In this Policy:
“Services” means the services offered by us from time to time, including but not limited to health, research, science or support related services, and any feedback or other interaction between an individual and us in the use of or in providing any of those services and includes services that are integrated with goods or services of a third party.
“Melanoma Institute Australia“, we, us or our means clinical trial activities and programs conducted by us, we collect personal information to record your involvement and to process the results of research and clinical trials. We may also use this information to contact you about participation in future studies.
The information we collect will generally be sensitive information as it will include your health information. Some examples of the kinds of information we may collect are:
i) your medical history including, where relevant, a family medical history;
ii) your racial or ethnic origin, where this pertains to a relevant patient care question;
iii) your Medicare number and information about your private health insurance;
iv) current medications or treatments used by you;
v) the name of any care provider, health service provider or medical specialist to whom we refer you back to or has referred you to us, copies of any referrals and reports; and
vi) test results and samples.
We only collect sensitive and/or health information that is relevant, accurate, current and non-excessive. We will notify you when we are collecting sensitive and/or health information.
We may also collect the personal information about individuals who are not research participants when we make a record about a research participant. For example, we may collect emergency contact details or a family medical history.
When we collect your sensitive and/or health information for the purposes of research and clinical trial activities you will be asked to review a privacy consent form. This form will outline how your information will be used and disclosed to us in accordance with the HRIP Act and Privacy Act. It will ask you to provide your consent for your sensitive and/or health information to be disclosed to us.
From time to time we may collate and analyse statistical data from information we have previously collected. In these cases, the data will be de-identified and aggregated before it is disclosed to third parties.
All research and clinical trials undertaken at the Institute are approved by an external Human Research Ethics Committee. Research participants enrolled in trials or research will be given further information detailing how their personal information (including health information) will be handled prior to their involvement in the research study.
2.2 People about whom we do not collect ‘sensitive’ and/or ‘health’ information
When you make a donation, register for an event or make inquiries about our activities, we will collect your personal information such as name, address and other contact details. We will also retain information relating to your donation history and payment information including your credit card details.
We collect this information to send you receipts as well as surveys, newsletters and information about research, education and fundraising events and activities. We may use your information to contact you to seek financial support for medical research conducted at the Institute and to keep you informed of recent research activity happening in the field of melanoma. You may choose what correspondence you receive at any time.
If you do not wish us to use your personal information for any of the above purposes please contact us using the details in the how to contact us section below.
b) GPs, referring doctors and other healthcare professionals
We may collect personal information about individual health practitioners who interact with us such as referring doctors or other health professionals involved in the care of our patients and research participants. This is typically information such as your name, contact details, professional details and information regarding interactions or transactions with us. This information is collected for the purpose of administration, management and operation of the Institute.
c) Applicants for positions with us
We may collect personal information when we are canvassing recruitment of staff and research students. Generally speaking, we will collect personal information that you supply to us as part of this process for the purpose of assessing applications and proposals. We will collect personal information about you such as your educational/academic history and work history. We will collect personal information about you from third parties, such as your referees, as part of our assessment of your suitability for a position.
Information relating to applicants for positions at us will be retained until the recruitment process has concluded. After the recruitment process has been completed, all personal information that has been collected will be destroyed.
We receive unsolicited applications for employment or research opportunities from time to time. We will retain information relating to unsolicited applications for a period of three months, after which time it will be destroyed.
d) People with whom we have commercial relationships
We may collect personal information about individuals who we deal with on a commercial basis such as suppliers, contractors and individuals in organisations to which we provide goods and services or from which we acquire goods and services. We may collect personal information about you including your name, position, contact details, license or registration numbers, ABN, bank details and other information relevant to the capacity in which you are dealing with the Institute.
e) Visitors to our Website
3. WE WILL NOTIFY YOU WHEN WE COLLECT YOUR PERSONAL INFORMATION
3.1 Notification at the time of collection
We will take all reasonable and practicable steps to notify you of the following information when we (or the clinicians associated with us) collect your personal information:
a) our identity and contact details;
b) the facts and circumstances of the collection (if we do not collect the information directly from you);
c) whether the collection is authorised by a law or court/tribunal;
d) the consequences if your personal information is not collected;
e) the fact that you can request access to the information;
f) the purposes for which we collect the information;
g) how we disclose the information;
i) whether it is likely that we will disclose your personal information to overseas recipients.
3.2 Notification as soon as practicable after collection
If it is not practicable to notify you of the above matters at the time of collection, we will take all reasonable steps to notify you of those matters as soon as practicable after collection.
4. HOW DO WE COLLECT YOUR INFORMATION?
We are the owner of all information collected by or through use of or access to any of the Services and any Website. We will not sell, share, or rent this information to others in ways different from what is disclosed in this Policy. We collect information from users at several different points during their interaction with us, including during the use of or access to the Services or Website and in several different ways including:
4.1 Direct input by you
In order to use the Services you may be required to provide certain personal information. For instance, you may provide information to us directly when you have contact with us in person, over the phone or via email or the internet. You may also provide information to us in the course or your attendance or interactions with affiliate clinicians or GPs, referring doctors and other healthcare professionals.
