Scope and Purpose of Policy
Centenary Institute of Cancer Medicine and Cell Biology (Centenary, “we”, “us” or “our”) understands that privacy is important to you. Centenary is committed to handling your Personal Information and Sensitive Information (including health information) in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (the Privacy Act), and in other legislation.
This Policy applies to all persons who interact with Centenary, including research participants, donors or other interested parties who participate in Centenary events, as well as commercial suppliers and prospective employees (referred to as “you” or “your”).
Centenary’s Privacy Principles
- We value your privacy and strive to foster a positive and respectful privacy culture which supports a relationship of trust between us.
- We will apply and adhere to the Privacy Act and any other laws relevant to our functions and activities. To the extent that inconsistencies or differences might exist as between different regulatory systems, we will use all reasonable endeavours to achieve compliance with all applicable regulations.
- We strive for high standards in privacy management, taking reasonable steps to ensure compliance with the law, and to enable continuous improvement of privacy practices.
You may wish to read the entire Privacy Statement or read the sections of interest to you by clicking the links below.
What information does Centenary collect about you and why?
Personal Information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. Sensitive Information is a subset of Personal Information, and includes opinions and health information, and is given a higher level of protection under the Privacy Act. For more information please see the Australian Information Commissioner (OIAC) website: What is personal information?).
Personal Information and Sensitive Information is in this Policy collectively referred to as Personal and Sensitive Information).
Centenary collects your Personal Information reasonably necessary for one or more of our functions or activities as a medical research organisation. The types of Personal Information we generally collect includes your name, date of birth, address and other contact details such as your telephone numbers and email address. Depending upon the purpose of our interaction with you, we may collect additional personal information. More detail about the Personal and Sensitive Information we collect and why is set out below.
When you make a donation, register for an event, or make enquiries about Centenary activities, we may collect Personal Information including research areas of interest, event attendance, donation history and payment information including credit card and bank account details. We collect this information to process payments, send receipts as well as surveys, newsletters and information about research, education and fundraising events and activities that relate to your areas of interest. All such persons are referred to in this Policy as Supporters. We may also use Personal Information for contact to seek financial support for our medical research, or add appended public domain data to the Personal Information collected. Typically, we send up to four appeal letters a year as well as newsletters and electronic updates. Supporters may choose the number of and way in which we communicate at any time.
If you do not want your Personal Information used for any of the above purposes, you should contact us using details provided in the ‘How to contact us’ section below, or via email at firstname.lastname@example.org.
If you participate in any of the research programs that Centenary conducts, we collect Personal Information to record your involvement and to process the results of research and to contact you regarding participation in future studies. We may collect Sensitive Information from you because it will be your health information and could be other Sensitive Information such as information about your racial or ethnic origin.
The Personal and Sensitive Information collected may include:
- Gender, nationality, racial or ethnic origins
- Date of birth
- Medical history including, where relevant, a family medical history
- Medicare number and information about private health insurance
- Current medications or treatments used
- Test results and samples.
Centenary may also collect information about individuals who are not research participants while collecting information about a research participant. For example, when collecting a family medical history or emergency contact details. Personal Information collected from research participants will be treated confidentially and stored securely at Centenary.
All research and clinical trials undertaken at Centenary are approved by an external Human Research Ethics Committee. Research participants enrolled in research will be given further information detailing how your Personal and Sensitive Information will be handled. The results of research studies may be presented at a conference or in a scientific publication, but individual participants will not be identifiable.
Suppliers and contractors
Centenary may collect Personal Information about individuals who we deal with on a commercial basis such as suppliers, contractors and individuals in organisations to which we provide goods and services or from which we acquire goods and services. We may collect Personal Information including names, positions, contact details, driver licences or vehicle registration numbers, ABNs, bank details and other information relevant to your involvement with Centenary.
We may collect Personal Information when recruiting for positions at Centenary. We will collect the Personal Information that you provide for the purpose of assessing your job application, such as your contact details, date of birth, educational/academic history and work history. We may also collect Personal Information about you from third parties, such as your referees, as part of our assessment of your suitability for a position.
