurate.
If you have any further questions regarding your personal information you can contact us at [email protected]
5 Prohibitions
- You must not misuse our Website. You will not:
- commit or encourage a criminal offence;
- transmit or distribute a virus, trojan, worm, logic bomb or any other material which is malicious, technologically harmful, in breach of confidence or in any way offensive or obscene;
- hack into any aspect of the Service; corrupt data; cause annoyance to other users;
- infringe upon the rights of any other person's proprietary rights;
- send any unsolicited advertising or promotional material, commonly referred to as "spam"; or
- attempt to affect the performance or functionality of any computer facilities of or accessed through our Website.
Breaching this provision would constitute a criminal offence and we will report any such breach to the relevant law enforcement authorities and disclose your identity to them.
- We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of our Website or to your downloading of any material posted on it, or on any Linked Sites.
6 Intellectual property, software and content
The intellectual property rights in all software and content (including photographic images) made available to you on or through our Website remain the property of Aspen Medical or its licensors and are protected by copyright laws and treaties around the world. All such rights are reserved by Aspen Medical and its licensors. You may store, print and display the content supplied solely for your own personal use. You are not permitted to publish, manipulate, distribute or otherwise reproduce, in any format, any of the content or copies of the content supplied to you or which appears on our Website, nor may you use any such content in connection with any business or commercial enterprise.
7 Disclaimer of liability
- You use our Website, at your own risk. To the extent permitted by law, our Website is provided to you on an “as is” and “as available” basis without guarantee or warranty of any kind (express or implied). To the extent permitted by law, and subject to any non-excludable consumer guarantees and other consumer protection provisions set out in the Australian Consumer Law, Aspen Medical excludes any express or implied guarantees, conditions warranties under statute or general law in connection with our Website.
- Whilst reasonable attempts are made to ensure the accuracy of the content on our Website, this is not always possible, and content may not be true, accurate, up-to-date or complete. Aspen Medical does not invite reliance upon and does not accept responsibility or liability for any content made available on our Website.
- To the fullest extent permitted by law, you unconditionally release Aspen Medical, its officers, employees, contractors, volunteers, stakeholders, representatives and agents from all liabilities, actions, demands, loss, damage, costs and expenses (including legal costs on a full indemnity basis) and, including but without limitation to any direct, indirect, special, consequential, punitive or incidental damages, or damages for loss of use, profits, data or other intangibles, damage to goodwill or reputation, or the cost of procurement of substitute goods and services, incurred or suffered by you directly or indirectly in connection with your access to, or use of, inability to use, or any performance or failures of this Website or the Linked Sites and any materials posted on those sites, irrespective of whether such damages were foreseeable or arise in contract, tort, equity, restitution,
- This does not affect Aspen Medical's liability for death or personal injury arising from its negligence, fraudulent misrepresentation, misrepresentation as to a fundamental matter or any other liability which cannot be excluded or limited under applicable law.
8 Disclaimer as to ownership of third-party trademarks, images of personalities and content
Except where expressly stated to the contrary all persons (including their names and images), third-party trade marks and content, services and/or locations featured on our Website are in no way associated, linked or affiliated with Aspen Medical and you should not rely on the existence of such a connection or affiliation. Any trade marks/names featured on our Website are owned by the respective trade mark owners. Where a third-party trade mark or brand name is referred to, it is used solely to describe or identify the products and services and is in no way an assertion that such products or services are endorsed by or connected to Aspen Medical.
9 Linking to our Website
You may link to our home page, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists. You must not establish a link from any website that is not owned by you. This Website must not be framed on any other site, nor may you create a link to any part of our Website other than the home page. We reserve the right to withdraw linking permission without notice.
10 Indemnity
You agree to indemnify, defend and hold harmless Aspen Medical, its directors, officers, employees, consultants, agents, and affiliates, from any and all third-party claims, liability, damages or costs (including, but not limited to, legal fees) arising from your use of our Website including all content and intellectual property made available to you on our Website, or your breach of the Terms of Use.
11 Variation
Aspen Medical has the right to, at its absolute discretion, at any time, and without notice to amend, remove or vary the Services or any page of our Website.
