Privacy Policy – Public Statement

Privacy Policy

George Clinical Pty Ltd, together with its subsidiaries worldwide (George Clinical) is committed to handling personal information (including health and other sensitive information) in accordance with applicable privacy laws, including the Australian Privacy Principles (APPs) set out in the Australian Privacy Act 1988 (Cth) and, where relevant, the EU General Data Protection Regulation ((EU) 2016/679) (GDPR). A reference to personal information includes “personal data” as defined in the GDPR.

We have adopted the APPs as the minimum standard across all of our offices worldwide. We also comply with the ICH Guidelines for Good Clinical Practice with respect to the use, protection and security of health information collected, as well as guidelines issued by the National Health and Medical Research Council of Australia (NHMRC) in respect of health information that may be accessed in the conduct of research.

 

What types of personal information do we collect and why?

We collect personal information reasonably necessary for one or more of our functions or activities as a contract research organisation. The types of personal information we generally collect may include your name, date of birth, address and other contact details such as your telephone numbers and email address. Depending upon the purpose of our interaction with you, we may collect additional personal information. More details about the personal information we collect (and why) are provided below.

 

Human Research Studies / Trials

We (or an approved third-party operating on our behalf) will collect personal information and health information (and at times, other sensitive information) from individuals who participate in human research studies and clinical trials undertaken or managed by George Clinical.

Such collected may include:

  • Gender, nationality, heritage, and date of birth;
  • Medical history and treatments;
  • Medicare number (or similar) and private health insurance information;
  • Current medications and treatments;
  • Health services and treatments;
  • Symptoms, test results and hospital care; and
  • Consequential health factors.

The information is collected for the purposes of medical research and analysis pertaining to the research study or trial, to comply with laws and regulatory guidelines relating to medical research and clinical trials, and to substantiate the findings and publication of research results.

We may also collect personal information of health practitioners and health providers who are involved in the care of study participants (e.g. general practitioners, physiotherapists, other healthcare service providers). Such information collected may include name, address, contact details, professional qualifications, experience, and interaction records with us (as part of the particular research study or trial). This information is collected for the purpose of administration, management and operation of George Clinical and the particular research study or trial.

We may also collect the personal information of medical experts, researchers and other professionals advising on, overseeing, or assisting in the conduct of a particular research study or trial. Such information collected may include name, address, contact details, professional qualifications and experience, and registration information.

 

General Activities

As part of the ordinary course of business operations, we may capture and record personal information from our dealings with partners, business alliances and service providers. Such information is collected for administrative, management, and audit purposes.

We may collect personal information (e.g. name and contact details) from those who contact us (by phone or in person) or access our websites (refer to ‘How do we collect and hold your personal information’ section below). Such information is collected in order to deal with you and improve our services.

You may also supply personal information to us when applying for open positions, and we may collect your personal information from third-parties (e.g. referees) as part of the assessment and recruitment process. Such information collected may include educational and academic background, work history, skill-set and capabilities. We may collect similar personal information from volunteers who apply to work with George Clinical.

 

Can you deal with us anonymously?

Where lawful and practical, you will be given the option to deal with us without identifying yourself or by using a pseudonym (e.g. when inquiring about the activities that George Clinical undertakes).

 

How do we collect and hold your personal information?

Research Studies

We aim to collect your personal information directly from you:

  • When you agree to participate in a research study or trial (e.g. through the study information/consent process); and
  • When dealing with us as part of ordinary business.

We may collect your personal information from a third-party, such as your medical or health provider (e.g. GP, hospital) and an information document (including requisite privacy disclosures) will be given to you by that provider.

 

Our Websites

When accessing our websites, we may make a record of your user service address and internet provider name and address, the date and time of your visit, the pages you accessed and any documents downloaded, any website visited prior to accessing our site and the type of browser used. This information (which is unlikely to contain personal information) is collected to monitor the activity on our websites (including the popularity of certain pages and information presented on our websites, and linkages to information), to consider improvements to the delivery, presentation and types of information on our websites (including cost/benefit analysis), and ensure the protection of our intellectual property and reputation.

Our websites do use cookies, which are small text files that are stored in your local browser cache when you visit a website. Using cookies makes it possible to recognise the visitor’s browser in order to optimise the particular website and simplify its use. Information collected via cookies is not used by us to determine the personal identity of a visitor. Most browsers are set up to accept these cookies automatically. You can deactivate the storing of cookies or adjust your browser to inform you before a cookie is stored on your computer.

 

Holding personal information

We hold personal information in paper-based and electronic records and systems.

Personal information collected in paper-based documents may be converted to electronic form for storage (with the original paper-based documents either archived or securely destroyed).

George Clinical uses physical security and other measures to ensure that personal information is protected from misuse, interference and loss, and from unauthorised access, modification and disclosure.

Personal information held in paper-based form is generally securely stored at our offices, with archived records held at an external storage facility. Our databases and their contents remain at George Clinical and stay with data processors or servers acting on our behalf and responsible to us.

We maintain computer and network security by using firewalls, user identifiers and passwords to control access to our computer system.

