South Australian Health and Medical Research Institute Limited ACN 141 228 346 (SAHMRI) has been established to develop and operate a world-class research institute to undertake health and medical research, and to facilitate the transfer and application of the results of its research to improve the health and wellbeing of the community.
SAHMRI is required to comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) when handling personal information. Personal information is information or an opinion, whether true or not, about an identified individual or an individual who is reasonably identifiable. In some cases, SAHMRI may be required to handle personal information in accordance with State legislation and requirements, such as the South Australian Department of Health's Code of Fair Information Practice (Code) and the Government of South Australia, Cabinet Administrative Instruction No.1 of 1989 (IPPs).
In this policy, the terms ‘we’, ‘us’ and ‘our’ refer to SAHMRI. The terms ‘you’ and ‘your’ refer to people whose personal information SAHMRI may collect.
2.1 Collection of personal information
We may collect personal information about you in the course of your dealings with SAHMRI (e.g. when you make a donation, attend an event or participate in a research program). We will only collect information that is necessary for our business functions. We collect your personal information directly from you, unless it is impracticable or unreasonable to do so. We may also collect personal information about you from third parties (for example, from our recruitment agents, research partners, from donors of a SAHMRI Windows Campaign who provide information about you for a SAHMRI virtual window on our website at www.sahmriwindows.com, and from public records).
When collecting your personal information, we will take reasonable steps to provide you with certain information as required under the APPs, including the purposes of collection, the types of organisations or people to whom we may disclose your personal information, any law that requires or authorises us to collect the information and the main consequences if we do not collect all of the personal information we require. If we collect your personal information from another source, we will take reasonable steps to ensure you are aware of the fact and the circumstances of that collection.
If we are unable to collect the information about you that we require, we may be limited in the products and services we can provide to you (for example, you may not be able to participate in a clinical trial or research program). If the information provided is incorrect or incomplete this may also prevent, limit or otherwise affect our ability to provide products or services to you.
The types of personal information we collect about you, and our use of that information, depends upon your dealings with us. Generally, this personal information may include your name, telephone number, address and email address and details of SAHMRI activities you may be interested in or participate in. We may also collect other personal and sensitive information from you, (e.g. if you make a donation, your credit card details or if you are applying for a position or student placement with SAHMRI then the personal information we collect may include your resume, qualifications, skills, education provider and history, work history and residency status). In some instances we will collect health and other sensitive information about you (e.g. in the course of research, or if such information is provided by a donor to appear on a SAHMRI virtual window on our website at www.sahmriwindows.com as part of the SAHMRI Windows Campaign).
2.2 Use and disclosure of your personal information
We will use and disclose your personal information for the purposes for which we collected it, for other related purposes that you would reasonably expect, and as otherwise permitted or required by law.
Generally, these purposes will include responding to your enquiries, providing you with products and services or providing you with information about SAHMRI's activities, programs, offerings, developments and to obtain your feedback and for our general business operations (for example, maintenance of our business records, compliance with our legal and insurance obligations and statistical purposes). We may also use your personal information to send you information about participating in research.
Personal information provided by donors for display on their SAHMRI virtual window will be used and publicly displayed on the website for this purpose. This personal information may also be used and disclosed for other promotional and marketing activities undertaken by SAHMRI, subject to your consent if the information is sensitive information.
By providing us with your personal information, you consent to us using your personal information for these purposes. You agree that we may send you such information by post or by electronic means (including e-mail and SMS). On occasions, SAHMRI may allow third parties who are part of our project teams or who partner with us in research or fund raising initiatives, to mail you with information if SAHMRI believes that the information may be of interest to you. You can opt-out of marketing and promotional communications at any time by contacting our Privacy Officer via the details shown below or by using any other opt-out mechanism in the communication.
We may disclose your personal information to our agents and contractors, for the purposes set out above, and for the purposes of those parties providing services to us or performing business services or functions on our behalf. When doing so, we will usually contractually require all agents and contractors to uphold the standards of the APPs (or other relevant applicable privacy scheme).
2.3 Sensitive Information and Participation in Research
SAHMRI will only collect sensitive information (including health information) about you with your consent (e.g. when you participate in research and clinical trial activities). We will assume that you have consented to us collecting all information, which is provided to us by you for use in accordance with this policy, including any 'sensitive information', unless you tell us otherwise.
Sensitive information will only be used for the purpose for which it is collected or directly related secondary purposes (e.g. providing you with results of the research or clinical trial and contacting you in the future about similar research) and as otherwise permitted by law.
