Emerge Australia

1800 865 321

Emerge Australia

1800 865 321

Emerge Australia

Australian ME/CFS and Long COVID Registry Privacy Policy

Last Updated: 7th June 2023

This Privacy Policy sets out how Emerge Australia (ABN; 22 385 438 041) a not-for-profit organisation (Emerge Australia, we, us or our) and will collect and handle your personal information, including sensitive and health information. This Privacy Policy explains how information about you is collected and used by Emerge Australia/Australian ME/CFS and Long COVID Registry, Australia. We believe strongly in transparency and want you to be aware of what information we collect, why we collect it, what we use it for, and how we store it. This Privacy Policy addresses information that may be collected from:

  • people who visit the Website, whether or not they decide to participate in the Australian ME/CFS and Long COVID Registry
  • people who consent to participate in the Australian ME/CFS and Long COVID Registry and choose to provide personally identifiable information and health information for research

By accessing or using the Website or the Registry Platform, you consent to our collection, use, and sharing of your information in accordance with this Privacy Policy. This Privacy Policy is not a contract and does not create any contractual rights or obligations.

Contents

1. DEFINITIONS

  • Approved Researchers: researchers who have been approved for access to data from the AusME Registry by our Biobank Access Committee and have signed an agreement that governs the use of that data in research.
  • Cookies: small pieces of text sent to your browser by a website you visit. Cookies help the website remember information about your visit, such as your name, password, username, and screen preferences.
  • Informed Consent document: the participant information statement and consent form which are required to be signed by Registry Participants.
  • Website: the website which displays information related to the Australian AusME Registry.
  • Personal Data: personally identifiable information and health information that is provided by people who agree to participate in the Australian ME/CFS and Long COVID (AusME) Registry.
  • Registry Participants: people who agree to participate in the Australian ME/CFS and Long COVID Registry and choose to provide personal and health information through the Registry Platform. It is possible to be both a Site Visitor and a Registry Participant.
  • Registry Platform: an online data repository where people who consent to participate in the Registry can enter personal and health information through secure user interfaces, including a user web portal and health tracking mobile application, for storage in a database for research.
  • Site Visitors: people who visit the Website

2. INFORMATION WE COLLECT OR SHARE

We collect web-behavior information via Cookies and other similar tracking technologies when you use and access the Website as a Site Visitor and the Registry Platform as a Registry Participant. We may also collect or track other information from Site Visitors through the Website, including: (1) email addresses of users that communicate with us via email; (2) information knowingly provided by Site Visitors in online forms; and (3) aggregate and user-specific information regarding which pages a Site Visitor accesses.

We will not collect any Personal Data (other than that detailed in the paragraph above) unless you become a Registry Participant by consenting to participate in the Registry and choosing to provide that information to us. Personal Data includes:

  • AusME Registry Account Profile Information: identifying information, including your name and contact information, collected during the registration process for the Australian ME/CFS Registry
  • Personal & Health Information: information about your medical history, diagnosed conditions, symptoms, quality of life, treatments and medications, demographic information, family and individual medical histories, and other personal experiences.

We may collect additional information that you provide, such as when you request technical or customer support or communicate with us.

3. SHARING AND USE OF INFORMATION

Registry Participants contribute Personal Data for research as defined by the Australian ME/CFS and Long COVID Registry Informed Consent document. Your data will be de-identified for research, meaning personal identifiers (names, addresses, and other identifying information) are stripped from the health information you provide. Your information is coded with a unique ID.

Your de-identified data will be shared with other Approved Researchers for the purpose of research. Once de-identified and aggregated so that data does not personally identify you, it is no longer personal information. Such de-identified and/or aggregated information which does not identify individuals is not subject to this Privacy Policy. This de-identified information will be used in research analysis, presented at scientific conferences, and then published. These presentations and publications will never show any information that identifies you or any other individual in the study. We will not sell your data to drug companies for market research. We will never voluntarily share identifying information about you without your permission. We may share information about you if we are required to by law, regulation, or legal process (such as a court order or subpoena or in response to a binding request by a government agency). We may share information about you with your consent or at your direction.

We may use your contact information for various purposes, including to:

  • Provide, maintain, and improve the Registry Platform
  • Send you technical notices, updates, security alerts and support and administrative messages
  • Respond to your comments, questions, and requests and provide customer
    service
  • Communicate with you about products, services, and events offered by Emerge Australia and others, and provide the information we think will be of interest to you.