 

 

How do we disclose your personal information?

Research Studies

Our staff must comply with privacy and confidentiality terms as part of their employment with us. To be an approved third-party of George Clinical, that party must be subject to similar privacy and confidentiality laws, or have a professional and/or contractual obligation of confidence.

We may also disclose your personal information as directed or permitted by law or court order.

Depending on the circumstances and the location where the study or research program is being conducted or coordinated, the above-mentioned may involve a cross-border disclosure. Our studies are often internationally based and our staff, agents, service providers, collaborators and research partners may be located overseas, e.g. Canada, the United Kingdom, the European Union, India and China. This will be explained in the study protocol and information documents.

personal information will be de-identified (and aggregated with others) before disclosure.

 

General Activities

We may also disclose your personal information to our approved third party service providers, and as directed or permitted by law or court order.

 

Data Security

We have put in place measures to protect the security of your information, and to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access (by physical and technical safeguards) to your personal information to those staff, related parties, and approved third-parties (e.g. agents, service providers, collaborators and research partners) who have a business or legal need to know.

We have also put in place procedures to deal with any suspected data breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

 

 

For individuals located in the EEA

Your rights

If you are located in the European Economic Area (including the United Kingdom) (collectively the EEA) you will have certain rights under the GDPR:

Rights What does this mean?
The right of access You have the right to obtain access to your personal information that we hold about you.
The right to rectification You are entitled to have the personal information that we hold about you corrected if it is inaccurate or incomplete.
The right to erasure This is also known as “the right to be forgotten” and enables you to request the deletion or removal of your personal information if there is no compelling or legal reason for us to keep using it.
The right to restriction of processing You have the right to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
The right to object to processing You have the right to object and ask us to stop processing your personal information.
The right to lodge a complaint You have the right to lodge a complaint about the way we process your personal information with a supervisory authority in the EEA.
The right to request transfer You have the right to request us to transfer personal information we hold about you to another party, in a machine readable format.  
The right to withdraw your consent You have the right to withdraw your consent to us processing your personal information.

These rights are not absolute and may not apply in all circumstances.

 

Legal basis for processing

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where you have given consent;
  • Where we need to perform the contract we have entered into with you;
  • Where we need to comply with a legal obligation; or
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Please contact us should you require any additional information about the legal grounds we rely on for any specific processing activities that involve your personal information.

 

International transfers outside the EEA

We may transfer your personal information outside the EEA to other countries where our databases are held or where our approved third-parties (e.g. agents, service providers, collaborators and research partners) are located. This may be in Australia, United States and other countries, some of which may not be deemed to provide an adequate level of protection for your personal information under GDPR. However, to ensure that your personal information does receive an adequate level of protection, we will put in place appropriate measures to ensure that your personal information is treated in a way that is consistent with and meets GDPR requirements: this may include the EU Model Clauses, EU Commission approved Binding Corporate Rules, and reliance on the US Privacy Shield.

 

How long will we keep you information?

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

 

How can you access and seek correction of your personal information held by us, or exercise other rights under GDPR?

You may request access to, or seek correction of, your personal information that is held by George Clinical, or exercise other rights available under GDPR, by writing to the Privacy Officer:

Address: Level 5, 1 King Street, Newtown, NSW 2042 Australia; or
Email:gcprivacy@georgeclinical.com

If you are located in the EEA you may also wish to write to our EU-based Representative:

Address: George Clinical (UK) Limited (No. 08951276) of Centrum House, 36 Station Road, Egham, Surrey, TW20 9LF, United Kingdom, Tel no: +44 7789 376 306
Email: gcprivacy@georgeclinical.com

We will generally not charge a fee for such requests, but we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Typically, we will respond to your request within 10 – 20 business days, but sometimes we may require more time depending on the circumstances.

In your request, please ensure that you provide a reply address, so that we can contact you if we are unable to locate your personal information, if we need to verify your identity, or if we cannot carry out your request (in which case, we generally tell you why).

 

What should you do if you have a complaint about the handling of your personal information?

Please set out your complaint in writing to the Privacy Officer:

Address: Level 5, 1 King Street, Newtown, NSW 2042 Australia; or
Email: gcprivacy@georgeclinical.com

Please provide sufficient information, so that the Privacy Officer can consider your concerns and contact you. Typically, we will respond to your complaint within 10 – 20 business days.

If you are not satisfied with our response, or you consider that we may have breached the Australian Privacy Principles or the Privacy Act 1988 (Cth), you are entitled to make a complaint to the Office of the Australian Information Commissioner. The Office of the Australia Privacy Commissioner can be contacted by telephone on 1300 363 992 or full contact details can be found online at www.oaic.gov.au.

If you are located in the EEA you may wish to lodge a complaint with a supervisory authority within the EEA. Please click for a list of the national data protection authorities in the EEA.

 

How are changes to this privacy policy made?

This Policy was last updated in June 2019. We may amend this Privacy Policy from time to time. Please refer to our website for the latest copy.

Join our Mailing List


Add George Clinical to your network