We appreciate that privacy is important to you.  We are committed to collecting, handling, using and disclosing your personal information in accordance with applicable privacy laws, including the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act) and the Health Records and Information Privacy Act 2002 (HRIP Act).

In some circumstances we will collect health and/or sensitive information (within the meaning of the Privacy Act and the HRIP Act). Special protections apply to these kinds of information. This privacy policy is intended to incorporate those special protections.

1. DEFINITIONS

In this Policy:

Services” means the services offered by us from time to time, including but not limited to health, research, science or support related services, and any feedback or other interaction between an individual and us in the use of or in providing any of those services and includes services that are integrated with goods or services of a third party.

Melanoma Institute Australia“, we, us or our means Melanoma Institute Australia ACN 123 321 148, 40 Rocklands Rd, Wollstonecraft NSW 2065, Australia.

Website” means each website located at or available through the domain name <https://melanoma.org.au/> and any other domain names as notified by us from time to time.

user” means an individual who uses or accesses the Services or a Website in any capacity or who deals with us in any other manner, including whether as an actual or prospective customer, supplier, prospective employee, authorised representatives of a customer or of us or a third party.

2. WHAT INFORMATION DO WE COLLECT AND WHY?

We collect personal information reasonably necessary for one or more of our Services, or our functions or activities as medical research organisation.  The types of personal information we generally collect includes your name, date of birth, address and other contact details such as your telephone numbers and email address.  Depending upon the purpose of our interaction with you, we may collect additional personal information which may be sensitive and/or health information.1

2.1 People about whom we may collect ‘sensitive’ and/or ‘health’ information

a) Patients

In order to provide appropriate care for patients referred to us, we collect and maintain personal information about patients. This information will generally be considered sensitive and/or health information. Some examples of the kinds of information we may collect are:

i) your medical history including, where relevant, a family medical history;

ii) your racial or ethnic origin, where this pertains to a relevant patient care question;

iii) your Medicare number and information about your private health insurance;

iv) current medications or treatments used by you;

v) the name of any care provider, health service provider or medical specialist to whom we refer you back to or has referred you to us, copies of any referrals and reports; and

vi) test results and samples.

We only collect sensitive and/or health information that is relevant, accurate, current and non-excessive.

We maintain a centralised patient management system that is used by our clinical members who are responsible for the delivery of patient care.  Our clinical members are not directly employed by us, and we do not provide medical treatment to patients. Clinical members may access your sensitive and/or health information in connection with providing you with patient care. This information may be discussed within the multidisciplinary meeting by your doctor

When you are treated by a clinician associated with us you will be asked to review a privacy consent form. This form will outline how your information will be used and disclosed to us in accordance with the HRIP Act and Privacy Act. It will ask you to provide your consent for your sensitive and/or health information to be disclosed to us.

b) Research participants

If you participate in the research and clinical trial activities and programs conducted by us, we collect personal information to record your involvement and to process the results of research and clinical trials.  We may also use this information to contact you about participation in future studies.

The information we collect will generally be sensitive information as it will include your health information. Some examples of the kinds of information we may collect are:

i) your medical history including, where relevant, a family medical history;

ii) your racial or ethnic origin, where this pertains to a relevant patient care question;

iii) your Medicare number and information about your private health insurance;

iv) current medications or treatments used by you;

v) the name of any care provider, health service provider or medical specialist to whom we refer you back to or has referred you to us, copies of any referrals and reports; and

vi) test results and samples.

We only collect sensitive and/or health information that is relevant, accurate, current and non-excessive. We will notify you when we are collecting sensitive and/or health information.

We may also collect the personal information about individuals who are not research participants when we make a record about a research participant.  For example, we may collect emergency contact details or a family medical history.

When we collect your sensitive and/or health information for the purposes of research and clinical trial activities you will be asked to review a privacy consent form. This form will outline how your information will be used and disclosed to us in accordance with the HRIP Act and Privacy Act. It will ask you to provide your consent for your sensitive and/or health information to be disclosed to us.

