Privacy policy
Privacy Policy
Introduction
One Clinical Research Pty Ltd (ACN 638 969 454) is a company incorporated in Australia. In this Privacy Policy we will refer to One Clinical Research as “One Clinical Research”, “we”, “us” and “our”.
The website www.oneclinicalresearch.com.au (“the Site”) is owned and operated by One Clinical Research.
This is our Australian Privacy Principles’ privacy policy. We respect your privacy and are committed to protecting it through our compliance with this privacy policy. It explains how we approach the important issue of privacy and the management of your Personal Information.
This Privacy Policy has been designed to deal with the issues relating to the privacy of any persons with whom One Clinical Research is in contact with, for any reason including, without limitation, employees, contractors, sponsors, suppliers, participants in trials (whether as members of research teams or patients including their guardians and carers) and facilities in which trials are conducted or information is collected, used or analysed.
Please contact our Privacy Officer (details are at the end of this Privacy Policy) if you require any further information regarding our Privacy Policy.
One Clinical Research operates cancer clinical trials, specialising in pharmaceutical industry-sponsored clinical trials for patients with haematological (blood) or solid-organ cancers (collectively “the Services”).
This privacy policy applies to information we collect:
for the purpose of and in the course of providing the Services;
in email, text, and other electronic messages between you and One Clinical Research; and
when you interact with us by any means at all including, without limitation, personally or through our website or third party websites linked to us or our trials.
By choosing to engage with us, you consent and agree to the Privacy Policy of One Clinical Research collecting, using, disclosing, dealing with, storing, maintaining, and accessing your Personal Information as set out in this Privacy Policy.
The Australian Privacy Principles
The Australian Government introduced updated legislation in 2014 its Privacy Act 1988 (Cth), to further enhance the protection and handling of an individual’s privacy and personal information. These principles replace the previous National Privacy Principles that operated from 2001. You can find out more about the Australian Privacy Principles by calling the Office of the Australian Information Commissioner (Privacy Commissioner) on 1300 36 39 92 or through their website at www.oaic.gov.au.
In this Privacy Policy and the Privacy Act 1988, “Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
a) whether the information or opinion is true or not; and
b) whether the information or opinion is recorded in a material form or not.
One Clinical Research respects and upholds your right to privacy protection under the Australian Privacy Principles in regulating how we collect, use, disclose, maintain and secure your Personal Information.
Furthermore the Privacy Commissioner has approved two sets of legally binding guidelines (“the Guidelines”), issued by the National Health and Medical Research Council (NHMRC). One Clinical Research, if it is operating as a researcher, also acknowledges it must follow these guidelines when handling health information for research purposes without individuals' consent.
The Guidelines also assist Human Research Ethics Committees (HRECs) in deciding whether to approve research applications. The Guidelines are produced under sections 95 and 95A of the Privacy Act 1988. The Guidelines are:
Guidelines under Section 95 of the Privacy Act 1988, which set out procedures that HRECs and researchers must follow when Personal Information is disclosed from a Commonwealth agency for medical research purposes; and
Guidelines under Section 95A of the Privacy Act 1988, which provide a framework for HRECs to assess proposals to handle health information held by organisations for health research (without individuals' consent). They ensure the public interest in the research activities substantially outweighs the public interest in the protection of privacy.
In addition to the Australian Privacy Principles, individuals located in the European Union (EU) may also have rights under EU based rules known as the General Data Protection Regulation (GDPR). The GDPR has harmonised the data privacy laws of each individual EU country, giving more rights to individuals located in the EU and more obligations to organisations holding their Personal Information.
Details of additional rights of individuals located in the EU and how we meet them are outlined in the relevant section below.
THE PERSONAL INFORMATION WE COLLECT AND WHY WE COLLECT IT
Kinds of Personal Information we may collect or hold
We collect personal information about you as part of providing the Services, including:
your name, date of birth, contact address, email address, mobile phone number, landline phone number;
medical and health information to enable us to provide the Services, which may include health fund and health insurance cover details, Medicare, Pharmaceutical Benefits Scheme, National Disability Services, Pension or Veteran’s Affairs numbers, medical history and other health information (which may include information about your racial and ethnic origins), details of current medication, other medical and health information necessary for the provision of the Services and details of persons to contact in case of emergency;
your transactional and payment information;
details of all products and services supplied to you, including medicines and dispensary items;
• health information including your medical history, treatment history, treatment indications, outcomes of trials and studies in which you participated, genetic information where it is relevant to clinical trial participation, and well being and capacity to manage activities of daily living;];
information contained in an application form or other document given to us;
information contained in any communications between you and us or persons referred to above and communicated to us;
to the extent required or permitted by law, a government related identifier;
any information we are required to collect by law; and
information about your browser, your location, the country you are visiting from, your IP address, which pages you visit and what links you click on when you visit us or our website.
