CTRL Platform Privacy Policy

Australian Genomics CTRL Platform Privacy Policy

The Australian Genomics Health Alliance (Australian Genomics) is funded by the National Health and Medical Research Council’s (NHMRC) Targeted Call for Research into Preparing Australia for the Genomics Revolution in Health Care (2015). Australian Genomics, and the grant (GNT1113531) are administered by the Murdoch Children’s Research Institute (MCRI). The contents of the Australian Genomics CTRL Platform are solely the responsibility of Australian Genomics and do not reflect the views of the NHMRC or MCRI.

As at 28 June 2018, Australian Genomic comprises 80 institutions (and their researchers/investigators). A list of these institutions is available at australiangenomics.org.au/partners, which may be updated from time to time.

In this Privacy Policy, ‘us’ ‘we’ or ‘our’ means Australian Genomics. We are committed to respecting your privacy. Our Privacy Policy sets outs out how we collect, use, store and disclose your personal information.

Your consent to participate in the Australian Genomics study and receive genomic testing will also be governed by the relevant consent form/s which you provide to us, which are available here australiangenomics.org.au/for-participants/your-personal-platform/.

By using the CTRL Platform, you will be able to choose organisations that can use your personal information and the kinds of research they can do with your personal information. You will also be able to change your consent preferences at any time by using your login details to access the CTRL Platform. Note that your use of the CTRL Platform will also be governed by our Terms and Conditions.

By providing personal information to us, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our CTRL Platform. We encourage you to check our CTRL Platform periodically to ensure that you are aware of our current Privacy Policy.

Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit card information.

Sensitive information includes information or an opinion about an individual’s racial or ethnic origins, political opinions, religious beliefs, sexual orientation, or criminal record that is also personal information. Sensitive information also includes health information, genetic information or biometric information that is used for verification or biometric templates.

What personal information do we collect?

We may collect the following types of personal information:

  • name;
  • mailing or street address;
  • email address;
  • telephone number and other contact details;
  • age or date of birth;
  • hospital number;
  • your hospital and emergency records;
  • your Medicare Benefits Schedule (MBS) and Pharmaceutical Benefits Schedule (PBS) data and associated information;
  • your medical visits, procedures and associated costs;
  • your genetic information, including test results which contain genetic information;
  • details about your treatment and side effects;
  • your family history of any related medical conditions;
  • contact details of next of kin;
  • details of the clinical flagship project you are enrolled in;
  • statistics on page views, traffic to and from the sites, IP address and standard web log information;
  • details of the changes to your consent preferences, including any additional information necessary to enact your preferences and respond to these changes;
  • any additional information relating to you that you provide to us directly through our CTRL Platform or app or indirectly through your use of our CTRL Platform or app or online presence or through other websites or accounts from which you permit us to collect information;
  • information you provide to us through patient surveys; or
  • any other personal information, or sensitive information that may be required in order to facilitate your dealings with us.

We may collect these types of personal information either directly from you, or from third parties. We may collect this information when you:

  • sign a patient consent form available here 
  • participate in testing and surveys;
  • register on our CTRL Platform or app;
  • use our CTRL Platform to change your consent preferences;
  • communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites; or
  • interact with our sites, services or content.

With your consent, we may also collect information about your MBS and PBS (as defined above) data from the Australian Department of Human Services.

Why do we collect, use and disclose personal information?

We may collect, hold, use and disclose your personal information for the following purposes:

  • to conduct research to find out whether information obtained from genomic sequencing and testing is useful for the diagnosis and/or management of a condition, compared to routine care that is usually offered to people of the same condition;
  • to seek to understand patient experiences and obtain your views of having the relevant genomic testing undertaken and what you consider to be important for doctors to consider when offering genomic testing to people;
  • examining the cost effectiveness of genomic testing for people with the relevant condition;
  • examining if making samples and data available for further research (beyond the first genomic test) provides more patients with a diagnosis and understand more about their disease;
  • to share your de-identified information with other researchers or laboratories which are also undertaking ethically-approved research for the benefit of healthcare;
  • to enable you to access and use our CTRL Platform or app and/or services and to manage your consent preferences;
  • to operate, protect, improve and optimise our alliance, our CTRL Platform or app and/or services and our users’ experience, and to perform analytics;
  • to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
  • to administer surveys managed by us or our alliance partners; and
  • to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties.