12 Invalidity
If any part of the Terms of Use is unenforceable (including any provision in which we exclude our liability to you) the enforceability of any other part of the Terms of Use will not be affected and all other clauses remain in full force and effect. So far as possible where any clause or part of a clause can be severed to render the remaining part valid, the clause must be interpreted accordingly. Alternatively, you agree that the clause must be rectified and interpreted in such a way that closely resembles the original meaning of the clause as is permitted by law.
13 Questions or Complaints
We will use to try to answer your questions and resolve issues when they first arise. Please let us know if you have any questions, comments or concerns by first contacting us here.
Website privacy
This privacy notice tells you about the information we collect from you when you use our website.
In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.
Aspen Medical is committed to complying with the Privacy Act 1988 (the Act) and other applicable privacy and data protection legislation, including the European Union’s General Data Protection Regulation (GDPR).
The Act is an Australian law which regulates the handling of personal information about individuals. The 13 Australian Privacy Principles (APP) are contained in Schedule 3 of the Act. The APPs provide guidance on how personal information is to be managed by organisations such as Aspen Medical.
The GDPR is the European regulations governing the handling of personal information about individuals. This will be applicable for individuals within the European Union. Aspen Medical complies with the Act and the GDPR in its dealings with the personal information of individuals. Aspen Medical collects personal information from individuals using fair and lawful means in the course of its business and in the care of patients. It collects this information so that it can conduct its business and provide the best possible
care to patients.
Who are we?
We are Aspen Medical Pty Ltd. An Australian registered business with our head office located at 2 King Street, Deakin ACT 2600. You can contact us by post at the above address, by email at [email protected] or by telephone on +61 2 6203 9500
We are not required to have a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details above.
How do we use your information?
- When you use our website
- When you submit an enquiry via our website
- When you are a patient
- When you apply for a position on our website
- Your rights as a data subject
- Your right to complain
- Updates to this privacy policy.
When you use our website
When you use our website to browse our products and services and view the information we make available, a number of cookies are used by us and by third parties to allow the website to function, to collect useful information about visitors and to help to make your user experience better.
Some of the cookies we use are strictly necessary for our website to function, and we don’t ask for your consent to place these on your computer. These cookies are shown below.
Strictly necessary cookies
These cookies are essential to enable you to navigate around our website and use its core features. Without these cookies, services such as remembering your login details or ensuring what you see looks correct on the device you are using would not be possible. These cookies do not gather information about you that could be used for marketing and do not track your internet usage.
Preference cookies
These cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Statistical and performance cookies
These cookies help us understand how you interact with our website by collecting and reporting information about your journey on our website. For example, they help us understand which pages you go to most often, how much time you spend on which pages, which links you choose to click and the journey you took during the website session.
When you submit your enquiry to our website
When you submit an enquiry via our website, we ask you for your name and email address. This information is collected directly from you.
We use this information to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your query to your satisfaction. We will do this based on our legitimate interest in providing accurate information.
Your enquiry is stored and processed as an email that is hosted by Microsoft in the region you have selected. We do not use the information you provide to make any automated decisions that might affect you. Enquiry emails will be backed up on the Aspen Medical Archive Manager. You can request Aspen Medical to delete any enquiry emails.
When you are a patient
Where you are a patient and we are providing you with medical treatment, we will collect personal information including demographic information (such as name, date of birth and address), health history, family history, ethnic background and current lifestyle. We will collect this information directly from you. We may collect personal information about patients from other sources, but only where required and permitted by law, for example in a medical emergency.
We use this information to diagnose and treat your condition. If you fail to provide this information, we may not be able to provide appropriate healthcare. We may also use this information for the purposes of quality assurance, accreditation and audit activities, risk and claims management, patient satisfaction surveys and staff training and education. Where possible, we will de-identify this personal information where we use it for these purposes.
We will only disclose the personal information of patients to third parties with the consent of the patient, or as otherwise permitted by law in limited circumstances. We do not send the personal information of patients overseas to third parties.
The personal information of patients is stored securely using physical means such as locks and restricted premises and by electronic methods including passwords and secure servers located in Australia. We take reasonable steps to prevent loss, theft, misuse and interference of personal information, and we have policies and procedures in place to protect this information.
