The purpose of this policy is to clearly communicate the personal information handling practices of the Australian Stroke Alliance (ASA Ltd), in accordance with relevant legislation.
The ASA is committed to ensuring the privacy of individuals. The ASA complies with the following:
Australian Privacy Principles – Privacy Act 1988 (Australia)
Information Privacy Principles – Privacy Act 1993 (New Zealand)
This policy outlines the way the ASA collects, uses, stores and discloses personal information, the procedures concerning management of privacy complaints and the procedures that allow access to personal information.
3 BODY OF POLICY
All personal information that enters the ASA is handled in a consistent manner and every reasonable effort is made to ensure data security. The ASA conforms with all research-related requirements of Good Clinical Practice and health data management principles.
The ASA collects and holds, for a limited period of time, personal information about members (including trainees who are members), conference delegates, applicants, recipients of ASA services, hospitals, suppliers, and other individuals who interact with the ASA including patients of members. This information typically includes name, address, telephone and fax details, email address.
This information collection facilitates the provision of ASA services such as education, enables the ASA to procure goods and services from suppliers, and allows the ASA to contact individuals for specific purposes.
Business needs may require the disclosure of personal information to related service providers. In appropriate cases we will endeavour to inform the individual of the type of personal information held, the reasons for disclosure, and the type of individuals and organisation to whom it is usually disclosed. Personal information where required by law will be disclosed.
We do not disclose your Personal Data to any third party except to our affiliates and to data processors that assist us with providing our services or to authorities if we are required to adhere to laws or court order(s).
The ASA will only collect information from individuals when it is reasonably necessary for the performance of its functions and activities, and all such collection will be subject to this policy. The information collected will depend on the individual’s relationship with the ASA.
The ASA undertakes research studies, in which case the data collected during these research studies is managed in accordance with the governance requirements of the study. Research activities may also include the use of the Zeus Stroke app for collection of data under the approval of the relevant human research ethics committees.
ASA collects Personal Information that it requires to carry out its work. Wherever practicable, Personal Information is collected directly from the individual. Information may also be collected if publicly available but only where that collecting and holding information is necessary to carry out ASA work.
ASA has implemented procedures and systems to obtain and record Consent as part of research projects which are governed by the respective bodies where the research is carried out.
Individuals may be photographed when attending ASA events or activities. Wherever practicable, ASA seeks direct consent for the use of any images obtained.
The ASA does not sell or distribute data for profit.
ASA complies with the Privacy Amendment (Notifiable Data Breaches) Act 2017 and undertakes all reasonable steps to protect Personal Information from loss and unauthorised misuse, access, interference, modification or disclosure, including storing data within Australia.
The ASA uses personal information for the purpose for which it was collected. This information may be used for secondary purposes which directly relate to the primary purpose of collection. For example, an individual may be required to fill in a form to register for a scientific meeting or conference and the ASA may use these contact details to send a conference program or other conference information if they positively indicate that they may be contacted.
Contact information held by the ASA may also be used to inform individuals of special offers or additional services provided by the ASA. Where required or appropriate, the individual contacted will be provided with the option of not receiving further communication of this nature from the ASA.
De-identified clinical information is used by the ASA and its research partners only for specific purposes defined in a Human Research Ethics Committee (HREC)-approved Agreement.
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
The ASA will disclose personal information for the primary purpose for which it was collected or for a secondary purpose if it directly relates to the primary purpose where consent has been given. Individuals will be informed of this and may have to sign a consent form at the point of collection.
For example, aggregated membership information may be shared with medical boards, health authorities, government, hospitals and other health institutions in connection with uses identified in this policy.
The ASA does engage third parties to perform certain business functions. Therefore, it is sometimes necessary to disclose personal information to those suppliers. Where disclosure takes place, the ASA requires that personal information is handled in accordance with the Australian Privacy Principles and the New Zealand Information Privacy Principles. The ASA requires third parties to sign a confidentiality agreement.
Information will not be disclosed where to do so would breach other statutory or legal obligations.
The ASA undertakes to protect personal information from unauthorised use, access, disclosure and alteration. Staff must comply with the ASA’s policy on the handling of personal information. IT protection systems and internal procedures are also utilised to protect the personal information held by the ASA. Information will be held until there is no longer a business, research or legal need to retain it.
3.5 Access and Correction
You have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact ASA using the address given of our Contact form.
3.6 Period of retention
The ASA shall not retain the personal information of any person for longer than necessary. The ASA records disposal schedule (for internal use only) lists the status and retention period of all documents archived by the ASA.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
3.7 Sensitive data
The ASA may collect sensitive data, in particular through the Zeus stroke app. The Zeus stroke app contains significant functionality and logging within the platform, as is required by law for software services involved in the medical treatment of patients. Specifically, the Zeus stroke app will access a users phone for the following:
Call Logs: The Zeus Stroke app is designed to support pre-hospital identification of likely stroke patients using tele health connections between in-hospital doctors with paramedics attending to a call. This requires access to the call log so that the app is capable of receiving and handling a phone call initiated from other users of this app.
Location data: The Zeus stroke app supports users to show their exact location. This functionality is only activated when the user initiates a tracking event, and location data is never used unless the user initiates the function. The intended use of location data is to share the location of a user (eg, a paramedic) as they transit towards hospital with a patient. This allows pre-hospital notification to support improved patient care and clinician communication. The Zeus stroke app, will boardcast the specific location of the user once initiated until the user reaches their pre-determined destination or terminates the tracking event. Once initiated, tracking will also broadcast the users location in the background so that the location is continuously broadcasted while the users phone is locked or not in the foreground. The background tracking is also terminated when the user reaches their pre-determined destination or they cancel the tracking event.
4 PARTICULAR PROVISIONS AND INFORMATION USE
In addition to the above, the following provisions apply:
4.1 Special interest groups
Special interest groups have been formed by the ASA (e.g. Clinical Education working group, National Clinical Council). ASA may share specific personal information relevant to the activities of the special interest groups such as email addresses to enable contact between members and relevant special interest groups
4.2 External suppliers
The ASA holds personal information about external suppliers which may be used and disclosed in the course of conducting ASA business. Personal information may be disclosed to other suppliers to the ASA or to ASA staff, council and committees where necessary in order to conduct this business. Failure to provide this information may impede the process of transacting business.
The ASA does not directly collect patient information. ASA may collect personal and health information through its partner organisations only for specific purposes defined in a Human Research Ethics Committee (HREC)-approved Agreement.
4.4 Children’s privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.
4.5 Links to other websites or services
Our Service may contain links to other websites that are not operated by us (e.g. LinkedIn, Twitter). If you click on a third-party link, you will be directed to that third party’s site.
ASA has no control over and assumes no responsibility for the content, privacy policies or practices of any third-party sites or services.
COMPLAINTS AND CONCERNS
If you wish to make a complaint about a breach of your privacy, the complaint should be made in writing to Chief Communications Officer.
Receipt of your complaint will be acknowledged, and the ASA will endeavour to deal with your complaint and provide you a response within 30 days. Some matters may require detailed investigation and may accordingly take longer to resolve. The ASA will provide you with progress updates if this is the case and may seek further information from you.
The ASA may refuse to investigate and deal with a complaint if it is considered to be abusive, trivial or vexatious.
If you are dissatisfied with the outcome of a privacy complaint after an initial decision has been made by the ASA, you may seek internal review of the decision. Internal review will be conducted by a different officer of the ASA who has not previously been involved in your complaint.
If you are still dissatisfied with the outcome of your complaint after internal review, you are able to take your complaint to the Office of the Australian Information Commissioner for resolution.