-

Privacy Policy

1. Purpose

The Walter and Eliza Hall Institute of Medical Research (WEHI, we, our or us) is an Australian biomedical research organisation involved in research, computing, advanced technologies and developing new medicines and diagnostics. Research undertaken by us is used in many national and international clinical trials.

We are committed to protecting your privacy and understand the importance of protecting your Personal Information. This Policy outlines the types of Personal Information that we usually collect, how we collect it, the purposes for which we collect it, to whom we disclose it, how we hold it and keep it secure, and how individuals can seek to access and correct their Personal Information or make a complaint.

2. Scope

This Privacy Policy (Policy) describes how we handle and protect Personal Information. We will handle your Personal Information in accordance with this Policy and legislation including the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) contained in the Privacy Act, and the Health Records Act 2001 (VIC).

This Policy does not apply to the Personal Information of our employees.

We may change this Privacy Policy from time to time, by publishing changes on our website.

3. Policy

3.1 Types of Personal Information we collect

The types of Personal Information we collect about you depends on how you interact with us and the purpose of that interaction. They may include:

Donors, supporters and alumni

  • name, address, email address and phone number
  • date of birth
  • payment information
  • research and activity interests
  • donation preferences and history
  • Sensitive Information or Health Information you consent to us collecting
  • information you provide related to an event you are attending
  • photos and videos at an event

Collaborators

  • name, address, email address, phone number
  • position and place of employment
  • employment history and qualifications.
  • information you provide related to an event you are attending
  • photos and videos of you at an event.

Research participants

  • name, address, email address and phone number
  • place of employment
  • date of birth
  • emergency contact details
  • Health Information, such as your and your family’s medical history, including medications and treatments
  • other Sensitive Information where relevant to the research activity
  • blood and/or tissue samples.

Service providers (including contractors and suppliers)

  • name, address, email address and phone number
  • financial information and bank details
  • Health Information.

People applying for jobs or placements, including volunteers

  • name, address, email address and phone number
  • date of birth
  • research interests
  • employment history and qualifications
  • academic records
  • references
  • criminal history record, including working with children checks
  • Sensitive Information and Health Information to support applicants through the recruitment process and assist with diversity commitments, such as gender identity, preferred pronouns, whether applicants identify as Aboriginal or Torres Strait Islander and information to determine whether applicants require adjustments to participate in the recruitment process.

Event and tour attendees, visitors

  • name, address, email address and phone number
  • organisation, school, company or institution
  • payment information
  • event attendance information
  • photos and videos of you at an event

People who are eligible to receive distributions of commercial income

  • name, address, email address and phone number
  • employment history
  • relationship to former staff or students from whom eligibility arises
  • bank account details
  • donation preferences and history

3.2 Dealing with us anonymously or using a pseudonym

Where requested by you and if it is practicable and lawful to do so, you may interact with us anonymously or using a pseudonym. For example, if you contact us with a general question, we will not record your name unless we need it to adequately handle your question.

However, on some occasions, if you do not provide the personal information we request, we may not be able to work with you on an ongoing basis, issue tax deductible receipts or you may be unable to participate in or have access to our research programs, events, and activities.

3.3 Ways we collect your personal information

We may collect your personal information in different ways, including:

  • from you directly when you interact with us, for example from our discussions with you, your participation in our research studies, when you complete a form, when you make a donation to us, when you apply for a job or to study with us, when you provide us with a product or service, when you register to attend one of our events
  • from organisations with whom we conduct research (if you are participating in that research)
  • from other parties with your consent or where it is otherwise lawful for us to do so
  • publicly available sources
  • from a third party if they participate in our research and list you as an emergency contact or family member
  • from video and camera surveillance in our premises and car parks (it will not always be possible to reasonably identify you in the footage).

If you apply for a job, internship, or volunteer position with us, we may also collect Personal Information about you from third parties and publicly available sources with your consent, including:

  • recruiters
  • government departments to verify your entitlement to work in Australia
  • your referees
  • police agencies to obtain your criminal history record.

3.4 Collection of information via our website

When you visit our website, we may also use ‘cookies’ or other similar tracking technologies that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser, but our website may not work as intended for you if you do so.

Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

Whilst we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit, search engine referrals and the internet protocol address assigned to your computer.

Our web pages may contain electronic images, known as web beacons. These electronic images enable us to count users who have visited certain pages on our website. Web beacons are not used by us to access your Personal Information, they are simply a tool we use to analyse which web pages are viewed, in an aggregate number.

WEHI’s website is protected by Google’s reCAPTCHA and the Google Privacy Policy and Terms of Service apply to user activity on the site.

