Privacy Policy

1. Background

The QIMR Berghofer Medical Research Institute (“QIMR Berghofer”, “Institute”) is committed to protecting an individual’s privacy in compliance with the relevant privacy legislation as set out below.

The Policy has been developed to explain how the Institute collects, holds, uses and discloses Personal Information as well as how individuals can access any documents the Institute controls that contains their Personal Information.

2. Purpose

The purpose of this policy is to outline the ethical considerations and responsibilities of all QIMR Berghofer staff in relation to the collection, handling and secure storage of Personal Information.

For the purposes of this Policy:

  • “Collaborator” is defined to mean a research partner including clinical researchorganisations and manufacturing organisations;
  • “Participant” means either a volunteer or patient enrolled or consented toparticipate in a clinical trial or medical research projects;
  • “Personal Information” means any information or an opinion about an identifiedindividual or an individual who is reasonably identifiable; and
  • “Supporter” can be either an actual supporter (an individual or organisation whohas donated to QIMR Berghofer or has participated in fundraising and otheractivities in support of QIMR Berghofer), or a potential supporter (individuals ororganisations who QIMR Berghofer has a relationship with or seeks to have arelationship, and who may become an actual supporter).
3. Policy statement

The Institute complies with the Information Privacy Act 2009 (Qld) and, in relation to the conduct of medical research, the Privacy Act 1988 (Cth), including the Guidelines under Section 95 of the Privacy Act 1988 (Cth) 2014 with respect to privacy in the conduct of medical research.

The Institute is committed to the objectives of these two pieces of legislation. This policy is based on the following principles:

  • The Institute supports the responsible and secure handling of Personal Information; and
  • The Institute respects an individual’s right to know how his or her Personal Information will be collected, held, used and disclosed, as well as how it can be accessed and corrected if necessary.
4. Collection of personal information

4.1 Medical Research

Collection of Personal Information

The Institute collects Personal Information, including health information, in order for medical research to be undertaken by scientists and students at the Institute. All research and clinical trials undertaken at QIMR Berghofer are either approved by the QIMR Berghofer Human Research Ethics Committee, or given a waiver of ethics approval in limited circumstances. All participants who are enrolled in clinical trials are informed about how their health information is handled in the Patient Information and Consent Form provided to them, prior to commencing the clinical trial or human research project.

As far as possible, QIMR Berghofer will collect Personal Information directly from individuals. However, Personal Information is also collected from the following:

  • Parents or guardians of minors/persons with cognitive impairments;
  • Commonwealth and State agencies (eg medical records and results);
  • Registries (eg Death and Cancer registries); and
  • Support groups and communities.

The types of Personal Information QIMR Berghofer collects for medical research includes:

  • biographical information (e.g. names, titles, relationships and birthdates);
  • contact information (e.g. addresses, emails and telephone numbers);
  • Medicare Number;
  • copies of referrals and or reports from treating practitioners;
  • physical appearance information;
  • current physical and mental health;
  • physical/mental/social/reproduction/drug/travel/family history;
  • treatment history;
  • family history of diseases;
  • information from physical health and virus screens; and
  • genetic information derived from DNA and RNA.

Why this information is collected

Personal Information is collected for medical research purposes, which include:

  • undertaking clinical trials;
  • undertaking human research projects;
  • development of tissue and/or data banks; and
  • publication of research (as non-identifiable data).

Use and disclosure of this information

This information is used to:

  1. record an individual’s involvement in clinical trials and other human research projects undertaken by QIMR Berghofer;
  2. process the results of research and clinical trials; and
  3. contact individuals about participation in future projects or trials.

Personal Information for medical research can be used by QIMR Berghofer without consent in certain circumstances in accordance with the Guidelines under Section 95 of the Privacy Act 1988 (Cth) 2014. In such circumstances, QIMR Berghofer must satisfy itself that the research involving the use of Personal Information has been approved by a Human Research Ethics Committee, for the particular research purpose in accordance with the Guidelines.

4.2 Fundraising

Collection of Personal Information

Personal Information is collected in order to raise funds for the medical research undertaken by scientists and students at the Institute.

As far as possible, QIMR Berghofer will collect Personal Information directly from individuals. However, Personal Information is also collected, for fundraising purposes, from the following:

  • Corporate partners;
  • Agents acting on behalf of QIMR Berghofer and/or QIMR Berghofer supporters;
  • Open source publications;
  • List brokers; and
  • Prospect research consultants.

The types of Personal Information QIMR Berghofer collects for fundraising include:

  • biographical information (e.g. names, titles, relationships and birthdates);
  • contact information (e.g. addresses, emails and telephone numbers);
  • information about an individual’s interests in respect of QIMR Berghofer’sfunctions or research; attendance at QIMR Berghofer events; donations, gifts orbequests made to QIMR Berghofer (including payment details); and
  • any other information required by QIMR Berghofer to build and maintain anappropriate relationship with its supporters.

Why this information is collected

The Institute collects Personal Information for fundraising purposes, which include:

  • marketing to and informing supporters/donors about QIMR Berghofer research,appeals and events;
  • soliciting/requesting and processing donations, gifts and bequests fromsupporters/donors;
  • maintaining appropriate relationships with supporters/donors;
  • organising fundraising events; and
  • building profiles on supporters/donors in order to better understand their areas of interest in QIMR Berghofer.

