This policy describes how the Asbestos Diseases Research Institute (ADRI) collects, holds, protects and discloses information about individuals. The ADRI may vary this policy from time to time.
The ADRI was established by the Asbestos Diseases Research Foundation (ADRF) (ABN 79 121 168 867). The Foundation is a charitable, not-for-profit organisation dedicated to assist and support the research efforts of the ADRI into asbestos and other dust-related diseases.
Protecting confidential information is fundamental to our relationship with all persons and organisations with whom we interact. All information received in this respect is subject to strict duties of confidentiality. We will not disclose that information except as authorised by the entity providing it or as contemplated by this policy.
The ADRI respects and upholds the right of individuals to privacy protection under the Australian Privacy Principles, which came into force on 12 March 2014. All policies and procedures of the ADRI shall be designed to ensure that only authorised staff have access to personal information and that it remains confidential and is only used for appropriate purposes and in accordance with the Australian Privacy Principles.
A copy of the Australian Privacy Principles is attached to this policy.
Collection, Use and Storage of Personal Information
The ADRI has created and maintains secure databases for the storage of personal information collected (and in some cases health and other sensitive information), and these database shall not be used other than as permitted by this policy. The database shall reside in Australia and shall be protected by appropriate and up-to-date information technology security and access restriction measures.
Personal and sensitive information, including health information, must only be collected as is necessary for a function or activity, or to enable the ADRI to carry out its work, including its work in the conduct of research, raising awareness in relation to dust-related diseases and the delivery of education and other services to the community and fundraising. This shall be the default primary purpose of collection personal information.
All persons who provide information to the ADRI must be advised as to the primary and any secondary purposes for which the ADRI may use that information and a record of all necessary consents must be maintained.
All persons must be given the opportunity to have corrected or deleted any personal information collected by the ADRI and to alter or withdraw all consents provided in connection with that information. This includes the right to opt out of any communications, from the ADRI, even if relating to the primary purpose.
The right to have information deleted does not however extend to de-personalised information where the deletion of that information will impact on the research activities of the ADRI.
Health Information and other Sensitive Information
The ADRI shall ensure that all research projects it is involved with, including joint projects and contributions to external projects comply with the requirements of the Australian Privacy Principles as they apply to sensitive information and are consistent with any guidelines issued from time to time by the Office of the Australian Information Commissioner [and NHMRC or other research bodies] in respect to the collection, storage and use of health information.
The ADRI will not collect sensitive information about health, racial or ethnic origin, political opinions or membership, religious or philosophical beliefs, trade association or union membership, sexual preferences or criminal record except with express consent and where this information is relevant to the work of the ADRI.
Disclosure to Third Parties
The ADRI will not provide any personal information to any other individuals or organisations without prior consent except where required by law to do so or where that information is provided on a confidential basis to contractors who provide services, for example database management, printing and mailing to the ADRI.
In such cases the ADRI must conduct an appropriate due diligence process before entering into an agreement with any such service providers to ensure that they operate in a manner consistent with the Australian Privacy Principals and this policy so that the personal information held by the ADRI is not used in a manner inconsistent with the Australian Privacy Principles.
Third Party Fundraising
Where third party persons or organisations raise funds for or on behalf of the ADRI or ADRF , the ADRI must use all reasonable measures to ensure that all personal information collected in connection with such fundraising activities is dealt with in accordance with the Australian Privacy Principles. This includes conducting due diligence on any professional fundraising organisation before entering into any association with it.
The ADRI must not recommend any person use any fundraising organisation (including fundraising websites operated by such organisations) where it has reasonable belief that the organisation does not operate in accordance with the Australian Privacy Principals.
Financial Transactions and Donation Processing
The ADRI must not engage any entity to provide services relating to the collection of donations or other funds unless it has a reasonable belief that such organisation operates in a manner consistent with the Australian Privacy Principals and that any personal information collected by such organisation will not be used in a manner inconsistent with those principles and this policy.