We may need to collect additional personal information from or about you. The items listed above are not exhaustive and we discuss further aspects in detail below.
Information We Collect from Third Parties
We may collect information about you from other users, our affiliates and third parties, including healthcare services providers.
One Clinical Research will not collect sensitive information about health, racial or ethnic origin, political opinions or membership, religious or philosophical beliefs, trade association or union membership, sexual preferences or criminal record unless you have consented to give this information and it is relevant to our work and Services or is otherwise necessary and permitted under the Guidelines.
We will always endeavour to collect such information in a non-intrusive, lawful and fair manner.
Failure to provide information
Purpose of collection
If the Personal Information you provide to us is incomplete or inaccurate, we may be unable to provide you (being any of the persons who fall within the term you) or any party to whom the Services are provided, you, or they, are seeking and may lead to adverse health outcomes.
Your personal and sensitive information, including health information, is only collected as is necessary
for a function or activity, or to enable us to carry out our work and deliver the Services. This includes:
conducting clinical trials involving you;
providing information (which may include sensitive personal information) to third parties
involved in the clinical trial (including, without limitation, clinicians, testers, healthcare providers such as laboratories and medical imaging, analysers, researchers and sponsors of the clinical trial);
developing discharge support systems for you;
facilitating our internal business operations, including the fulfilment of any legal or regulatory
requirements;
providing you with information about other services, products and treatments that may be of
interest to you;
analysing our Services and needs of sponsors or persons to whom the Services are or may be
provided with a view to developing new and/or improved services; or • contacting you to provide a testimonial for us.
How We Collect Your Personal Information
We collect your Personal Information when you provide it to One Clinical Research in a number of ways including but not limited to:
directly from you, including by filling in patient information and consent forms, discussions with staff and healthcare providers, through our website, job application or resume or application forms;
as authorised by you to provide us with your Personal Information or as otherwise permitted under the Guidelines;
your authorised representatives (such as your carer or legal guardian);
your health service providers;
a health professional who has treated you;
by voluntary completion of surveys or forms;
your search queries on our website;
from the public domain;
from authorised third-party data sources and data lists for the purposes of conducting our
Services;
in connection with provision of the Services;
by your usage of our website or the sites of other parties linked to us e.g. the pages you visit,
what links you click; and
by contacting us by post, telephone, emails or other electronic methods.
When we collect or hold Personal Information, it is only used or disclosed for the purpose of carrying out the Services.
Personal information may be stored on our servers but will only be accessed by us to carry out the functions reasonably necessary to provide the Services.
Use and disclosure
Generally, we only use Personal Information about you for the purposes for which it was collected (as set out above and for the provision of the Services). We may disclose Personal Information about you:
to our related entities to facilitate our and their internal business processes;
to public hospitals, private hospitals, aged care facilities, medical practitioners and oncology
units who assist us in providing the Services or any use incidental to the Services;
to third party service providers, who assist us in operating our business (including technology service providers). These service providers may not be required to comply with our Privacy
Policy;
to clinicians, testers, healthcare providers, analysers, researchers and sponsors of any clinical
trial;
to a purchaser of the assets and operations of our business;
to our related entities and other organisations with whom we have affiliations so those
organisations may provide you with information about services and products;
in an emergency situation;
for any other purpose disclosed by us when you provide the information;
with your consent, to regulatory bodies and government agencies unless otherwise required
by law;
professional associations and representative bodies; and
as required by law or court order.
Where the Personal Information (including sensitive information) is to be used or disclosed in the course of a clinical trial, it will only be used or disclosed where you have consented, or the use or disclosure is allowed under the Guidelines, for the particular research purpose.
