Privacy Policy

OurDNA is the flagship initiative of the Centre for Population Genomics (CPG). CPG is a collaboration between the Garvan Institute of Medical Research (GIMR) and the Murdoch Children’s Research Institute (MCRI). The OurDNA project is seeking to create the first large-scale genomic data resource designed to improve the representation of culturally and linguistically diverse Australians.

The Centre for Population Genomics (CPG, we, our or us) recognises the importance of protecting the privacy and rights of individuals in relation to their personal information and adheres to the Privacy Act 1988 (Cth).

OurDNA Privacy Policy

The Centre for Population Genomics (CPG, we, our or us) recognises the importance of protecting the privacy and rights of individuals in relation to their personal information. This document is the Privacy Policy that applies in respect of the information collected and used by both CPG and related parties (including GIMR and MCRI) for the OurDNA project. This policy has been developed in accordance with the Privacy Act 1988 (Cth) (Privacy Act) as amended from time to time.

This Privacy Policy explains how CPG handles personal information relating to individuals with whom CPG interacts, including patients, research participants, medical professionals, consultants and contractors (referred to in this policy as you).

1. Personal information and sensitive information

The expression “personal information” has the meaning given by the Privacy Act. It is information or an opinion that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered to be personal information.

Some personal information is also “sensitive information.” Sensitive information has the meaning given by the Privacy Act. Sensitive information is information about your racial or ethnic origin, your political opinion, your political association, your religious beliefs/affiliations, your philosophical beliefs, whether you are a member of a trade or professional association or trade union, your sexual orientation/practices, your criminal record or your health information (including genetic information or biometric information).

2. What personal information does CPG collect and hold?

We only collect personal information if it is reasonably necessary for one or more of our functions or activities. We may collect the following types of personal information:

  • name;

  • date of birth;

  • mailing or street address;

  • email address;

  • telephone or facsimile number;

  • occupation or job title;

  • health and medical history or information;

  • information about your dependents (where reasonably necessary); and

  • any other information relevant to a CPG research project you have agreed to participate in.

Where the personal information is also sensitive information, we will only collect it with your prior consent. Usually we will require your consent to be in writing.

We may receive personal information which we did not ask for (i.e. unsolicited information). If this occurs, within a reasonable period of time we will determine whether we could have collected the information by seeking it from you. If we determine that we could not have collected that information from you, we will destroy the information or de-identify it where it is otherwise lawful to do so.

3. How and when does CPG collect personal information?

We collect your personal information directly from you. If we collect your personal information from someone other than you, we will take reasonable steps to ensure that you are or have been made aware of what information has been collected, and the purpose of that collection. When collecting personal information from you, we may collect it in ways including:

  • during conversations between you and our staff;

  • when you complete documentation;

  • when you participate in research activities; or

  • through your access and use of this website.

Data Linkage

We may undertake data linkage. Data linkage is the method of bringing together information from different sources about the same person to create a new, richer dataset. The linkage of information from disparate information sources provides valuable information for research into the health and wellbeing of the population.

In bringing records together, CPG uses strict privacy preserving policies, protocols and procedures to ensure the security of the data and confidentiality of the individuals the records relate to. The information about the individual is not brought together in one place. It stays in the separate data collections and the security and means of access to the information in each data source remain unchanged.

Research projects using linked data make use of administrative, survey and research/clinical data that already exist. Utilising such data minimises the burden on organisations and individuals to provide additional information.

Research using linked data is very reliable and efficient as it uses data from the whole population not from small samples of the population. The linkages between administrative and research or clinical datasets provide an evidence base for researchers to better understand population health and wellbeing.