When you apply for a position via our website
When you apply for a position via our website, we ask you for your name, email address, phone, email and resume with other relevant information, including employment history and qualifications. We will generally collect this information from you, but we may also collect it from other sources, including previous employers, public domain and social media websites.
We use this information to process your application. Our Culture and Performance team may also email or phone you several times after your enquiry to follow up on your interest and ensure that we have answered you to your satisfaction. We will do this based on our legitimate interest in providing accurate information. If you fail to provide this information, we may not be able to process your application.
We will only disclose the personal information of job applicants overseas with the applicant’s consent. Where an applicant has completed paperwork for an overseas work permit or other authorisation, we deem this to be consent to release the paperwork to the overseas recipient named in the paperwork.
Your enquiry is stored and processed as an email which is hosted by Microsoft in Australia. Your details will also be stored on our CRM which is managed on an Aspen Medical server within Australia.
We do not use the information you provide to make any automated decisions that might affect you. We keep applicant details for 7 years, after which they are deleted off the CRM. CRM records are kept for 7 years after the last contact with you.
Your rights as a data subject Australian Privacy Act
In accordance with the Act, you may request access to, and correction of, personal information held by us. We will respond to such a request in a reasonable time and may charge a reasonable fee for provision of information. We will provide access to records and correct information unless there is a reason under the Act or other relevant law. If we do not agree to provide you with access or to correct a record, we will provide you reasons for this decision. Please email [email protected] for any enquiries.
European Union GDPR
By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time. You may withdraw your consent by contacting us by email at [email protected] or by telephone on +61 2 6203 9500.
Where you have withdrawn your consent to our processing of your personal data, we will cease to process that information, though your withdrawal of consent does not affect the lawfulness of our actions before you withdraw your consent. Additionally, where our processing is based on the performance of our obligations under a contract, for example your employment contract, then we may continue processing in accordance with those obligations.
If we are processing your personal data for reasons of consent or to fulfil a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider. If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.
You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully.
Finally, in some circumstances you can ask us not to reach decisions affecting you using automated processing or profiling To submit a request regarding your personal data by email, post or telephone, either under the Australian Privacy Act or the European Union GDPR, please use the contact information provided above in the Who Are We section of this policy.
Your right to complain
If you have a complaint about our use of your information, we would prefer you to raise in with us in the first instance at [email protected] to give us the opportunity to put it right. We will review all complaints received and our Chief of Staff will respond to you as soon as is practicable.
If you are not satisfied with our response, you can also contact the following government organisations:
The European Data protection Supervisor
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1000 Brussels
Telephone: +32 2 283 19 00
Email: [email protected]
Website: www.edps.europa.eu
Office of the Australian Information Commissioner
Postal address: GPO Box 5218 Sydney NSW 2001
Office address: Level 3, 175 Pitt Street Sydney NSW 2000
Telephone : 1300 363 992 or + 61 2 9284 9749
Email: [email protected]
Website: https://www.oaic.gov.au
Updates to this privacy policy
We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we haven’t previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent. We will update the version number and date of this document each time it is changed.
Data protection
Data Protection Policy
1. Purpose
In its everyday business operations Aspen Medical makes use of a variety of data about identifiable individuals, including data about:
- Current, past and prospective employees
- Customers
- Users of its websites
- Subscribers
- Other stakeholders
In collecting and using this data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
The purpose of this policy is to set out the relevant legislation and to describe the steps Aspen Medical is taking to ensure that it complies with it.
This control applies to all systems, people and processes that constitute the organisation’s information systems, including board members, directors, employees, suppliers and other third parties who have access to Aspen Medical systems.
The following policies and procedures are relevant to this document:
- Data Protection Impact Assessment Process
- Personal Data Analysis Procedure
- Legitimate Interest Assessment Procedure
- Information Security Incident Response Procedure
- GDPR Roles and Responsibilities
- Records Retention and Protection Policy
2. Data Protection Policy
The General Data Protection Regulation
The General Data Protection Regulation 2016 (GDPR) is one of the most significant pieces of legislation affecting the way that Aspen Medical carries out its information processing activities. Significant fines are applicable if a breach is deemed to have occurred under the GDPR, which is designed to protect the personal data of citizens of the UK and European Union. It is Aspen Medical’s policy to ensure that our compliance with the GDPR and other relevant legislation is clear and demonstrable at all times.
