The NeuRA privacy policy is displayed below.

1. Introduction

Neuroscience Research Australia (“NeuRA”) values and respects the privacy of all individuals and organisations seeking to donate time, personal information, money and resources to our organisation and to participate in research projects. NeuRA is committed to protecting the personal information that we hold and to managing it in an open and transparent manner.

This privacy policy (the “Policy”) sets out the type of personal information that we collect and use. It also provides some information about your privacy rights, along with our general obligations under applicable privacy laws including the Privacy Act 1988 (Cth) and the Australian Privacy Principles (“Privacy Law”).

This Policy does not apply to NeuRA’s employee records.

2. What type of personal information do we collect?

The categories of personal information that NeuRA collects are set out below. NeuRA only collects personal information for the purpose of fulfilling its functions and activities as a medical research organisation.

a. Financial donors and supporters

NeuRA may gather personal information (such as, name, address, phone number, bank account or credit card details and financial donation) from financial donors and supporters. The information is collected  to enable NeuRA to send tax deductible receipts, newsletters, invitations to events and other information related to NeuRA functions and activities. We may also collect personal information that donors or supporters volunteer to us about the reason for their donation, which might include sensitive health information. This data Itis also used for fundraising purposes so that donors and supporters can be kept informed about news and events at NeuRA. At any time, a donor or supporter has the option to opt out of receiving such information from NeuRA by contacting the reception staff at NeuRA between 8.30am and 5.00pm Monday to Friday on (02) 9399 1000 or privacy@neura.edu.au.

Only with a supporter or donor’s prior consent will we publish in our newsletters, bulletins and annual reports (which may appear on our website or in hardcopy form) the names and photographs of our donors and supporters. Where consent cannot be given, or where anonymity or pseudonymity is requested, donations will be published anonymously

b. Research participants and patients, genetic and brain bank tissue and data

NeuRA collects personal information (which may include any of the following, from research participants and patients for use in research projects and clinical trials, and from research collaborators who are working on these research projects and clinical trials:

·       name, gender, racial and educational background, date of birth, contact details

·       medical history including, where relevant, a family medical history

·       your medicare number (and information about your private health insurance)

·       current medications or treatments used by you

·       the name of any care provider, health service provider or medical specialist to whom we may need to refer you back to, copies of any referrals and reports

·       test results and samples

·       photographic and video based material

All research projects undertaken by researchers at NeuRA will have had prior approval from a properly constituted human research ethics committee(s). Researchers undertaking those projects will first obtain the written consent of the individual to collect any personal information that may be required for the research project. The personal information is securely stored, with only NeuRA’s authorised personnel having access. 

Personal information including biospecimens and the results of physical examinations and samples (where personal information has not been de-identified) will only ever be shared with third parties for research purposes and with the prior written, ethically approved consent of the patient or research participant.  

NeuRA may publish or participate in media stories in relation to patients and research participants. A patient or research participant’s name and photographic material are only ever published with the written consent of the patient or participant.

NeuRA also collects personal information including genetic and brain bank tissue and data for research purposes.

c. Users of NeuRA products and services, including applications and tests

NeuRA collects personal information including the name, contact, bank account details and application and test result data about the people who use or purchase NeuRA’s products or services; for example, users of downloaded applications and tests. This information is used by NeuRA for the purpose of supplying products and services; to track the categories of people who use NeuRA’s products and services; and so that NeuRA can potentially provide future updates to users of its products and services.  De-identified personal information, including data derived from a user or purchaser’s test results, may also be used by NeuRA for research purposes and to enhance NeuRA’s products and services.

In accordance with PCI DSS legislation, financial information is not retained and stored in electronic form on its network or on any computer.

d. Information about subscribers to newsfeeds or mailing lists

NeuRA collects the name and contact details about the subscribers to its newsfeeds and mailing lists for the purpose of distributing similar content to them. At any time, a subscriber may remove themselves from NeuRA’s mailing lists by unsubscribing or opting out of any digital subscription or by contacting the reception staff at NeuRA between 8.30am and 5.00pm Monday to Friday on (02) 9399 1000, or privacy@neura.edu.au

3. The quality and accuracy of personal information that NeuRA holds

NeuRA ensures, to the extent reasonably required, that all personal information it holds about an individual is kept accurate, up to date and complete.

4. How NeuRA stores and keeps personal information secure

NeuRA may store your personal information electronically or in hard copy form. All electronic data is stored on a secure network at NeuRA or on external compliant storage with access controlled by NeuRA. Any donation data is stored in an encrypted CRM database (with PCI DSS compliance validated as a Level 1 Service Provider and Payment Gateway). Access to personal information is restricted to authorised personnel who require it for business purposes, enforced through Multi-Factor Authentication (MFA) and strict password policies. Physical records containing sensitive data are stored in secured facilities, in secured cabinets, with limited access, and electronic devices are password-protected.

Personal information is kept for no longer than is necessary for the purposes of the collection. NeuRA ensures that all personal information that it holds, which is no longer required is securely destroyed.

5. Incident Response Procedure

In the event of a suspected or actual data breach, NeuRA will immediately activate its Incident Response Plan to contain the breach, evaluate the risks to personal information, and determine the scope of the incident.