Other ways we may use your Personal Information
management, funding, service-monitoring, planning, evaluation and complaint-handling;
legislative, legal and regulatory compliance;
quality assurance of clinical activities:
health insurance funding;
billing and debt recovery;
addressing liability indemnity arrangements including reporting to insurers and legal
representatives;
preparing for anticipated or existing legal proceedings;
research or the compilation or analysis of statistics relevant to public health and safety;
activities directly related to the provision of the Services where you would reasonably expect disclosure;
to improve our Services and our website;
to disclose to other businesses who assist us or who perform functions in relation to the
Services;
to notify you about changes to our website or Services;
to provide you with information, products or services you may request from us;
recognise when you return to the our website;
to carry out our obligations and enforce our rights arising from any contracts entered into between you and us or professional arrangements, including for billing and collection.
in any other way we may describe when you provide the information
to fulfill any other purpose for which you provide it; and
for any other purpose with your consent.
We may use your Personal Information to send you information about our work or to let you know about our Services.
We use, in addition to our own proprietary technologies and systems, various third-party software and technologies including but not limited to CRIO, XERO, Slack, MS Teams to deliver some of our Services.
We may also use your Personal Information in certain limited circumstances for other purposes including, but not limited to:
Owing to the ever-changing nature of technology and to provide optimal support to you, we may use different third-party support software and platforms from time to time. Any data stored or processed will also subject to the privacy policies of those relevant third parties and platforms.
Disclosing your Personal Information
We may disclose to third parties aggregated information which includes information about you, and information that does not identify any individual, without restriction.
These third parties may include:
other health service providers involved in your treatment or diagnostic services, or to provide
you with further information about available treatment options;
responsible persons (e.g. parent, legal guardian or spouse) when you may be incapable or
cannot communicate, unless you have requested otherwise;
close family members in accordance with recognised standards of medical practice
insurers (including health insurers);
researchers for compilation or analysis of statistics relevant to public health and safety;
to third parties directly related to the provision of health services to you where you would
reasonably expect disclosure;
to our professional advisers.
One Clinical Research may sometimes use third party service providers to conduct surveys and facilitate information collection. Some of these service providers conduct all or part of their business overseas and so your personal information may be transferred overseas as a result. One Clinical Research conducts a due diligence process before entering into an agreement with these service providers and will take all reasonable steps to ensure that your information is not used in a manner inconsistent with the Australian Privacy Principles.
Web traffic information is disclosed to Google Analytics when you visit our website. Google stores information across multiple countries.
Opting-Out or Modifying Your Information
If you want to change any information you have previously given us, or if you want to opt out of future communications please contact One Clinical Research’s Privacy Officer as detailed below.
Destroying Personal information
We may destroy or de-identify the Personal Information provided as soon as practicable, once it is no longer needed for Services. However, we may in certain circumstances be required by law to retain Personal Information after our Services have been completed.
In this case, the Personal Information will continue to be protected in accordance with this Privacy Policy. If we destroy Personal Information we will do so by taking reasonable steps and using up-to- date techniques and processes.
How We Keep Your Personal Information Secure
All our employees and contractors are required, as a condition of employment, to treat personal information held by One Clinical Research as confidential.
Our premises are in a secure building with restricted access. Our IT systems are password protected and we conduct regular audit and data integrity checks.
We frequently update our anti-virus and malware software in order to protect our systems (and the data contained in those systems) from computer viruses.
As a progressive technology business, whilst we currently retain our database on our secure in-house premises server, most of our business data (including your Personal Information) may be stored in secure remote, “Cloud” or offsite servers. These cloud servers may be situated outside of Australia.
If we store your Personal Information on a remote, “Cloud” or offsite server we will endeavour to protect your Personal Information through security measures such as password protection and encryption.
For security purposes, any Personal Information that we receive and/or provide to third parties will be password protected where possible. Booking of appointments with third party providers will require us to share your Personal Information for the purpose of making the booking.
We will do everything reasonably within our power and control to prevent unauthorised use or disclosure of your Personal Information. However, we will not be held responsible for events arising from any unauthorised use or access to your Personal Information whether from our systems or those of third parties with which the Personal Information has been shared.
We retain and store your Personal Information (whether onsite, offsite or on the Cloud) indefinitely, unless you instruct us otherwise or we elect to destroy it as it is no longer required for the Services, subject to all legal requirements.
