Gallipoli Medical Research Foundation Ltd ACN 077 750 693 is a not-for-profit health promotion charity and approved research institute. Gallipoli Medical Research Foundation Ltd operates as a single company but may have related entities. In this Policy, the principal company and its related entities are collectively referred to as GMRF (or we).
GMRF is bound by the Privacy Act 1988 (Privacy Act), which includes the Australian Privacy Principles (APPs). The APPs establish how GMRF may collect, use, disclose and store Personal Information and how individuals may access and correct Personal Information which GMRF holds about them.
This Policy is not exhaustive and where the Policy does not cover a particular set of circumstances GMRF will act in accordance with the Privacy Act, the APPs and any specific guidelines that may apply to GMRF within the context of medical research.
2 – Terms used
“Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Personal information also includes ‘Sensitive Information’ and ‘Health Information’. Information which is ‘sensitive information’ attracts a higher privacy standard under the Privacy Act and is subject to additional mechanisms for your protection.
“Health Information” is a particular subset of Personal Information and means:
- information or an opinion about:
- the health, injury or a disability (at any time) of an individual; or
- an individual’s expressed wishes about the future provision of health services to him or her; or
- a health service provided or to be provided to an individual;
that is also personal information;
- other personal information collected to provide a health service to an individual;
- other personal information collected in connection with the donation, or intended donation, by an individual or his or her body parts, organs or body substances; and
- genetic information about an individual in a form that is or could be predictive or the health of the individual or a genetic relative of the individual.
“Primary purpose” means the specific function or activity for which the information is collected. Any use or disclosure of the Personal Information for another purpose is known as the “Secondary Purpose”.
‘Sensitive Information’ means information such as your race, religion, political opinions or sexual preferences, information used for biometric verification or identification, and biometric templates
3 – Who does this Policy apply to?
- A current or former employment relationship between GMRF and you; or
- An employee record held by GMRF and relating to you.
4 – What information is collected
GMRFs collect Personal Information, including Health Information, from you that is reasonably necessary to provide its services, as well as for administrative and internal business functions. Examples of the types of Personal Information collected include:
- Biographical information (e.g. names, titles, relationships and birth dates);
- Contact information (addresses, email addresses and telephone numbers);
- Medicare number;
- Copies of referrals and or reports from treating practitioners;
- Physical appearance information;
- Ethnic background;
- Current physical and mental health;
- Current lifestyle;
- Physical/mental/social/reproduction/drug/travel/family history;
- Treatment history;
- Family history of diseases;
- Information from physical health and virus screens; and
- Genetic information from DNA and RNA.
5 – How information is collected
GMRF will usually collect your Personal Information, which may include Health Information, directly from you and with your express or implied consent.
Sometimes, GMRF may need to collect information about you from a third party such as:
- a relative;
- commonwealth and state agencies (e.g. medical records and results);
- registries (e.g. death and cancer registries);
- other fundraising organisations;
- community service organisations;
- employers; or
- another health service provider.
Collection from third parties will only occur where you have consented to the collection of your information in this way or where it is not reasonable or practical for us to collect this information directly from you, such as where your health may be at risk and we need your Personal Information to provide you with emergency medical treatment.
Collection of your Personal Information may occur in a number of ways, including:
- clinical images;
- admission forms;
- client forms;
- telephone conversations;
- in person;
- mobile phone applications; or
- when a complaint is lodged with GMRF.
GMRF will take reasonable steps before, or at the time it collects Personal Information, to notify you of the collection of Personal Information, including the purpose of collection.
If it is not practicable to provide a collection notice before, or at the time, Personal Information is collected, then GMRF will take steps as soon as practicable after collection to provide notice and ensure that you are aware after the collection.
6 – Storage
Storage of Personal Information may be in physical (paper) form and may also include through an electronic system via various data management software or systems in accordance with usual business practices and depending on the Primary Purpose of your engagement with GMRF.
Personal Information may, from time to time, be stored in, processed in and transferred between countries abroad in which GMRF has service providers. Information may be held by GMRF in Australian servers or by service providers located abroad. In using the services of GMRF you are taken to have agreed to and consented to such border-cross transfers of Personal Information.
7 – Use and disclosure of information collected
GMFR collects and holds Personal Information, which may include Health Information, for the purpose of providing our services which includes the following:
- Undertaking medical research projects, including research relevant to providing advanced care for patients, improvements in diagnostic techniques, novel treatment options and faster recovery pathways;
- Assessing suitability for participation in clinical trials;
- Conducting clinical trials to investigate new therapies, drugs and diagnostic tools for use in clinical practices;
- Contacting you in relation to participating in clinical trials;
- Publication of research (as non-identifiable data);
- Development of tissue and/or data banks;
- For fundraising in relation to:
- Marketing to and informing supporters and donors about GMRF;
- For donors and supporters to foster relationships for philanthropy purposes;
- Organising fundraising events;
- Contacting and communicating with you;
- To perform our administrative functions;
- To satisfy GMRF’s legal obligations and to allow GMRF to discharge its duty or care; and
- To resolve complaints or enquiries.