Definitions
There are a total of 26 definitions listed within the GDPR and it is not appropriate to reproduce them all here. However, the most fundamental definitions with respect to this policy are as follows:
Personal data is defined as:
any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;‘processing’ means:
any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;‘controller’ means:
the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;Principles Relating to Processing of Personal Data
There are a number of fundamental principles upon which the GDPR is based. These are as follows:
Personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).
Aspen Medical will ensure that it complies with all of these principles both in the processing it currently carries out and as part of the introduction of new methods of processing such as new IT systems.
Rights of the Individual
The data subject also has rights under the GDPR. These consist of:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Each of these rights are supported by appropriate procedures within Aspen Medical that allow the required action to be taken within the timescales stated in the GDPR.
These timescales are shown in Table 1.
Data Subject Request
Timescale
The right to be informed
When data is collected (if supplied by data subject) or within one month (if not supplied by data subject)
The right of access
Without undue delay, maximum timescale one month
The right to rectification
Without undue delay, maximum timescale one month
The right to erasure
Without undue delay, unless retention as a requirement by laws. Maximum timescale one month
The right to restrict processing
Without undue delay, maximum timescale one month
The right to data portability
Without undue delay, maximum timescale one month
The right to object
On receipt of objection
Rights in relation to automated decision making and profiling.
Not specified
Table 1 - Timescales for data subject requests
Lawfulness of Processing
There are six alternative ways in which the lawfulness of a specific case of processing of personal data may be established under the GDPR. It is Aspen Medical policy to identify the appropriate basis for processing and to document it, in accordance with the Regulation. The options are described in brief in the following sections.
Consent
Unless it is necessary for a reason allowable in the GDPR, Aspen Medical will always obtain explicit consent from a data subject to collect and process their data. In case of children below the age of 16 (a lower age may be allowable in specific EU member states) parental consent will be obtained. Transparent information about our usage of their personal data will be provided to data subjects at the time that consent is obtained and their rights with regard to their data explained, such as the right to withdraw consent. This information will be provided in an accessible form, written in clear language and free of charge.
If the personal data are not obtained directly from the data subject then this information will be provided to the data subject within a reasonable period after the data are obtained and definitely within one month.
Performance of a Contract
Where the personal data collected and processed are required to fulfil a contract with the data subject, explicit consent is not required. This will often be the case where the contract cannot be completed without the personal data in question e.g. a delivery cannot be made without an address to deliver to.
Legal Obligation
If the personal data is required to be collected and processed in order to comply with the law, then explicit consent is not required. This may be the case for some data related to employment and taxation for example, and for many areas addressed by the public sector.
Vital Interests of the Data Subject
In a case where the personal data are required to protect the vital interests of the data subject or of another natural person, then this may be used as the lawful basis of the processing. Aspen Medical will retain reasonable, documented evidence that this is the case, whenever this reason is used as the lawful basis of the processing of personal data. As an example, this may be used in aspects of social care, particularly in the public sector.
Task Carried Out in the Public Interest
Where Aspen Medical needs to perform a task that it believes is in the public interest or as part of an official duty then the data subject’s consent will not be requested. The assessment of the public interest or official duty will be documented and made available as evidence where required.
Legitimate Interests
If the processing of specific personal data is in the legitimate interests of Aspen Medical and is judged not to affect the rights and freedoms of the data subject in a significant way, then this may be defined as the lawful reason for the processing. Again, the reasoning behind this view will be documented.
Privacy by Design
Aspen Medical has adopted the principle of privacy by design and will ensure that the definition and planning of all new or significantly changed systems that collect or process personal data will be subject to due consideration of privacy issues, including the completion of one or more data protection impact assessments.
The data protection impact assessment will include:
- Consideration of how personal data will be processed and for what purposes
- Assessment of whether the proposed processing of personal data is both necessary and proportionate to the purpose(s)
- Assessment of the risks to individuals in processing the personal data
- What controls are necessary to address the identified risks and demonstrate compliance with legislation
Use of techniques such as data minimization and pseudonymisation
Aspen Medical will ensure that all relationships it enters into that involve the processing of personal data are subject to a documented contract that includes the specific information and terms required by the GDPR. For more information, see the GDPR Controller-Processor Agreement Policy.
