Privacy & Whistleblower Policy – Public Statement

George Clinical Pty Ltd, together with its subsidiaries worldwide (George Clinical) is committed to handling Personal Information (including health and other sensitive information) in accordance with applicable privacy and data protection laws.  

We also comply with the International Conference of Harmonisation (ICH) Guidelines for Good Clinical Practice with respect to the use, protection and security of health information collected, and guidelines issued by the National Health and Medical Research Council of Australia (NHMRC) in respect of health information that may be accessed in the conduct of research.

As a global business, George Clinical uses its best endeavours to collect, use and disclose Personal Information in a manner consistent with the laws of countries in which it does business.  Where that information is transferred across international borders, whether within George Clinical or to third parties, George Clinical will apply appropriate safeguards to such transfers, as required by relevant laws. 

Personal Information means any information about an identified or identifiable person.  A reference to Personal Information includes “personal data” as defined in the EU General Data Protection Regulation ((EU) 2016/679) (GDPR). 
Sensitive or Health Information is a type of Personal Information.

When we collect information that is not Personal Information or we aggregate or anonymise Personal Information such that it can no longer be used to identify you, we may use and disclose that information for any purpose, as unidentifiable data is not covered under privacy or data protection laws.


What types of Personal Information do we collect and why?

We may collect Personal Information when you request information from us, when you provide us your information, when you access our website and when you enquire or apply for career opportunities.

We only collect Personal Information reasonably necessary for one or more of our functions or activities as a clinical research organisation. 

We do not sell your Personal Information.

More details about the Personal Information we collect (and why) are provided below.

Human Research Studies / Clinical Trials

We may collect Personal Information from you related to human research studies and trials undertaken or managed by George Clinical, (or a third-party operating on our behalf). 

However, information about study participants is generally provided to us in a de-identified format (that is, a format in which the identity of the person cannot be reasonably identified).  

Any Personal Information is collected for the purposes of medical research and analysis related to the research study or trial, to comply with laws and regulatory guidelines, or to substantiate the findings and publication of research results.

Working with George Clinical

We may collect Personal Information from you when you enquire or apply for career opportunities, either as an employee, intern, or as a professional working with us on a human research study or trial. 

Such Personal Information may include your professional qualifications, experience, and professional registrations. We will generally collect this information directly from you, however we may use other sources such as recruitment agencies, business partners, or institutions that you are affiliated with. We may also collect your Personal Information from third-parties (e.g. referees) as part of our assessment and recruitment process.

We may hold and use your Personal Information for administrative and management purposes, complying with our legal and regulatory obligations, the evaluation and operation of trials or studies you are working on with us.  

We may also use your Personal Information to consider you working or  collaborating with us on future studies and projects, or to recommend you to other CRO’s, research institutions, collaborators or sponsors.  

You may request that we do not contact you and delete your Personal Information if you are no longer interested in opportunities with George Clinical. 

General Activities

As part of the ordinary course of business operations, we may capture and record Personal Information from our dealings with partners, business alliances and service providers. Such information is collected for administrative, management, and audit purposes.

We may collect Personal Information (e.g. name and contact details) from those who contact us (by phone or in person) or access our websites Personal Information . Such information is collected in order to deal with you and improve our services.

Our Websites

When accessing our websites, we may make a record of part of your user service address and internet provider name and address, the date and time of your visit, the pages you accessed and any documents downloaded, any website visited prior to accessing our site and the type of browser used. We do not record your IP address.

This information (which is unlikely to contain Personal Information) is collected to monitor the activity on our websites (including the popularity of certain pages and information presented on our websites, and linkages to information), to consider improvements to the delivery, presentation and types of information on our websites (including cost/benefit analysis), and ensure the protection of our intellectual property and reputation.

Our websites do use cookies, which are small text files that are stored in your local browser cache when you visit a website. Using cookies makes it possible to recognise the visitor’s browser in order to optimise the particular website and simplify its use. Information collected via cookies is not used by us to determine the personal identity of a visitor. Most browsers are set up to accept these cookies automatically. You can deactivate the storing of cookies or adjust your browser to inform you before a cookie is stored on your computer.


Holding Personal Information 

We hold Personal Information in paper-based and electronic records and systems.

Personal Information collected in paper-based documents may be converted to electronic form for storage (with the original paper-based documents either archived or securely destroyed).

George Clinical uses physical and technical security measures to protect your Personal Information from misuse, interference and loss, and from unauthorised access, modification and disclosure. 

How long will we keep you information?

We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your Personal Information , the purposes for which we process your Personal Information  and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


How do we disclose your Personal Information ?

