Privacy Policy

1. Purpose

South Australian Health and Medical Research Institute Limited ACN 141 228 346 (SAHMRI) has been established to develop and operate a world-class research institute to undertake health and medical research, and to facilitate the transfer and application of the results of its research to improve the health and wellbeing of the community.

SAHMRI is required to comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) when handling personal information. Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in material form or not.

In some cases, SAHMRI may be required to handle personal information in accordance with State legislation and requirements, such as the South Australian Department of Health's Code of Fair Information Practice (Code) and the Government of South Australia, Cabinet Administrative Instruction No.1 of 1989 (IPPs).

This policy is intended to provide a general overview of our policies for the handling of your personal information. Other policies may apply instead of or in addition to this Privacy Policy in certain circumstances.

By using our website sahmri.org.au (SAHMRI’s Website) and/or providing your personal information to us you consent to us handling your personal information in accordance with this Privacy Policy.

In this policy, the terms ‘we’, ‘us’ and ‘our’ refer to SAHMRI. The terms ‘you’ and ‘your’ refer to people whose personal information SAHMRI may collect.

2. Policy

Collection of Personal Information

We may collect personal information about you in the course of your dealings with SAHMRI (e.g. when you make a financial donation, attend an event or participate in a research program). We will only collect information that is necessary for our business functions. We collect your personal information directly from you, unless it is impracticable or unreasonable to do so. We may also collect personal information about you from third parties (for example, from our recruitment agents, research partners, other public records and from individuals who make financial donations to the SAHMRI on your behalf ).

When collecting your personal information, we will take reasonable steps to provide you with certain information as required under the APPs, including the purposes of collection, the types of organisations or people to whom we may disclose your personal information, any law that requires or authorises us to collect the information and the main consequences if we do not collect all of the personal information we require. If we collect your personal information from another source, we will take reasonable steps to ensure you are aware of the fact and the circumstances of that collection. We will never collect sensitive information (as defined below) about an individual from a third party without their consent, unless we are allowed or required to do so by Law.

If we are unable to collect the information about you that we require, we may be limited in the products and services we can provide to you (for example, you may not be able to participate in a clinical trial or research program). If the information provided is incorrect or incomplete this may also prevent, limit or otherwise affect our ability to provide products or services to you.

The types of personal information we collect about you, and our use of that information, depends upon your dealings with us. Generally, this personal information may include your name, telephone number, address and email address, date of birth and details of SAHMRI activities you may be interested in or participate in. We may also collect other personal and sensitive information from you, (e.g. if you make a donation, your credit card details or if you are applying for a position or student placement with SAHMRI then the personal information we collect may include your resume, qualifications, skills, education provider and history, work history and residency status). In some instances we will collect health and other sensitive information about you (e.g. in the course of research, or if such information is provided by a donor on your behalf).

Use and disclosure of your personal information

We will use and disclose your personal information for the purposes for which we collected it, for other related purposes that you would reasonably expect, and as otherwise permitted or required by law.

Generally, these purposes will include responding to your enquiries, providing you with products and services or providing you with information about SAHMRI's activities, programs, offerings, developments and to obtain your feedback and for our general business operations (for example, maintenance of our business records, compliance with our legal and insurance obligations and statistical purposes). We may also use your personal information to send you information about participating in research.

By providing us with your personal information, you consent to us using your personal information for these purposes. You agree that we may send you such information by post, telephone or by electronic means (including e-mail and SMS). On occasions, SAHMRI may allow third parties who are part of our project teams or who partner with us in research or fund raising initiatives, to mail you with information if SAHMRI believes that the information may be of interest to you. You can opt-out of marketing and promotional communications at any time by contacting our Privacy Officer via the details shown below or by using any other opt-out mechanism in the communication.

We may disclose your personal information to our agents and contractors, for the purposes set out above, and for the purposes of those parties providing services to us or performing business services or functions on our behalf. When doing so, we will usually contractually require all agents and contractors to uphold the standards of the APPs (or other relevant applicable privacy scheme).