3.5 Purposes for which we collect, use and disclose Personal Information

We collect, use and disclose your Personal Information for the following purposes:

  • to undertake research activities and to contact you regarding participation in future research activities
  • to manage and conduct our business, research, studies, educational activities, and perform any of our other functions and activities
  • to obtain and administer funding for research
  • to assess potential participants for involvement in research activities
  • to offer or promote our research, studies and fundraising activities
  • to plan, manage, review and audit our activities and processes
  • to administer our relationship with third parties, such as collaborators, contractors, agents, funding bodies and contracted fundraisers
  • to help us manage, develop and enhance our activities
  • to consider your suitability for employment, volunteering, internships or study with us
  • for management, safety and security (video and camera surveillance footage is used for this purpose)
  • to comply with our legal obligations, resolve any disputes and enforce our agreements and rights with third parties
  • to administer our Policy for the distribution of net commercial income.

3.6 Disclosing your Personal Information

While conducting our activities, we may disclose your Personal Information to the following:

  • our collaborators for the purpose of undertaking research activities
  • organisations or people that fund research to facilitate the ongoing funding of our Institute and research activities
  • our contracted fundraisers who assist us with fundraising
  • organisations we contract to provide services on our behalf such as analytics, software and telecommunication suppliers, who may access your Personal Information to provide their services to us
  • anyone to whom part or all of our assets or businesses are transferred or sold
  • our professional advisers, including lawyers, accountants and auditors
  • government agencies, regulatory bodies and law enforcement agencies, or other similar entities.

If you donate, we may publish your name in our annual report or other WEHI publications, in accordance with your preferences as notified to us. While we seek to publicly recognise the generous contributions of our donors and supporters, individuals wishing to remain anonymous in our publications or at public forums should advise us of this in writing.

All human research undertaken at the Institute is approved by a National Health and Medical Research Council Human Research Ethics Committee with the results of research activities presented in such a way that the identity of the research participant is protected.

3.7 Interstate or overseas (trans-border) disclosures

We may transfer your Personal Information to a party who is in another State or Territory of Australia. Also, occasionally, we may disclose Personal Information to an overseas person or organisation – for example,

  • to a collaborator or service provider in relation to a research project
  • for an application to an overseas entity for funding in connection with a research project
  • to overseas service providers, or if data is required to be analysed, stored, or backed up on servers located overseas.

These organisations and service providers are required to keep personal information confidential and provide the same privacy safeguards as we do. The organisations to which we disclose personal information may include but is not limited to countries in the European Union, such as Ireland, the United States of America, Singapore and the United Kingdom.

Where we transfer your personal information outside of Victoria or Australia, we take reasonable steps to ensure the recipient handles the information in accordance with this Privacy Policy, the APPs and the Victorian health information principles.

3.8 Direct marketing

We may, with your consent where required, use your Personal Information to:

  • identify a fundraising initiative, education or research activity, or one of our other products or services that we believe may be of interest to you; and
  • contact you from time to time, whether by post, email or phone, to tell you about an event, initiative, activity, product or service or provide updates via the WEHI newsletter.

You can withdraw your consent to receiving direct marketing communications from us at any time by contacting us using the contact details at the end of this Policy or using the unsubscribe facility in the communication.

3.9 Security and storage

We store your Personal Information in hard copy, electronically or in our software or systems, including cloud or other types of network or electronic storage. We take all reasonable steps (including organisational and technological measures) to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

Where we store Personal Information offshore, we take reasonable steps to ensure the recipient handles the information in accordance with this Privacy Policy, the APPs and the Victorian health information principles.

If we no longer need to hold your Personal Information for any reason and we are no longer required by law to keep it, we will take reasonable steps to de-identify or destroy that information. These steps may vary depending on the nature of the information, the way it was collected and how it was stored.

3.10 Access to and correction of your information

We take reasonable steps to ensure the Personal Information we hold is up to date, accurate and complete.

You may request access to, or correction of, the Personal Information we hold about you at any time by contacting our Privacy Officer using the contact details listed at the end of this Policy. We may need to verify your identity before responding to your request. Subject to any applicable exceptions or requirements, we will respond to your request within a reasonable time and usually within 30 days. If we decide to refuse your request, we will generally tell you why in writing (unless this would be unreasonable) and how to complain.

3.11 Complaints

You can make a complaint in writing to our Privacy Officer using the details set out at the end of this Policy. We will respond to you within a reasonable period to acknowledge your complaint and inform you of the next steps we will take in dealing with your complaint.

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) via the OAIC website, www.oaic.gov.au.

3.12 Contact us

If you have a question or comment regarding this Policy or wish to make a complaint or exercise your privacy rights, please contact our Privacy Officer on the following details:

Privacy Officer
The Walter and Eliza Hall Institute of Medical Research
1G Royal Parade
Parkville VIC 3052
Phone: +61 3 9345 2555
privacy@wehi.edu.au

4. Definitions

Health Information means Personal Information that is about the physical, mental or psychological health of an individual, a disability of an individual, a health service provided to an individual (including information about the individual’s expressed wishes about health care and any information collected to provide a health service), a donation of human tissue by the individual or genetic information which is or could be predictive of health of the individual.

Personal Information means information or opinion about an identified individual or an individual who is reasonably identifiable, whether true or not. It does not include information that is de-identified.

Sensitive Information means Personal Information that is about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, or health, genetic or biometric information.

This policy was last updated on 28 February 2024.