Our staff must comply with privacy and confidentiality terms as part of their employment with us. To be an approved third-party of George Clinical, that party must be subject to similar privacy and confidentiality laws, or have a professional and/or contractual obligation of confidence.

We may disclose your Personal Information across international borders.  As a global entity, we have employees, agents, service providers, collaborators and research partners in many countries including Canada, the United Kingdom, the European Union, Asia Pacific, China and the Americas.

George Clinical will comply with all legal obligations relating to cross border transfer of your Personal Information. 

Your Personal Information may be disclosed to third parties as part of research trials and studies.  Generally however, trial participant’s Personal Information will be de-identified (or aggregated with others) before disclosure.  Where Personal Information is shared with third parties, this will be subject to contracts we have in place with those organisations offering an equivalent level of protection. 

Legal basis for processing

We will only use your Personal Information when the law allows us to. 

Most commonly, we will use your Personal Information in the following circumstances:

  • Where you have given consent;
  • Where we need to perform the contract we have entered into with you;
  • Where we need to comply with a legal obligation; or
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Please contact us should you require any additional information about the legal grounds we rely on for any specific processing activities that involve your Personal Information.

Data Security

We have put in place measures to protect the security of your information, and to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access (by physical and technical safeguards) to your Personal Information to those staff, related parties, and approved third-parties (e.g. agents, service providers, collaborators and research partners) who have a business or legal need to know.

We have also put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 Your rights

You have rights in respect of your Personal Information.  We extend the rights below globally, unless local law states otherwise.  



What does this mean?

The right of access

You have the right to request access to your Personal Information that we hold about you.

The right to rectification

You are entitled to request corrections to the Personal Information that we hold about you if it is inaccurate or incomplete.

The right to erasure

This is also known as “the right to be forgotten” and enables you to request the deletion or removal of your Personal Information if there is no compelling or legal reason for us to keep using it.

The right to restriction of processing

You have the right to ask us to suspend the processing of Personal Information about you, for example if you want us to establish its accuracy or the reason for processing it.

The right to object to processing

You have the right to object and ask us to stop processing your Personal Information.

The right to lodge a complaint

You have the right to lodge a complaint about the way we process your Personal Information with the relevant supervisory authority.

The right to request transfer

You have the right to request us to transfer Personal Information that we hold about you to another party, in a machine readable format.  

The right to withdraw your consent

You have the right to withdraw your consent to us processing your Personal Information.

The right to seek explanation of how we process your Personal Information

We will explain how your Personal Information is processed, however if you do not understand, you have the right to seek further explanation

The right to opt out of sale

We do not sell identifiable information about individuals involved in clinical research studies 

The right to non-discrimination

We will not discriminate against you for the exercise of your privacy rights

The right to automated decision making

You have the right to not be subject to a decision based solely on automated processing (ie processing without human intervention).

  The right to know

You have the right to request that we disclose certain information about our collection and use of your Personal Information over the past twelve months


Please note, these rights are not absolute and may not apply in all circumstances, but we will do our best to assist you. 


 Can you deal with us anonymously?

Where lawful and practical, you will be given the option to deal with us without identifying yourself or by using a pseudonym (e.g. when inquiring about the activities that George Clinical undertakes).



How can you access or seek correction of your Personal Information held by us, or exercise your other rights?

You may request access to, or seek correction of, your Personal Information that is held by George Clinical, or exercise other rights, by writing to us:


If you are located in the European Union you may write to the Data Protection Officer:

Address: George Clinical Netherlands BV of Jan van Galenstraat 335

1061AZ Amsterdam, Netherlands
Email[email protected]
Phone: +61 2 80524894

 If you are located elsewhere in the world you may write to the Privacy Officer:

Address: Level 5, 1 King Street, Newtown, NSW 2042 Australia;
Email:[email protected]
Phone: +61 2 80524894


We will generally not charge a fee for such requests, but we may charge a reasonable fee if necessary to cover the costs of your requests. We may refuse to comply with the request in some circumstances, for example if the request would compromise other’s privacy. We may require further information from you to verify your request.

We will confirm receipt of your request and provide an estimate of when we will respond. Typically, we will respond to your request within one (1) month, but sometimes we may require more time depending on the circumstances.  


What should you do if you have a complaint about the handling of your Personal Information?

Please set out your complaint in writing:

Please provide sufficient information, so that the Privacy Officer can consider your concerns and contact you. Typically, we will respond to your complaint within one month.