4.3 Staff and Other

Collection of Personal Information

Personal Information is collected for some other limited purposes. The types of Personal Information QIMR Berghofer collects for other purposes include:

  • contact information such as full name, address, phone numbers and e-mail address;
  • employment details, including but not limited to an individual’s job title and training and skills;
  • insurance policies and details (if applicable); and
  • payment or billing information (including bank account details, credit card details, billing address and invoice details).

Why this information is collected

Personal Information is collected for other purposes which include:

  • An individual’s employment or potential employment with us;
  • To record arrangements with individuals such as visiting scientists and consultants in relation to the conduct of clinical trials and/or human research projects;
  • To record arrangements with volunteers or visitors to QIMR Berghofer;
  • The provision of services to individuals, including but not limited to scientific services;
  • The processing of scholarships, awards and grants;
  • The processing of purchase orders for goods and services, including to communicate with individuals concerning such orders;
  • To provide customer service functions, including handling customer enquiries and complaints; and
  • Compliance with applicable laws and any other matters reasonably necessary to provide services.
5. Use and disclosure of personal information

QIMR Berghofer will not use Personal Information for purposes other than for the medical research, fundraising and other purposes outlined above, unless the other purpose is directly related to medical research, a fundraising purpose or other purpose set out above, or is authorised by the legislation set out above.

QIMR Berghofer will not sell, exchange or disclose Personal Information for commercial gain.

QIMR Berghofer will not disclose an individual’s Personal Information to persons or entities other than the individual, or without the individual’s consent, except in limited circumstances, which include disclosure to the following, where appropriate:

  • Grant and award providers;
  • Collaborators such as other clinical research organisations and manufacturing organisations;
  • Third party service providers, consultants and contractors;
  • Regulatory authorities;
  • Government departments and agencies;
  • Auditors;
  • As required by a court of law; and
  • When a clinical situation requires information to be disclosed for patient safety.

If QIMR Berghofer does disclose an individual’s Personal Information in one of the limited circumstances set out above, it must follow the processes set out in the Guidelines under Section 95 of the Privacy Act 1988 (Cth) 2014.

6. Data security

QIMR Berghofer takes all reasonable steps to protect the Personal Information that it holds from interference, misuse and loss and from unauthorised access, modification or disclosure.

QIMR Berghofer will hold Personal Information for as long as necessary in order to meet the purposes described in this Policy. QIMR Berghofer takes reasonable steps to destroy or permanently de-identify Personal Information if it is no longer needed for any authorised purpose.

QIMR Berghofer will comply with all aspects of the mandatory data breach notification scheme for all eligible data breaches under the Privacy Act 1988 (Cth).

7. Transfer of personal information outside of Australia

QIMR Berghofer may disclose Personal Information to international collaborators and third party service providers outside of Australia to perform activities in connection with the purposes outlined in this Privacy Policy, including the disclosure of Participant health information.

QIMR Berghofer will make every effort to ensure any information transferred outside of Australia is subject to a law, binding scheme or contract that effectively upholds principles for the fair handling of Personal Information that are substantially similar to the privacy principles which govern QIMR Berghofer’s handling of Personal Information. Transfer of participant health information is subject to stringent safeguards including approval by the Human Research Ethics Committee and data transfer agreements.

8. Access to and amendment of personal information

Individuals have a right to request access to or amendment of their Personal Information held by QIMR Berghofer, except in some exceptional circumstances provided by law.

Please note that the Institute may have to keep track of past transactions for accounting and auditing requirements.

If an individual would like to request access to or amendment of their Personal Information please contact the Privacy Officer by e-mail on PrivacyOfficer@qimrberghofer.edu.au. Alternatively, please contact the Institute by phone on Ph: 3362 0222 and ask to speak to the Privacy Officer.

The Institute reserves the right to charge a fee for searching for and providing access to an individual’s Personal Information.

9. Privacy complaints

QIMR Berghofer will take all reasonable steps to respond to and resolve any complaint about information privacy by an individual promptly.

Individuals wishing to make a privacy complaint should contact the Privacy Officer in writing (contact details noted below). QIMR Berghofer will endeavour to respond to an individual’s privacy complaint within 30 days of receiving an individual’s complaint, or such other reasonable time frame as may be agreed depending upon the nature of the complaint.

If QIMR Berghofer is unable to resolve the complaint, a formal complaint may be made to the Office of the Information Commissioner Queensland on Ph: 3234 7373/enquiries@oic.qld.gov.au.

10. Privacy officer:

E-mail - PrivacyOfficer@qimrberghofer.edu.au, or phone QIMR Berghofer on Ph:3362 0222 and ask to speak to the Privacy Officer.

11. Review

This Policy will be regularly reviewed following legislative or organisational changes, or as a minimum, every three years.

12. References

Privacy Act 1988 (Cth)

Information Privacy Act 2009 (Qld)

Guidelines under Section 95 of the Privacy Act 1988 (Cth) 2014

13. Amendment history

Endorsed by the DCC – 13 May 2014

Approved by Council – 24 June 2014

Amendments Approved by Council – 20 February 2018