Australian Stroke Alliance Privacy policy

1 PURPOSE

The purpose of this policy is to clearly communicate the personal information handling practices of the Australian Stroke Alliance (ASA Ltd), in accordance with relevant legislation.

This Privacy Policy describes ASA principles and procedures regarding the collection, use and disclosure of your information when you use this service.  Additionally, the privacy policy covers the ASA’s Zeus Stroke app and any other platforms that the ASA use for its operations.

2 OVERVIEW

The ASA is committed to ensuring the privacy of individuals. The ASA complies with the following:

Australian Privacy Principles – Privacy Act 1988 (Australia)

Information Privacy Principles – Privacy Act 1993 (New Zealand)

This policy outlines the way the ASA collects, uses, stores and discloses personal information, the procedures concerning management of privacy complaints and the procedures that allow access to personal information.

3 BODY OF POLICY

All personal information that enters the ASA is handled in a consistent manner and every reasonable effort is made to ensure data security. The ASA conforms with all research-related requirements of Good Clinical Practice and health data management principles.

The ASA collects and holds, for a limited period of time, personal information about members (including trainees who are members), conference delegates, applicants, recipients of ASA services, hospitals, suppliers, and other individuals who interact with the ASA including patients of members. This information typically includes name, address, telephone and fax details, email address.

Other personal, health and financial information is held only for specific purposes agreed between Parties in writing. This Privacy Policy together with the relevant Agreement (e.g. Project Agreement, Service Level Agreement, Purchase Agreement) set forth the provisions and policies governing your use of our Services.

This information collection facilitates the provision of ASA services such as education, enables the ASA to procure goods and services from suppliers, and allows the ASA to contact individuals for specific purposes.

Business needs may require the disclosure of personal information to related service providers. In appropriate cases we will endeavour to inform the individual of the type of personal information held, the reasons for disclosure, and the type of individuals and organisation to whom it is usually disclosed. Personal information where required by law will be disclosed.

We do not disclose your Personal Data to any third party except to our affiliates and to data processors that assist us with providing our services or to authorities if we are required to adhere to laws or court order(s).

3.1 Collection

The ASA will only collect information from individuals when it is reasonably necessary for the performance of its functions and activities, and all such collection will be subject to this policy. The information collected will depend on the individual’s relationship with the ASA.

The ASA undertakes research studies, in which case the data collected during these research studies is managed in accordance with the governance requirements of the study.  Research activities may also include the use of the Zeus Stroke app for collection of data under the approval of the relevant human research ethics committees.

ASA collects Personal Information that it requires to carry out its work. Wherever practicable, Personal Information is collected directly from the individual. Information may also be collected if publicly available but only where that collecting and holding information is necessary to carry out ASA work.

ASA has implemented procedures and systems to obtain and record Consent as part of research projects which are governed by the respective bodies where the research is carried out.

Individuals may be photographed when attending ASA events or activities. Wherever practicable, ASA seeks direct consent for the use of any images obtained.

3.2 Use

The ASA does not sell or distribute data for profit.

ASA complies with the Privacy Amendment (Notifiable Data Breaches) Act 2017 and undertakes all reasonable steps to protect Personal Information from loss and unauthorised misuse, access, interference, modification or disclosure, including storing data within Australia.

The ASA uses personal information for the purpose for which it was collected. This information may be used for secondary purposes which directly relate to the primary purpose of collection. For example, an individual may be required to fill in a form to register for a scientific meeting or conference and the ASA may use these contact details to send a conference program or other conference information if they positively indicate that they may be contacted.

Contact information held by the ASA may also be used to inform individuals of special offers or additional services provided by the ASA. Where required or appropriate, the individual contacted will be provided with the option of not receiving further communication of this nature from the ASA.

De-identified clinical information is used by the ASA and its research partners only for specific purposes defined in a Human Research Ethics Committee (HREC)-approved Agreement.

Usage Data is collected automatically when using the Service.

Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

3.3 Disclosure

The ASA will disclose personal information for the primary purpose for which it was collected or for a secondary purpose if it directly relates to the primary purpose where consent has been given. Individuals will be informed of this and may have to sign a consent form at the point of collection.

For example, aggregated membership information may be shared with medical boards, health authorities, government, hospitals and other health institutions in connection with uses identified in this policy.

The ASA does engage third parties to perform certain business functions. Therefore, it is sometimes necessary to disclose personal information to those suppliers. Where disclosure takes place, the ASA requires that personal information is handled in accordance with the Australian Privacy Principles and the New Zealand Information Privacy Principles. The ASA requires third parties to sign a confidentiality agreement.

Information will not be disclosed where to do so would breach other statutory or legal obligations.

3.4 Security

The ASA undertakes to protect personal information from unauthorised use, access, disclosure and alteration. Staff must comply with the ASA’s policy on the handling of personal information. IT protection systems and internal procedures are also utilised to protect the personal information held by the ASA. Information will be held until there is no longer a business, research or legal need to retain it.