If you are located in the European Union you may write to the Data Protection Officer:

Address: George Clinical Netherlands BV of Jan van Galenstraat 335

1061AZ Amsterdam, Netherlands
Email[email protected]
Phone: +61 2 80524894


If you are located elsewhere in the world you may write to the Privacy Officer:

Address: Level 5, 1 King Street, Newtown, NSW 2042 Australia;
Email:[email protected]
Phone: +61 2 80524894


If you are not satisfied with our response, or you consider that we may have breached our legal obligations, you are entitled to make a complaint to the relevant regulator or data protection authority in the country in which you are located.   


 Are changes to this Privacy Policy made?

This Policy was last updated in September 2022. We may amend this Privacy Policy from time to time.  


Additional Information – California Residents

The following information supplements the information contained in George Clinical’s Privacy Policy and applies solely to consumers who reside in the State of California.  

The purpose of this notice is to provide you specific information required by, and ensure our compliance with, the California Consumer Privacy Act of 2018 (CCPA).  This notice does not apply to any workforce related Personal Information collected from George Clinical employees in the State of California. 

Most of the Personal Information that George Clinical captures in the course of our business operations is not subject to the CCPA.  Where we collect and maintain information in connection with clinical research trials, this information is subject to informed consent being provided by you, and is not subject to CCPA.  In addition, this information is generally de-identified and therefore not Personal Information under the CCPA. 

We may collect information which identifies or is reasonably capable of being linked, directly or indirectly, with a particular consumer.  In particular we may have collected the following information from you in the last 12 months: 

  • Identifiers including your name, email address or partial IP address
  • Your name, address and phone number
  • Internet or network activity including cookies, web logs and information about how you use our website
  • Any information you provide in a job application or expression of interest for example, professional, education or employment history 

We may use this Personal Information as set out in our Privacy Policy. We will not collect additional Personal Information or use the Personal Information we have for unrelated or different purposes without first obtaining your consent. 

We may share your Personal Information with third parties as set out in our Privacy Policy.  Where Personal Information is shared with third parties, this will be subject to contracts we have in place with those organisations offering an equivalent level of protection.  

We do not sell any Personal Information.

Over the last 12 months, we may have disclosed Personal Information for a business purpose to the following categories of third parties: 

  • Service providers, clients, business partners and agents
  • Worldwide corporate affiliates
  • Regulatory or legal authorities
  • Other third parties with your consent

You are entitled to exercise any of the rights set out above in relation to your Personal Information. We will not discriminate against you for exercising any of those rights.




George Clinical, together with its subsidiaries and associated companies worldwide, is committed to  the highest standards of conduct and ethical behaviour, integrity, good corporate governance and to  operate: 

  • legally and in accordance with applicable legislation and regulations;  
  • properly, in accordance with organisational policy and procedures; and  
  • ethically, in accordance with recognised ethical principles.  


  • supporting Whistleblowers to make reports based on reasonable grounds of Reportable Conduct  involving George Clinical’s activities, including its support of clinical research; 
  • ensuring that any Whistleblower who makes a report based on reasonable grounds to assist in  maintaining the legal, proper and ethical operations of the George Clinical, can do so:
    • anonymously if they wish;
    • without fear of intimidation, disadvantage or reprisal; and
    • without being penalised in any way.

Directors, Officers, Employees and other associates of George Clinical are required to cooperate with this commitment by maintaining legal, proper and ethical operations, and if necessary, by reporting non-compliant actions by others. 

The purpose of this Policy is to:

  • ensure George Clinical maintains the highest standards of ethical behaviour and integrity; define who can make a protected disclosure (Whistleblowers); 
  • define matters about which a protected disclosure can be made (Reportable Conduct); identify who can receive a protected disclosure (Eligible Recipients); 
  • encourage the reporting of matters that may cause harm to individuals, or financial or non financial loss to George Clinical, or damage to George Clinical’s reputation;  
  • establish a process for George Clinical to deal with reports from Whistleblowers; 
  • ensure George Clinical protects the identity (including the disclosure of information that could  lead to the identity) of a Whistleblower;  
  • provide for the secure storage of the information provided by Whistleblowers under George  Clinical’s processes; and
  • protect Whistleblowers against detrimental conduct. 




    A Whistleblower is a person who wishes to make, attempts to make, or makes a report of Reportable  Conduct in accordance with this Policy; and 

    • is, or has been, an associate of George Clinical, including a George Clinical Board Member,  Director, officer, employee, intern, contractor, supplier, tenderer or other person, paid or  unpaid, who has business dealings with the George Clinical; or 
    • is a relative, spouse or dependent of a person listed above. 