From time to time we may collate and analyse statistical data from information we have previously collected. In these cases, the data will be de-identified and aggregated before it is disclosed to third parties.

All research and clinical trials undertaken at the Institute are approved by an external Human Research Ethics Committee.  Research participants enrolled in trials or research will be given further information detailing how their personal information (including health information) will be handled prior to their involvement in the research study.

2.2 People about whom we do not collect ‘sensitive’ and/or ‘health’ information

a) Supporters

When you make a donation, register for an event or make inquiries about our activities, we will collect your personal information such as name, address and other contact details.  We will also retain information relating to your donation history and payment information including your credit card details.

We collect this information to send you receipts as well as surveys, newsletters and information about research, education and fundraising events and activities.  We may use your information to contact you to seek financial support for medical research conducted at the Institute and to keep you informed of recent research activity happening in the field of melanoma.   You may choose what correspondence you receive at any time.

If you do not wish us to use your personal information for any of the above purposes please contact us using the details in the how to contact us section below.

b) GPs, referring doctors and other healthcare professionals

We may collect personal information about individual health practitioners who interact with us such as referring doctors or other health professionals involved in the care of our patients and research participants.  This is typically information such as your name, contact details, professional details and information regarding interactions or transactions with us. This information is collected for the purpose of administration, management and operation of the Institute.

c) Applicants for positions with us

We may collect personal information when we are canvassing recruitment of staff and research students.  Generally speaking, we will collect personal information that you supply to us as part of this process for the purpose of assessing applications and proposals.  We will collect personal information about you such as your educational/academic history and work history.  We will collect personal information about you from third parties, such as your referees, as part of our assessment of your suitability for a position.

Information relating to applicants for positions at us will be retained until the recruitment process has concluded.  After the recruitment process has been completed, all personal information that has been collected will be destroyed.

We receive unsolicited applications for employment or research opportunities from time to time. We will retain information relating to unsolicited applications for a period of three months, after which time it will be destroyed.

This Privacy Policy does not apply to employee records held by us relating to an employee or former employee.

d) People with whom we have commercial relationships

We may collect personal information about individuals who we deal with on a commercial basis such as suppliers, contractors and individuals in organisations to which we provide goods and services or from which we acquire goods and services.  We may collect personal information about you including your name, position, contact details, license or registration numbers, ABN, bank details and other information relevant to the capacity in which you are dealing with the Institute.

e) Visitors to our Website

‘Cookies’ are used on both www.melanoma.org.au and https://melanoma.org.au/get-involved/donate/. This allows us to track usage patterns and to compile data in an aggregated and “non user” specific form enabling us to improve our website for future visitors. If you elect to become an online community user of www.melanoma.org.au (for instance through signing up for our e-news or by creating an online fundraising page) cookies are used to remember you and to track your usage of our website. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature.

3. WE WILL NOTIFY YOU WHEN WE COLLECT YOUR PERSONAL INFORMATION

3.1 Notification at the time of collection

We will take all reasonable and practicable steps to notify you of the following information when we (or the clinicians associated with us) collect your personal information:

a) our identity and contact details;

b) the facts and circumstances of the collection (if we do not collect the information directly from you);

c) whether the collection is authorised by a law or court/tribunal;

d) the consequences if your personal information is not collected;

e) the fact that you can request access to the information;

f) the purposes for which we collect the information;

g) how we disclose the information;

h) this privacy policy; and

i) whether it is likely that we will disclose your personal information to overseas recipients.

3.2 Notification as soon as practicable after collection

If it is not practicable to notify you of the above matters at the time of collection, we will take all reasonable steps to notify you of those matters as soon as practicable after collection.

4. HOW DO WE COLLECT YOUR INFORMATION?

We are the owner of all information collected by or through use of or access to any of the Services and any Website. We will not sell, share, or rent this information to others in ways different from what is disclosed in this Policy. We collect information from users at several different points during their interaction with us, including during the use of or access to the Services or Website and in several different ways including:

4.1 Direct input by you

In order to use the Services you may be required to provide certain personal information. For instance, you may provide information to us directly when you have contact with us in person, over the phone or via email or the internet. You may also provide information to us in the course or your attendance or interactions with affiliate clinicians or GPs, referring doctors and other healthcare professionals.