International Transfers of Personal Data
Transfers of personal data outside the European Union will be carefully reviewed prior to the transfer taking place to ensure that they fall within the limits imposed by the GDPR. This depends partly on the European Commission’s judgement as to the adequacy of the safeguards for personal data applicable in the receiving country and this may change over time. Intra-group international data transfers will be subject to legally binding agreements referred to as Binding Corporate Rules (BCR) which provide enforceable rights for data subjects.
Data Protection Officer
Under the Australian Privacy Act 1988 (Cth), entities are not currently required to have a Data Protection Offer.
However under the GDPR, a Data Protection Officer (DPO) is required under the GDPR if an organisation is a public authority, if it performs large scale monitoring or if it processes particularly sensitive types of data on a large scale. Noting Aspen Medical would fall into the category of processing sensitive (medical) data, a GDPR Representative is required.
VeraSafe has been appointed as Aspen Medical's representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation; and European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union.
If the relevant data protection matter relates to activities within the United Kingdom or, within the European Economic Area, VeraSafe can be contacted in addition to [email protected], only on matters related to the processing of personal data.
External parties may make such an inquiry/complaint, by contacting VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative
Alternatively, VeraSafe can be contacted at:
VeraSafe United Kingdom Ltd. 37 Albert Embankment London SE1 7TL United Kingdom or via telephone at: +44 (20) 4532 2003.
VeraSafe Ireland Ltd. Unit 3D North Point House North Point Business Park New Mallow Road
Cork T23AT2P Ireland +420 228 881 031.
Breach Notification
It is Aspen Medical’s policy to be fair and proportionate when considering the actions to be taken to inform affected parties regarding breaches of personal data. In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant supervisory authority will be informed within 72 hours and the affected parties will be informed without undue delay. This will be managed in accordance with our Information Security Incident Response Procedure and Notifiable data Breach Procedure which sets out the overall process of handling information security incidents.
Under the GDPR the relevant DPA has the authority to impose a range of fines of up to four percent of annual worldwide turnover or twenty million Euros, whichever is the higher, for infringements of the regulations.
Addressing Compliance to the GDPR
The following actions are undertaken to ensure that Aspen Medical complies at all times with the accountability principle of the GDPR:
- The legal basis for processing personal data is clear and unambiguous
- All staff involved in handling personal data understand their responsibilities for following good data protection practice
- Training in data protection has been provided to all staff
- Rules regarding consent are followed
- Routes are available to data subjects wishing to exercise their rights regarding personal data and such enquiries are handled effectively
- Regular reviews of procedures involving personal data are carried out
- Privacy by design is adopted for all new or changed systems and processes
- The following documentation of processing activities is recorded:
- Organisation name and relevant details
- Purposes of the personal data processing
- Categories of individuals and personal data processed
- Categories of personal data recipients
- Agreements and mechanisms for transfers of personal data to non-EU countries including details of controls in place
- Personal data retention schedules
- Relevant technical and organisational controls in place
These actions are reviewed on a regular basis as part of the management process concerned with data protection.
If you have any queries or concerns, please contact [email protected]
Information security
Consistent information security risk management is important for Aspen Medical Pty Ltd, its customers and stakeholders.
This policy demonstrates Aspen Medical’s commitment to information security and communicates our vision of information security.
We commit to:
- Managing information assets in an accountable and coordinated manner in accordance with legislative and contractual requirements and principles of good governance.
- Protecting the integrity of all information disseminated, produced, managed or stored.
- Handling information, whether Aspen Medical or customer owned, through sound information security procedures in order to protect all information assets for internal, external, deliberate or accidental threats.
- Drive information security through risk based information security principles by implementing an Information Security Management System (ISMS) aligned to ISO / IEC 27001: 2013.
We will achieve this by living our information security principles:
Information Security Principles
TRUSTWORTHY
- Embedding a culture of accountability and responsibility for the confidentiality, integrity, availability, safety and reliability of Aspen Medical’s information assets and systems
- Enabling our people to take accountability for their use of information in their day-to-day role
- Integrating information security risk management principles into our planning
- and decision-making.