We may use your Personal Data for various other purposes, to:

  • Monitor and analyze trends, usage, and activities in connection with our Registry Platform. We may partner with third parties to collect, analyze, and use aggregated, de-identified data from the Registry Platform. The information collected and generated by third parties may be used to engage in analysis and reporting to improve the Registry Platform.
  • Conduct research and measurement activities
  • Detect, investigate, and prevent fraudulent or illegal activities and protect the rights and property of Emerge Australia and others; and
  • Carry out any other purpose for which the information was collected

4. YOUR CHOICES

You have the following choices when using the Website and/or Registry Platform:

  • Cookies. Many browsers accept cookies by default until you change your settings. You can adjust your browser settings to delete and reject cookies placed by websites. If you do not accept cookies, you may not be able to use all functions of the Website and/or Registry Platform. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit www.allaboutcookies.org.
  • Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals, meaning the Platform will continue to collect information about you even if your browser’s “Do Not Track” feature is activated. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

For Registry Participants:

  • Access or update your Personal Data. Registry Participants can view, update and add new personal and health information by logging in with their unique username and password to the Registry Platform. Some of your Personal Data might not be editable directly by you. You can contact us at information.biobank@emerge.org.au or 1800 865 321 if you need help editing data. You should be very careful not to share your login information with anyone else, or they could sign in as you and be able to see that same personal and health information. If you are worried that someone else may be using your login information, please let us know immediately, or change your password yourself through the Registry Platform login page.
  • Withdrawing From the Registry. You are free to withdraw your consent to participate in the Registry at any time. You can withdraw your consent by emailing the research team at information.biobank@emerge.org.au or calling 1800 865 123. Withdrawing your consent will “opt-out” or deactivate your Registry Platform user account and delete your contact information. We will not request any additional information from you, however, health information collected prior to your withdrawal from the Registry will remain part of the database.

5. DATA SECURITY MEASURES

We take the security and privacy of your data very seriously. The Platform uses technical, physical, and administrative controls designed to protect Registry Participant Personal Data from unauthorized access or disclosure and to regulate the appropriate use of this information:

  • All Registry data is transmitted, stored, and processed in a secure environment
    and using encryption
  • We ensure your data is protected with appropriate safeguards in accordance with applicable privacy laws
  • Personal Data is accessible only to personnel with direct responsibility for overseeing the Registry Platform and data

We use third-party vendors for cloud storage and computing services (Zoho) to assist with the communication, data collection, storage, and processing of data. Third-party vendors are vetted for compliance with security and privacy standards. Where applicable, we use data protection agreements with our data hosting providers.

Platform data is currently securely stored in an encrypted Zoho platform database in physical data centres currently located in Sydney and Melbourne, Australia. Zoho provides numerous Software as a Service (SaaS) products that were designed to meet the highest security standards and is HIPAA compliant. Zoho has been assessed to comply with ISO 9001, 27001, 27017, 27018, and 200000, SOC 1, 2, and 3, Certified Senders Alliance accreditation (CSA), and Payment card industry compliance (PSI). Data is transmitted from the Platform to the backend database using industry standard TLS/SSL encryption protocols. For more information: https://www.zoho.com/security.html

While we cannot provide an absolute data security guarantee, your information will be handled using industry standard systems. We will not be held responsible for parties who illegally access any information obtained through the website or who intercept or access transmissions or private communications. If, despite our best efforts, we ever experience a breach of the security of your personal information, we will notify you in accordance with the relevant laws and regulations.

6. LINKS TO THIRD PARTIES

The Registry Platform may contain links to other web sites, either under the control of Emerge Australia or controlled by third parties. Other websites may also reference our Platform or provide a link to our Platform. We encourage our users to be aware when they leave the Registry Platform and/or Website to read the privacy policies of each website that collects personally identifiable information. We do not endorse, screen, or approve, and are not responsible for the privacy practices or content of such other websites or mobile applications. Visiting these other websites is at your own risk.

7. UPDATES TO PRIVACY POLICY

We may change this Privacy Policy from time to time. If we make changes, we will notify you by revising the date at the top of the policy and, in some cases, we may provide you with additional notice (such as adding a statement to our website, adding a statement within the Platform application, or sending you a notification). The amended Policy shall be effective upon posting and your access to or use of this Website following an update shall be deemed consent to the revised Policy. We encourage you to review the Privacy Policy whenever you access the Registry Platform to stay informed about our information practices and the ways you can help protect your privacy.

8. QUERIES AND COMPLAINTS

If you would like to contact Us about your personal information or would like to make a complaint about the Website or the Registry Platform privacy practices, please contact us at: information.biobank@emerge.org.au or 1800 865 321.

We will investigate and respond to any complaint, query or privacy question within a reasonable period and within 30 days. We may need to request more information from you and we may propose a resolution to your complaint. If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner on the details below.

Office of the Australian Information Commissioner

Phone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
Online form: www.oaic.gov.au (Privacy Complaint Form)