Where Personal Information is collected, GMRF will only use that information for the Primary Purpose for which that information has been given. This information may be disclosed to third parties:
- For the Primary Purpose for which it was collected;
- For a Secondary Purpose where permitted by the APPs;
- If required by law;
- If you consent to the disclosure; or
- Otherwise as permitted by the Privacy Act, the APPs or any specific guidelines that apply to GMRF in the context of medical research.
GMRF will not sell or exchange Personal Information for commercial gain.
Personal Information collected for the purpose of medical research can only be used and disclosed by GMRF without consent in accordance with the guidelines issued under section 95 (medical research) and section 95A (Health Information) of the Privacy Act. In these circumstances GMRF must satisfy itself that the use and disclosure of Personal Information has been approved by the GMRF Research Ethics Committee in accordance with the relevant section 95 and section 95A guidelines, where the guidelines are applicable.
GMRF will require you to specifically consent to any disclosure of your Personal Information, where possible. If possible, this consent will be sought in writing. There may be occasions where GMRF accepts verbal consent.
Examples of where GMRF may also use your information for other purposes are including you on a marketing mail list, fundraising or research, statistical analysis, to promote GMRF goods and services and to improve and personalise our service offerings. Please note, however, that unless you provide us with your express consent for this purpose, we will not use your information in this way.
8 – Anonymity
You are able to deal with GMRF anonymously or under a pseudonym, unless required or authorised by an Australian law or court or tribunal order to the contrary. If GMRF is required by such a law or order to deal with an identified individual then GMRF can require you to identify yourself.
9 – Access to and correction of information
You have a right to have access to the Personal Information that we hold about you. This may require a request in writing with sufficient information to identify you to satisfy GMRF that the request for Personal Information has been made by you personally.
GMRF will take reasonable steps to ensure all Personal Information held is accurate, up to date, complete, relevant and not misleading. Individuals may ask GMRF to amend or correct any Personal Information held, which GMRF will then consider. Should a change not be agreed, then GMRF will provide written reasons for doing so.
Requests for amendments or corrections should be sent to email@example.com to the attention of the GMRF Privacy Officer.
10 – Data security
GMRF will take reasonable steps to protect your information from misuse, interference, loss, unauthorised access, modification or disclosure. We use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect your privacy.
GMRF will destroy or permanently de-identify any of your Personal Information which is in its possession or control and which is no longer needed for the purpose for which it was collected provided GMRF is not required under an Australian law or court/tribunal or otherwise to retain the information.
In the event of a data breach GMRF will comply with the mandatory data breach notification scheme for all eligible breaches pursuant to the Privacy Act.
11 – Website
When you use our Website, we do not attempt to identify you as an individual user and we will not collect personal information about you unless you specifically provide this to us.
Sometimes, we may collect your Personal Information if you choose to provide this to us via an online form or by email, for example, if you:
- complete a donation online;
- submit a general enquiry via our contacts page;
- register to receive newsletters;
- register for an event or request information;
- send a written complaint or enquiry to our Privacy Officer; or
- register for access to an online portal or forum.
When you use our Website, we use the Google Analytics service to record and log for statistical purposes the following information about your visit:
- your computer address;
- your top level domain name (for example, .com,.gov, .org, .au etc);
- the date and time of your visit;
- the pages and documents you access during your visit; and
- the browser you are using.
Our web-site team use statistical data collected by Google Analytics to evaluate the effectiveness of our Website.
Google makes available a browser “add-on” that prevents Google Analytics from collecting information about web site visits. If you do not wish for Google Analytics to collect information about your website visits we suggest you refer to the instructions for installation of Google Analytics Opt-out to learn more about this.
We are, however, obliged to allow law enforcement agencies and other government agencies with relevant legal authority to inspect our web server logs, if an investigation being conducted warrants such inspection.
A “cookie” is a small bit of data our server sends to your browser that allows our server to identify and interact more effectively with your computer. Cookies do not identify individual users, but they do identify your ISP and your browser type.
Personal information such as your email address is not collected unless you provide it to us. We do not disclose domain names or aggregate information to third parties other than agents who assist us with this website and who are under obligations of confidentiality. You can configure your browser to accept or reject all cookies and to notify you when a cookie is used. We suggest that you refer to your browser instructions or help screens to learn more about these functions. However, please note that if you configure your browser so as not to receive any cookies, a certain level of functionality of the GMRF website and other websites may be lost.
HOW TO CONTACT GMRF ABOUT PRIVACY ISSUES
Corporate Privacy Officer
|By letter:||Privacy Officer
Gallipoli Medical Research Foundation
Greenslopes Private Hospital
40 Newdegate Street,
|By telephone:||(07) 3394 7284|
|By facsimile:||(07) 3394 7767|
|Attention:||GMRF Privacy Officer|
- GMRF does not agree to provide you with access to your Personal Information; or
- you have or a complaint about our information handling practices,
you can lodge a complaint with or contact our Privacy Officer on the details above or directly with the Office of the Australian Information Commissioner. Full contact details can be found on the website www.oaic.gov.au