    • A Whistleblower is not required to disclose their identity to receive Whistleblower protections under this Policy, but must make a report of Reportable Conduct in accordance  with this Policy. 
    • Subject to certain legal requirements, the identity of a Whistleblower, including information  that is likely to lead to identification of the Whistleblower, must not occur without the  consent of the Whistleblower. 
    • Where anonymity has been requested, the Whistleblower is also required to maintain  confidentiality regarding the issue on their own account and to refrain from discussing the  matter with any unauthorised persons.  
    • George Clinical will ensure that if a Whistleblower makes concerns about Reportable  Conduct known, the Whistleblower will not suffer any Detriment on account of those  actions, providing that those actions:
      • are based on reasonable grounds; conform to the designated procedures outlined in  this Policy; and
      • not involving any misconduct of the part of the Whistleblower.
        • Detriment includes civil, criminal and administrative liability (e.g., dismissal, demotion,  harassment, discrimination, disciplinary action, bias, threats or other unfavourable  treatment) connected with making a report. 
        • A Whistleblower may seek compensation and other remedies through the courts if: 
      • a loss, damage or injury is suffered by the Whistleblower because of a disclosure; and o George Clinical failed to take reasonable precautions and exercise due diligence to  prevent the detrimental conduct. 
      • A Whistleblower is encouraged to seek independent legal advice of their rights and  remedies.



    Reportable Conduct is: 

    • conduct which is dishonest, fraudulent or corrupt, including financial fraud or bribery; 
    • illegal activity including but not limited to theft, drug sale or use, violence, harassment or  intimidation, criminal damage to property or other breaches of state or federal law; 
    • official misconduct or maladministration; 
    • research misconduct or intentional data mismanagement; 
    • unethical conduct or conduct in breach of George Clinical’s policies, including but not limited  to dishonestly altering company records or data, adopting questionable accounting practices  or wilfully breaching George Clinical’s Code of Conduct or other policies or procedures; 
    • conduct that could be damaging to George Clinical, a George Clinical employee or a third  party, including but not limited to unsafe work practices, environmental damage, health risks  or abuse of George Clinical property or resources; 
    • conduct which amounts to an abuse of authority; 
    • conduct which may cause financial loss to George Clinical, damage its reputation or be  otherwise detrimental to George Clinical’s interests; 
    • conduct which involves harassment, discrimination, bullying or victimisation; or 
    • conduct which involves any other kind of serious impropriety, including but not limited to  serious and substantial waste of public resources, practices endangering the health or safety  of employees, stakeholders or the general public, practices endangering the environment  and research misconduct.  

    Reportable Conduct does not include personal work-related grievances. Personal work-related  grievances may include, but are not limited to, interpersonal conflicts between employees, or a  decision relating to the engagement, transfer or promotion of the an individual. For personal work-related grievances or other issues employees should refer to George Clinical’s Grievance Policy. 



    • If you become aware, on reasonable grounds, of any issue or behaviour that you believe  amounts to Reportable Conduct and you wish to report your concerns, then you must report  that concern to an Eligible Recipient.  
    • An Eligible Recipient is:
      • George Clinical’s external whistleblower service (Your Call);
      • George Clinical’s Whistle-blower Protection Office;
      • a member of an audit team conducting an audit of George Clinical; or
      • the authorities responsible for the enforcement of the law in the relevant jurisdiction.
    • A Whistleblower Protection Officer (WPO) is a senior manager of George Clinical, designated,  authorised and trained to receive Whistleblower disclosures. The WPO for George Clinical is Jacqueline Thorn (Commercial Director), whose contact details are  [email protected] +612 8052 4419. 


    Protection will only be offered by George Clinical to any Whistleblower who informs a Member of  Parliament or journalist of concerns about Reportable Conduct if: 

    • The Whistleblower has previously made a report regarding the matter to an Eligible  Recipient and either:
      • At least 90 days have passed since the report was made; and
      • The Whistleblower does not have reasonable grounds to believe that action is being, or  has been taken to address the report; and
      • The Whistleblower has reasonable grounds to believe that making a further report  would be in the public interest; or
      • The Whistleblower has reasonable grounds to believe that the information concerns a  substantial and imminent danger to the health and safety of a person, persons, or the  environment; and
        • The Whistleblower provides written notification to George Clinical that: o Includes sufficient information to identify the previously made report;
      • Clearly states that the Whistleblower intends to make a public interest disclosure or an  emergency disclosure as defined above; and
      • The information disclosed is no greater than necessary to inform the MP or journalist  of the misconduct or the otherwise improper state of affairs.