We will take whatever steps that we consider reasonable and practicable to collect your personal information directly from you. We will only collect your personal information indirectly where it is unreasonable or impracticable to collect it directly from you.
If you do not provide certain information, you may not be able to receive the full benefit of all of the Services or Website. This information is clearly identified at the point of collection. Other personal information that is requested is optional (but encouraged so we can provide a more personalised experience for you).
4.2 Submission by users
Our users provide personal information directly to us, verbally and in hard copy and electronic records or documents, whether stored in or provided by way of digital storage media, electronic communications, including through a computer, communications interface or application program interface (API) available over or through a Secure Sockets Layer (SSL) protocol.
4.3 Submission by or collection from third parties
We may request third parties to provide or allow us access to and collection of information, including personal information that the third parties hold and are authorised or entitled to disclose, directly to us, verbally and in hard copy and electronic records or documents, whether stored in or provided by way of digital storage media, electronic communications, including through a computer, communications interface or API available over a SSL protocol.
Generally we will not collect your health and/or sensitive information from third parties. In the event we do collect your health and/or sensitive information from a third party, we will take reasonable steps to contact you and notify you of the purposes for which we are collecting the information as well as advising you of other persons or other organisations to which we might give your personal information. This will usually be done through a patient consent form.
4.4 Log files
We use IP addresses to analyse trends, administer the Services and Website, and gather information for use in aggregated formats. To ensure the integrity of the data submitted by you we log information about sessions including IP address, number of login attempts, times of commencement and conclusion and the responses submitted.
4.5 Publicly available personal information
We may source information, including personal information, from publicly available information sources.
4.6 Surveys and promotional offers
We may request information via surveys or promotional offers. Participation in these surveys or promotional offers is voluntary. Information requested may include contact information (such as name and address), and demographic information (such as post code, age). Contact information will only be used to communicate with those who have opted to receive these offers. Aggregated survey information will be used for monitoring or improving the use and satisfaction of users.
By providing personal information to us, you acknowledge that we may send you newsletters or other forms of general communications. All newsletters provide the recipient with the ability to discontinue (opt out) of the service at any time.
4.8 Credit card information from users
If you establish a credit account with us, we request certain personal information from you in connection with the Services, including contact information such as name, email, and postal address and financial information including credit or debit card number, CCV number and credit or debit card expiration date (“financial information“). We use this financial information to invoice and charge you for the use of services, as well as to verify your contact information. When financial information is collected, it passes through our bank (and for transactions outside Australia, correspondent banks that may be used by our bank in respect of foreign currency transactions) for processing. We never permanently store a complete record of the financial information but may retain and use some parts of that financial information (but never a credit or debit card number) as part of maintaining a record of transaction history and for account and service verification, fraud prevention and management, audit, complaints handling and dispute resolution purposes.
5. HOW DO WE USE AND DISCLOSE YOUR INFORMATION?
5.1 Health and/or sensitive information
Generally, we will only use health and/or sensitive information for the reason for which it was collected. However, we may use your health and/or sensitive information for a secondary purpose in the following circumstances:
a) if you consent to that use; or
b) if you would reasonably expect your health and/or sensitive information to be used for that secondary purpose, and the secondary purpose is directly related to the primary purpose.
5.2 Personal information
We may use and disclose your personal information (in whole or in part, and in identifiable and de-identifiable formats) in order to provide any Services or in relation to any service that is ancillary or necessary to those services, including administration, management, account management, verification and auditing of services and our business, customer engagement, complaints handling, dispute resolution, product and services improvement and development, service support, developmental, research, statistical, analytical, validation and archival purposes (Purpose).
We will only use de-identified information for any statistical or other analysis or similar research purposes.
We retain and use all data that is collected during or as a result of any of the Services (other than data from a cookie as a result of a visit to or use of a Website) in order to maintain and improve the Services and to validate the integrity, accuracy and consistency of actions, values, methods, measures, principles, expectations, and outcomes underpinning our Services. This requirement is continuous and ongoing and means that this data is always retained and able to be used by us.
5.3 Disclosure to third parties
We will only disclose your personal information to third parties for a Purpose and with whom we have entered into an agreement that gives you (or that the law requires to give you) at least the same level of protection to your personal information as we do.
If the information to be transferred overseas includes your sensitive and/or health information, we will obtain your consent before transferring it.
Transfer of information overseas would only normally occur for printing or data payment processing purposes, for example by third party payment facilitators who may process their data offshore. We may also use third party providers to conduct surveys and facilitate information collection and event registration. Some of these service providers may conduct all or part of their business overseas and your personal information may be transferred as a result. We will conduct due diligence before entering into any agreement with these service providers and will take all reasonable steps to ensure that your information is not used in a manner that is inconsistent with the Privacy Act and the HRIP Act.