We will take whatever steps that we consider reasonable and practicable to collect your personal information directly from you. We will only collect your personal information indirectly where it is unreasonable or impracticable to collect it directly from you.

If you do not provide certain information, you may not be able to receive the full benefit of all of the Services or Website. This information is clearly identified at the point of collection. Other personal information that is requested is optional (but encouraged so we can provide a more personalised experience for you).

4.2 Submission by users

Our users provide personal information directly to us, verbally and in hard copy and electronic records or documents, whether stored in or provided by way of digital storage media, electronic communications, including through a computer, communications interface or application program interface (API) available over or through a Secure Sockets Layer (SSL) protocol.

4.3 Submission by or collection from third parties

We may request third parties to provide or allow us access to and collection of information, including personal information that the third parties hold and are authorised or entitled to disclose, directly to us, verbally and in hard copy and electronic records or documents, whether stored in or provided by way of digital storage media, electronic communications, including through a computer, communications interface or API available over a SSL protocol.

Generally we will not collect your health and/or sensitive information from third parties. In the event we do collect your health and/or sensitive information from a third party, we will take reasonable steps to contact you and notify you of the purposes for which we are collecting the information as well as advising you of other persons or other organisations to which we might give your personal information. This will usually be done through a patient consent form.

4.4 Log files

We use IP addresses to analyse trends, administer the Services and Website, and gather information for use in aggregated formats. To ensure the integrity of the data submitted by you we log information about sessions including IP address, number of login attempts, times of commencement and conclusion and the responses submitted.

4.5 Publicly available personal information

We may source information, including personal information, from publicly available information sources.

4.6 Surveys and promotional offers

We may request information via surveys or promotional offers. Participation in these surveys or promotional offers is voluntary. Information requested may include contact information (such as name and address), and demographic information (such as post code, age). Contact information will only be used to communicate with those who have opted to receive these offers. Aggregated survey information will be used for monitoring or improving the use and satisfaction of users.

4.7 Newsletter

By providing personal information to us, you acknowledge that we may send you newsletters or other forms of general communications. All newsletters provide the recipient with the ability to discontinue (opt out) of the service at any time.

4.8 Credit card information from users

If you establish a credit account with us, we request certain personal information from you in connection with the Services, including contact information such as name, email, and postal address and financial information including credit or debit card number, CCV number and credit or debit card expiration date (“financial information“).  We use this financial information to invoice and charge you for the use of services, as well as to verify your contact information.  When financial information is collected, it passes through our bank (and for transactions outside Australia, correspondent banks that may be used by our bank in respect of foreign currency transactions) for processing.  We never permanently store a complete record of the financial information but may retain and use some parts of that financial information (but never a credit or debit card number) as part of maintaining a record of transaction history and for account and service verification, fraud prevention and management, audit, complaints handling and dispute resolution purposes.

5. HOW DO WE USE AND DISCLOSE YOUR INFORMATION?

5.1 Health and/or sensitive information

Generally, we will only use health and/or sensitive information for the reason for which it was collected. However, we may use your health and/or sensitive information for a secondary purpose in the following circumstances:

a) if you consent to that use; or

b) if you would reasonably expect your health and/or sensitive information to be used for that secondary purpose, and the secondary purpose is directly related to the primary purpose.

5.2 Personal information

We may use and disclose your personal information (in whole or in part, and in identifiable and de-identifiable formats) in order to provide any Services or in relation to any service that is ancillary or necessary to those services, including administration, management, account management, verification and auditing of services and our business, customer engagement, complaints handling, dispute resolution, product and services improvement and development, service support, developmental, research, statistical, analytical, validation and archival purposes (Purpose).

We will only use de-identified information for any statistical or other analysis or similar research purposes.

We retain and use all data that is collected during or as a result of any of the Services (other than data from a cookie as a result of a visit to or use of a Website) in order to maintain and improve the Services and to validate the integrity, accuracy and consistency of actions, values, methods, measures, principles, expectations, and outcomes underpinning our Services.  This requirement is continuous and ongoing and means that this data is always retained and able to be used by us.