4. For what purposes does CPG collect, hold and use personal information?

We will only collect and/or use your personal information (including health information) to the extent that this is necessary for one or more of the following activities:

  • so you can access and use the OurDNA portal;

  • to verify your identity, respond to your requests or as otherwise directed by you;

  • to provide you with news, information and material in relation to services of the CPG if requested by you;

  • to undertake medical research as consented to by you;

  • to undertake general research or other reasonably related research activities for CPG or related parties (including GIMR and MCRI), including surveys and polls and other reasonably related research activities;

  • for the administrative, employment, planning, service development, quality control and research purposes of CPG;

  • to update our records and keep your contact details up to date;

  • to process and respond to any complaint made by you;

  • to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority in Australia;

  • to promote programs and activities of CPG, including fundraising, corporate philanthropy and education; and

  • otherwise as permitted by law.

We only collect such personal information that we need for these primary purposes or for other (secondary) purposes that are related to a primary purpose. If we hold personal information about you that was collected for a particular purpose (i.e. one of the purposes listed above, being the primary purpose), we will not use or disclose the information for another purpose (i.e. a secondary purpose) without your consent, unless you would reasonably expect us to use it for the secondary purpose, or it is required by law.

In relation to the use of your personal information to provide you with information about our programs, activities and fundraising, you may at any time request us not to provide you with any direct marketing and fundraising communications or publications. We will provide you with a simple means to opt-out of receiving such correspondence from us. You may elect to opt-out from receiving direct marketing and fundraising information at any time, by contacting us at the contact details below or, in the case of electronic correspondence, by selecting any unsubscribe option. Please note that you cannot opt-out of receiving contractual notifications such as changes to our terms and conditions for the supply of goods or services or other important information. In relation to sensitive information, we will not use or disclose this for the purpose of direct marketing unless you have expressly consented.

5. How we work with your information

If you take part in OurDNA, most of our team will not need to know your personal details. The health professionals who take your blood will know your name and date of birth, and approved OurDNA team members will also be able to log in to the portal to help or remind you during the blood collection process.

Researchers who are studying the blood sample you donated, your genetic information or your health information do not need your personal details to do their research. They will only see a code.

The code may be used to re-link your genetic information with your personal details if researchers find some genetic information that could be useful to you, for your health or your family’s health. If you take part in OurDNA, you will choose whether or not to get this information. If you choose to get information back, only the health professionals who return the information will have your name and that piece of genetic information.

6. More information about the OurDNA Portal (for Research Participants)

The OurDNA Portal is a restricted access database hosted in Australia that is supported by Sano Genetics, a company based in the United Kingdom who have been assessed to hold personal details and health information in secure systems that meet Australian state and federal laws and guidelines. 

Your name, sex, date of birth, and a code to identify you and information about when your blood was collected will be kept securely by the pathology provider.

Your initials, date of birth, and code will be used to track your information to Biobanking Victoria, where your donated blood sample will be stored and processed.

Some of your blood sample will be used to collect DNA and read off your genetic information. Your blood, blood cells, and your health and genetic information will be stored and studied for as long as possible to make future health and medical research easier.

Your genetic information will be held in two places:

  1. As a blood sample, blood cells or DNA sample in controlled storage at Biobanking Victoria; and

  2. As an individual set of electronic information in the OurDNA database where information will be protected and stored in locked, password-protected computer systems or cloud storage maintained by the Garvan Institute of Medical Research and Sano Genetics.

Your genetic information will also contribute to summary information, created from many people’s anonymous genetic data, in a public genetic database.

7. What happens if you do not provide us with the personal information we request?

You have the right to not identify yourself, including the right to not provide us with your personal information.

If you do not provide us with the personal information described above, we may not be able to provide the requested services to you, either to the same standard or at all, and we may not be able to provide you with information about services that you may want, including information about related services.

8. How does CPG securely hold your personal information?

We will take reasonable steps to protect all personal information which we hold from misuse or loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic databases. Personal information is destroyed or de-identified by us when it is no longer needed for the primary purposes (or any related secondary purposes) set out in this privacy policy.

Risks are mitigated through CPG’s commitment to de-identifying or destroying any un-required personal information where possible.

