Burnet is also considered to be a data controller for the purposes of the EU General Data Protection Regulation 2016/679 (GDPR) in relation to the collection of personal information from individuals located in the European Union (EU), while conducting certain activities. Under the GDPR, you may request access to, or correction of, information we hold about you, or exercise rights of access, rectification, and erasure (subject to record retention obligations) at any time.
In this document 'Burnet', 'we', 'us' all mean Macfarlane Burnet Institute for Medical Research and Public Health Ltd.
What is personal information?
The current definition of personal information is: information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. It may include sensitive and health information.
Types of Personal Information that we collect
Types of Personal Information we may collect depends on the purpose for which it is collected. We only ever collect information necessary for the purpose for which it is collected, that is, for reasons consistent with your association with Burnet. For example, whether you are a service provider or client, and which services were provided or obtained.
Personal Information that can be collected includes but is not limited to names, date of birth, gender, addresses, telephone numbers, email addresses, health information, employment details, donation histories, event attendance, payment records, areas of research interest, references from referees for employment applicants or research scholarship applicants and academic records.
Reasons for collection of personal information and types of people who we collect from
In general terms we collect information connected with our operations and activities such as in our research capacity, fundraising capacity, as education providers and when we provide and receive services.
We collect personal Information from a range of individuals including volunteers, donors and supporters, committee members, service providers, prospective employees, students, clients and participants of research studies and clinical trials that Burnet runs or is involved.
How do we collect personal information?
Generally, Burnet collects personal information straight from the person to whom the information pertains. However, at times Burnet can collect or receive personal information from a third party or a publicly available source if you have consented to such collection. If we collect any personal information about you from another party, and it is unclear that you have provided consent that collection, we will, where feasible, take reasonable steps to inform you why we have collected the information and how we will use it.
How does Burnet use personal information?
For personal information collected from individuals other than individuals participating in research programs and clinical trials.
We use your personal information to ensure that we can process donations, provide receipts, assist you to engage with medical research e.g. as a volunteer, send you newsletters and bulletins as well as information about services, research, education and fundraising events and activities. From time to time, we may choose to publish names of donors in Burnet publications such as our annual report, or on our website. However, we will always seek your consent prior to publishing such information.
In addition to these primary purposes for which the information is collected, your personal information may also be used for secondary purposes that are related to these primary purposes. Burnet Institute may also use your personal information for the purpose of marketing our business functions and activities to you. You may advise us if you do not wish to receive marketing offers or materials.
Who does Burnet disclose your personal information to?
Personal information that you provide may need to be disclosed to others. Burnet will not provide your personal information to third parties without either your consent, whether actual or implied (implied consent provided via non-take up of opt out preferences, or as allowed under Privacy legislation). This may include the sharing of personal information to charitable or like-minded organisations that may wish to contact you with information that may be of interest and third service providers who facilitate the sharing of information between such types of charitable or like-minded organisations.
Personal information may also be released to grant award providers so we can meet our reporting requirements to our partners, affiliates, contractors and consultants who perform services on Burnet’s behalf and are required by Burnet to protect your personal information; your organisation, if you are acting on behalf of an organisation; law enforcement or other government agencies or by a court or like body if required to do so; our professional advisors; or where we are otherwise permitted or required by the Privacy Act or any other law.
Burnet may from time to time enter into contractual arrangements with third party service providers to assist Burnet to carry out our activities, including online payments, our database, and to facilitate sharing of information to charitable or like-minded organisations. Where possible we will prioritise transfer and storage in Australia. Where this is not possible, personal information provided to Burnet may be transferred to, and stored at, locations outside Australia, including but not limited to the United Kingdom, European Economic Area, and the United States of America. Treatment by those third parties of personal information can be found in the privacy policies of those parties. These organisations may engage third party service providers also operating outside Australia.
However, any disclosure of your personal information to third party service providers does not change our commitment to safeguarding your privacy.
We take reasonable steps to:
- ensure that overseas service providers are subject to privacy laws which impose obligations which are substantially similar to those contained in the Privacy Act; and
- ensure the security of personal and sensitive information that is disclosed, and to protect it against loss, misuse or unauthorised access, destruction, use, modification or disclosure.
Participation in medical research at Burnet
If you participate in research or studies that we conduct alone or with other organisations, we may also collect sensitive information (health information) about you (e.g., your medical history including any medications or treatments) and/or tissue samples for use in our research. The other types of sensitive information we collect includes information about your ethnicity or racial origin. We may also collect relevant information about non-participants such as your emergency contact details or family medical history.
This information is used to record your involvement in research activities undertaken by Burnet, to process the results of research and to contact you regarding participation in future studies. All human research undertaken at Burnet is approved by a duly authorised and approved Human Research Ethics Committee with the results of research activities presented in such a way that the identity of the research participant is protected. Research participants will be provided further information detailing how their personal information will be handled by Burnet in connection with the particular research activity they are involved with.
As you browse Burnet Institute’s website, cookies will be placed on your computer so that we can understand what you are interested in. Our display advertising partners, AdRoll and AdWords, enable us to present you with retargeting advertising on other sites based on your previous interaction with Burnet Institute’s website. The techniques our partners employ do not collect personal information such as your name, email address, postal address or telephone number. You can visit www.networkadvertising.org/choices to opt out of targeted advertising.
You have the option of whether to provide personal information or to remain anonymous. If you prefer that we not collect your personal information, please do not submit or provide it. Please note that we may not be able to fully provide our services to you or respond to you if you choose not to provide personal information. For example, you may not be able to receive newsletters or tax-deductible receipts for donations made.
Complaints or ceasing to provide consent
Individuals that provide personal information to Burnet either directly or indirectly always have the right/capacity to prevent the use of their information by Burnet or any other party to which Burnet may provide the information. Of course, rescinding permission for Burnet to use personal information collected will affect how Burnet will be able to interact with you.
Complaints should be made by contacting Burnet Institute’s complaints officer (Chief of Staff) by calling +61 3 9282 2111, emailing firstname.lastname@example.org or in writing to Chief of Staff, Burnet Institute, GPO Box 2284 Melbourne 3001.
Burnet Institute takes reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. The various means by which we protect your information include firewalls, secure servers, and encryption of credit card transactions. We will also take reasonable steps to destroy or permanently de-identify personal information that we no longer need for any purpose for which it was collected.
Giving you control: updating and access to personal information
You have the right to request access to the personal information Burnet Institute holds about you. However, we may charge a fee to cover the costs of meeting your request. We aim to ensure that all personal information that we hold is accurate, complete and up-to-date. Please advise us if you become aware that any information that we hold about you is inaccurate or incomplete.
If you want to change any information that you have previously given us, if you want to opt out of future communications, or if you do not want your donation details to be published by us, or if you would like to access the information we hold about you, you can:
- email a request to our complaints officer (Chief of Staff) at email@example.com
- call us on +61 3 9282 2111
- mail a request to the following postal address: Chief of Staff, GPO Box 2284, Melbourne VIC 3004, Australia.
We will take all reasonable steps to comply with your request and if we deny your request for access, we will tell you why.