TRANSPARENT
- Engaging with the business to garner feedback on our ISMS and cyber security program.
- Providing engaging and appropriate information security training across Aspen Medical to ensure an understanding of the requirements of Aspen Medical’s approach to information security.
- Providing clear and direct guidance on our expectations for the protection of all information, including internal, third party, personal and electronic data.
PRIVATE
- Understanding the root causes of cyber security events and incidents without allocating blame or assigning punishment.
- Understanding our cyber security objectives and legislative and contractual environment to ensure it is accurately represented within our information security policy framework.
- Empowering our people to take responsibility in our cyber secure culture and report any concerns or risky behaviors they witness.
VALUED
- Proactively measuring our ISMS to enable reporting of the right information to the right people
- Critically reviewing our ISMS to find positive ways of continually improving and developing it
- Creating innovative ways of communicating our commitment and leadership in information security within our community and industry.
Accountability and responsibility
- Aspen Medical’s Board is accountable for ensuring sufficient resourcing, management and monitoring of the ISMS.
- The CEO is responsible for leading the implementation and compliance to the ISMS, including communicating Aspen Medical’s vision of information security and its importance.
- All executives, managers, employees and contractors must adhere to this policy and act in a manner that continually promotes a cyber-secure culture and the management of information security risk.
Personal information collection notice
Why do we collect your information?
We collect your personal information to enable us to provide feedback or consider your suitability for potential job opportunities that you (or a person/company with whom you are associated) acquire or wish to acquire.
What happens if you don’t provide the information?
Without your personal information we may not be able to supply those services or we may be restricted in the way those services can supplied.
Who might we share your personal information with?
Your personal information will not be shared with anyone else, unless it is needed in connection with our ongoing supply of services to you and for purposes associated with the supply of those services. We may share your information because we are required to do so by law.
Will any of your information be shared with overseas organisations?
We operate both in Australia and overseas. Therefore, we may need to share some of your personal information with organisations outside Australia. We may also store your information in cloud or other types of networked or electronic storage. For further information, please refer to our privacy policy.
How you can access your personal information or make a complaint?
Our website privacy policy contains information about how you may access your personal information and seek correction of such information; as well as how to complain about a breach of the Australian Privacy Principles and Global Data Regulation Protection (GDPR) and how we will deal with such a complaint.
View our website privacy policy for full details.
GMS policies
Global Medical Supplies Terms & Conditions
This website is operated by www.aspenmedical.com (“Website”) and is owned and operated by Aspen Medical Pty Ltd ABN 32 105 250 413 (“Aspen Medical”). Medical products are sold by Aspen Medical's wholly owned subsidiary Global Medical Supplies Pty Ltd ABN 77 641 151 993 of 17C, 2 King Street, Deakin ACT 2600 (“GMS”, “us”, “our”, “we”). These terms and conditions apply to the use of this website and the ordering, purchase, fulfilment and delivery of products from GMS.
Please read the following GMS Terms and Conditions ("Terms") carefully before placing Your order. These Terms apply to all users of the site, including without limitation users who are browsers, vendors, customers, merchants, and/ or contributors of content.
1 Agreement
1.1 In These Terms and Conditions “We”, “Our”, or “Us” means GMS or Aspen Medical; and “You” or “Yours” means the person who accepts these Terms and Conditions, by using this Website.
1.2 Access to and use of our Website, and any products, services, content and information available through our Website (collectively, Services) are subject to the following terms, conditions and notices (Terms of Use). By using the Services, You are agreeing to all of the Terms of Use, as may be updated by us from time to time. You should check this page regularly to take notice of any changes we may have made to the Terms of Use.
1.3 By browsing the Website, or placing an Order, You agree to these Terms and Conditions, and in accordance with Customs regulations. All consignee names, addresses and payers’ names should be valid. Customers are responsible for the accuracy of data that You provide to GMS and Aspen Medical.
2 Amendments to Terms of Use
We reserve the right to amend these Terms and Conditions from time to time. Amendments will be effective immediately upon notification on our Website. Your continued use of our Website following such notification will represent an agreement by You to be bound by the terms and conditions as amended.