You should be aware when using our website that no data transmission over the Internet can be guaranteed as totally secure. Although we strive to protect such information, we do not warrant the security of any information that you transmit to us over the Internet (including through our website), and you do so at your own risk.

9. Who can CPG disclose your personal information to?

We may provide your personal information (including your health information), to:

  • our staff, which include our paid employees, volunteers and contractors and noting that CPG staff are employed by either GIMR or MCRI;

  • our professional advisors;

  • our collaboration partners (including GIMR and MCRI), partners, affiliates, research collaborators, contractors and consultants who assist us in providing services to us and are required by us to protect your personal information;

  • any organisation for any authorised person with your express consent;

  • a person or organisation to whom we are compelled by law, or otherwise permitted by law, to provide your information; or

  • your organisation, if you are acting on behalf of an organisation.

If we refer you to a third-party service provider, that service provider may also collect and store your personal information. We make no representation or warranties in relation to the privacy practices of any third-party service provider and we are not responsible for their collection, use or disclosure of your personal information. Third party service providers are responsive for informing you about their own privacy practices.

10. Does CPG disclose personal information to anyone outside Australia?

The OurDNA portal stores personal information in Australia. The OurDNA portal is managed by Sano Genetics, a company based in the United Kingdom who have been assessed to hold personal details and health information in secure systems that meet Australian state and federal laws and guidelines.

We may be required, from time to time, to disclose your personal information to our international partners and research affiliates or collaborators for performance of the activities detailed in section 4 of this Privacy Policy. The locations of our international partners and research affiliates are detailed at section 15 (end of this document). When you provide us with your personal information, you consent to such disclosure as reasonably necessary, and agree that APP8.1 does not apply. Notwithstanding this, we will take reasonable steps to ensure that the overseas recipient observes confidentiality in a manner consistent with this Privacy Policy and the requirements of the Privacy Act.

11. How can you access and correct your personal information?

You may request access to any personal information we hold about you at any time by contacting “contact@ourdna.org.au” (see details in section 14 below). Where we hold information that you are entitled to access, we will take reasonable steps to provide you with suitable means of accessing it.

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

We will take reasonable steps to ensure that any personal information that we have collected is accurate, up-to-date and complete.  We also take reasonable steps to ensure that any personal information we use or disclose is accurate, up-to-date, complete, and relevant having regard to the purpose of the use or disclosure.

If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider whether the information requires amendment.  If we agree, we will take reasonable steps to correct the information held. In some circumstances where we correct or update a record, we may still require retention of the original record. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.

12. What is the process for complaining about a breach of privacy?

If you believe that your privacy has been breached, please contact contact@ourdna.org.au (see details in section 14 below) and provide details of the incident so that it can be investigated.

We will then endeavour to respond to your complaint within 30 days. If we are unable to resolve your complaint to your satisfaction, a complaint can also be made to the Office of the Australian Information Commissioner.

13. Changes to this Privacy Policy

We reserve the right to change, modify or update this Privacy Policy from time to time and without liability to you, on how we handle personal information or the types of personal information which we hold, by publication of the revised version. Any revision to our website Privacy Policy will be published on our website. The revised version shall take effect immediately upon publication.

14. Contacting us about an enquiry or complaint

If you have an enquiry about this Privacy Policy, or a complaint regarding the handling of your personal information, please contact the CPG Privacy Officer at:

Privacy Contact Details contact@ourdna.org.au

We will treat your enquiry or complaint confidentially. We will contact you within a reasonable time after you have made contact with us to discuss your enquiry or complaint and outline options regarding how it may be dealt with. We will aim to ensure that any complaint is resolved in a timely and appropriate manner.

15. Locations of our international partners and research affiliates

Our international partners and research affiliates are located worldwide including, but not limited to:

  • New Zealand;

  • USA;

  • Canada; and

  • Europe (including, but not limited to, United Kingdom, France, Italy, Finland, Sweden, Switzerland, Netherlands).