PRIVACY POLICY

1. Our privacy commitment

The Xing group of companies, including Xing Genomic Services (“we”, “us” and “our”), will endeavour to handle your personal information in accordance with this Privacy Policy and the Australian Privacy Principles.

This Privacy Policy summarises how we handle your personal information. We may revise this Privacy Policy from time to time. The revised Privacy Policy will take effect when it is posted on our website.

2. What is personal information?

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

The types of personal information we collect may include your name, date of birth, gender, contact information, credit/debit card information, health information and other information about you.

3. Whose personal information do we collect?

We collect personal information from people who are connected to our operations and activities – including employees, research study participants, recipients of services, participants in advocacy campaigns or health promotion projects, health professionals, suppliers, volunteers and service providers.

4. How do we collect your personal information?

Where possible, we will collect your personal information directly from you. This may be in person (for example, where you purchase a retail product in-store or attend an event), on the telephone (for example, if you contact the Cancer Council Helpline, or if you answer a telephone-based research questionnaire), or online (for example, if you sign up for an event online). We also obtain personal information from third parties such as contractors, health professionals, social and community workers. If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, we will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we collected your personal information.

5. Why do we collect your personal information?

We may collect your personal information for a number of purposes, including:

  • Marketing: to communicate with you about donations, products, services, campaigns, causes and events
  • Provision of services: to provide you with information and support services, and to evaluate and report on these services
  • Research, including publishing: to conduct and/or fund research
  • Product Development: to conduct and/or fund continuous product development
  • Aggregation of data
  • Other issues: communicating with you in relation to our operations, activities and objectives, to verify your identity, to improve and evaluate our programs and services and to comply with relevant laws.

Where we collect your personal information for a specific purpose not outlined above, we will provide you with a collection notice which explains the primary purpose and any related secondary purposes for which we are collecting your personal information.

6. Health information and other sensitive information

As part of providing our services to you, we may collect health information and other sensitive information. For example, we may collect samples from you, or medical history information from you. Sensitive information includes the following type of information: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or associations; philosophical beliefs; memberships; sexual orientation; genetic information; biometric information; biometric templates. We will limit the collection of sensitive information to the minimum amount required to perform our services.

7. Aggregation of data

As part of our research and/or product development, we will aggregate data from you with that of others. Your personal information will not be able to be ascertained from any such data aggregation. You may request that your data be re-identified and provided to you at any time, subject to the access provisions below.

8. What happens if you don't provide all this information?

If you do not provide some or all of the personal information requested, we may not be able to offer you services or provide you with information about our research and projects.

9. Using a pseudonym or engaging with us anonymously

Where practicable, you will be given the opportunity to engage with us on an anonymous basis, or using a pseudonym.

10. Website usage information and cookies

When you access our website, we may use software embedded in our website (such as Javascript) and we may place small data files (or cookies) on your computer or other device to collect information about which pages you view and how you reach them, what you do when you visit a page, the length of time you remain on the page, and how we perform in providing content to you.

A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.

We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.

Links to External Websites

Our website includes links to other websites. We are not responsible for the content and privacy practices of other websites. We recommend that you examine each website’s privacy policy separately.

Electronic communication

There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communication with us, such as post, fax or telephone (although these also have risks associated with them).

We only record your email address when you send a message to us or subscribe to one of our mailing lists. Any personal information, including email addresses, will only be used or disclosed for the purpose for which it was provided.

11. Opting out of direct marketing communications

Where we use your personal information to send you marketing and promotional information by post, email or telephone, we will provide you with an opportunity to opt-out of receiving such information. By electing not to opt-out, we will assume we have your implied consent to receive similar information and communications in the future. We will always ensure that our opt-out notices are clear, conspicuous and easy to take up.

If you do not wish to receive direct marketing communications from us, please contact us at Xing at [email protected]

12. To whom does Xing disclose your personal information?

We may need to disclose your personal information to others in order to carry out our activities. This may include:

  • External support services: to health care professionals, lawyers, other professionals, counsellors, service providers, agencies and not-for-profits that provide support services.
  • Researchers and Product Developers including other research and scientific institutions.
  • Contractors and service providers who perform services on our behalf, such as consultants, information technology services providers (including offshore cloud computing service providers), and database contractors.
  • As and if required by law.

Wherever we propose to disclose your personal information to a third party not outlined above, we will provide you with a collection notice which explains the circumstances in which we might disclose your personal information.

13. Cross-border disclosures of your personal information

We use data hosting facilities and third party service providers to assist us with providing our goods and services. As a result, your personal information may be transferred to, and stored at, a destination outside Australia, including but not limited to the USA and the EU.

Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, or partners. We take such steps as are necessary in the circumstances to ensure that any overseas third party service providers we engage do not breach the Australian Privacy Principles, including through contractual arrangements.

If you have agreed through our Client Consent and Waiver deed poll that your personal information can be collected, you are taken to consent to the disclosure, transfer, storing or processing of their personal information outside of Australia. You also acknowledge and understand that by providing such consent that we will only be required to take such steps as are reasonable in the circumstances to ensure such third parties comply with the Australian Privacy Principles.

14. Where is your personal information stored

We take all reasonable steps to protect all of the personal information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. Your personal information will be transmitted and stored in encrypted secure electronic databases on XingForLife premises or cloud hosting service providers or other third party service providers.

Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. Any personal information not actively being used is archived, usually for 7 years, with a third party provider of secure archiving services.

Where personal information is stored with a third party, we have arrangements which require those third parties to maintain the security of the information. We take reasonable steps to protect the privacy and security of that information, but we are not liable for any unauthorised access or use of that information. Your personal information will stay on the database indefinitely until you advise you would like it removed, unless we de-identify it or destroy it earlier in accordance with privacy law requirements.

15. Your direct debit or credit cards

We use encryption systems to protect your credit card and debit card numbers, your name and address so that it cannot be viewed by any third party over the internet. Your financial information is encrypted on our servers and access to this information is restricted to our authorised staff only.

16. Access to your personal information

We will, upon your request, and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, we request that you identify, as clearly as possible, the type(s) of information requested. We will deal with your request to provide access to your personal information within 30 days and you agree we may charge you our reasonable costs incurred in supplying you with access to this information.

Your rights to access personal information are not absolute and privacy laws dictate that we are not required to grant access in certain circumstances such as where:

  • access would pose a serious threat to the life, safety or health of any individual or to public health or public safety
  • access would have an unreasonable impact on the privacy of other individuals
  • the request is frivolous or vexatious
  • denying access is required or authorised by a law or a court or tribunal order
  • access would be unlawful, or
  • access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.

If we refuse to grant you access to your personal information, we will provide you with reasons for that decision (unless it is unreasonable to do so) and the avenues available for you to complain about the refusal.

You should note that access to personal information such as DNA sequences is not generally granted, in accordance with the first exception above.