3 Website Access and Online Accounts
3.1 Access to our Website, including any online account You register for, is permitted on a temporary basis, and we reserve the right to withdraw or amend the Services without notice. We will not be liable if for any reason our Website is unavailable at any time or for any period. From time to time, we may restrict access to some parts or all of our Website.
3.2 When You register for an online account via our Website, You will set up a personal login containing Your email address and password of Your choice. You must not share these login details with anyone else or allow others to use and access Your account.
3.3 You may upload content via Your account including Your image, and other information about You. You acknowledge and accept that any information You upload will be published and available in Your online account.
4 Linked Sites
This Website may contain links to other websites (Linked Sites), which are not operated by GMS or Aspen Medical. GMS and Aspen Medical have no control over the Linked Sites and accept no responsibility for them or for any loss or damage that may arise from Your use of them. Your use of the Linked Sites will be subject to the Terms of Use and service contained within each Linked Site.
5 Our Information Policies
Information about how we collect, use, store and protect your information can be found in our Website Privacy Policy, Data Protection Policy, Information Security Policy, and Personal Information Collection Notice. By using our Website, you consent to the collection and processing of your information as described in these policies and warrant that all data provided by you is accurate.
If you have any further questions regarding your personal information you can contact us at [email protected]
6 Prohibitions
You must not misuse our Website. You will not:
- commit or encourage a criminal offence;
- transmit or distribute a virus, trojan, worm, logic bomb or any other material which is malicious, technologically harmful, in breach of confidence or in any way offensive or obscene;
- hack into any aspect of the Service; corrupt data; cause annoyance to other users;
- infringe upon the rights of any other person's proprietary rights;
- send any unsolicited advertising or promotional material, commonly referred to as "spam"; or
- attempt to affect the performance or functionality of any computer facilities of or accessed through our Website.
Breaching this provision would constitute a criminal offence and we will report any such breach to the relevant law enforcement authorities and disclose Your identity to them.
We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect Your computer equipment, computer programs, data or other proprietary material due to Your use of our Website or to Your downloading of any material posted on it, or on any Linked Sites.
7 Pricing
7.1 Pricing is subject to change without notice.
7.2 All prices exclude Goods and Services Tax (“GST”) and delivery costs. Delivery costs will be provided before order confirmation.
7.3 All prices are in Australian dollars.
7.4 In the unlikely event, it may be possible that a small number of the products listed are incorrectly priced. GMS will contact You before proceeding to the final payment.
8 Products
8.1 The product specifications detailed on the Website or in the specifications flyers are subject to change without notice.
8.2 Product specifications, including weights and dimensions, are approximate. Product specifications are in accordance with clause 11 – ‘Intellectual property, software and content.‘
8.3 We reserve the right to limit the sales of our Products or Services to any person, geographic region or jurisdiction. We may exercise this right at our discretion.
9 Ordering
9.1 You may place an order by completing the Order Form or via the Get In Touch form on the Website. It does not constitute a final order. We will be in contact to arrange the final order, shipping and payment details.
9.2 An order confirmation invoice will be sent prior to dispatch. It is the customer’s responsibility to ensure the correct contact details are provided to receive the invoice.
9.3 Please refer to our shipping policy regarding delivery. There may be times when we are only able to deliver a partial order due to stock limitations. In this instance, GMS will contact You and will provide an estimated date of completion.
9.4 For orders that are declined, delayed or not accepted due to circumstances beyond our control, GMS does not accept any responsibility.
10 Payment
10.1 Payment information will be provided as an invoice, emailed to the contact details You have provided. All details collected are in accordance with clause 5, Our Information Policies.
10.2 A full refund will be provided in the event of a cancelled order that is yet to be dispatched. GMS will confirm the cancellation or refund via email.
10.3 Before the final order, You authorise us to perform security checks to validate your business and to conduct loss minimisation and anti-fraud measures, as required, to authorise purchase transactions.
10.4 Completing the Order Form on the Website does not constitute an order. We will be in contact to arrange the final order, shipping and payment details.
11 Intellectual property, software and content
The intellectual property rights in all software and content (including photographic images) made available to You on or through our Website remain the property of GMS, Aspen Medical or its licensors and are protected by copyright laws and treaties around the world. All such rights are reserved by GMS, Aspen Medical and its licensors. You may store, print and display the content supplied solely for Your own personal use. You are not permitted to publish, manipulate, distribute or otherwise reproduce, in any format, any of the content or copies of the content supplied to You or which appears on our Website, nor may You use any such content in connection with any business or commercial enterprise.