Visiting website
Our website may use ‘cookies’ to improve your experience, to display content more relevant to you within the website, and to display items added while using online facilities. If you are concerned about the use of these cookies, your browser can be configured to notify you when you receive a cookie, and provide you with the opportunity to accept or reject it. You may refuse all cookies from One Clinical Research website, however some functions may be unavailable.
Our website may use statistical information collection tools to track site visits, navigation and performance within our website for the purpose of monitoring and improving the website. If you are concerned about the use of these tools, you can configure your browser to send a "Do Not Track" request with your browsing traffic.
Our website may also use third party cookies. Visitors may opt-out depending on the settings provided by these third parties.
Our website may contain links to other sites of interest. We do not control, and are not responsible for, the content or privacy practices of those websites. Please check the privacy policies on other websites before you provide your Personal Information to them.
Our website and Services’ Security
By using our website or Services, you acknowledge and agree the internet is inherently insecure and you use the internet at your own risk. You acknowledge you do not hold One Clinical Research liable for any security breaches, viruses or other malicious software that may infect your computer or other internet browsing device, or any loss of data, revenue or otherwise that may occur as a result of using our website.
Despite efforts to prevent unauthorised disclosure you acknowledge, no data transmission over electronic, mobile data and communication services can be guaranteed to be totally secure.
Social Networking Services
We may use social networking services such as Facebook, LinkedIn and Twitter to communicate with you and the public generally about our Services. When you communicate with us using these social networking and digital media services we may collect your Personal Information, but we only use it in accordance with this Privacy Policy.
The social networking and digital media services will also handle your Personal Information for their own purposes. These services have their own privacy policies. You can access the privacy policies for Facebook , LinkedIn, Instagram and Twitter on their websites.
Spam Act
We adhere to the Spam Act 2003 (Cth). The Spam Act prohibits the sending of unsolicited emails, SMS and MMS messages for commercial purposes from or within Australia or to people in Australia. The Spam Act also bans the supply and use of software designed to harvest email addresses.
Changes to our Privacy Policy
One Clinical Research may, without notice, amend or modify this Privacy Policy by posting the amended Privacy Notice to our website.
How to Access, Correct or Update Your Personal Information
If you have any complaints, questions or concerns about what information One Clinical Research holds or about the accuracy of that information, please contact One Clinical Research’ Privacy Officer.
If you would like to access the information One Clinical Research hold about you, or to complain about a possible breach of the Australian Privacy Principles, you can write to One Clinical Research’ Privacy Officer at the address provided below.
We will respond to your complaint or endeavour to give you access to the information requested within two weeks. In order to maintain the confidentiality of your personal information, we may ask to meet with you so we can review your specific identification documents before we give you access. If it is not practical for you to meet us in person, we will arrange to check your identification before we mail the information out to you.
If the information we hold about you is incorrect or not up-to-date, we will update it as soon as possible after you have shown us how and why it is incorrect.
In the unlikely event we are unable to provide you with access to your personal information for legal reasons as specified in the Privacy Act, we will provide you with reasons for denying access.
If you are not satisfied with One Clinical Research’ response to your complaint, question or concern, you may wish to lodge a complaint with the Office of the Australian Information Commissioner or the HREC to the particular clinical trial. Further information can be found on the Commissioner’s website or by calling 1300 363 992. Contact details for the HREC approving the clinical trial you are participating in are available on the information consent form you completed prior to trial enrolment.
Website accessibility
We are committed to providing an accessible experience for users of our website. If you encounter any difficulties with our Site, please direct your enquiry to privacy@oneclinicalresearch.com.au.
Privacy Officer’s contact details
One Clinical Research’s Privacy Officer can be contacted by:
Phone: 08 6279 9466
Email: privacy@oneclinicalresearch.com.au
Postal Address: One Clinical Research C/ Suite 20, 85 Monash Ave, Nedlands WA 6009
DDITIONAL RIGHTS FOR INDIVIDUALS LOCATED IN THE EUROPEAN UNION (EU)
The EU General Data Protection Regulation (GDPR) has harmonised the data privacy laws of each individual EU country, giving more rights to individuals located in the EU and more obligations to organisations holding their personal information. In this section, “personal information” means any information relating to an identified or identifiable natural person (the meaning given to the term “personal data” in the GDPR).