We will notify affected individuals and relevant regulatory authorities (Office of the Australian Information Commissioner) without undue delay if a breach poses a high risk to their rights and freedoms, providing details on the data involved and steps taken. 

Following a breach, we take prompt action to mitigate damage, secure systems, and conduct a post-incident review to strengthen security measures against future occurrences.

6. Anonymity

Wherever it is practicable, NeuRA allows individuals to deal with NeuRA anonymously or through use of a pseudonym in relation to a matter.

7. When and to whom NeuRA may disclose your personal information?

NeuRA will not disclose your health and genetic information or other sensitive information within the meaning of the Privacy Law, to a third party unless it is related to the primary purpose of the collection or unless NeuRA has obtained your prior written consent.

NeuRA Fundraising may share your personal non-sensitive information with NeuRA and with third party

agents and contractors to support our organisation and its charitable objects. At any time, you have the option to opt out of NeuRA Fundraising sharing personal information in this way. 

The only other time that personal information may be disclosed to a third party is either where it has been de-identified or where the disclosure is required or authorised by law.

8. Accessing and correcting your personal information

At any time, you may request access and/or correction of the personal information that NeuRA holds about you. The purpose of the information retention may also be queried.

There is no fee charged for requesting access to your information. If you find that the personal information we hold about you is inaccurate, incomplete or out of date, please contact us immediately and will take reasonable steps to either correct this information or, if necessary, discuss alternative action with you. 

Please note that access to all or part of your personal information may be refused for a valid reason under Privacy Law. 

You can request access or correction of your information by contacting the reception staff at NeuRA between 8.30am and 5.00pm Monday to Friday on (02) 9399 1000, or at privacy@neura.edu.au.  NeuRA will provide you with a photocopy and/or printout of information held within 14 business days.

9. Disclosure of personal information outside Australia

(a) From time to time some personal information may be disclosed outside Australia if directly related to the purpose of collection. For example, personal information may be disclosed to an overseas recipient for the purposes of collaborative research with an overseas not for profit entity or university. NeuRA will ensure it obtained your written consent, for example as part of the Human Research Ethics Consent Form, prior to the disclosure or transfer of any personal information overseas

(b) With your consent or otherwise in accordance with privacy laws (e.g. where you would reasonably expect it), NeuRA fundraising may allow other non-profit organisations to contact you with information that may be of interest to you. These organisations usually allow us to do the same and this way we can reach more people with vital information.  If you do not wish to be part of this information sharing or receive communications from those organisations, please contact us to opt-out of receiving such offers. However, if you do take advantage of any offer from a third-party organisation, they will then be able to send further offers to you directly.

10. Website Browsing and Email correspondence

(a) Accessing pages on NeuRA websites will result in the following information being logged on the hosting servers:

·         the time and date of access

·         your internet protocol (IP) address

·         the pages accessed and any items downloaded

·         the type and version of the web browser you were using for access

·         any search terms you used in local site searches.

This information is held securely and cannot be used for identification purposes.

(b) Research study recruitment on our websites or social media sites

Some NeuRA study-specific websites may track visitors’ personal information across sessions for the purpose of securely syncing data to the server. Pixel tags or cookies are embedded in websites, emails, and online advertisements to track user behaviour, and monitor marketing campaigns. They are primarily used for retargeting, conversion tracking.

The use of cookies on our Websites allow us to track usage patterns and to compile data in an aggregated and “non-user” specific form enabling us to improve our website for future visitors email open rates, and measuring advert effectiveness, e.g.  research study advertisements on Facebook.

(c) Google Analytics is used to track aggregated web usage behaviour, associated user and event data retention periods are consistently reviewed to meet best industry practices.

NeuRA websites may contain links to external websites. NeuRA is not responsible for the content or privacy policies that govern these external websites. A link to a third-party site is not an endorsement by NeuRA.

11. Complaints

If you have any complaints about the way we have handled your personal information, please send your complaint in writing to:

Privacy Officer

Research Governance and Compliance Manager

Neuroscience Research Australia

PO Box 1165

Randwick NSW 2031 

Email: privacy@neura.edu.au

NeuRA takes complaints seriously and will respond to your complaint within 14 business days. If a breach is found, NeuRA will take steps to immediately rectify the breach.

If you are not satisfied with our response, or you consider that we may have breached the Australian Privacy Principles or the Privacy Act, you are entitled to make a complaint to the Office of the Australian Information Commissioner. The Office of the Australian Privacy Commissioner can be contacted on 1300 363 992 or full contact details can be found online at www.oaic.gov.au.

12. Access to this Policy

This Policy is available from NeuRA’s website: http://www.neura.edu.au/. You can also request a copy of it by contacting the reception staff at NeuRA between 8.30am and 5.00pm Monday to Friday on (02) 9399 1000. NeuRA will provide you with a copy free of charge.

13. Review

This policy will be reviewed according to Company standard guidelines of five years after approval, unless there are any changes to the relevant legislation.

Appendix A: Approval & Document History

Download the NeuRA Privacy Policy (PDF)