5.3 Disclosure to third parties

We will only disclose your personal information to third parties for a Purpose and with whom we have entered into an agreement that gives you (or that the law requires to give you) at least the same level of protection to your personal information as we do.

Where necessary, we may disclose your personal details to external contractors (such as organisations who assist with our research and educational activities, our mail-outs and independent IT service providers).  We only disclose your personal information to external service providers on condition that they must protect this information in accordance with this Privacy Policy and Australian privacy laws.  We may also disclose your personal information to third parties where you have consented or we are entitled or required to do so by law.

We do not currently transfer personal information overseas. However, we may enter into agreements with third parties to whom disclosures may be made who are located outside Australia.  If this occurs we will not transfer your personal information overseas unless we have taken reasonable steps to ensure that the information which is being transferred will not be held, used or disclosed by the recipient of the information inconsistently with the Privacy Act or the HRIP Act. Furthermore, if it is practicable to do so, we will update this Privacy Policy to provide information, as required by law, about the location of actual or likely overseas recipients of any personal information held and disclosed by us.

If the information to be transferred overseas includes your sensitive and/or health information, we will obtain your consent before transferring it.

Transfer of information overseas would only normally occur for printing or data payment processing purposes, for example by third party payment facilitators who may process their data offshore.  We may also use third party providers to conduct surveys and facilitate information collection and event registration.  Some of these service providers may conduct all or part of their business overseas and your personal information may be transferred as a result.  We will conduct due diligence before entering into any agreement with these service providers and will take all reasonable steps to ensure that your information is not used in a manner that is inconsistent with the Privacy Act and the HRIP Act.

In the delivery of the Services we may disclose personal and sensitive information to recipients outside of New South Wales.

5.4 Direct marketing

You consent to us using or disclosing your personal information (but not your health and/or sensitive information) for the purposes of direct marketing (including direct marketing by third parties).

Direct marketing by us may include sending you direct marketing material including surveys, newsletters and information about research, education and fundraising events and activities. We may use your information to contact you to seek financial support for medical research conducted at the Institute and to keep you informed of recent research activity happening in the field of melanoma.

We may use third parties to undertake such direct marketing activities on our behalf and may provide your personal information to such parties for that purposes.

However, in any direct marketing campaign undertaken by or on behalf of us, we will provide a method for you to opt-out (if you have not already done so).  If you wish to opt-out or you wish to no longer receive direct marketing communications please contact us using the details in the How to Contact Us section below.

6. HOW CAN YOU ACCESS OR SEEK CORRECTION OF THE INFORMATION WE HOLD ABOUT YOU?

On written request (and subject to verification of your identity), we will give you access to the personal information we hold about you. This includes health and/or sensitive information we hold about you. We will not normally charge you to access this information.

In limited circumstances, access to your personal information may be declined in accordance with privacy laws.

If any personal information we hold about you is out of date or inaccurate, we encourage you to let us know, and ask us to correct it. If we cannot accommodate your request, you will receive our reasons in writing. It is generally not possible to make changes to clinical information, however, you may be entitled to request that we associate a statement with your record which sets out the amendment you sought.

We will make available to you a copy of the Privacy Policy free of charge and in the most appropriate form.  If you require a copy of the amended Privacy Policy, other than as provided on the Website, please contact us at privacy@melanoma.org.au.  We will use its reasonable efforts to provide you with a copy of the Privacy Policy in the form requested by you.

7. CAN YOU DEAL WITH US ANONYMOUSLY?

Where lawful and reasonably practicable to do so, we will give you the option to deal with us without identifying yourself or by using a pseudonym (eg when inquiring about the activities that we undertake). However, it may not always be practicable or lawful for us to deal with you anonymously or pseudonymously on an ongoing basis. For instance, you may be unable to participate in or have access to our research programs, events or activities if we do not collect personal information about you.  You also should be aware that contact details are required in order for us to issue a tax-deductible receipt and to register you for events or educational opportunities.