Personal information must be processed in a lawful, fair and transparent manner. As such, if you are located in the EU, the GDPR requires us to provide you with more information about how we collect, use, share and store your personal information as well as advising you of your rights as a “data subject”.
For reference, this section of the Policy relates to you only if you are located in the EU and not to you if you are located elsewhere, where the balance of the Policy applies.
If you are located in the EU and have an enquiry relating to your rights under the GDPR, please contact our Privacy Officer.
What personal information do we collect?
Please refer to the above section headed “THE PERSONAL INFORMATION WE COLLECT AND WHY WE COLLECT IT” for details of the personal information we collect.
Special categories of personal information
The GDPR provides additional protection for personal information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data (for example your fingerprints), or data concerning your health, sex life or sexual orientation. We will only process this type of personal information with your consent or where otherwise lawfully permitted.
How long we keep your personal information
We will keep your personal information while you have any involvement or prospective involvement with One Clinical Research.
We generally keep your personal information indefinitely unless requested otherwise by you but may elect to destroy it if we consider it is no longer necessary unless required to be kept and to fulfil legal or regulatory obligations.
How we use your personal information
We can only collect and use your Personal Information if we have a valid lawful reason to do so. For One Clinical Research, these reasons are:
if we need to process your personal information in order to fulfil a contract you have with us, or because you have asked us to take specific steps before entering into a contract (contract performance);
if we need to process your personal information for us to comply with the law (legal obligation);
if you have given clear consent for us to process your personal information for a specific purpose
(consent); and
if we need to process your personal information for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal information which overrides these legitimate interests (legitimate interests).
In the table below, we have set out the relevant grounds that apply to each purpose of data processing
that is mentioned in this Privacy Policy:
Purposes of the data processing
Reasons/ uses
To provide and administer our Services
Services performance
legitimate interests (to allow us to perform our
obligations and provide the Services)
For marketing purposes
• legitimate interests and consent (which can be withdrawn at any time)
To provide customer support
Services performance
legal obligation
• legitimate interests (to allow us to correspondwith you in connection with our Services)
To comply with our legal obligations
• legal obligation
• legitimate interests (to cooperate with the law
and regulatory authorities)
To conduct market, consumer and other research
• legitimate interests (to ensure we understand the requirements relating to the Services)
To ensure website content is relevant
• legitimate interests (to allow us to provide you with the content and services on our website)
Your rights as a data subject
You have the following rights for the Personal Information we hold about you.
The right to be informed how personal information is processed: You have the right to be informed how your personal information is being collected and used. If we require your consent to process your personal information you can withdraw consent at any time. If you withdraw consent, we may not be able to provide certain Services or for you to participate in the Services. The right to withdraw only applies when the lawful basis of processing is consent.
The right of access to personal information: You can access your personal information we hold by emailing our Privacy Officer.
The right to rectification: You have the right to question any personal information we have about you that is inaccurate or incomplete. If you do, we will take reasonable steps to check the accuracy and correct it.
The right to erasure: You have the right to ask us to delete your personal information if there is no need for us to keep it. You can make the request verbally or in writing. There may be legal or other reasons why we need to keep your personal information and if so, we will tell you what these are.
The right to restrict processing: You have the right to ask us to restrict our use of your personal information in some circumstances. In this situation we would not use or share your personal information while it is restricted. This is not an absolute right and only applies in certain circumstances.
The right to data portability: In some circumstances you have the right to request we provide you with a copy of the personal information you have provided to us in a format that can be easily reused.
The right to object: In some circumstances you have the right to object to us processing your personal information.
Rights in relation to automated decision making and profiling: We sometimes use systems to make automated decisions (including profiling) based on personal information we have collected from you or obtained from other sources such as credit reporting bodies. These automated decisions can affect the services we offer you. You can ask that we not make decisions based on automated score alone or object to an automated decision and ask that a person review.
The right to lodge a complaint with a supervisory authority: You have the right to complain to the regulator if you are not happy with the outcome of a complaint. Please refer to the Office of the Australian Information Commissioner for details of the relevant data protection authorities. The individual regulator’s websites will tell you how to report a concern.
Please note that while any changes you make to your personal information will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe we have a legitimate reason to do so.
You may decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of the Services or participate in the Services.