    • No, to be protected by George Clinical, a Whistleblower must make any reports of  Reportable Conduct to an Eligible Person in accordance with this Policy. 


    • A report of Reportable Conduct can be made to the George Clinical’s external  whistleblower service’s Your Call: using the code  GEORGEINST or Australian telephone number 1-300-790-228. 
    • Alternatively, a report of Reportable Conduct can be made in writing or in person to the  WPO and should contain, as appropriate, details of:
      • the nature of the alleged breach;
      • the person or persons responsible for the breach;
      • the facts on which the Whistleblower’s belief that a breach has occurred are based; and
      • the nature and whereabouts of any further evidence that would substantiate the  Whistleblower’s allegations, if known.


    • Any Whistleblower who makes a report of Reportable Conduct in accordance with this  Policy must be informed that:
      • George Clinical will take all reasonable steps to ensure that the Whistleblower will not  be disadvantaged for the act of making such a report;
      • the Whistleblower can remain anonymous and still receive protection; and
      • the Whistleblower will not necessarily be absolved from the consequences of their  involvement in any misconduct complained of.



    • George Clinical must investigate all matters reported under this Policy. 
    • The WPO may only dismiss the Whistleblower’s complaint, if on reasonable grounds, the  WPO has a high degree of confidence there is no substance to the complaint. Otherwise, the  WPO must, with the Whistleblower’s consent, on receiving a report of a breach:
      • notify the CEO;
      • if the CEO is implicated in the disclosure, notify the Chair of the Board; or
      • if the Chair of the Board is implicated in the disclosure, then the WPO has the authority  to move directly to appoint an independent, external expert to investigate the reported  breach;
      • appoint any person, both internal and external, as he/she deems fit to carry out  investigation (the Investigator); and
      • ensure the Terms of Reference provided to the Investigator include:
        • all relevant questions;
        • hat the scale of the investigation is in proportion to the seriousness of the  allegation(s);
        • allocation of sufficient resources;
        • a requirement that confidentiality of all parties, including witnesses, is maintained; a requirement that procedural fairness be applied to all parties;
        • a requirement that strict security is maintained during the investigative process;
        • a requirement that information obtained is properly secured to prevent  unauthorised access;
        • a requirement that all relevant witnesses are interviewed and documents examined;
        • a requirement that contemporaneous notes of all discussions, phone calls and  interviews must be made; and
        • a requirement that the Findings comply with clause 7 of this Policy;
      • where appropriate, provide feedback to the Whistleblower regarding the investigation’s  progress and/or outcome (subject to considerations of the privacy of those against whom  allegations are made).
      • The investigation must be conducted in an objective and fair manner, and otherwise as is  reasonable and appropriate having regard to the nature of the Reportable Conduct and the circumstances, including fair treatment of employees who are mentioned in a disclosure and those who are the subject of a disclosure. 
      • Where anonymity has been requested, the Whistleblower is required to maintain  confidentiality regarding the issue on their own account and to refrain from discussing the  matter with any unauthorised persons.  
      • The Whistleblower will be kept informed of the progress and outcomes of the investigation,  if the Whistleblower can be contacted, subject to privacy and confidentiality considerations. 



    • A report of findings must be prepared by the Investigator and provided to the WPO when an  investigation is complete. This report must include: 
      • the allegations;
      • a statement of all relevant findings of fact and the evidence relied upon to reach  conclusions on each allegation;
      • the basis for each conclusion reached (including the damage caused, if any, and the  impact on the organisation and other affected parties) and their basis; and
      • recommendations based on those conclusions to address any wrongdoing identified and any other matters arising during the investigation.
    • The WPO will review the report to ensure the rules of natural justice are observed in the investigation. The WPO will report to the CEO of the findings and depending on the nature of  the matter, may:
      • accept the recommendations;
      • refer for further investigation; or
      • revise and substitute with appropriate actions.



    All George Clinical staff must read, understand and comply with this Policy. Any George Clinical staff member who breaches this policy will face disciplinary action, which could result in dismissal for misconduct or gross misconduct. 

    This Policy reflects the rights and responsibilities of individuals as outlined in the Australian Treasury  Laws Amendment (Enhancing Whistleblower Protections) Act 2019. 

    A copy of this Policy will be distributed to all officers and employees of George Clinical and made available via GC Wiz and published on George Clinical’s external website. 


    GC Code of Conduct 

    GC Grievance Policy 


    This Policy is effective from 30 June 2022 and will be reviewed after 2 years. 


    Add George Clinical to your network