The Walter and Eliza Hall Institute of Medical Research

Privacy Policy

The following Privacy Policy Statement represents Institute’s commitment to protecting the privacy of information held on individuals and is available to members of the public on request..

Protection of Your Privacy

The Walter and Eliza Hall Institute of Medical Research respects your right to privacy and is committed to protecting the privacy of information we hold about you. We are committed to complying with the National Privacy Principals and in the case of exempt employee information we are committed to complying with the relevant workplace legislation.

This policy summarizes what personally identifiable information we may collect and how we might use this information. It also describes other important topics relating to your privacy.

Information Collected

Generally speaking, the Institute only collects personal information about employees, visiting workers, students and applicants for positions. This information (such as name, address, telephone number, e-mail address, and employment details) is collected from physical and electronic documents that you submit. Information may also be collected from referees given in documents submitted.

We only record sensitive personal information where this is related to our business activities. This primarily involves recording of health related information of employees. Through our website or e-mail correspondence, we will only collect personally identifiable information that you voluntarily provide. We may collect general information (such as the type of browser you use, the files you request, and the domain name and country from which you request information) to improve our Web site and better meet your needs.

We do not use cookies (small data files passed between browser and server) to collect personal information or to track your activities. We will record your email address if you transmit it to us electronically either in an email message or via a web page form.

Use and Disclosure of Information

Personal information supplied is only used by the Institute in connection with conducting its business as a medical research organisation and in related education activities. It will only be used for the purpose for which it is provided. The Institute will not generally disclose personal information to parties outside the Institute, other than for a purpose directly related to operation of the business or to managing the employment relationship. If we need to use your personal details for a purpose other than one that we believe you would reasonably expect we will seek your specific consent.

In managing the employment relationship we occasionally need to provide some personal information details provided by you to our agents, contractors or third party service providers. External parties are generally providers of administrative, telecommunications, computer or other services that support the operation of our business and are under contract to the Institute to keep that information confidential and secure. The Institute does not provide or sell any personal database information to external organisations for commercial purposes.

Security

The Institute maintains strict standards and security procedures to prevent unauthorised access to personal information and to ensure the correct and proper use of such information.

The Institute cannot ensure the security of any information transmitted over the Internet and individuals do so at their own risk. However, once we receive a transmission, we take all reasonable steps to ensure that personal information is secure on our systems.

Access to Information

Employees may access, check or request amendment of information held by the Institute on their own personal file. Employees should contact Human Resources to arrange a review of their personal file. Personal details of unsuccessful applicants for employment are not retained unless individually requested by the applicant. In this case only documents submitted by the applicant will be retained.

Other Important Information

Our website contains links to other websites and this statement has no application to these other websites. The Institute is not responsible for the privacy practices or the content of these other websites and has no knowledge of whether cookies or other tracking devices are used on linked sites. If you have any concerns regarding your privacy you should ensure you are aware of the privacy policies of those sites. It may be necessary, if required by law or if pertinent to judicial or governmental investigations, to release your personally identifiable information.The Institute may modify this privacy policy from time-to-time.

Last updated: August 2002

National Privacy Principles

The 10 National Privacy Principles (NPPs) are the fundamental rules in the Privacy Act (Cth) covering how organizations should handle personal information. Employee records are exempt when directly related to the employment relationship. In summary, the 10 NPPs require:

1. Information collection. Collection of personal information must be fair, lawful and not intrusive and in line with the individual’s expectations and be collected from that person where reasonable and practical. A person must be told the purpose for collecting the information and that they can get access to their information.
2. Use and disclosure. An organisation must only use or disclose information for the purpose it was collected or under specified conditions for purposes such as law enforcement or if the information is health information and the use or disclosure is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety.
3. Data quality. An organisation must take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up to date.
4. Data security. An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
5. Openness. An organisation must have a policy document outlining its information handling practices and make it available to anyone who asks. On request, an organization must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.
6. Access and correction. If possible, an organisation must give an individual access to personal information it holds about them, except in specified circumstances, and correct it if it is wrong.
7. Identifiers. An organisation must not adopt, use or disclose an identifier that has been assigned by a Commonwealth government ‘agency’.
8. Anonymity. Organisations must whenever it is lawful and practicable, give people the option of not identifying themselves when entering transactions with it.
9. Trans-border data flow. An organisation can only transfer personal information to a recipient in a foreign country in circumstances where the information will have appropriate protection.
10. Sensitive information. An organisation must not collect sensitive information unless the individual has consented, it is required by law or in specified circumstances. Sensitive information is a subset of personal information including information or opinion about an individual’s: racial or ethnic origin; political, religious, philosophical beliefs, opinions, or affiliations; membership of a political, professional, or trade association; sexual preferences or practices; criminal record; or health information about an individual.