Do we use your personal information for direct marketing?

We may send you direct marketing communications and information about our services, for example in the nature of inviting you to participate in our studies. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act and the Privacy Act. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (eg. an unsubscribe link or via the Personal Platform).

To whom do we disclose your personal information?

We may disclose your personal information, on a confidential basis, for the purposes described in this privacy policy to third parties, including:

  • existing or potential third party suppliers and service providers based in Australia (including information technology providers for the operation of our CTRL Platform or in connection with providing our services to you).
  • the institutions constituting our alliance (including MCRI) for the operation of the CTRL Platform, or in connection with providing our services to you;
  • professional advisers;
  • anyone to whom our alliance or undertaking (or any part of them) are transferred, or offered to be transferred;
  • specific third parties authorised by you to receive information held by us; and/or
  • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

If you do not consent to the disclosure of your personal information to these third parties, we may not be able to make the CTRL Platform functionality available to you.

With your consent, we may disclose your genetic information which has undergone our de-identification process for the purposes described in this privacy policy to:

  • all approved Australian Genomics investigators and coordinators who are named on our ethics list (MH 2016/224) and for a research project approved by a Human Research Ethics Committee; and
  • any entity or institution which has or receives approval by the Australian Genomics Data Access Committee for a research project approved by a Human Research Ethics Committee.

We only share de-identified or aggregated genetic information with other researchers in accordance with this privacy policy, and the consent form you have signed.

Disclosure of personal information outside Australia

We may disclose your genetic information, which has undergone our de-identification process to recipients outside of Australia, located in Argentina, Australia, Austria, Bangladesh, Belgium, Brazil, Bulgaria, Canada, China, Denmark, Estonia, Finland, France, Georgia, Germany, Ghana, Greece, Hong Kong, India, Ireland, Israel, Italy, Japan, Korea, Republic of, Luxemburg, Malaysia, Mexico, Netherlands, New Zealand, Norway, Philippines, Portugal, Qatar, Russian Federation, Singapore, Slovenia, South Africa, Spain, Sri Lanka, Sweden, Switzerland, Taiwan ROC, Turkey, United Kingdom, United States, Bolivian Republic of Venezuela with your consent.

Otherwise, we will not disclose your personal information to recipients outside of Australia without your express consent.

To the extent that your genetic information which has undergone our de-identification process, or any other personal information, is disclosed overseas with your consent, we will take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles.

Using our CTRL Platform and cookies

We may collect personal information about you when you use and access our CTRL Platform.

While we do not use browsing information to identify you personally, we may record certain information about your use of our CTRL Platform, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

We may also use ‘cookies’ or other similar tracking technologies on our CTRL Platform that help us track your CTRL Platform usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our CTRL Platform may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

Security

We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information as defined in our Information Security Strategy.

For example, the personal information you provide us with is added to a secure database maintained by us. This database secures your personal information by using appropriate encryption and secure data handling processes for all information provided via our CTRL Platform. Further, we also transfer and store your personal information on our reputable third party suppliers of IT infrastructure. Those servers are located in Canberra, Sydney and Melbourne, Australia. However, we cannot guarantee the security of your personal information.

Links

Our CTRL Platform may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

Accessing or correcting your personal information

You can access the personal information we hold about you by contacting us using the information below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

Making a complaint

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

Contact Us

For further information about our Privacy Policy or practices, or to access or correct your personal information, or make a complaint, please contact us using the details set out below:

MCRI

Privacy Compliance Officer
Murdoch Children’s Research Institute
Royal Children’s Hospital
50 Flemington Road
Parkville VIC 3052
Email: notices@mcri.edu.au with a copy to australian.genomics@mcri.edu.au

Effective: 28 June 2018