12 Disclaimer of liability
12.1 You use our Website, at Your own risk. To the extent permitted by law, our Website is provided to You on an “as is” and “as available” basis without guarantee or warranty of any kind (express or implied). To the extent permitted by law, and subject to any non-excludable consumer guarantees and other consumer protection provisions set out in the Australian Consumer Law, GMS and Aspen Medical excludes any express or implied guarantees, conditions warranties under statute or general law in connection with our Website.
12.2 Whilst reasonable attempts are made to ensure the accuracy of the content on our Website, this is not always possible, and content may not be true, accurate, up-to-date or complete. GMS and Aspen Medical do not invite reliance upon and do not accept responsibility or liability for any content made available on our Website.
12.3 To the fullest extent permitted by law, You unconditionally release GMS and Aspen Medical, its officers, employees, contractors, volunteers, stakeholders, representatives and agents from all liabilities, actions, demands, loss, damage, costs and expenses (including legal costs on a full indemnity basis) and, including but without limitation to any direct, indirect, special, consequential, punitive or incidental damages, or damages for loss of use, profits, data or other intangibles, damage to goodwill or reputation, or the cost of procurement of substitute goods and services, incurred or suffered by You directly or indirectly in connection with Your access to, or use of, inability to use, or any performance or failures of this Website or the Linked Sites and any materials posted on those sites, irrespective of whether such damages were foreseeable or arise in contract, tort, equity, restitution,
12.4 This does not affect GMS or Aspen Medical's liability for death or personal injury arising from its negligence, fraudulent misrepresentation, misrepresentation as to a fundamental matter or any other liability which cannot be excluded or limited under applicable law.
13 Disclaimer as to ownership of third-party trade marks, images of personalities and content
Except where expressly stated to the contrary all persons (including their names and images), third-party trade marks and content, services and/or locations featured on our Website are in no way associated, linked or affiliated with GMS and Aspen Medical, and You should not rely on the existence of such a connection or affiliation. Any trade marks/names featured on our Website are owned by the respective trade mark owners. Where a third-party trade mark or brand name is referred to, it is used solely to describe or identify the products and services and is in no way an assertion that such products or services are endorsed by or connected to GMS and Aspen Medical.
14 Linking to our Website
You may link to our home page, provided You do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists. You must not establish a link from any website that is not owned by You. This Website must not be framed on any other site, nor may You create a link to any part of our Website other than the home page. We reserve the right to withdraw linking permission without notice.
15 Indemnity
You agree to indemnify, defend and hold harmless GMS and Aspen Medical, its directors, officers, employees, consultants, agents, and affiliates, from any and all third-party claims, liability, damages or costs (including, but not limited to, legal fees) arising from Your use of our Website including all content and intellectual property made available to You on our Website, or Your breach of the Terms of Use.
16 Variation
GMS and Aspen Medical have the right to, in its absolute discretion, at any time, and without notice to amend, remove or vary the Services or any page of our Website.
17 Invalidity
If any part of the Terms of Use is unenforceable (including any provision in which we exclude our liability to You) the enforceability of any other part of the Terms of Use will not be affected and all other clauses remain in full force and effect. So far as possible where any clause or part of a clause can be severed to render the remaining part valid, the clause must be interpreted accordingly. Alternatively, You agree that the clause must be rectified and interpreted in such a way that closely resembles the original meaning of the clause as is permitted by law.
18 Questions or Complaints
We will use to try to answer Your questions and resolve issues when they first arise. Please let us know if You have any questions, comments or concerns by first contacting us here.
Shipping And Handling Policy
Shipping costs will be calculated based on the size of the order and delivery location.
We will contact you with the shipping rate before finalising your order.
Returns Policy
We will accept returns for defective products only. If the product is defective, please email GMS via [email protected] with photos of the defect within 14 days of your purchase. We will endeavour to reply within five business days to organise a refund. We will provide instructions to return the product, including payment for the return postage.
In the unlikely case of product recalls, we will contact you to organise a refund and return postage.