In the delivery of the Services we may disclose personal and sensitive information to recipients outside of New South Wales.
5.4 Direct marketing
You consent to us using or disclosing your personal information (but not your health and/or sensitive information) for the purposes of direct marketing (including direct marketing by third parties).
Direct marketing by us may include sending you direct marketing material including surveys, newsletters and information about research, education and fundraising events and activities. We may use your information to contact you to seek financial support for medical research conducted at the Institute and to keep you informed of recent research activity happening in the field of melanoma.
We may use third parties to undertake such direct marketing activities on our behalf and may provide your personal information to such parties for that purposes.
However, in any direct marketing campaign undertaken by or on behalf of us, we will provide a method for you to opt-out (if you have not already done so). If you wish to opt-out or you wish to no longer receive direct marketing communications please contact us using the details in the How to Contact Us section below.
6. HOW CAN YOU ACCESS OR SEEK CORRECTION OF THE INFORMATION WE HOLD ABOUT YOU?
On written request (and subject to verification of your identity), we will give you access to the personal information we hold about you. This includes health and/or sensitive information we hold about you. We will not normally charge you to access this information.
In limited circumstances, access to your personal information may be declined in accordance with privacy laws.
If any personal information we hold about you is out of date or inaccurate, we encourage you to let us know, and ask us to correct it. If we cannot accommodate your request, you will receive our reasons in writing. It is generally not possible to make changes to clinical information, however, you may be entitled to request that we associate a statement with your record which sets out the amendment you sought.
7. CAN YOU DEAL WITH US ANONYMOUSLY?
Where lawful and reasonably practicable to do so, we will give you the option to deal with us without identifying yourself or by using a pseudonym (eg when inquiring about the activities that we undertake). However, it may not always be practicable or lawful for us to deal with you anonymously or pseudonymously on an ongoing basis. For instance, you may be unable to participate in or have access to our research programs, events or activities if we do not collect personal information about you. You also should be aware that contact details are required in order for us to issue a tax-deductible receipt and to register you for events or educational opportunities.
We try to recognise the contributions of our supporters in the presentation of research by our scientists, in the Annual Report and on our Honour Board. However, if you wish to remain anonymous, please contact the Privacy Officer.
Our Services that are offered online may contain links to other sites. Please be aware that we are not responsible for the privacy or data handling practices of any other sites.
9. DATA SECURITY AND STORAGE OF INFORMATION
We hold personal information in paper-based and electronic records and systems. Personal information may be collected in paper-based documents and converted to electronic form for storage (with the original paper-based documents either archived or securely destroyed).
We use physical security and other measures to ensure that personal information is protected from misuse, interference and loss; and from unauthorised access, modification and disclosure. Personal information held in paper-based form is generally securely stored at the Poche Centre in Sydney or in the case of archived records, at an external storage facility in Australia.
We maintain computer and network security by using firewalls, user identifiers and passwords to control access to our computer system. Donations and registrations made on the Institute website use encryption methods and credit card data is stored using systems compliant with the Payment Card Industry Data Security Standard.
All data, excluding financial information, is stored and processed on third party secure servers.
We will take reasonable steps to ensure the personal information that we collect, hold, use or disclose is accurate, complete and up-to-date. We recommend you notify us if you change your address or contact details as soon as possible. This will help us to maintain your privacy by ensuring that any communications are sent to the correct postal address, email address, or telephone number. This can usually be done online or by contacting us at firstname.lastname@example.org.
We will take reasonable steps to protect your personal information from misuse, loss and unauthorised access, modification or disclosure. We will also take reasonable steps to destroy or permanently de-identify personal information if we no longer need it for any purpose. We will not keep your sensitive and/or health information for any longer than we consider it necessary in order to enable us to fulfil our functions and offer our Services.
If you have any questions about the security of personal information held by us, we invite you to contact us at email@example.com.
10. NOTIFICATION OF CHANGES
If you wish to be notified of any changes other than by email please provide your preferred contact details and we will endeavour to respond to your request.
12. WHAT SHOULD YOU DO IF YOU HAVE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL INFORMATION?
We will consider and respond to your complaint within 21 days of receiving your correspondence.
13. HOW TO CONTACT US AND MAKE COMPLAINTS
Our contact details:
Address: Privacy Officer
Melanoma Institute Australia
PO Box 1479
Crows Nest NSW 2065
Telephone: 02 9911 7363
Fax: 02 9954 9290
We will do our best to resolve your complaint as quickly as possible. If you are not satisfied with our response to your complaint, you can refer the matter to the Office of the Australian Information Commissioner.
The Office of the Australia Information Commissioner can be contacted by telephone on 1300 363 992 or full contact details can be found online at www.oaic.gov.au.
Updated: May 2016