We try to recognise the contributions of our supporters in the presentation of research by our scientists, in the Annual Report and on our Honour Board.  However, if you wish to remain anonymous, please contact the Privacy Officer.

8. LINKS

Our Services that are offered online may contain links to other sites. Please be aware that we are not responsible for the privacy or data handling practices of any other sites.

9. DATA SECURITY AND STORAGE OF INFORMATION

We hold personal information in paper-based and electronic records and systems.  Personal information may be collected in paper-based documents and converted to electronic form for storage (with the original paper-based documents either archived or securely destroyed).

We use physical security and other measures to ensure that personal information is protected from misuse, interference and loss; and from unauthorised access, modification and disclosure.  Personal information held in paper-based form is generally securely stored at the Poche Centre in Sydney or in the case of archived records, at an external storage facility in Australia.

We maintain computer and network security by using firewalls, user identifiers and passwords to control access to our computer system.  Donations and registrations made on the Institute website use encryption methods and credit card data is stored using systems compliant with the Payment Card Industry Data Security Standard.

All data, excluding financial information, is stored and processed on third party secure servers.

We will take reasonable steps to ensure the personal information that we collect, hold, use or disclose is accurate, complete and up-to-date. We recommend you notify us if you change your address or contact details as soon as possible. This will help us to maintain your privacy by ensuring that any communications are sent to the correct postal address, email address, or telephone number. This can usually be done online or by contacting us at privacy@melanoma.org.au.

We will take reasonable steps to protect your personal information from misuse, loss and unauthorised access, modification or disclosure. We will also take reasonable steps to destroy or permanently de-identify personal information if we no longer need it for any purpose. We will not keep your sensitive and/or health information for any longer than we consider it necessary in order to enable us to fulfil our functions and offer our Services.

If you have any questions about the security of personal information held by us, we invite you to contact us at privacy@melanoma.org.au.

10. NOTIFICATION OF CHANGES

We reserve the right to amend the Privacy Policy at any time in accordance with the law. Notice of any amendment will be posted on the homepage of each Website and the amended Privacy Policy will be posted on the “Privacy” page of the Website. If at any point we decide to use personal information in a manner different from that stated at the time it was collected, we will notify you by way of email (or as otherwise directed by you). You will have a choice as to whether or not we use your information in this different manner.  We will only use information in accordance with the Privacy Policy under which the information was collected.

If you wish to be notified of any changes other than by email please provide your preferred contact details and we will endeavour to respond to your request.

Please visit our site regularly to check for any updates of the Privacy Policy.

11. THIS PRIVACY POLICY IS PARAMOUNT

The terms of this privacy policy prevail, to the extent of any inconsistency, over the terms of any other parallel privacy policy belonging to our agents or other people or entities with whom we have a commercial relationship (e.g. GoFundraise, a website which we may use to conduct competitions and fundraising from time to time).

12. WHAT SHOULD YOU DO IF YOU HAVE A COMPLAINT ABOUT THE HANDLING OF YOUR PERSONAL INFORMATION?

If you have any questions or concerns about this Privacy Policy or how your personal information has been handled by Melanoma Institute Australia, please contact us using the details in the “How to contact us” section below or via email at privacy@melanoma.org.au.

We will consider and respond to your complaint within 21 days of receiving your correspondence.

13. HOW TO CONTACT US AND MAKE COMPLAINTS

Our contact details:

Address:

Privacy Officer
Melanoma Institute Australia
PO Box 1479
Crows Nest NSW 2065

Email: privacy@melanoma.org.au

Telephone: 02 9911 7363

Fax: 02 9954 9290

If you feel that we are not complying with this Privacy Policy, please contact us at privacy@melanoma.org.au.

We will do our best to resolve your complaint as quickly as possible. If you are not satisfied with our response to your complaint, you can refer the matter to the Office of the Australian Information Commissioner.

The Office of the Australia Information Commissioner can be contacted by telephone on 1300 363 992 or full contact details can be found online at www.oaic.gov.au.