3.5 Access and Correction

You have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact ASA using the address given of our Contact form.

3.6 Period of retention

The ASA shall not retain the personal information of any person for longer than necessary. The ASA records disposal schedule (for internal use only) lists the status and retention period of all documents archived by the ASA.

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

3.7  Sensitive data

The ASA may collect sensitive data, in particular through the Zeus stroke app. The Zeus stroke app contains significant functionality and logging within the platform, as is required by law for software services involved in the medical treatment of patients. Specifically, the Zeus stroke app will access a users phone for the following:

Call Logs: The Zeus Stroke app is designed to support pre-hospital identification of likely stroke patients using tele health connections between in-hospital doctors with paramedics attending to a call. This requires access to the call log so that the app is capable of receiving and handling a phone call initiated from other users of this app.

Location data: The Zeus stroke app supports users to show their exact location. This functionality is only activated when the user initiates a tracking event, and location data is never used unless the user initiates the function. The intended use of location data is to share the location of a user (eg, a paramedic) as they transit towards hospital with a patient. This allows pre-hospital notification to support improved patient care and clinician communication. The Zeus stroke app, will boardcast the specific location of the user once initiated until the user reaches their pre-determined destination or terminates the tracking event. Once initiated, tracking will also broadcast the users location in the background so that the location is continuously broadcasted while the users phone is locked or not in the foreground. The background tracking is also terminated when the user reaches their pre-determined destination or they cancel the tracking event.

3.8  Image data

The Zeus Stroke App is able to collect images and photos from a user’s device and share those photos and images with other uses. Additionally, users are able to set a profile picture for their own account as part of the profile customisability feature of the Zeus Stroke App. The photo and image sharing function are a feature of both the mobile applications and the web browser-based interface, with sharing possible between platforms. Sharing of photos and images using the mobile application requires access to the user’s photo and image libraries to select the photos or images to share, which requires active approval by the user for the Zeus Stroke App to access these files. Images and photos will never be shared without the user initiating the process. Images and photos can also be removed from the app and web browser by the sharing user if they so wish.

4 PARTICULAR PROVISIONS AND INFORMATION USE

In addition to the above, the following provisions apply:

4.1 Special interest groups

Special interest groups have been formed by the ASA (e.g. Clinical Education working group, National Clinical Council). ASA may share specific personal information relevant to the activities of the special interest groups such as email addresses to enable contact between members and relevant special interest groups

4.2 External suppliers

The ASA discloses information to external suppliers when entering into transactions for the purpose of ASA business. This information will be handled in accordance with the Australian Privacy Principles or New Zealand Information Privacy Principles. It will not be utilised for any other purpose and only disclosed to suppliers for the contracted purpose. Failure by an external supplier to act in accordance with the ASA privacy policy may result in termination of the relationship with the ASA.

The ASA holds personal information about external suppliers which may be used and disclosed in the course of conducting ASA business. Personal information may be disclosed to other suppliers to the ASA or to ASA staff, council and committees where necessary in order to conduct this business. Failure to provide this information may impede the process of transacting business.

4.3 Patients

The ASA does not directly collect patient information. ASA may collect personal and health information through its partner organisations only for specific purposes defined in a Human Research Ethics Committee (HREC)-approved Agreement.

4.4 Children’s privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.

4.5 Links to other websites or services

Our Service may contain links to other websites that are not operated by us (e.g. LinkedIn, Twitter). If you click on a third-party link, you will be directed to that third party’s site.

ASA has no control over and assumes no responsibility for the content, privacy policies or practices of any third-party sites or services.

COMPLAINTS AND CONCERNS

If you wish to make a complaint about a breach of your privacy, the complaint should be made in writing to Chief Communications Officer.

Receipt of your complaint will be acknowledged, and the ASA will endeavour to deal with your complaint and provide you a response within 30 days. Some matters may require detailed investigation and may accordingly take longer to resolve. The ASA will provide you with progress updates if this is the case and may seek further information from you.

The ASA may refuse to investigate and deal with a complaint if it is considered to be abusive, trivial or vexatious.

If you are dissatisfied with the outcome of a privacy complaint after an initial decision has been made by the ASA, you may seek internal review of the decision. Internal review will be conducted by a different officer of the ASA who has not previously been involved in your complaint.

If you are still dissatisfied with the outcome of your complaint after internal review, you are able to take your complaint to the Office of the Australian Information Commissioner for resolution.

6 CHANGES TO ASA PRIVACY POLICY

The ASA may modify or amend this policy at any time provided the policy still complies with the relevant privacy legislation. Information will be held and used in accordance with the privacy policy, as amended from time to time. Formal notice of amendments will not ordinarily be given, but the current privacy policy will be available via the ASA website.