The expression ‘health information’ means information, data or opinion about:

  • your health or a disability (at any time);
  • smoking status;
  • alcohol consumption;
  • clinical notes, medical records or correspondence about your health;
  • your expressed wishes about the future provision of health services or Services to you;
  • a health service or services provided, or to be provided, to you;
  • pathology results;
  • radiology imaging;
  • facility/venue where health services or Services were provided to you;
  • a diagnosis, care arrangements, care plans, observations, medications;
  • notes of your symptoms or diagnosis and the treatment given to you;
  • your specialist reports and test results;
  • your appointment and billing details;
  • your prescriptions and other pharmaceutical purchases;
  • your dental records;
  • your genetic information;
  • research and analysis of your health, genetic or physiological makeup or other condition;
  • any other information about your race, sexuality or religion; and
  • other personal information collected to provide, or in providing, a health service or Services to you.

The expression ‘sensitive information’ includes information about:

  • health (including predictive genetic information);
  • racial or ethnic origin;
  • political opinions;
  • membership of a political association, professional or trade association or trade union;
  • religious beliefs or affiliations;
  • philosophical beliefs;
  • sexual orientation or practices;
  • criminal record;
  • biometric information that is to be used for certain purposes;
  • biometric templates.

If you apply for employment with us your personal information may be disclosed to recruitment agencies for suitability assessment. Health information, information about your race, gender, sexuality or political opinions and affiliations are a special type of personal information under the Privacy Act called ‘sensitive information’. You have additional rights in relation to sensitive information.

As a research institution, there may be certain circumstances where SAHMRI is required to, or entitled to, access your personal information or sensitive information without your knowledge or consent. This will only occur in circumstances in which SAHMRI is authorised to do so in accordance with the guidelines established by the National Health and Medical Research Council (NHMRC) and when approved by a registered Human Research Ethics Committee.

Sensitive information & participation in research

SAHMRI will only collect sensitive information (including health information) about you with your consent (e.g. when you participate in research and clinical trial activities) unless we are required or allowed to do so by Law. We will assume that you have consented to us collecting all information, which is provided to us by you for use in accordance with this policy, including any 'sensitive information', unless you tell us otherwise.

Sensitive information will only be used for the purpose for which it is collected or directly related secondary purposes (e.g. providing you with results of the research or clinical trial and contacting you in the future about similar research) and as otherwise permitted by law.

We may also disclose your sensitive information to third parties who are part of the project team for the research or clinical trial in which you are participating. Otherwise we will only disclose your sensitive information with your consent, and as otherwise permitted or required by law. All research and clinical trials conducted by SAHMRI, whether alone or in conjunction with other institutions, are approved by a Human Research Ethics Committee.

Security of your personal information

Reasonable, industry-standard steps are taken to protect personal information from unauthorised access, modification or disclosure, or from other types of misuse, interference and loss.

We will take reasonable steps to destroy or permanently de-identify your personal information when we no longer require it for any purpose for which it was collected. We may retain your personal information for as long as necessary to comply with any applicable law, regulations and codes, and for insurance, governance (including corporate governance) purposes, for the prevention of fraud and to resolve disputes. Your personal information may also be retained in our IT system back-up records.

The transfer of data over the Internet is inherently insecure. We cannot guarantee the security, during transmission, of any personal information provided to us via our Website or via email. Please bear this in mind when transmitting information by this means to us.

Financial details, including credit card details and related personal information gathered whilst in the process of conducting an online payment on our Website (e.g. when making a financial donation) will be used for credit card authorisation and payment processing purposes. This information will be shared with our payment processing provider in connection with your purchase. All online purchases are conducted in a payment system that is compatible with Secure Sockets Layer (SSL) standards, and are conducted using 128 bit SSL encryption.

Access & correction of your personal information

You may lodge a request to correct personal information that we hold about you if you believe it is inaccurate, incomplete, out-of-date, irrelevant or misleading, by contacting our Privacy Officer via the details shown below.

You may request access to the personal information we hold about you. Generally, we will provide you with access, except in limited circumstances where we are permitted by law to refuse access.

You must direct any requests to the SAHMRI Privacy Officer via the contact details below. We may require your request to be made in writing. We may charge a fee for providing access, which will not exceed our reasonable expenses incurred in responding to your request, including photocopying and administrative expenses. Please note that no fee will be incurred for requesting access, and if your request for access is accepted we will inform you of the fee (if any) that will be payable for providing access if you proceed with your request.