We may also disclose your sensitive information to third parties who are part of the project team for the research or clinical trial in which you are participating. Otherwise we will only disclose your sensitive information with your consent, and as otherwise permitted or required by law. All research and clinical trials conducted by SAHMRI, whether alone or in conjunction with other institutions, are approved by a Research and Ethics Committee.
Personal information provided by donors for display on their SAHMRI virtual window will be collected, used and publicly displayed on the website at www.sahmriwindows.com for this purpose. This personal information may also be used and disclosed for other promotional and marketing activities undertaken by SAHMRI, subject to your consent if the information is sensitive information.
2.4 Security of your personal information
Reasonable, industry-standard steps are taken to protect personal information from unauthorised access, modification or disclosure, or from other types of misuse, interference and loss.
We will take reasonable steps to destroy or permanently de-identify your personal information when we no longer require it for any purpose for which it was collected. We may retain your personal information for as long as necessary to comply with any applicable law, regulations and codes, and for insurance, governance (including corporate governance) purposes, for the prevention of fraud and to resolve disputes. Your personal information may also be retained in our IT system back-up records.
The transfer of data over the Internet is inherently insecure. We cannot guarantee the security, during transmission, of any personal information provided to us via our website or via email. Please bear this in mind when transmitting information by this means to us.
Financial details, including credit card details and related personal information gathered whilst in the process of conducting an online payment on our website (e.g. when making a donation) will be used for credit card authorisation and payment processing purposes. This information will be shared with our payment processing provider in connection with your purchase. All online purchases are conducted in a payment system that is compatible with Secure Sockets Layer (SSL) standards, and are conducted using 128 bit SSL encryption.
2.5 Access and correction of your personal information
You may lodge a request to correct personal information that we hold about you if you believe it is inaccurate, incomplete, out-of-date, irrelevant or misleading, by contacting our Privacy Officer via the details shown below.
You may request access to the personal information we hold about you. Generally, we will provide you with access, except in limited circumstances where we are permitted by law to refuse access.
You must direct any requests to the SAHMRI Privacy Officer via the contact details below. We may require your request to be made in writing. We may charge a fee for providing access, which will not exceed our reasonable expenses incurred in responding to your request, including photocopying and administrative expenses. Please note that no fee will be incurred for requesting access, and if your request for access is accepted we will inform you of the fee (if any) that will be payable for providing access if you proceed with your request.
You may ask us to inform you of the source of any personal information about you that we have collected from a third party. We will provide this at no cost, except in limited circumstances where the APPs or other law permit us to withhold this information.
2.6 Making a complaint
You may lodge a complaint with us if you believe we have handled your personal information other than in accordance with the APPs. To do so please contact our Privacy Officer via the contact details below. We will confirm receipt of your complaint and set out the time frame we require to investigate your complaint and provide you with a response. We will endeavour to respond as quickly as possible, which generally, will be within 30 days of receiving your complaint.
2.7 SAHMRI website
2.8 Cross-border disclosure of your personal information
SAHMRI may store your personal information at offshore locations, including offshore storage and cloud facilities provided by third parties. By providing your personal information to SAHMRI you consent to your personal information being shared with overseas recipients for storage, back-up and data security purposes. Generally these overseas recipients are located in the United Kingdom, United States of America and Singapore. SAHMRI may also disclose your personal information to other overseas recipients in certain circumstances. For example, if you are a participant in research conducting jointly by SAHMRI and an overseas institution.
Generally SAHMRI will not disclose your personal information overseas for any other purpose other than storage, back-up and data security, except upon your request, or if we are authorised or required to do so by law.
By consenting to the disclosure of your personal information to an overseas recipient you understand and agree that SAHMRI may not take steps to ensure that the overseas recipient handles your personal information in accordance with the Privacy Act and APPs. You also acknowledge that the overseas recipient may not be required to comply with the Privacy Act and APPs, and may not be subject to comparable laws in their jurisdiction. SAHMRI will not be responsible for, or otherwise liable for the way in which the overseas recipient handles your personal information.
We are not likely to disclose personal information provided to SAHMRI using the SAHMRI Windows Campaign website at www.sahmriwindows.com to third parties located offshore, other than when persons located offshore view the website.
2.10 Contact us
If you would like further information, or if you have a complaint, about the way we manage your personal information, please contact SAHMRI's Privacy Officer, by mail PO Box 11060, Adelaide, South Australia, 5001, by telephone on +61 8 8128 4000 or by email at firstname.lastname@example.org
2.11 Office of the Australian Information Commissioner
More information about your rights and our obligations in connection with your personal information are available from the Office of the Australian Information Commissioner at www.oaic.gov.au.