If you have any queries about your Personal Information held by Centenary, you should contact us using details provided in the ‘How to contact us’ section below, or via email at email@example.com.
Visitors to our website
Can you deal with Centenary anonymously?
Where lawful and practicable, you will be given the option to deal with us without identifying yourself or by using a pseudonym (e.g. when enquiring about the activities that Centenary undertakes). It may not always be practicable or lawful for us to deal with you anonymously or pseudonymously on an ongoing basis. If we do not collect Personal Information about you, you may be unable to participate in or have access to our research programs, events or activities.
You should be aware that contact details are required in order for Centenary to issue a tax-deductible receipt for donations, receipts for event registrations and other forms of receipting confirmation.
While we seek to recognise the contributions of our donors and Supporters in our publications, individuals wishing to remain anonymous in our publications and at other public forums should advise us in writing using details provided in the ‘How to contact us’ section below, or via email at firstname.lastname@example.org.
How does Centenary collect and hold your Personal Information?
Personal and Sensitive Information is generally collected directly from you when Centenary deals with you over the phone by mail, in person or over the internet.
Personal and Sensitive Information is held in paper-based and electronic records and systems. Personal and Sensitive Information may be collected in paper-based documents and converted to electronic forms for storage (with the original paper-based documents either archived or securely destroyed).
Centenary uses physical security and other measures to ensure that Personal Information is protected from misuse, interference and loss; and from unauthorised access, modification and disclosure. Personal Information held in paper-based form is generally securely stored at Centenary in Sydney or in the case of archived records, at an external storage facility in Australia.
We maintain website security using secure hosting, firewalls and intrusion prevention. Strong user authentication mechanisms control access to all areas of the website. Donations and registrations made on the Centenary website use encryption methods and credit card data is stored using systems compliant with the Payment Card Industry Data Security Standard.
How does Centenary disclose your Personal Information?
Where necessary, Centenary may be required to disclose your Personal Information to external contractors (such as organisations who assist with our marketing and fundraising campaigns).
Your Personal Information may be disclosed to third parties without prior agreement where your consent has been obtained for Centenary to share such data or we are entitled or required to do so by law.
Occasionally Centenary may share an individual’s Personal Information with like-minded medical research organisations. These organisations allow us to do the same, and in this way we can reach more people with vital information.
Will your Personal Information be sent outside Australia?
Centenary does not normally disclose your Personal Information to overseas recipients. However, where our research is being performed with overseas collaborators, Personal Information (including Sensitive Information) may be sent overseas with your prior consent.
How do you access or seek to correct your Personal Information?
You may request to access your Personal Information held by Centenary using the contact details provided in writing using details provided in the ‘How to contact us’ section below, or via email at email@example.com. In limited circumstances, access to Personal Information may be declined in accordance with privacy laws. Whenever reasonably possible Centenary will provide access.
Centenary endeavours to ensure that your Personal Information is accurate, complete and
up-to-date whenever we use it. If any Personal Information we hold is not accurate, or is incomplete or out-of-date, you may request that we amend our records by contacting us in writing using details provided in the ‘How to contact us’ section below, or via email at firstname.lastname@example.org.
If you reside in, or are located in, the European Economic Area you are covered under the EU General Data Protection Regulation (GDPR). Consent for collection, use or disclosure of Personal Information from you may be withdrawn at any time. You may also have the right to object to the processing of your Personal Information, or to request the erasure, portability or restriction of processing of your Personal Information.
What should you do if you have a complaint about handling of your Personal Information?
Centenary will consider and respond to complaints within a reasonable period. If you are not satisfied with our response, or consider that we may have breached the Privacy Act, you are entitled to make a complaint to the OAIC. The OAIC can be contacted by telephone on 1300 363 992 or full contact details can be found online at oaic.gov.au.
How to contact us
In writing: The Privacy Officer
Centenary Institute Locked Bag 6
Newtown NSW 2042
Tel: +61 2 9565 6100
Fax: +61 2 9565 6101
How are changes to this Policy made?