You may ask us to inform you of the source of any personal information about you that we have collected from a third party. We will provide this at no cost, except in limited circumstances where the APPs or other law permit us to withhold this information.

The European Union General Data Protection Regulation

The General Data Protection Regulation (GDPR) is the European Union (EU) data protection law. Australian-based organisations that offer goods or services to persons in the EU or target or monitor the behaviour of persons in the EU may be required to comply with the GDPR regulatory regime.

Whilst SAHMRI is an Australian based organisation providing research services within Australia, we do collaborate with partners based in the EU from time to time. Further, we may offer services to European organisations or governments on occasion.

Examples of when this might occur include where we conduct research using participants in the EU, where we are funded to conduct research by a European agency, where a European citizen makes a donation to SAHMRI, or where someone in Europe signs up to receive information about SAHMRI’s activities.

Where this occurs, we will treat the personal information received in accordance with this Policy.

Where data is processed in, collected from, or monitored in the EU, you may have additional rights, such as:

  • The right to request that we delete your personal information (unless we require that information to comply with a legal obligation, or need it to bring or defend a legal claim); and
  • The right to restrict our processing of your personal information (where it is inaccurate, would be unlawful to process, or where it has not been deleted due to us needing it to meet a legal obligation).

If you believe that you may be protected by the GDPR and wish to exercise your rights under that regime, please contact us on the details listed in this Policy.

Making a complaint

You may lodge a complaint with us if you believe we have handled your personal information other than in accordance with the APPs. To do so please contact our Privacy Officer via the contact details below. We will confirm receipt of your complaint and set out the time frame we require to investigate your complaint and provide you with a response. We will endeavour to respond as quickly as possible, which generally, will be within 30 days of receiving your complaint.

SAHMRI's website

SAHMRI’s Website uses cookies. We do not use the information stored in those cookies to collect information about you or your computer. The cookies are used for statistical purposes and to assist with your use of SAHMRI’s Website. We may also collect click-stream data when you use SAHMRI’s Website, such as the date and time of your visit, the pages you accessed, your server's IP address, the type of browser and system you are using and the websites you come from and move to. This information is collected for statistical purposes to assist us to find out how SAHMRI’s Website is used and navigated and to improve SAHMRI’s Website.

SAHMRI’s Website may contain links to third party websites. SAHMRI is not responsible for the privacy, security or handling of your personal information via those websites. You should review the privacy policy and terms of use for those websites each time you visit.

Cross-border disclosure of your personal information

SAHMRI may store your personal information at offshore locations, including offshore storage and cloud facilities provided by third parties. By providing your personal information to SAHMRI you consent to your personal information being shared with overseas recipients for storage, back-up and data security purposes. Generally these overseas recipients are located in the United Kingdom, United States of America and Singapore but may also be in other locations. SAHMRI may also disclose your personal information to other overseas recipients in certain circumstances, for example, if you are a participant in research conducting jointly by SAHMRI and an overseas institution.

Generally SAHMRI will not disclose your personal information overseas for any other purpose other than storage, back-up and data security, except upon your request, or if we are authorised or required to do so by law.

By consenting to the disclosure of your personal information to an overseas recipient you understand and agree that SAHMRI may not take steps to ensure that the overseas recipient handles your personal information in accordance with the Privacy Act and APPs. You also acknowledge that the overseas recipient may not be required to comply with the Privacy Act and APPs, and may not be subject to comparable laws in their jurisdiction. SAHMRI will not be responsible for, or otherwise liable for the way in which the overseas recipient handles your personal information.

Changes to our privacy policy

SAHMRI may amend, modify or replace this policy at any time. You should review our Privacy Policy each time you visit our Website or provide us with personal information.

Contact us

If you would like further information, or if you have a complaint, about the way we manage your personal information, please contact SAHMRI's Privacy Officer, by mail PO Box 11060, Adelaide, South Australia, 5001, by telephone on +61 8 8128 4000 or by email at privacy@sahmri.com.

Office of the Australian Information Commissioner

More information about your rights and our obligations in connection with your personal information are available from the Office of the Australian Information Commissioner at www.oaic.gov.au.